Identity: The Weakest Link in India’s Cybersecurity Landscape
India is facing an identity crisis — in the cybersecurity sense. According to CheckPoint’s 2024 Threat Intelligence Report, India ranks third globally in terms of cyberattack volume. CERT-In further revealed that 45% of attacks on critical infrastructure targeted identity and access controls, a clear signal that digital identities are now prime targets for cybercriminals.
In a digital-first economy where cloud, DevOps, APIs, and third-party integrations dominate, identity has become the new battleground. Yet, many Indian enterprises still rely on outdated IAM policies, weak MFA protocols, and inadequate privileged access controls.
The result? Growing exposure to deepfake attacks, credential stuffing, and insider threats, all of which come with serious financial, operational, and reputational fallout.
However, that becomes incredibly challenging in an extremely complex cyber landscape with various new challenges for your organization:
- Increasing Number of Machine Identities: Today’s digital-led organizations not only have to deal with human identities, but also machine ones. Cloud, DevOps, automation, IoT, edge computing, API-driven ecosystems – all these core environments & functions lead to the creation of machine identities that require access controls just like humans do. In fact, Gartner estimates that machine identities currently outnumber human identities in organizations by a 45:1 ratio. Sadly, this rapid rise of machine identities is now outpacing human identity controls, creating new pathways for attackers. It’s no coincidence that today’s security professionals rate machines as the riskiest identity type.
- Rise of AI-enabled Identity Attacks: Your organization isn’t the only one using machines for their benefit – cybercriminals are increasingly depending on AI to carry out their attacks. Phishing kits are available as a service to attackers across all proficiencies, with the ability to carry out extremely convincing attempts through AI-enabled deepfakes & adaptive social engineering. A recent survey by Fortinet-IDC revealed that 72% of Indian organizations experienced AI-powered cyberattacks in the past year, with some of the top threats being AI-assisted credential stuffing, deepfake impersonations and automated reconnaissance.
- Supply Chain Risks: As top organizations continue to fortify their cybersecurity measures, attackers are now trying to look for identity-based backdoors through potential compromises in supply chain partners (software solution partners, multiple clouds with multiple providers, etc.) In all of the software supply chain attacks tracked by Cyble this year, India had the most in the APAC region.
- Identity-Centric Monetization in Black Markets: The widespread use of digital IDs (AADHAAR, PAN, etc.) now integrated across critical infrastructure sectors like banking, telecom & healthcare exposes the whole ecosystem to systemic risk. As a result, credential dumps, KYC data and access tokens have become easily available in today’s underground markets. Back in 2023, cybersecurity firm Resecurity claimed that personal information of over 815 million Indians was being sold on the dark web. Access to these repositories essentially cuts down one of the authentication factors required for attackers to gain access into your system.
Out of all the kinds of access attackers can gain, privileged access can be the most debilitating. With all the permissions these accounts have (whether human or machine), attackers can gain deep access across your systems and wreak havoc. The financial fallout of that could be massive for your enterprise – according to a report by IBM & PwC, the average cost of a data breach for Indian companies is a whopping ₹19.5cr ($2.3 million). On top of that, if you are an enterprise involved in India’s critical infrastructure, these kinds of breaches could also have serious ramifications when it comes to the well-being of our citizens.
Tackling The Battle For Identity With 2 Layers of Defence
Therefore, any strategy you have as the base to your identity security should have two layers: a general layer of security for all your accounts when they login, and an elevated level of security for your privileged accounts when they are conducting administrative tasks or dealing with sensitive data that attackers should never, ever have access to.
This duality can be tackled by combining two essential cybersecurity processes:
- First Layer – IAM (Identity & Access Management): This process verifies the identity of all your users through strong authentication, grants access based on their role and monitors activities for any anomalies.
- Second Layer – PAM (Privileged Access Management): This is specifically for privileged users, like your database engineers, root users and service accounts. Security measures in PAM are a lot more stringent, with elements like credential vaulting, session logging and automatic termination of temporary access once the task is done.
To see how these two layers work in unison to provide critical infrastructure protection, let’s take the example of a privileged account, specifically a power plant engineer:
- The engineer logs into the work portal through IAM-enabled authentication that ideally involves multiple factors that are resistant to phishing.
- Once authentication is passed and the engineer has access to the portal, IAM oversees all the activities being conducted through monitoring.
- The second the engineer tries to conduct an important admin task like restarting the grid server, IAM immediately routes the request to your PAM systems. The latter, in turn, provides time-bound, recorded root access to conduct the task.
- Once the task is completed, IAM & PAM work together to audit-proof the activity. IAM moves the session to idle, while PAM logs it, rotates passwords and revokes the temporary elevated rights.
Best Practices for IAM & PAM
Each of these layers has prescribed best practices that your organization should incorporate to counter today’s emerging identity threats.
IAM Best Practices | PAM Best Practices |
Phishing Resistant MFA Secure logins for your users should definitely have multiple factors of authentication. However, it is important to move away from phishing-prone factors (SMS, email) to phishing-resistant (physical passkey, biometrics) ones. | Privileged Credential Vaulting Since you are dealing with highly important credentials, it is best to store & rotate them in enterprise vaults. Additionally, those with access to these vaults should incorporate auto-expiry once checking out. |
Strong Role-Based Access Controls (RBACs) These controls map all your identities to their exact rights & provides separation of duties between control, audit & approval roles. The principles of least privilege & zero trust should be used when granting access. | Just-in-Time (JIT) Access This gives your privileged accounts time-bound, approval-based access to all your sensitive systems. In fact, CyberArk reports that 88% of CI organizations with JIT access saw a 50-80% drop in unauthorized sessions. |
Precise Identity Lifecycle Management Apart from attackers, insider threats are also rising, and 30% of these cases stem from inactive or orphaned accounts. Syncing IAM with your HRMS can help you auto-deactivate ex-employee accounts and set auto expiration dates for your supply chain vendors. | Session Recording For Root Access If attackers gain root access, that’s where they can do the most damage. Therefore, session recording mechanisms that sets alerts on suspicious behaviour like script injections & mass deletions are essential to safeguard these systems. |
OAuth-Based Tokens For Machine Access Rather than have the credentials for your machine accounts hardcoded in the firmware, use federated identities like certificates and OAuth-based tokens to manage their logins. | Monitoring Using Behavioral Analytics While IAM uses general monitoring, PAM should incorporate a more sophisticated layer that monitors behaviour for anomalies like late night logins & access from foreign IPs. |
Regular Identity Audits A good way to flag unused or anomalous logins occurring in your system is to have periodic identity audits, preferably quarterly. | Jump-Box Access To Third Party Vendors To avoid supply chain attacks, incorporate a jump box that serves as a tightly controlled single entry point to your systems. That way, vendors never have direct access until & unless they are properly authenticated. |
Fit IAM & PAM Seamlessly Into Your Organization with iValue Group
To adopt these best practices, you need to go with best-in-class solutions. iValue provides the perfect medley of Privileged Access Management and Identity and Access Management India has to offer through tie-ups with respective industry leaders.
iValue’s IAM Offerings | iValue’s PAM Offerings |
RSA ID Plus & Yubico help create a completely secure, phishing-resistant authentication experience for all your accounts. | CyberArk PAM & Endpoint Privilege Management (EPM) secure privileged accounts across all endpoints, with top-of-the-line features like session recording, vaulting and JIT access. |
Entrust IDaaS helps translate your IAM principles across all your cloud environments, incorporating risk-based access controls throughout. | Entrust HSM securely manages all your cryptographic authentication keys in equally secure, non-exportable hardware for their security. |
Yet, ultimately, what makes all these offerings work is a unified interface that effectively tracks activities being undertaken in all these solutions. That is offered by our industry-leading managed SOC that gives you real-time visibility, incident response and compliance adherence when it comes to your accounts – all in a single platform.
How Prepared Are You?
If you’ve ever felt under siege, iValue’s IR experts stand ready to help you prepare, detect, contain, and recover—while ticking every regulatory box.
Download our Cybersecurity Incident Response Checklist Today!
