AiThority Interview with Gaurav Banga, CEO and Founder at Balbix
Hi Gaurav, please tell us how cybersecurity trends are evolving and what it holds for 2021?
Cybersecurity trends are evolving at an increased rate due to 2020’s disruptions. We have seen an increase in the number of breaches, new attack techniques, and a sharp distinction in how different companies handle attacks. The gap between cybersecurity-mature organizations and security unready organizations will widen significantly and become a major competitive advantage factor in 2021. We can expect a “Great InfoSec Divide” between cybersecurity-mature organizations and security unready organizations. The Great InfoSec Divide will slow innovation, as startups and smaller, faster innovating companies will struggle to gain customer trust. We will see the reemergence of the phrase “No one ever got fired from hiring Microsoft” (for cybersecurity reasons).
COVID-19 crisis has allowed ransomware and phishing artists to exploit the situation. What kind of cybersecurity techniques should companies invest in to predict and thwart such attacks?
There are three key steps for defeating ransomware:
– Proactive and comprehensive vulnerability management. With legacy tools, this can be difficult. With new AI-powered vulnerability management tools, e.g., Balbix, risk-based and continuous attack surface discovery and analysis is quite straightforward to implement.
– Implement least privilege as much as possible, including two-factor authentication for apps and services, privilege access management, network-level segmentation, and adaptive trust.
– Make sure your managed, user self-managed, and third-party managed systems all have secure backups. And test your restores from backups to make sure they work.
What according to you would improve threat intelligence in 2021?
Make sure your threat intelligence includes threat types besides just CVEs. Additionally, all organizations must have risk dashboards that incorporate information about vulnerabilities, threats, asset exposure, compensating controls and asset criticality in the specific context of the organization’s asset inventory. This is actionable information that cyber-defenders can prioritize and use to protect against threats.
Where is AI and Blockchain in Cybersecurity heading to? What are your views on the role of Cloud Security applications that are available in the market?
AI is increasingly useful in extracting risk insights from the IT and cybersecurity telemetry data that organizations collect daily. Cloud computing is the most convenient architecture to deliver these AI-powered capabilities to customers, and cloud computing is also one of the critical pieces of infrastructure that needs to be secured.
For example, this year Balbix developed AI-powered risk models for performing asset criticality analysis, incorporating data from on-prem and cloud-based IT systems, network traffic, and human input all delivered via a Cloud-based architecture.
Hear it from the pro: The use of IoT gadgets seem to have opened up new surface attack points for con artists. What types of attacks do IoT devices usually witness?
The top IoT attack vectors involve sloppy access control, unpatched vulnerable (or even obsolete) versions of critical software components, and unencrypted communications.
IoT attacks are particularly problematic for critical infrastructure organizations (connected industrial controllers), but can also be a ticking time bomb for everyone with any type of smart devices in their homes and offices. In the upcoming months, we can expect to see IoT ransomware, which will shut off your smart equipment, and ask for a ransom. Over time, we expect this to become a common denial-of-service type attack much like the pesky phishing messages that some of us see on our smartphones everyday.
Hiring trends in the cybersecurity space that you are keenly following:
There is an increasing need for people with DevSecOps experience, as well as cloud and automation. There is currently a shortage of professionals with data science and cybersecurity backgrounds and not enough qualified CISOs. Many organizations have to settle on less-than-ideal candidates for their CISO role, who might be strong on tactical skills but not experienced in devising cyber strategy that is aligned with business needs or ready to lead significant change in their organization’s cybersecurity culture.
Key developments in your areas of interest that you are most excited about:
Key developments in techniques that allow complex AI algorithms to explain how they reached a conclusion.
Tag a person from the industry whose answers you would like to see here:
Ed Amoroso at TAG Cyber.
Thank you, Gaurav! That was fun and we hope to see you back on AiThority.com soon.
Gaurav Banga, CEO and founder at Balbix
Balbix is the world’s first cybersecurity platform to leverage specialized AI to provide real-time visibility into an organization’s breach risk. The Balbix system predicts where and how breaches are likely to happen, prescribes prioritized mitigating actions, and enables workflows to address the underlying security issues.
Balbix enables CISOs and CIOs to transform their organization’s cybersecurity posture, reducing cyber risk by 95% or more, while making security teams 10 times more efficient. Balbix counts many global 1000 companies among its rapidly growing customer base and was named a “Cool Vendor” by Gartner in 2018