We take our digital lives for granted. After all, the Internet has always been there for most of us. Through the browser and apps in our hands, we search the meaning of life, where to shop, what to wear to a wedding, how to do a birthday party. We read reviews for a new restaurant, book it online, chat with our family and to our AI digital companions, without realising that all of these actions are possible thanks to a handful of large cloud and internet infrastructure providers.
PREMIUM Cloudflare is an infrastructure-as-a-service company, one of the handful that has a large, distributed secure network (the backbone of the internet) to connect users like us to each other’s devices, and computers. (Shutterstock)
Last month, when Cloudflare’s systems went down for half a day, websites from Ikea to ChatGPT refused to open, showing HTTP errors on browsers. Many of us constantly loaded and reloaded our webpages, heading to check the routers lying in the corner of our living rooms to see if our personal internet was down. Some called their internet service providers, others got distracted by other digital spaces that were loading and still others waited patiently, without answers.
None of us thought about Cloudflare, a $70.13 billion company that offers cloud services for internet infrastructure, security and performance in 125 countries across the world. Cloudflare is an infrastructure-as-a-service company, one of the handful that has a large, distributed secure network (the backbone of the internet) to connect users like us to each other’s devices, and computers. It also offers fast and reliable delivery to websites and applications — from clients like Ikea, Canva, Walmart and Nike. When you open Canva, the web address in your browser goes through your internet service provider to Cloudflare’s datacentre which reroutes it to Canva, enabling you to land on their homepage.
When websites stopped loading, Cloudflare’s engineers initially suspected a Distributed Denial-of-Service (DDoS) cyberattack – where criminals use bots to flood a specific website or online service with fake requests, causing a crash. They also suspected what is called a Supply Chain Attack by the industry – a type of a cyberattack that targets an organisation by compromising a trusted third-party vendor like Cloudflare.
A quick internal investigation found out that all websites that Cloudflare serves were down. Thanks to, as the engineers found in an hour or so, a basic change in permissions that someone on the team had done. This caused a database query to give large number of duplicate entries and bloated the file size way past its expected limit, resulting in the core proxy system that handles the internet traffic, to crash.
In Cloudflare’s case, it was an internal bug, but their engineers weren’t wrong in suspecting a cyberattack first as its quite common . In October earlier this year, a security researcher Eaton Zveare exposed a security flaw at Tata Motors systems that exposed over 70 terabytes of internal data, including personal information of customers, company reports and dealer details. The reason? Someone in the company had left the AWS access keys – the master keys to their cloud storage – sitting right there in the publicly accessible source code. If he wanted, Zveare explained, he could have downloaded this data and used it to blackmail the company.
As more Indian companies move their operations to the cloud, there are new opportunities for attackers to exploit vulnerabilities in the cloud systems. India Cyber Threat Report 2025 released by Data Security Council of India (DSCI) analysed 369.01 million malware detections and concluded that supply chain attacks are one of biggest challenges facing the digital infrastructure of the country. The sheer volume of attacks is staggering: it’s roughly equal to eleven new cyber threats emerging every second in India.
Cloud consolidation makes it vulnerable
Cloud infrastructure is the backbone of the modern internet and any digital services you access in your life. They work by making a network of physical computer resources (servers, data centers, storage, etc) available on-demand over the internet. The service these companies offer are so specialised and have consolidated so much over the years that about 65% of the total worldwide cloud infrastructure depends on just three companies – Amazon Web Services, Azure by Microsoft and Google Cloud. Read that line again for effect: Sixty five percent of the world’s websites are powered by three US-based companies.
This high level of reliance on a handful of centralised cloud players creates potential points of failure in service. Even if one major cloud provider goes down, as happened with Cloudflare (about 20% of internet run on Cloudflare was down), digital spaces can become inaccessible, data can be stolen throwing a country’s banking, commerce or communication in chaos.
This cloud infrastructure forms an important of what is called the internet supply chain – which also includes subsea cables, local internet service providers as well as networking hardware and raw materials like rare earth minerals. A supply chain attack can be done at any of these points to disrupt a country or company’s digital and communication services, to steal data or to collect ransom.
This complex web of integration and global dependence on complicated supply chains is one of the top cyberthreats facing the world today, according to the Global Cybersecurity Outlook 2025 by World Economic Forum. “Supply chains are increasingly complex and there is a lack of visibility and oversight into the security levels of suppliers,” explains Jeremy Jurgens, managing director, World Economic Forum in the report.
Emerging technologies, emerging threats
A few years ago, breaches due to cloud weren’t even a categorized threat. Now, cloud and data are a prime target. The other upcoming threat in the cybersecurity space is rapid adoption of AI which is quickly is outpacing security and governance. In the last year itself, 97% of organisations have reported an AI-related security breach thanks to putting in AI systems that lacked proper access control. Most have no governance policies to manage AI or prevent shadow AI (a new threat where AI is used without employer approval or oversight).
On the other hand, easy access to LLMs has made cybercriminals more productive, shortening their learning curve and development cycles. While the protectors are trying to play catch up, the attacks have become more sophisticated, their malware harder to detect and deepfakes have become a huge issue. According to an IBM report, about 16% breaches in 2024 involved attackers using AI in phishing and deepfake attacks. “The rapid adoption of emerging technologies is also contributing to new vulnerabilities,” writes Jurgens.
Then there’s the geopolitics threat. As countries use cyber espionage as a weapon, many attacks by criminals today are to undermine a country’s stability. The India Cyber Threat Report 2025 listed that in 2024, thanks to India’s relationship with Israel, the country’s systems were attacked by pro-Palestinian hacktivist groups – with multiple DDoS attacks and data breaches. The US has already talked about China, North Korea and Russia’s attacks on its systems. Perhaps this is the reason that as geopolitical trade and relationship in the world become uncertain, countries such as India are pushing for sovereign supply chains and digital infrastructure.
In the short term, the report sees increased state-sponsored attacks, AI-powered threats and supply chain compromises as the biggest challenges. In the long term however, India’s cybersecurity can be threatened by sophisticated attacks through quantum warfare and targeting of space infrastructure.
One of the reasons every country is pushing to develop quantum technology is that this technology will render all cybersecurity and encryption useless – making it quite easy for someone to attack any point in the supply chain, steal any sensitive data and stop any digital service. We’ll need a new internet then, as someone recently told me.
