India has released its inaugural Digital Threat Report 2024, marking a significant move toward safeguarding its financial digital ecosystem. The report, primarily aimed at the Banking, Financial Services, and Insurance (BFSI) sector, addresses the escalating nature of cyber threats and prescribes a multi-tiered approach to cyber resilience.

This initiative underscores India’s push to secure its critical digital infrastructure, especially in light of growing digital financial penetration and global cybercrime trends.

What is the Digital Threat Report 2024?

The Digital Threat Report 2024 is a joint initiative led by:

• SISA (Strategic Information Security Agreement), a global cybersecurity and forensics firm,

• CERT-In (Indian Computer Emergency Response Team), and

• CSIRT-Fin (Cyber Security Incident Response Team for the Financial Sector under RBI).

Objectives:

• Provide sector-specific threat intelligence.

• Enhance preparedness through policy guidance, technological recommendations, and risk mitigation strategies.

• Enable financial institutions to align with India’s data protection and cybersecurity regulations.

Key Highlights of the Report

1. Spike in Cyber Incidents & Financial Losses

• Global average cost of a data breach in 2024: USD 4.88 million (10% YoY increase).

• In India: USD 2.18 million per breach on average.

• India's digital payment ecosystem projected to touch USD 3.1 trillion by 2028, increasing vulnerability to attacks.

2. Phishing & Social Engineering Surge

• 175% increase in phishing attacks (June 2024 vs. June 2023).

• Business Email Compromise (BEC) remains a top threat vector—54% involve pretexting (posing as executives or clients).

• AI-generated impersonations, especially via deepfakes, are being used to manipulate transactions and compromise data.

3. Rise of AI-Enabled Threats

• Tools like WormGPT and FraudGPT (dark web variants of generative AI) are democratizing cybercrime.

• Use of chatbot phishing and natural language mimicry increases the believability of scams.

4. Stolen Credentials & Malware Evolution

• Multi-Factor Authentication (MFA) is being bypassed using:

  • Session hijacking

  • Brute-force attacks

  • BOLA vulnerabilities (Broken Object Level Authorization)

  • Deepfake-enabled spoofing

• SaaS platforms, including cloud-hosted email, CRM, and VPNs, are prime targets.

5. Cloud Security Misconfigurations

• A 180% rise in attacks exploiting cloud misconfigurations, especially:

  • Publicly accessible storage buckets

  • Weak Identity and Access Management (IAM) controls

Strategic Recommendations

Governance & Human-Centric Approach:

• Prioritize executive-level cybersecurity ownership.

• Implement employee training programs and frequent phishing simulations.

• Foster a culture of cyber hygiene at all organizational levels.

Technical Measures:

• Zero Trust Architecture adoption: Verify every user/device before granting access.

• Regular automated vulnerability assessments and penetration testing.

• Real-time threat intelligence sharing across BFSI entities.

Technology Deployment:

• Deploy AI-driven threat detection systems.

• Integrate advanced endpoint protection, network segmentation, and multi-layer firewalls.

• Timely patch management and use of robust MFA for all privileged access points.

Current Cybersecurity Framework in India

A. Legislative Instruments:

1. Information Technology Act, 2000:

   • Backbone of India’s digital governance and cybercrime law.

2. Digital Personal Data Protection Act, 2023:

   • Regulates data fiduciaries and enforces privacy rights.

B. Institutional Mechanisms:

• CERT-In (under Ministry of Electronics and IT): India’s nodal agency for cyber incident reporting and response.

• NCIIPC (under NTRO): Protects critical information infrastructure in sectors like banking and energy.

• I4C (Indian Cyber Crime Coordination Centre): Coordinates investigations and enforcement across states.

• Cyber Swachhta Kendra: Provides tools for malware cleaning and public awareness.

C. Strategic Cyber Initiatives:

• Bharat National Cybersecurity Exercise 2024:

  • Multi-agency simulation to test readiness against large-scale cyber incidents.

• National Cyber Security Policy, 2013 (revamp underway):

  • Envisions a secure and resilient cyberspace for citizens and businesses.