By Anand Prakash, Sr. Director of Cloud Security at SentinelOne
Supply chain disruptions can dominate headlines and create chaos in global markets.
The world struggled with a lack of supplies when the COVID-19 pandemic wreaked havoc on supply chains, and again, in 2021, the Ever Given ship blocked the Suez Canal for six days, holding up billions of dollars worth of goods. However, a subtler yet potentially more alarming risk has been poking holes in our supply chains again—cyber attacks.
While the risk of falling prey to a cyber attack looms, facility operators aren’t considering risks when adopting new technologies that boost facility efficiency. This modernisation of facilities includes adopting simple internet-connected devices, such as cameras and sensors, that send information to the cloud for managers to retrieve off-site, expanding the arena of cyber threats from a physical facility to a data-heavy cloud infrastructure.
The exciting potential for operators to connect some sensors to boost efficiency leaves security teams with a new level of complexity and risk without the tools needed to mitigate it properly.
Aimed at instant connectivity, many of these devices lack security protocols and run on ‘hacker-friendly’ software. This imbalanced approach has made it too easy for private or state-run attackers to lock medical workers out of a health facility, take out power stations, and threaten critical pieces of infrastructure. Therefore, it’s no coincidence that over half of facilities reported attacks between 2023 and 2024, compared to only 11% in the 12 months prior. While the financial loss is enough for private organisations to take action, an attack on critical infrastructure is enough to put an entire public region in danger.
Now, if maximum impact is what hackers are looking for, then all eyes should be on the cloud. This is because a staggering 94% of global companies leverage the cloud in their daily operations. This trend is reflected in data storage, with a whopping 60% of corporate data residing in the cloud at the end of last year. With nearly half of companies feeling comfortable storing their critical data in the cloud, it’s questionable whether the current security protocols are enough to prepare for future attacks.
Data Security in the Cloud
The increasingly hostile threat landscape demands that decision-makers outside of security teams be more aware and proactive in securing the Asia-Pacific and Japan (APJ) region, particularly in India, surrounding how data is stored and secured both on-premises and in the cloud.
While the Indian government has begun implementing data security regulations, such as the Digital Personal Protection Act of 2023, it remains unclear if the requirements are enough for Indian enterprises to remain secure as significant overhauls of operational technology (OT) security are expected within the next three to five years. However, unlike the US, which has comprehensive guidelines from the National Institute of Standards and Technology (NIST) and a Supply Chain Resilience Council, or the EU, which has the Cybersecurity Act (CRA) and Network and Information Systems Directive (NIS2), India has not yet adopted such rigorous national measures focused on supply chains.
This leaves each organisation to conduct an internal security audit and decide which steps are relevant to them, an approach that lacks standardisation and is ripe for weak links.
As Indian manufacturing becomes increasingly prominent in global supply chains, public and private stakeholders must prioritise OT security. The proactive measures seen in sectors like healthcare and finance should serve as models for the industrial sector.
Leveraging AI’s Double-Edged Sword
Given the rapid growth of industrial sectors in India and the rise of sophisticated hackers leveraging AI, fighting fire with fire is the only viable strategy.
While AI’s defensive capabilities have been recognised and deployed in both endpoint and cloud security environments, hackers can also use it to probe systems faster than ever until a vulnerability is found. This technology can automate attacks, create more convincing phishing schemes, and develop malware that adapts to avoid detection.
To secure the supply chain, AI tools must be able to look across internal and 3rd party data to identify potential threats and pre-emptive solutions. This is because AI-driven tools thrive at automating threat detection and response activities, reducing the burden on human analysts and allowing them to focus on more complex tasks. Large language models (LLMs), for example, can quickly process and analyse vast amounts of data, identifying threats in real time and providing actionable insights.
AI also plays a crucial role in upskilling employees within cybersecurity teams. Leveraging LLMs in everyday tasks to explain complex findings, junior team members can confidently make impactful decisions based on AI-driven insights. These models allow analysts to use natural language queries to gather information, eliminating the need for specialised training in various querying languages. Running queries like “Can vulnerability ‘#123’ be found anywhere in the network? Are there any active exploitations occurring on the network?” followed up with other relevant questions, such as “How have other teams handled this vulnerability?” allows teams to remain agile, quickly identifying potential threats and taking necessary action.
Furthermore, AI assists in automating routine tasks, allowing cybersecurity professionals to focus on strategic initiatives. It can offer next-step recommendations based on previous actions, enhancing decision-making. For example, when an alert is triggered, AI can provide insights such as “This alert is typically dismissed by 90% of users” or “An event looks suspicious; click here to investigate further.” This streamlines operations and accelerates the learning curve for junior analysts, enhancing the entire team’s capabilities.