In a recent interaction with Express Computer, Zubair Chowgale, Lead of the Engineering Division APMEA, Securonix, sheds light on the evolving cybersecurity landscape, particularly the growing insider threat challenge. Chowgale discusses how Securonix is equipping organisations, both large enterprises and SMBs, to tackle these threats through their cutting-edge User and Entity Behaviour Analytics (UEBA) and AI-powered tools. He highlights the widening skills gap as a major contributor to cyberattacks, the rise of sophisticated AI-enabled threats like phishing, and the significance of compliance with emerging regulations. Chowgale emphasises the role of AI in shaping the future of cybersecurity, as organisations leverage its potential to detect and mitigate threats autonomously while addressing the unique challenges faced in India’s dynamic market.
The 2024 Insider Threat Report indicates a rise in insider threat activity, but only a small percentage of organisations have fully operational threat management programs. How is Securonix equipping organisations to detect and address insider threats effectively?
Securonix began as a UEBA company, so user behaviour analytics is at the core of our platform. We offer a built-in UEBA solution within our SIEM, providing a single platform to detect both insider and cyber threats. Additionally, we offer value-added services because, as you’ve noted, many organisations lack the expertise or capabilities to effectively implement insider threat programs. We not only provide the necessary tools but also advisory services to help organisations mature their insider threat management. This includes addressing threats like stolen credentials or malicious insiders attempting to steal data.
So do you cater to both large enterprises and SMBs?
Yes, we do. In fact, our go-to-market strategy targets both enterprises and SMBs. SMBs are an important part of our business because they often struggle with budget, personnel, and resources. We support them, both directly and through our partners, by providing the necessary tools, knowledge, and expertise to help them strengthen their security posture. While large enterprises can typically afford more, we focus on serving both segments effectively. SMBs, in particular, have tighter budgets compared to enterprises.
What are the primary differences in cybersecurity challenges and approaches between SMBs and enterprises, and how do these differences influence their respective security infrastructure and investment strategies?
The primary difference between SMBs and enterprises in terms of cybersecurity challenges lies in their capacity to hire talent. SMBs often struggle to attract skilled cybersecurity professionals, so they tend to outsource to specialised cybersecurity providers. In contrast, enterprises usually have in-house expertise and more robust security infrastructures.
SMBs generally start with basic security measures but need external help to mature their cybersecurity practices. Enterprises, on the other hand, invest significantly and follow a defined path to cybersecurity maturity, leveraging their technical know-how.
In recent years, cybersecurity has become a critical issue at the board level, especially after high-profile breaches involving not just enterprises but also software vendors and technology players. CISOs are under more pressure due to increasing regulatory requirements. Boards now recognise that the cost of a breach far outweighs the investment in cybersecurity tools, leading to more serious budget considerations for security measures. While progress has been made, there is still work to be done to ensure CISOs are empowered to drive these discussions effectively at the board level. The cybersecurity landscape has evolved dramatically over the last decade, with threats becoming more sophisticated over time.
Do you believe that one of the primary reasons for cyber attacks or phishing attacks is the skills gap present in various organisations?
Yes, the skills gap is definitely one of the primary reasons for cyber and phishing attacks. Even though tools are effective, they require skilled people to manage them. The rapidly evolving technology landscape also plays a role. We’ve moved from IT to OT, IoT, and now AI, which has transformed not only technology but also cybersecurity. While AI has brought significant advancements across sectors like healthcare, banking, and tech, it’s also being exploited by bad actors to launch phishing campaigns, build ransomware, and create deepfakes. This makes it increasingly difficult for organisations to keep up with these evolving threats.
Since you brought up AI, how is AI being used to enhance cybersecurity?
Starting in 2024 and beyond, as a cybersecurity player, we’ve recognised both the positive and negative impacts of AI. While organisations are adopting AI to enhance operations, attackers are also leveraging AI to cause harm. To combat this, we’ve integrated AI into our platform, launching a suite of capabilities called Securonics Eon. These tools are designed to improve insider threat detection, reduce response times for SOC teams, and enhance threat hunting through AI.
By automating threat detection and response, we aim to minimise the need for manual intervention where possible. For instance, our Investigate Rx offering helps speed up the investigation process by quickly analysing global threat information—something that would be challenging for a human to do efficiently. This is just one example of how we are using AI to bolster cybersecurity, with many more capabilities in development.
In the future, if similar threats arise, will you be able to auto detect and auto resolve them, ensuring that once a threat is addressed, it won’t reoccur?
While it’s impossible to guarantee that a threat will never reoccur—since a different attacker might use the same techniques—we can ensure that similar threats will be effectively stopped. Our platform constantly learns from user behaviour, system performance, and network patterns, adding to its intelligence. It’s a self-learning system that uses data from previous incidents and analyst inputs to respond faster. The goal is to react quickly, whether through investigation or blocking the threat. So, we leverage past learnings to develop autonomous actions that prevent similar threats from causing damage again.
According to you, what makes India a lucrative market for cyberattacks?
India’s economy has been a remarkable growth story in recent years, attracting many technology players due to its sheer volume, scale, and complexity. However, this also makes the threat landscape more challenging. Over the past year, we’ve seen numerous breaches across various sectors—healthcare, government, enterprises, financial services, and even crypto exchanges. For instance, just one department can hold millions of records, making it a gold mine for attackers. Cybercriminals recognise the economic potential here, which is why India is a prime target. At Securonics, India is our fastest-growing region, and we’re actively helping organisations across sectors improve their cybersecurity posture. This market is crucial for us.
What current trends are you observing in terms of emerging attack methods, and how are you leveraging these insights to mitigate such threats?
Surprisingly, traditional tactics like phishing and ransomware still remain prevalent, and we believe they will continue to be. The key difference now is how they’re executed, especially with AI playing a significant role. In the past, phishing emails might have contained small errors, but now, with machines crafting them, the margin of error is nearly nonexistent, making it much harder to detect. Phishing continues to be a major attack vector, and ransomware, particularly ransomware-as-a-service, has become a big business.
Quantum cybersecurity has also emerged as a significant concern globally. Securonix participated in the World Economic Forum, where this was highlighted as a key area of concern in cybersecurity. To mitigate these threats, we’re constantly innovating, especially using AI within our platform. We have content that helps organisations stay updated on defences against phishing and ransomware. Our Threat Labs team provides intelligence to our customers, adding value beyond just being a tool—we aim to be an advisor to our clients.
In terms of compliance, new regulations like DPDP and CBA’s requirement for SOCs are key trends. Organisations are incorporating AI for risk mitigation, and it’s essential to source AI capabilities carefully, whether in-house or from third parties. The integrity of the data feeding AI is crucial, as threats like data poisoning or LLM injections are real risks. Protecting infrastructure where AI operates, monitoring the threat landscape, and using AI-driven tools to safeguard IT, OT, and IoT environments are vital steps. My advice to CISOs is to embrace AI, but ensure proper protections are in place for data, applications, and infrastructure, using AI as an enabler for security.