While the perks that the work-from-home culture has to offer is undeniable, the cybersecurity challenges that it brings along with it is immense. The large-scale adoption of digitisation that organisations have embraced during the COVID-19 pandemic has brought the focus on cybersecurity like never before. Not only were enterprises in a vulnerable position due to lack of enough measures to ensure a strong cybersecurity framework, but several Indian organisations were at the receiving end of ransomware attacks that led losses worth millions. In an interview with Dataquest, Saket Bajoria, vice president, product management and customer success, Americas, Lucideus talks about how the scenario has changed for the cybersecurity industry pots-pandemic, the need for organisations to measure cyber risk, and the company’s newly launched solution “SAFE” helps companies asses cyber risk in real-time.
DQ: With a large number of organisations accelerating their DX journey, how has the scenario changed for the cybersecurity industry?
Saket Bajoria: India is today at the helm of digital transformation. Every business irrespective of scale or industry is using technology as a key differentiator and is focusing on DevOps and agile projects to improve Go-To market speed, but more often do not consider security as a priority. The pandemic has further accelerated the pace of digitisation and has forced businesses to re-imagine their priorities. This has left multiple doors open for hackers, and we have seen the multiple hacks that have happened only during this period. For example, Indian organisations were worst hit by ransomware attacks among all Asia Pacific (APAC) nations during the pandemic, and globally, India Inc stood second when it came to ransom pay-outs and more than a third paid between $1 million — $2.5 million to hackers for such cyberattacks, according to the 2020 Global Cyber Security Attitude Survey.
Businesses need to start thinking of security by design, and not as an afterthought.
DQ: What are some of the challenges that the cybersecurity industry is facing at present?
Saket Bajoria: According to a Global Cybersecurity 2020 Forecast,” by Canalys, cybersecurity spending across the globe is estimated to grow between 2.5% ($43.1 billion) and 5.6% ($41.9 billion) in 2020, depending on the economic impact. Yet, businesses do not objectively know “How secure they are” or “If they can get hacked in the next 12 months”.
The cybersecurity industry has always followed point-in-time subjective analysis of risk posture. The technology forming the backbone of cybersecurity is becoming more advanced, yet we do not show any significant victory over cybercriminals who continue to exploit the basics of security alongside newer, more sophisticated ones. Any organisation, irrespective of their cybersecurity maturity should be assessing the cyber risk posture across people, processes and technology, thereby assess their enterprise-wide cybersecurity and be able to answer:
Are they secure?
If yes, how secure?
There is still a clear lack of an enterprise-wide, hybrid, objective, real-time and unified platform which helps businesses know their real cyber-risk posture consistently and eventually be able to manage risk better.
DQ: Why is it important for organisations to measure cyber risk?
Saket Bajoria: Traditional methods of evaluating cyber risk are certainly limited in their capabilities and this is easily proven by the multitude of breaches businesses were a victim of, across the globe. The 2020 Q3 Data Breach QuickView Report revealed that the number of records exposed in 2020 has increased to 36 billion globally. The report stated that there were 2,953 publicly reported breaches in the first three quarters of 2020 itself! 2020 is already named the “worst year on record” by the end of Q2 in terms of the total number of records exposed. With the growing sophistication of cyber-attacks and global damages related to cybercrime reaching $6 trillion by 2021, we need a solution which simplifies cybersecurity.
The advantage of basing cybersecurity decisions after measuring your risk objectively and reviewing information using a real-time, enterprise-wide and consistent metric is that it will enable your board, customers and security teams to understand the siloed technicalities of cybersecurity, thereby, bringing everyone to the same page in conversations surrounding cybersecurity.
DQ: Tell us about your product SAFE? How is the platform using AI and ML?
Saket Bajoria: SAFE is a pioneer in the “Cybersecurity and Digital Business Risk Quantification” (CRQ) space and allows an organization to measure and mitigate its cyber risk in real-time. It allows an organization to get an Enterprise-Wide, Objective, Consistent & Real-Time Visibility of it’s overall Cyber Risk Posture that can be decomposed into 5 vectors: people, cybersecurity policies, technology (On-Prem and Cloud), third parties and cybersecurity products.
SAFE uses a Supervised Machine Learning engine to give an output both in the form of a Breach Likelihood Score (between 0-5) and the dollar value Risk, the organization currently faces, along with providing prioritized actionable insights based on technical cybersecurity signals, external threat intelligence, and business context of what and where are the “weakest links” across people, process and technology. The scores are calculated both at a macro and micro level and can also be measured for particular Lines of Business (LoB) / Crown Jewels / Departments.
DQ: What is your product roadmap and strategy?
Saket Bajoria: The mission of the company is to make our SAFE Score the Global De-facto Industry Standard to Measure and Mitigate Cyber Risks, by 2023. Today, SAFE is being used by multiple Fortune 500 companies to understand their risk posture in real-time and take data-driven and informed business decisions when it comes to cybersecurity.
We believe that the impact of our product is similar to when the first SIEM or the first firewall came to the market. There is no direct competition with the product and its breadth of features across the globe. It’s not a new product in a known category, we have invented a new category of cybersecurity altogether.
We also recently forayed into the Mobile space with the launch of, first of its kind, zero permission application “SAFE Me” which aims to re-engineer cyber consciousness amongst individuals or employees. For the first time, employees/individuals now have the access to know how they can keep themselves secure while using the popular applications on the Internet, their exposure on the deep and dark web, and the status of their devices in terms of security. SAFE Me is a one stop solution for the security needs of an individual.
From a strategic roadmap perspective, we want to build a best-in-class enterprise grade product which not only changes the way organizations look at cyber risk, but also provides prioritized actionable insights that will help the security and risk management teams improve the organization’s cyber risk posture. To do this, we will be laser focused on multiple things such as our product interaction strategy, listen to the market and enhance our feature sets and more importantly, bring organizations a true sense of security.