Gen AI To Be The Frontline Of Defense Against Cyber Threats For Organization
Holding an MBA in Law & Finance from University of New England, Kartik boasts of over 27 years of experience in the areas of CRM, Go-to-market Strategy, Data Center, Management, and Account Management. He joined Tenable three years ago, prior to which he has successfully handled key positions across numerous companies such as Dell EMC, IBM, McAfee India, Net Magic Solutions, and Xerox. In a recent conversation with Siliconindia, Kartik Shahani, Country Manager, Tenable India shared his insights on various aspects pertaining to the current cybersecurity landscape globally.
Share your thoughts on the current cybersecurity landscape in India.
The pervasive reliance on digital infrastructure by businesses has significantly expanded the attack surface. This surge in cyber threats has prompted a notable shift in organizational attitudes towards cybersecurity. While it was considered a mere compliance norm just a few years ago, today, an increasing number of organizations are recognizing the critical importance of cybersecurity. As the frequency of cyber-attacks continues to rise, there is a growing demand for cybersecurity solutions that assist organizations in comprehensively assessing their entire attack surface and allow them to prioritize risk management and remediation efforts.
This shift reflects a proactive approach to cybersecurity, acknowledging the need for robust defenses in the face of an increasingly complex and sophisticated threat landscape. While the widespread use of LLMs has changed the way individuals and organizations interact with generative AI, there will be an increase in attacks against AI platforms that will far exceed our understanding and ability to protect them. This will result in data leaks, data poisoning and cyber physical effects.
Throw some light on some of the ways in which cybercriminals are utilizing the ongoing global economic and geopolitical crisis to their advantage.
The current global economic uncertainty has spurred the evolution of cyber criminal activities, particularly in the realm of ransomware. RaaS operators are employing tactics that blur traditional distinctions in capabilities and now exhibit shifts based on political allegiances and geopolitics. During periods of geopolitical crisis, attacks on critical infrastructure such as financial systems and healthcare also intensify. The inevitability of a major cyber-attack posing a potential threat to financial stability underscores the immediate need for making cybersecurity the priority for organizations world wide and take the necessary proactive cybersecurity measures.
How are modern day technologies enabling countries to ensure data security and achieve rapid economic growth in tough crisis situations?
As the attack surface expands, organizations need a faster way to analyze large numbers of assets, vulnerabilities, threats and other datasets to quickly identify where risks exist within their systems and provide context that is otherwise difficult to take into account. Generative AI tools are considered a lifesaver in this regard, wherein they can take-in many other large data sets of information about the assets and quickly provide crucial context. Bringing that level of content and relationship immediately to a security professional’s view enables organizations to quickly decide where to focus and prioritize patching these key systems to mitigate the most amount of overall business risk.
Public-private collaboration can provide stakeholders with a comprehensive understanding of the threat landscape. Such collaborations play a crucial role in identifying potential threats, devising effective risk management strategies, and taking necessary actions to mitigate risks. Such partnerships help governments and private entities to prioritize preventive security.
How can the government encourage the safe usage of AI and ChatGPT in matters related to data privacy and cybersecurity?
It will be a collective effort to try to combat the misinformation and disinformation that will arise out of Generative AI-driven content, as each group brings their own expertise and knowledge to the table. With that knowledge, technology and policy-making decisions can be combined to create consequences for those engaging in the development of AI-generated content for malicious purposes. For now, it remains a cat-&-mouse game, and even with the advancement in detection technologies and policy creation, the game will continue. Thus, public awareness campaigns and community-driven tools such as content reporting can augment these efforts.
What does the year 2024 hold for cybersecurity landscape in India?
Over the last year, executives have come to understand that security must be a key objective in the delivery and deployment of applications - rather than something that is added on as applications move into production. In response, we’ll see more cloud architects that are responsible for the security of their applications. At the same time, solutions originally designed for security practitioners will provide increasing value for developers, so they are able to continuously improve the security of their applications without slowing down development.
Additionally, as attackers fully understand the magnitude of damage that can be inflicted on OT- dependent businesses especially in the manufacturing industry, they will increasingly go after these lucrative targets - mainly with ransomware attacks. However, that is not the only motivation. OT targets also provide threat actors with brand awareness and publicity, as these attacks tend to be high-profile. Hacktivist groups in particular will target factory farming and energy producers in line with their ideology, for maximum exposure and notoriety for their causes.
Share your thoughts on the current cybersecurity landscape in India.
The pervasive reliance on digital infrastructure by businesses has significantly expanded the attack surface. This surge in cyber threats has prompted a notable shift in organizational attitudes towards cybersecurity. While it was considered a mere compliance norm just a few years ago, today, an increasing number of organizations are recognizing the critical importance of cybersecurity. As the frequency of cyber-attacks continues to rise, there is a growing demand for cybersecurity solutions that assist organizations in comprehensively assessing their entire attack surface and allow them to prioritize risk management and remediation efforts.
This shift reflects a proactive approach to cybersecurity, acknowledging the need for robust defenses in the face of an increasingly complex and sophisticated threat landscape. While the widespread use of LLMs has changed the way individuals and organizations interact with generative AI, there will be an increase in attacks against AI platforms that will far exceed our understanding and ability to protect them. This will result in data leaks, data poisoning and cyber physical effects.
Throw some light on some of the ways in which cybercriminals are utilizing the ongoing global economic and geopolitical crisis to their advantage.
The current global economic uncertainty has spurred the evolution of cyber criminal activities, particularly in the realm of ransomware. RaaS operators are employing tactics that blur traditional distinctions in capabilities and now exhibit shifts based on political allegiances and geopolitics. During periods of geopolitical crisis, attacks on critical infrastructure such as financial systems and healthcare also intensify. The inevitability of a major cyber-attack posing a potential threat to financial stability underscores the immediate need for making cybersecurity the priority for organizations world wide and take the necessary proactive cybersecurity measures.
Generative AI tools are considered a lifesaver in this regard, wherein they can take-in many other large data sets of information about the assets & quickly provide crucial context
How are modern day technologies enabling countries to ensure data security and achieve rapid economic growth in tough crisis situations?
As the attack surface expands, organizations need a faster way to analyze large numbers of assets, vulnerabilities, threats and other datasets to quickly identify where risks exist within their systems and provide context that is otherwise difficult to take into account. Generative AI tools are considered a lifesaver in this regard, wherein they can take-in many other large data sets of information about the assets and quickly provide crucial context. Bringing that level of content and relationship immediately to a security professional’s view enables organizations to quickly decide where to focus and prioritize patching these key systems to mitigate the most amount of overall business risk.
Public-private collaboration can provide stakeholders with a comprehensive understanding of the threat landscape. Such collaborations play a crucial role in identifying potential threats, devising effective risk management strategies, and taking necessary actions to mitigate risks. Such partnerships help governments and private entities to prioritize preventive security.
How can the government encourage the safe usage of AI and ChatGPT in matters related to data privacy and cybersecurity?
It will be a collective effort to try to combat the misinformation and disinformation that will arise out of Generative AI-driven content, as each group brings their own expertise and knowledge to the table. With that knowledge, technology and policy-making decisions can be combined to create consequences for those engaging in the development of AI-generated content for malicious purposes. For now, it remains a cat-&-mouse game, and even with the advancement in detection technologies and policy creation, the game will continue. Thus, public awareness campaigns and community-driven tools such as content reporting can augment these efforts.
What does the year 2024 hold for cybersecurity landscape in India?
Over the last year, executives have come to understand that security must be a key objective in the delivery and deployment of applications - rather than something that is added on as applications move into production. In response, we’ll see more cloud architects that are responsible for the security of their applications. At the same time, solutions originally designed for security practitioners will provide increasing value for developers, so they are able to continuously improve the security of their applications without slowing down development.
Additionally, as attackers fully understand the magnitude of damage that can be inflicted on OT- dependent businesses especially in the manufacturing industry, they will increasingly go after these lucrative targets - mainly with ransomware attacks. However, that is not the only motivation. OT targets also provide threat actors with brand awareness and publicity, as these attacks tend to be high-profile. Hacktivist groups in particular will target factory farming and energy producers in line with their ideology, for maximum exposure and notoriety for their causes.