Navigating the Cybersecurity Landscape: Kiran Vangaveti, Founder & CEO, BluSapphire

In an exclusive interview with Dataquest, Kiran Vangaveti, Founder and CEO of BluSapphire shares invaluable insights about cybersecurity culture and the challenges faced by businesses in the current cybersecurity landscape. As businesses grapple with sophisticated cyber threats, including the recent high-profile data breach such as the Aadhaar details leak affecting over 80 crore Indian citizens, Kiran shared about the challenges and strategic initiatives for a safer digital ecosystem in this interview.

Excerpts

DQ: In your opinion, what are the biggest cybersecurity challenges faced by businesses today and how can organizations foster a cybersecurity culture?

Kiran Vangaveti: Cyber threats are becoming more sophisticated, with attackers using advanced techniques such as AI and machine learning to bypass traditional security measures. Every incremental breakthrough in AI has had an exponential impact on cybersecurity more from the offense and less from the defense side. If I were to pick the top 3, then they would be (i) ransomware and phishing attacks, (ii) insider threats, and (iii) supply chain attacks. All of these attacks are being amplified using AI and ML advances.

Now the question arises, how do organizations protect themselves against these threats? Regular training and awareness programs help employees stay alert and help organizations defend themselves against ransomware and phishing attacks.

Businesses should integrate cybersecurity into all business processes; they should ensure that cybersecurity is a consideration in all business decisions and is integrated into the lifecycle of all projects.

Businesses should also conduct regular audits to assess the effectiveness of current security measures and identify areas for improvement.

DQ: With the integration of AI and IoT, what new cybersecurity challenges do you foresee? And how can organizations balance the benefits of emerging technologies with the associated security risks?

Kiran Vangaveti: Any business decision comes with its share of risk. The key is to find ways to properly identify the risk and reduce the risk to an acceptable level; this will help organizations.

With IOT and AI at the forefront, the attack surface increases, the security architecture becomes complicated, and data privacy concerns emerge for multiple verticals.

To balance benefits with security, businesses should adopt or perform:

• Robust security protocols
• Data privacy measures: GDPR, DPDP
• Regular security audits and updates
• Employee training and awareness
• A multi-layered security approach
• Incident response

DQ: Recently, we witnessed the biggest data breach where the Aadhar details of over 80 crore Indians were leaked. So, what role do you think the government should play in shaping cybersecurity policies and regulations?

Kiran Vangaveti: The Aadhaar data breach, impacting a vast number of Indian citizens, highlights the critical need for robust cybersecurity policies and regulations, especially at the government level. The government plays a pivotal role in shaping these policies and regulations. Here are key areas where government involvement is crucial:

• Implementing regular audits and compliance checks to ensure organizations adhere to established cybersecurity standards.
• It is fostering collaboration between government agencies and private sector companies, especially in critical infrastructure sectors, to share knowledge, resources, and best practices. Right now, there is no requirement for government agencies to declare any breach. This needs to change.
• Conducting national awareness campaigns to educate the public about cybersecurity risks and safe online practices and integrating cybersecurity education into the curriculum at various educational levels to build a skilled workforce.
• Implementing strong data privacy laws that protect individuals' personal data and imposing penalties for mishandling or unauthorized access. Law is nothing without proper implementation.

DQ: How can organizations benefit from threat intelligence, and what challenges are faced during its effective implementation?

Kiran Vangaveti: Threat intelligence allows organizations to anticipate and prepare for potential cyber threats before they impact the business. This proactive approach is crucial in mitigating risks. By understanding the nature and origin of threats, organizations can make more informed decisions about where to allocate resources and how to prioritize security efforts.

Being less susceptible to attacks and having robust security practices can be a competitive differentiator, especially in sectors where data security is paramount.

There, however, are challenges in effective threat intelligence implementation.

Not all threat intelligence is created equal. The challenge lies in ensuring that the intelligence is accurate, relevant, and actionable. Additionally, the sheer volume and complexity of threat data can be overwhelming. Organizations may struggle to filter out the noise and focus on the intelligence that is relevant to them.

Integrating threat intelligence into existing security systems and workflows can be technically challenging, requiring both expertise and resources.

There may be a shortage of skilled personnel. Analyzing and applying threat intelligence effectively requires skilled cybersecurity personnel, who are often in short supply.

DQ: How would you describe the current state of cybersecurity awareness among individuals and organizations? And what are some of the key strategic initiatives that BluSapphire is currently focusing on?

Kiran Vangaveti: The state of cybersecurity awareness among individuals and organizations has been steadily improving, but there still exist significant gaps and challenges. High-profile cyber attacks have raised public and corporate awareness about the importance of cybersecurity.

While large organizations often have dedicated resources for cybersecurity, small and medium-sized enterprises (SMEs) may not have the same level of awareness or resources. On an individual level, there is still a general lack of understanding about good cybersecurity practices. Phishing and social engineering attacks remain effective, indicating a need for greater awareness. Organizations and individuals are becoming more aware of the evolving nature of cyber threats, but the pace of adaptation varies. The shift to remote work has highlighted the importance of cybersecurity at the individual level, including the need for secure home networks and practices.

BluSapphire's Strategic Initiatives

As for BluSapphire, we typically focus on several key strategic initiatives:

• Advanced Threat Detection: Developing and enhancing solutions that use AI and machine learning to detect and respond to sophisticated cyber threats more efficiently.
• Cloud Security: Focusing on securing cloud environments, given the massive shift of data and applications to the cloud.
• We are focusing on automating more security tasks to improve response times and reduce the workload on security teams.
• Parallelly, we are investing in R&D to stay ahead of emerging threats and technological advancements.