Understanding CERT-In
India strengthens cybersecurity to combat AI-driven cyber attacks and enforce updated regulations across critical sectors.
Posted inCybersecurity News & Trends Tech Insights

Key insights from the Data Security Council of India (DSCI) and Seqrite

No Comments

What the numbers say, what it means, and what organisations (and individuals) should do.

📊 The Big Picture (Cybersecurity in India)

The report is based on telemetry from approximately 8.44 million endpoints across India, covering the period from October 2023 to September 2024. (Seqrite) Key headline: approximately 369.01 million malware detections were logged in this timeframe — that’s roughly 702 detections per minute. (Seqrite)

Some quick breakdowns:

  • Signature-based detection methods still dominate at ~ 85.44% of detections; behaviour-based methods ~ 14.56%. (The Times of India)
  • From the malware sub-category side: Trojans lead (~ 43.38%), followed by “Infectors” (~ 34.23%) and worms (~ 8.43%). (ETGovernment.com)
  • On mobile/Android: malware accounted for ~ 42% of detections; Potentially Unwanted Programs (PUPs) ~ 32%; Adware ~ 26%. (The Times of India)

Regional & Sectoral Hotspots

Regions:

  • States like Telangana, Tamil Nadu and Delhi top the list of most-affected regions. (The Times of India)
  • On the city level, for example, Surat’s detection-per-endpoint rate is flagged as particularly high. (CRN – India)

Sectors:

  • Healthcare emerges as the most targeted industry (~ 21.82% of detections). (CRN – India)
  • Hospitality (~ 19.57%) and BFSI (Banking, Financial Services & Insurance, ~ 17.38%) follow close behind. (CRN – India)

💡 What the Top Key Trends Reveal

  • The sheer volume of detections (369 million) shows that India’s digital economy — with its massive scale of endpoints, digitised services, IoT adoption, cloud usage etc. — is under constant assault.
  • Signature-based detection still dominates, which suggests many attacks are using known patterns or malware families — but the ~14.56% behaviour-based detection share signals attackers are leveraging evasion and newer tactics.
  • Mobile/Android threats and PUPs/adware indicate that consumer devices, mobile usage, and perhaps weak app ecosystem control are part of the risk story.
  • The concentration in certain states and sectors suggests that regions with heavy digitisation, large industrial or service clusters (e.g., Telangana, Tamil Nadu), or where legacy systems remain prevalent (e.g., healthcare) become high-value targets.
  • The attack surface is broadening — not just big enterprises, but smaller organisations, endpoints, mobile devices, and perhaps third-party ecosystems are in the frame.

🔍 Key Take-aways for Organisations & Individuals

For organisations (especially in India or with Indian operations):

  • Don’t rely purely on signature-based defence. With ~14.56% of detections via behaviour-based methods, invest in anomaly detection, behavioural analytics, sandboxing.
  • Prioritise sectors/regions: If you’re in healthcare, hospitality or BFSI, or located in states flagged in the report, assume you’re under higher risk.
  • Endpoint hygiene matters: With millions of endpoints feeding the stats, ensure devices (including mobile and remote) are secured, patched, controlled.
  • Mobile & app security: Given the Android threat numbers (malware, PUPs, adware), mobile-app ecosystems mustn’t be an afterthought.
  • Regional visibility & vendor/third-party risk: Some states have higher detection counts — digital infrastructure, third-party services, supply-chains may introduce elevated risk.
  • Invest in detection + response + recovery: With high detection volumes, the real differentiation comes in how quickly you detect, respond, contain and recover.

For individuals and smaller organisations:

  • Use up-to-date endpoint protection, enable behaviour-based / heuristic features if available.
  • Maintain strong patching discipline (OS, apps, mobile).
  • For mobile users, be cautious of PUPs/adware or apps outside trusted stores.
  • Multi-factor authentication (MFA), least-privilege access, and awareness of phishing remain foundational.
  • If you operate in areas flagged as high risk (states, sectors, large digital presence), consider applying enterprise-class practices scaled down (e.g., backups, segmentation, incident response plan).

🧭 Final Thoughts

This report is a wake-up call. The numbers might seem abstract (hundreds of millions of detections) but they translate into real risk: data breaches, system disruptions, reputational harm, financial losses. For a country like India — undergoing rapid digital transformation — the stakes are high.

What stands out is that attackers are not just going after the obvious large enterprises, but exploiting devices, endpoints, regions and sectors that may have weaker posture. Defence can’t only be about “we’re big so we’re safe” — it has to be about being resilient, adaptive and continually vigilant.

If you like, I can pull out five actionable “must-do” items from the report (for Indian organisations) and share a checklist you can use to benchmark your own readiness. Would that be helpful?

India’s Cybersecurity Landscape 2025: Trends, Regulations, and Innovations Transforming Digital Security

🔍What Is BETH? | Beacon ETH Tokenized Staked Ethereum on Binance

Tags:

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    Your email address will not be published. Required fields are marked *