As cyber security threats are increasing across the globe, organisations are turning to artificial intelligence (AI) and generative AI (GenAI) to address the security concerns and stay ahead of cyber criminals. Pallavi Katiyar, chief information officer at Tech Mahindra talks about the company’s strategy to tackle cyber threats and the shortage of cyber skills, in an exclusive interview with Ayushman Baruah. Edited excerpts:
What are the top cyber security challenges you face at your organisation? What’s your strategy to address them?
Click here to follow our WhatsApp channel
The cyber security landscape is evolving rapidly, and the risks have been amplified further with emerging technologies like artificial intelligence (AI) and machine learning (ML). AI has enabled cyber attackers to develop more sophisticated and targeted attack deployment methods. Organisations across industries grapple with threats like ransomware, phishing, system intrusion, data breaches, mobile threats, and social engineering. At Tech Mahindra, we strongly believe in practising ‘Security by Design and Default’. This is reflected in our security architecture, tools, and controls. We have a dynamic and multi-layered strategy which involves continuous monitoring, intrusion and anomaly detection and prevention systems, threat intelligence, and other proactive cyber security approaches.
Apart from investing in cutting-edge cyber security solutions, we also focus on cyber-recovery initiatives, understanding that resilience is as crucial as prevention. Employee awareness and training are fundamental to our approach, ensuring that our first line of defence is informed and vigilant. By being proactive in the evolving threat landscape, we safeguard our digital assets and maintain trust with our stakeholders.
What new technology excites you the most? What cyber threats or developments do you fear the most?
The technology that excites me the most is AI and its transformative potential across various industries. AI’s ability to analyse data, automate processes, and enhance decision-making offers significant innovation and efficiency improvement opportunities. However, with great potential comes substantial risk. The increasing sophistication of cyber threats, especially AI-powered, is a huge concern. Threat actors are leveraging AI to automate attacks, conduct phishing and social engineering, develop malware, and perform credential stuffing, which presents a complex challenge. The use of deepfake technology to create convincing disinformation campaigns further complicates the cyber security landscape. These developments amplify the attack risk and increase the scale and sophistication of threats, posing significant risks to data security and financial stability. To dismantle these evolving threats, organisations must establish robust cyber security frameworks that include advanced threat detection and incident response mechanisms and employ the latest technologies and practices to stay ahead of adversaries.
How is your company using technologies like AI and GenAI to define a strong cyber security posture and stay ahead of cyber criminals?
At Tech Mahindra, we are leveraging AI and GenAI to build a strong cyber security defence, staying a step ahead of cyber attackers. AI’s dynamic capabilities enable us to monitor network traffic continuously, swiftly identify abnormal data access patterns, and recognise potential breaches early. We are integrating AI and GenAI capabilities in our threat detection algorithms, which are not only making our cyber security framework proactive and adaptive but also helping to reduce the workload of our SOC (Security Operations Centre) analysts, who are at risk of getting fatigued due to the ever-evolving threat landscape.
Leveraging GenAI, we enhance our cyber security measures by generating simulations of potential cyber attack strategies. This allows us to prepare and refine our defence mechanisms effectively. In embracing these technologies, we remain committed to leading cybersecurity innovation and protecting our digital ecosystem while delivering superior outcomes for our stakeholders.
Do you find a shortage in cyber security skills today in India? Are you doing anything to address this issue?
As per industry reports, one of the prominent challenges in cyber security today is the shortage of skilled professionals. To improve the security resource pool, individuals with related technological knowledge can be reskilled to become cyber security experts. For instance, cloud-proficient individuals could be reskilled to become cloud security experts. Further, enhancing diversity is vital to addressing the lack of skilled professionals. A diverse pool of candidates can result in a more extensive and skilled workforce. Finally, emphasizing communication and technical skills is also crucial to bridging the cyber security skill gap.
At Tech Mahindra, we are committed to providing our employees with ample opportunities for upskilling and reskilling to help them keep up with the latest trends in cyber security. We are also actively collaborating with universities to tap into fresh talent and foster a culture of knowledge-sharing and innovation. Our internal teams and centres of excellence testify to our dedication to creating a robust cyber security workforce.
Do you prefer to outsource your cyber-security requirements or keep it in-house?
Building security teams in-house is a great investment for an organisation’s future. It grants flexibility and privacy concerning an organisation’s cyber security posture, readiness, etc. As the threat landscape evolves rapidly, organisations must be agile in adapting security measures, addressing vulnerabilities, and developing incident response plans based on intelligence-driven prioritisation. However, running 24×7 operations to manage the entire attack surface, including endpoints, network, cloud, identity and other digital assets, requires significant investment in resources and technical expertise. The shortage of skilled security professionals adds to the list of challenges and considerations in outsourcing versus in-house cyber security decision-making.
Our preference is to have a hybrid approach between in-house and outsourced cyber security. Critical areas like cyber security strategy, policy, processes, vulnerability management etc, are entrusted to in-house practitioners. However, for some operational activities like tool management and 24×7 monitoring, we leverage our partner landscape to augment the internal cyber security team.
