Interaction - Nandakishore Harikumar, Founder, Technisanct

Nandakishore Harikumar, Founder and CEO, Technisanct talks about the use of AI and Big Data analysis in cybercesurity techs.

How are big data and AI used in digital risk management and mitigation?

Harikumar - In cyber security you have to process a huge amount of data sets. It can be anything from network traffic, logs, data dumps. Faster processing of this data could gather you insights that could either prevent a data breach or really identify the potential possibilities of future attacks. Also processing this data and further analysis could get you deeper insight of a threat actor and indicators of compromises. Manually processing this data would take a lot of time and by the time we process it there are high possibilities that we may not be able to mitigate the risk.

Many cybercrimes actually take place not through hacks but by the cybercriminal convincing the potential victim that they are a useful business for them and hence, they should pay them money for their products and services. Since the victim authorises the financial transfer, this transfer can't be reversed and the victim loses the money. What do you have to say about this?

Harikumar - In most cases the victims fall for these through a social engineering based attack. To be more specific the attacker or a cyber criminal approaching a victim would have some basic details of the victim from a Social Media platform or from a further data breach. They would use this to convince the victim either to send money or to click a link or make them install an app.

The government of India has launched a recent programme where victims can complain and get money back from banks. Also there are provisions to get back the money from banks after making a complaint. Usually this is a huge loss for banks and investment of this is assumed as cyber security loss.

 What are the security companies doing to check this phenomenon? 

Harikumar - Threat intelligence plays a major role in identifying the potential possibilities of fraud. Threat intelligence can come through two approaches. One, the conventional threat intelligences gathered from server logs,security operation centres and even firewall logs after analysing that. Apart from this non conventional threat intelligence from Open, Deep and Darkweb is gaining a lot of popularity in recent times which helps CISO’s,CIO’s and even Executive boards to have a clear picture on the potential attack vectors and even happenings in hackers chat groups to identify future threat and mitigate it.

Cybercriminals are always a step ahead of the security techs and evolve ever newer forms of stealing data. How can the cybersecurity companies check this? 

Harikumar - It's always the issue. Defenders can only plan until and unless they identify a bad guy’s innovation happening on the other side. Very advanced business ecosystems are faster to launch bug bounty programs etc with which they could get community support. But still we are unable to fight issues like ransomware. Cyber Security companies are putting immense effort to understand these aspects through multiple approaches that would help businesses fight these issues. This is one reason why many organisations need to purchase many cyber security products both big and small, even the same services. Most of them don’t want to take a risk.

There are many number of cybersecurity companies in the market. How can an organisation know what checkpoints to look for while adopting one of them? 

Harikumar - Cyber security is a vast industry. An organisation cannot fight cyber warfare with just one product. It's a combination of both big and small products. It could be a combination of products and services from established as well as start-up companies. Even if a product or service is just triggering some small alerts that could be big for an organisation. In most cases organisations need to understand their needs as well as the value proposition created by the start-ups.