By Dominick Rodrigues 

About nearly half of India’s IT leaders are not “fully confident” in their ability to respond to data, malware phishing, supply chain, ransomware, cloud, IoT and application attacks, according to a new global survey by Rackspace Technology® (NASDAQ: RXT), a leading end-to-end, multicloud technology solutions company.   

A 150-respondents survey in India noted that 46% of them could effectively respond to incidents, mitigate threats (45%), or understand the nature of the threats they are facing — when it comes to organisations’ attack response capabilities.   

The survey covering 1,420 IT professionals also revealed widespread uncertainty about organizations possessing the talent and skills required to meet cybersecurity challenges, while the majority (89%) of respondents highlighted their organizations lacking the necessary skills and expertise to respond to a growing array of threats.  

“Though most respondents to our survey say they are ‘prepared’ for cyber-attacks, there is a high degree of anxiety about their ability to effectively confront adversaries who are increasingly sophisticated,” said Jeff DeVerter, Chief Evangelist, Rackspace Technology.  

“Moreover, the expanding use of the cloud, IoT and applications, as well as a tight talent market and an increase in remote work – largely driven by the pandemic – have made the security environment much more challenging. Few organizations actually have the people, processes, and technologies that match a mature cybersecurity model,” he said.  

The ubiquity of the cloud, DevOps methodologies and condensing of development cycles — coupled with other IT trends — have made addressing cyberthreats an increasingly complex task. Around 31% of India’s survey respondents cited the growth in cloud and IoT as key challenges, followed by new threats and attack methods, the growth in data volumes, digital operations, and remote work (42%), which has resulted in increased opportunities for attackers.  

Forty-eight percent of India respondents say their ability to manage application security in a more complex environment is influenced by new ways of working, including DevOps and Agile development practices. Other dynamics include faster release/delivery cycles 52%, the growth in microservice application architectures (51%), hybrid/multicloud environments (49%) and container runtime environments (43%).    

When asked about the nature and targets of the cyberattacks they are seeing, network/platforms (65%) lead the way, followed by web applications (54%) and network operating systems (48%). More than half (53%) of all attacks are +Advanced Persistent Threats+ (APTs), while 43% involve stolen credentials and 38% result from unauthorized exposure to data.  

More than half (52%) of India survey respondents say they face difficulty recruiting and retaining cybersecurity talent, with the greatest skills gaps in the areas of cloud security (41%) and network security (38%), which respondents also identified as their most critical roles. Across the businesses, IT leaders cite lack of expertise (89%), lack of resources (91%) and lack of time (63%) as their most pressing cybersecurity and compliance challenges.   

Most local respondents manage cybersecurity in-house, with less than a third enlisting external expertise — either through Managed Security Service Providers (MSSPs), Managed Detection and Response Providers (MDRPs) or systems integrators. Cloud, data, integrated risk security network and identity access are most frequently handled by in-house staff, while (41%) outsource integrated risk security and 45% task by external partners to assist with network security.    

The top strategies to fill any gaps of cybersecurity talent in India include training internal staff (48%), external recruitment agencies (60%) and relying on third-party security experts (49%). “Organizations struggling with expertise, resources and time are still reticent about enlisting external help,” DeVerter said, adding “Instead, our research shows that they are hoping that enlisting recruiters and improving the training of internal staff will help them solve the talent crunch.”   

“Organizations struggling with expertise, resources and time are still reticent about enlisting external help,” added DeVerter. “Instead, our research shows that they are hoping that enlisting recruiters and improving the training of internal staff will help them solve the talent crunch.”   

Sandeep Bhargava, Managing Director of Asia Pacific and Japan (APJ), said, “The rise of digital innovation such as remote working and cloud has also opened up opportunities for cyber attackers to strike organisations in Asia Pacific including India, which has seen a 3X rise in cyber-attacks in the year 2020 as reported and tracked by the Indian Computer Emergency Response Team (CERT-In).” 

“Businesses need to invest in added resources to enhance their understanding of cyber-attacks and employ technology to respond and mitigate threats effectively and efficiently,” he said adding “As with many countries, India faces the difficulty of recruiting and retaining cybersecurity talent with network security and cloud security being the top skills in demand.” 

“A recent report by professional recruitment services firm Michael Page India, highlights a skill-gap of 43% in cybersecurity professionals with shortage of experts in Application Development Security, Cloud Security Risk Management, Threat Intelligence, Data Privacy and Security,” Bhargava said while pointing out that this highlighted need for businesses to evaluate enlisting third-party security help, so that they can focus on building their competitive advantage as a company.  

The Rackspace Technology survey was conducted by Coleman Parkes Research in September 2021 and on responses of 1,420 IT decision-makers across manufacturing, retail, hospitality/travel, healthcare/pharma/biomedical, government and financial services sectors in the Americas, Europe, Asia and the Middle East.  

Most of the companies/organizations polled were founded before the year 2000, with between 101 to 999 employees, annual revenue between $50m and $1bn, from two to 15 employees dedicated to cybersecurity, and 5% to 15% expenditure of their IT budget on cybersecurity.