Sophisticated cyberattacks leveraging AI-powered deepfakes, phishing, data manipulation, and malware are on the rise. To combat these complex threats, Indian companies are looking to upgrade their security infrastructure, experts said.
Cybersecurity attacks that started around the 1980s have evolved in the past forty-odd years. Earlier, what was only about corrupting standalone devices with viruses now has the capacity to cripple an entire organization and even country.
“Cyberattacks are currently in the 5th or 6th generation of what is known as multi-vector attacks. These are not only targeting your endpoint devices, but also your networks, data centres, cloud, etc. All of it is happening in parallel, making it much more complex and sophisticated, and difficult to prevent,” said Devroop Dhar, co-founder of management consulting firm Primus Partners.
Multi-vector attacks are highly sophisticated cyber threats that exploit multiple vulnerabilities simultaneously to breach an organization’s defences. A typical example is a distributed denial-of-service (DDoS) attack that combines multiple techniques, such as flooding networks and overwhelming systems, to maximize disruption.
AI: A double-edged sword
Coupled with other sophisticated technologies such as machine learning, artificial intelligence (AI) can both be a boon or a bane depending on who is using it. Many cyber criminals are using AI technology to intensify their attacks. On the other hand, companies are using AI to build advanced cybercrime protection systems.
“AI is a double-edged sword. It is both a tool for companies to prevent and respond to attacks and also a tool for cyber attackers to increase the intensity of their attacks,” Dhar highlighted.
Companies are using AI tools to scan through humongous amounts of data to identify unusual patterns and detect cyber attacks, he added.
As far as cyber criminals are concerned, they are using AI rampantly to generate sophisticated attacks using technologies like deepfake.
“Earlier, the algorithmic attacks were mostly numeric, so attackers would write scripts to go through millions of combinations of passwords to attack a user id. But now, with AI, the ability to create attacks such as deepfakes, is much higher and to automate them is significantly higher,” said Ajay Trehan, chief executive officer of authentication firm Authbridge that helps companies with identity management. He added that he sees this trend grow further in 2025.
Cybercrime is becoming a rising concern for organizations. In the Indian outlook of PwC’s Global economic crime survey 2024, the consulting firm noted that 33% of senior executives surveyed in India highlighted cybercrime as one of the biggest problems faced by businesses.
Tata Consultancy Services Ltd, which is the country’s largest software services company, has highlighted cyber threats posed by Gen AI.
“GenAI is enhancing operational efficiencies, but organizations must equip themselves to counteract cyber threats. It is imperative for organizations to harness these advancements and implement GenAI-powered threat detection and response systems to stay ahead of the curve,” said Ganesa Subramanian Vaikuntam, global head of cybersecurity at TCS, as part of the TCS 2025 Cybersecurity Outlook released on 10 December.
“GenAI is transforming organizational operations, but is also being exploited by cybercriminals for advanced attacks like deepfakes, phishing, data manipulation, and new malware. In response, organizations must fight fire with fire by deploying GenAI-powered threat detection and response systems,” the TCS report added.
Ransomware attacks, supply-chain disruptions and identity thefts of executives are the biggest threats. Organizations are shuffling to ramp up and build a security system that is capable of countering the advanced attacks powered by AI and other advanced technologies.
“Companies are taking steps to counter these cyber threats, especially supply-chain attacks. There is an increased focus on third-party security and governance. The third parties also connect to a company’s own technology through APIs, so API security is also being ramped up,” said Siddharth Vishwanath, partner, PwC.
APIs or application programming interfaces are sets of defined rules that enable different software systems, applications, or services to communicate with each other. They allow these systems to exchange data, perform actions, or request services in a standardized and secure way.
While companies are looking to nullify these cyber threats, IT services companies have ramped up their cybersecurity offerings to clients, making use of AI.
Accenture Plc, which is the world’s largest technology services company, introduced four new cybersecurity services on 19 November. These services would detect cyber flaws and deepfakes in an AI system, provide solutions, and help clients build strategies around their cyber programmes.
Homegrown software services companies have also been ramping up their cybersecurity offerings.
TCS expanded its partnership with Google Cloud on 3 September by launching two AI-powered cybersecurity solutions — TCS Managed Detection and Response and TCS Secure Cloud Foundation. These solutions would reduce the time taken by TCS’s clients to detect, and respond to threats, and also strengthen cloud security by leveraging AI, machine learning, and automation.
Almost two months later, on 2 December, Noida-based HCL Technologies Ltd announced a similar collaboration with Google Cloud to provide AI-driven Managed Detection and Response (MDR) solutions to help clients detect and respond to cyber threats.
A day later, Wipro Ltd announced a partnership with Netskope, a US-based cybersecurity company, to provide enterprises with an integrated service that analyzes the client’s current cybersecurity and infrastructure investments, provides consolidation guidelines, and delivers cost-optimized methods
#Indian #firms #tighten #defences #cybercrime #sophisticated
#Indian #firms #tighten #defences #cybercrime #sophisticated