Mitish Chitnavis, CTO, iValue InfoSolutions, talks about his experience in the cybersecurity industry and how the cybersecurity landscape has evolve in 2024.
Enterprise Times: How are cyber threats evolving in 2024, and what makes them more complex than traditional vulnerabilities?
Mitish Chitnavis: In 2024, the cybersecurity landscape is poised for increased complexity, with cyber threats expanding beyond traditional vulnerabilities. A YouGov India survey reveals that 54% of urban Indians face scams weekly, highlighting a growing need for vigilance. The proliferation of IoT devices, expected to surpass 29 billion by 2030, brings an uptick in related cyber threats, emphasizing the necessity of robust security protocols.
Ransomware 2.0 introduces a dual threat as cybercriminals exfiltrate sensitive information, impacting 73% of medium to large-sized organizations in 2023. AI and machine learning, while employed for defensive strategies, are also exploited by cybercriminals. Closer collaboration between CISOs and CEOs, along with a consolidated security vendor strategy, is paramount in optimizing security budgets.
The surge in remote work infrastructure prompts concerns about vulnerabilities in remote access technologies. A proactive approach is crucial, involving robust authentication protocols and ongoing cybersecurity training. Malware attacks on IoT and OT devices have surged 400%, demanding advanced security measures.
Passwordless authentication, mainly through biometrics, is expected to be widespread in 2024. However, organizations still grapple with entrenched practices, necessitating a concerted effort to embrace innovative strategies and foster a culture of continuous adaptation in cybersecurity.
Enterprise Times: What strategies can be implemented to shift the cybersecurity discussion from a reactive stance to a more proactive and strategic one at the board and business leader level?
Mitish Chitnavis: A concerning 77% of organizations face repeated cyberattacks, highlighting a significant gap in cybersecurity alignment between leaders and security teams. Recent data underscores the disconnect in priorities, leaving organizations vulnerable in an increasingly risky threat landscape. Boards often address cybersecurity reactively after major incidents, while CISOs operate in perpetual crisis mode without proactive strategic support from the top.
Forward-thinking security leaders offer crucial insights that could enhance vigilant governance. Understanding the CISO perspective is vital for boards to enable proactive security measures and bridge the prevailing gap in cyber vigilance.
We recognize the urgency and emphasize that companies must move beyond a reactive and siloed security approach. As risks multiply, better alignment between leadership and CISOs becomes imperative. Boards, by embracing the CISO viewpoint, can foster a cultural shift and resilient planning in the face of modern threats.
Enterprise Times: While AI is being used for defensive cybersecurity, how are cybercriminals exploiting AI and machine learning, and what risks does this pose?
Mitish Chitnavis: While defensive cybersecurity strategies increasingly rely on AI and machine learning, cybercriminals also exploit these technologies. With an anticipated annual growth of over 35% by 2030, Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) need to embrace AI to improve efficiency across various departments and fortify defense and offense strategies.
Organizations are currently utilizing AI to identify high-risk data, monitor potential insider threat activities, detect unauthorized usage, and enforce data handling policies. AI is expected to play a pivotal role in initiatives such as Data Loss Prevention (DLP) and Insider Risk Management (IRM) in the coming year. It will be crucial in identifying risky activities and promptly alerting IT teams, empowering them to analyze movements and proactively address cybersecurity issues.
Enterprise Times: The data indicates that 58% of malware attack victims are SMBs. What challenges do SMBs face in implementing and enforcing essential security measures? How can awareness about the importance of password and multi-factor authentication policies be increased among SMBs?
Mitish Chitnavis: SMBs commonly underestimate the cybersecurity risks they face. A significant 33% of cybersecurity breaches involve SMBs, and with 52% of them falling victim to at least one cyberattack last year, the call for robust security measures is evident.
SMBs are frequent targets despite their size, underscoring the necessity for strong security solutions. PacketLabs’ Global Cybersecurity Stats reveal striking figures: 58% of malware attack victims belong to the SMB category, and nearly 70% of these businesses lack password or multi-factor authentication policies. Shockingly, over half of small-to-midsize companies reportedly shut down within six months of a successful cyberattack.
Considering these risks, SMBs should explore the option of implementing a physical security key. This proactive step can play a crucial role in safeguarding critical business assets, particularly against prevalent cyber threats like phishing.
Opting for user-friendly solutions that provide advanced, phishing-resistant multi-factor authentication is crucial. Additionally, ensuring wide-ranging protocol support for seamless integration with various systems is imperative. The emphasis should be on robust security without compromising usability or complicating the user experience.
Enterprise Times: In the face of rising cyber threats, marked by increased complexity and frequency, how is iValue actively working to bridge the skill gap in cybersecurity and meet the heightened demand for proficient professionals in the field?
Mitish Chitnavis: The surge in both the complexity and frequency of cyberattacks has led to an unprecedented demand for skilled cybersecurity professionals.
As of May 2023, the Indian cybersecurity sector displayed around 40,000 job opportunities. However, a substantial 30% skills gap underscores the pressing need for proficient professionals.
The question arises: Are we adequately equipped to navigate this complexity?
In a proactive response, iAcademy, an initiative by the iValue group, is addressing this critical skills gap by investing in structured training programs for both novice and experienced employees. Tailored courses provide practical training, preparing individuals to tackle real-world cyber challenges. Learners benefit from the expertise of seasoned cyber professionals, engaging with course material aligned with current and emerging cybersecurity trends. The initiative also extends dedicated support for job placement and career advancement in the cybersecurity field.
In the contemporary landscape, organizations seek a workforce that possesses technical proficiency and excels in anticipating and countering emerging threats. iAcademy stands as a pivotal platform, shaping cybersecurity professionals capable of safeguarding data and ensuring the digital economy’s future resilience.
