Strengthening Cyber Resilience in India: The Call for Modernization Amidst AI Threats

As India continues to embrace digital transformation, the cybersecurity landscape is becoming increasingly complex, particularly with the rise of artificial intelligence (AI). Industry leaders are urging the government to modernize existing frameworks and policies to bolster the nation’s cyber resilience. This call to action was prominently voiced during a recent panel discussion organized by Microsoft India, where experts gathered to discuss the pressing issue of cybersecurity in the age of AI.

A Dedicated Ministry for Cybersecurity

Akhilesh Tuteja, the global head of cybersecurity at KPMG India, emphasized the need for a dedicated ministry for cybersecurity and cyber defense. He argued that as India becomes more digitized, cybersecurity should be the government’s top priority—not only for the safety of its citizens but also for the economic stability of the nation. “That would be the starting point,” Tuteja stated, highlighting the urgency of the situation.

The virtual event, held on October 22, also featured insights from Satvinder Madhok, the global head of cybersecurity operations at Wipro, and Bithal Bhardwaj, group CISO of GMR Group. The discussion was moderated by Irina Ghose, managing director of Microsoft India and South Asia, who underscored the critical nature of cybersecurity in today’s digital age.

The Role of AI in Cybersecurity

The integration of AI into cybersecurity practices has become a double-edged sword. While generative AI has been exploited by malicious actors to create sophisticated threats, tech giants like Microsoft are harnessing AI to enhance security measures for their products and clients. Irina Ghose highlighted Microsoft’s Copilot for Security, an AI-driven solution designed to shift security postures from reactive to proactive. This innovation has reportedly enabled users to respond to cybersecurity incidents 26% faster and with 35% greater accuracy compared to previous methods.

Ghose elaborated on the scale of Microsoft’s security operations, stating that the company now collects approximately 78 trillion security signals daily, a significant increase from just 8 trillion signals in 2021. This vast amount of data is crucial for identifying and mitigating threats effectively.

KPMG’s Tuteja further explained that AI can significantly improve the signal-to-noise ratio for security teams, allowing them to focus on the most critical threats amidst a barrage of alerts. He also discussed the use of generative AI for simulating phishing attempts, which enhances training for security personnel by emulating real attacker behavior.

GMR Group’s Bhardwaj added that AI can streamline the reporting process for cybersecurity incidents, allowing analysts to interact with AI tools in a conversational manner, thus saving valuable time and resources.

Building a Secure Future for India

The panelists unanimously agreed that awareness is foundational to cyber resilience. Wipro’s Madhok called for a government framework that fosters trust in security systems and encourages safe digital technology adoption. He noted that an updated version of India’s National Cyber Security Policy (NCSP), which has been in development for four years, is crucial for addressing current challenges.

To tackle the shortage of cybersecurity professionals in India, Madhok suggested initiating training programs at the university level. With over 525,000 villages in the country, reaching every individual poses a significant challenge that requires a concerted effort from the government.

The discussion also touched on the collaboration between hackers and defenders. While hackers often share information for notoriety, defenders are typically more hesitant due to concerns about reputational damage. Tuteja pointed out that this disparity in motivation complicates effective collaboration among defenders.

Microsoft’s Renewed Focus on Cybersecurity

In light of recent challenges, Microsoft has taken significant steps to enhance its cybersecurity strategy. Following a critical review by the US Cyber Safety Review Board, which deemed Microsoft’s security culture inadequate, CEO Satya Nadella announced the Secure Future Initiative (SFI). This initiative mobilizes over 34,000 engineers to improve the company’s cybersecurity posture.

The urgency of this initiative was underscored by a massive outage in July 2024, which disrupted critical infrastructure worldwide due to a faulty software update from cybersecurity firm Crowdstrike. In response, Microsoft is reportedly considering restricting kernel-level Windows access for third-party vendors.

During the panel discussion, Irina Ghose outlined the three principles of the Secure Future Initiative: secure by design, secure by default, and secure in operations. She shared alarming statistics from Microsoft’s latest Digital Defense Report, revealing that password attacks have surged to 7,000 per day in 2023, compared to just 579 in 2021, with six million identity attacks occurring daily.

Conclusion

As India navigates the complexities of a rapidly evolving digital landscape, the call for enhanced cybersecurity measures has never been more critical. With AI playing a dual role as both a tool for attackers and defenders, the need for a robust, modernized cybersecurity framework is paramount. Industry leaders are advocating for a dedicated approach to cybersecurity, emphasizing the importance of awareness, training, and collaboration. As the nation moves forward, prioritizing cybersecurity will be essential for protecting its citizens and ensuring economic stability in an increasingly interconnected world.