In today’s rapidly evolving digital landscape, cybersecurity has become a paramount concern for organizations worldwide. As cyber threats grow in complexity and frequency, India finds itself among the top five countries targeted by ransomware attacks. A recent study by FalconFeeds, titled the India Breach Report, revealed that India experienced 593 cases of cyberattacks in the first half of the year, with the education, government, and technology sectors being the primary targets. These attacks include data breaches, ransomware incidents, and sales leaks. In the same vein, Rajesh Chhabra, General Manager – India & South Asia at Acronis, recently spoke to Tech Achieve Media to provide invaluable insights into how organizations can fortify their defenses against these emerging threats. With over two decades of experience in the IT and cybersecurity sectors, Chhabra sheds light on the critical strategies necessary to protect businesses from cybercriminals. From educating employees about cyber threats to implementing a robust “defense in depth” strategy, Rajesh Chhabra emphasizes the importance of a strong foundational approach to cybersecurity.
TAM: In the wake of the evolving cybersecurity threat landscape with India being one of the top five targeted countries for ransomware, how can organisations adapt strategies to address these emerging threats?
Rajesh Chhabra: It is no surprise that India consistently ranks as one of the top countries targeted by cybercriminals. This trend, which has accelerated since the pandemic, is primarily due to the country’s still-developing cybersecurity posture. The diverse landscape in India, ranging from small and medium-sized businesses to large enterprises, includes many pockets of businesses that are well-protected with the latest cybersecurity tools. However, a significant portion of the industry still needs to make substantial progress in securing their infrastructure.
Organizations looking to address these emerging threats should start with the basics. Before investing millions of dollars in advanced security stacks, it is crucial to establish a strong foundational approach. Educating employees about cyber threats is the most fundamental aspect. Teaching them the basics of how to protect themselves and the organization is vital.
For example, emails are one of the most common threat vectors, with more than 90% of malware and ransomware originating from email attacks. Employees must be trained to recognize phishing emails and identify potentially hazardous URLs or attachments, reporting them to their security team immediately. This education should be comprehensive, covering how to prevent various cyber threats.
Other emerging threats include dynamic URLs designed to steal credentials by mimicking collaboration tools like Teams or Zoom. Employees should be made aware of these tactics and how to verify the authenticity of such links before interacting with them.
The first step in enhancing security is employee education. Once that foundation is established, organizations should implement a “defense in depth” strategy, which involves multiple layers of security. No single security solution can guarantee 100% protection. Cybersecurity is an ongoing battle between malicious actors and defenders, both of whom use AI to advance their efforts.
A practical defense-in-depth strategy includes several layers:
- Network Security: Implement firewalls to filter network traffic and prevent unauthorized access.
- Endpoint Protection: Deploy robust endpoint detection and response (EDR) solutions to quickly detect, respond to, and recover from cyber threats. EDR can help identify the source of threats and elevate threat protection levels.
- Patching Mechanism: Regularly update software to patch known vulnerabilities. Many cyberattacks exploit unpatched vulnerabilities, so timely updates are crucial.
- Multi-Factor Authentication and Zero Trust Architecture: These practices add an extra layer of security by requiring additional authentication steps and ensuring access to corporate resources is granted on a need-only basis.
Even with these measures, breaches may still occur. Organizations should therefore strengthen their incident response systems to handle breaches effectively and swiftly. Additionally, having a backup and recovery solution ensures that data can be restored quickly, minimizing downtime and enabling the organization to recover from an attack.
TAM: What are some of the key challenges organisations face today when it comes to cybersecurity solutions, and what must their approach be to manage and mitigate these issues, especially with the increasing need for cloud solutions and global accessibility?
Rajesh Chhabra: Let me answer this question by highlighting a relatable experience for all of us. We’ve witnessed the transformation of IT over the past decade, particularly before and after the pandemic. Comparing IT now to ten years ago, it’s clear how much it has simplified our lives.
A decade ago, we relied on multiple devices: cameras for photos, pagers for messages, basic phones for calls, and pen drives for data storage. Performing financial transactions often meant writing checks. Now, everything has gone digital. Today, even the smallest shopkeepers across India accept digital payments. I’ve traveled extensively and forgotten my wallet a few times, yet I encountered no issues because I had my phone. IT has truly simplified our lives.
However, for IT professionals, the situation has reversed. Ten years ago, their main responsibilities were backing up data and maintaining antivirus software. Their job was straightforward: they worked in air-conditioned server rooms, handling network storage backups and antivirus tasks.
But now, as IT simplifies the world, the job of IT professionals has become more complex. The move to cloud computing, for example, has sparked the development of a new generation of enterprises and entrepreneurs. With the shift to cloud, the demand for cloud-based applications has soared. This includes tools for customer relationship management, security, and identity and access management. Today, if you survey small and medium-sized businesses or enterprises, you’ll find they use nearly a thousand security tools alone. Add tools for identity and access management, network security, and patch management, and IT providers face a complex landscape. Unlike a decade ago, when they managed one tool, now they must manage multiple tools for different clients, each using various solutions.
The cyber threat landscape has also become more complex due to cloud adoption. With employees and customers working globally, organizations must manage a mix of on-premise and cloud-based workloads. Security extends beyond company perimeters. We work from airports, homes, and hotel lobbies, effectively making the entire world our perimeter.
This complexity creates significant challenges. The proliferation of tools for different customers has led to a sprawl that complicates security infrastructure. These tools often operate in silos, failing to communicate effectively. Additionally, the multitude of tools generates excessive alerts, overwhelming IT administrators who spend valuable time addressing them, many of which turn out to be false positives.
In summary, while IT has simplified life for end-users, it has introduced significant challenges for IT professionals who navigate this intricate landscape to keep our digital world secure.
TAM: The shift to remote work has drastically changed the cybersecurity landscape, with employees accessing company resources from various non-enterprise-grade devices and networks. How can they addressing the vulnerabilities introduced by remote work?
Rajesh Chhabra: When working from remote locations, employees primarily use a laptop or desktop computer, which essentially serves as an endpoint. The first step in securing remote work is to protect these endpoints. Solutions like endpoint detection and response (EDR) can be employed to identify and respond to threats, trace their sources, and enhance overall security posture.
Once the endpoint is secured, the next priority is to safeguard the communication between the endpoint and the corporate network. As we connect to our company’s network to access and share information, this communication must be secure, especially since our “perimeter” now extends to wherever we are working.
To secure this communication, deploying a virtual private network (VPN) is effective. In our organization, accessing the corporate network requires activating the VPN, ensuring that communication is encrypted. This is a critical first step.
Additionally, within the company network, higher levels of security are essential because of the remote nature of work. One example of enhanced security is multi-factor authentication (MFA), which requires at least two levels of verification to access corporate resources. This can be achieved using a one-time password (OTP) sent to your phone, which is common in India, or through authentication apps provided by most vendors.
Another method is single sign-on (SSO), which simplifies employee access to the corporate network while enabling centralized security management. This approach further secures communication between the endpoint and the corporate network.
Email security is also crucial, as email is the primary vector for phishing attacks and malicious URLs. Like the old postcards, anyone can send an email or attach files without control over its contents. Therefore, a robust email security solution should be implemented to protect against phishing, spam, and advanced persistent threats. This is a critical step in safeguarding remote workers.
Furthermore, as employees increasingly rely on collaboration tools like Teams, these platforms must also be secured. Encrypting communication within these tools is vital, as interactions occur over remote networks.
Finally, regular patching of endpoints is essential, along with strict password compliance. By maintaining good password hygiene, employees contribute significantly to securing their endpoints and participating in the overall effort to maintain cybersecurity.
TAM: One of the major challenges again is the sprawl of IT solutions that enterprises need to manage, often requiring significant resources. How can they streamline the management of multiple security solutions, and what impact does this consolidation have on an organization’s operational efficiency?
Rajesh Chhabra: In our previous discussion, we talked about the proliferation of tools, often referred to as the sprawl of IT solutions. This proliferation has been driven by three main factors:
- Migration of IT to the Cloud: As IT infrastructure has shifted from physical racks and hardware to the cloud, servers, containers, and platforms have migrated as well. This transition has led to the widespread adoption of SaaS-based applications, contributing to the sprawl of IT solutions.
- Evolving Role of Data: About seven to eight years ago, data was primarily used by an organization’s finance department for compliance, taxes, and salaries. However, data has now become the lifeline of any business, used as a tool to drive expansion. Companies analyze customer value and segment customers using data, which is increasingly being generated at an unprecedented rate. Studies show that the amount of data generated in 50 years up to 2020 was matched in just one year. By 2025, this data generation is expected to multiply exponentially, necessitating multiple solutions to manage it.
- Increased Complexity and Risk of Errors: As companies adopt various tools, they must train employees and IT administrators to use them, increasing complexity and the potential for errors. Multiple surveys indicate that human errors, often stemming from this tool sprawl, are responsible for many cyber threats and breaches.
Another challenge is that these solutions often operate in silos, failing to communicate with one another, which compromises security. An integrated approach, where solutions interact, is crucial for protecting IT infrastructure from cyber threats, whether it’s through backup, ransomware protection, or advanced management like patch management.
Additionally, the proliferation of solutions results in each generating its own set of alerts. Surveys by Acronis and other agencies over the past few years reveal that enterprises might use up to 50 security tools, while SMBs use 15 to 20. These tools generate numerous alerts, overwhelming technicians who must review them, consuming significant bandwidth and time, often on false positives. This challenge exemplifies the difficulties arising from the sprawl of IT solutions.
TAM: How does Acronis tailor its cybersecurity solutions to meet the specific requirements of various verticals, such as healthcare, finance, or manufacturing? Can you provide an example of how Acronis’ solutions have been customized to address the particular challenges faced by a specific industry?
Rajesh Chhabra: In healthcare, one of the most crucial aspects is regulatory compliance, particularly with the Health Insurance Portability and Accountability Act (HIPAA). Compliance with HIPAA involves ensuring data encryption, secure storage, and strict access controls.
Acronis plays a vital role in ensuring HIPAA compliance by focusing on data integrity and endpoint protection. We were pioneers in implementing blockchain-based encryption. Our unique adaptation of blockchain technology uses hash algorithms to encrypt data both at the source and at rest. These hash algorithms are stored on a public blockchain ledger, allowing for transparency and cross-verification.
During data restoration, the original and restored blockchain hashes are compared to ensure that there has been no data modification at rest or in transit. If the hashes match, we can be 100% certain that the data has not been tampered with. This method is one way Acronis ensures data integrity, which is critical for protecting patient records in the healthcare industry. Our backup and recovery solutions further ensure compliance by securely backing up these records.
Healthcare is also highly susceptible to targeted attacks. Acronis addresses this by integrating data protection, cybersecurity, and advanced endpoint management to deliver robust security. This approach helps the healthcare industry secure medical devices and endpoints against ransomware attacks.
In the finance sector, compliance and risk management are top priorities. Our solutions include comprehensive threat detection to prevent cyberattacks, strong encryption for data security, and multi-factor authentication to safeguard financial data.
In the manufacturing sector, especially for companies with multiple plants across different regions, centralized management of IT infrastructure is essential. Acronis offers a centralized platform that enables management of all geographies from a single interface. For production plants, minimizing downtime is crucial. Our advanced disaster recovery solutions allow for business continuity by converting physical images into virtual images that can be quickly deployed, ensuring operations are not disrupted.
These examples illustrate how Acronis tailors its solutions to meet the specific needs of various industries.
TAM: What are some of the major trends that are expected to transform the cybersecurity landscape in the near future?
Rajesh Chhabra: We will see an increasing use of AI and ML, and it’s not only the good actors who will use these technologies, but also the bad actors, who are already doing so. A few years ago, hacking and malware were often associated with college dropouts—genius teens creating malware for fun. However, it has now become a highly sophisticated industry.
On the dark net, there are already services like ransomware as a service, where people can buy ransomware for as little as $500 and deploy it against organizations. Unfortunately, I think this trend will continue, with ransomware as a service becoming more prevalent. Cybercriminals will keep evolving, using increasingly sophisticated techniques to infiltrate systems and encrypt data.
Another trend is the widespread adoption of IoT devices. In many households, we have devices like Alexa and CCTV surveillance systems to monitor our homes when we’re away or for elderly care. There are numerous use cases for IoT devices, and their adoption is growing globally. However, IoT devices are highly susceptible to cyber attacks because they often lack robust security features. Many times, cybersecurity software cannot be installed on them due to the absence of a physical microprocessor or memory.
I believe one of the upcoming trends will be finding ways to secure IoT devices, as they often serve as gateways for cyber breaches. Another trend is the increase in cloud security, with more cloud-native security solutions emerging as more organizations move to the cloud. With cyber threats becoming more complex, there will be a need for cloud-native cybersecurity. Amidst all these developments, one thing is certain: there will be an acute shortage of cybersecurity talent, leading to increased demand for cybersecurity professionals.