Navigating the future of cybersecurity in India : Insights From Kaspersky’s Leadership

1. Career Journey with Kaspersky: Can you share your journey with Kaspersky so far and what inspired you to take on the role of General Manager for the India region?

I have been with Kaspersky for over one and a half years now, and it has been a great learning experience for me. I have been in the IT industry for nearly 25 years now. I have worked in various strategic roles in IT sales, business development and telecom. Cybersecurity is growing in importance with the increasing complexity of cyberthreats. This segment in India offers unique challenges that I looked forward to managing. That is why I joined Kaspersky. Now I am tasked with spearheading Kaspersky’s growth in India and enhance its presence in the market. We want to create awareness about the constantly evolving threat landscape and the importance of effectively navigating the complex issues around cybersecurity. We want to ensure that individuals and businesses alike have access to robust protection against every kind of digital threat. 

2. Cybersecurity Landscape in India: How do you see the current cybersecurity landscape in India, and what are the biggest challenges and opportunities facing businesses in the region?

Today both consumers and the corporate sector are highly susceptible to cyberattacks because of the increased use of the digital platform and mobile devices for every activity. The threat landscape in India is evolving at a rapid pace. In fact, over 11 million internet-borne threats were detected and blocked by Kaspersky products for computer users in India between July to September 2024, data from Kaspersky Security Network (KSN) reveals. Social engineering also continues to be a major problem for both the consumer and corporate segments. Moreover, cybercriminals continue to exploit vulnerabilities in mobile phones to obtain private data, which poses a major threat for users. In internet-borne threat, file-less malware continues to be the most dangerous form. This is because it is tough to detect, as its malicious code uses registry or WMI subscriptions for persistence, leaving no single object for static analysis on the disk. 

In such a scenario, awareness about cyber threats and attacks is very important, followed by the use of powerful security tools to safeguard the systems. It is a challenge, especially in the SMB and consumer segments, since they do not have a very evolved cybersecurity strategy. This also provides a big business opportunity for us, as we continue to focus on providing the right solutions to our users to make them secure and immune to major cyberattacks. 

3. Kaspersky’s Role in India: Kaspersky has a strong global presence. How does Kaspersky’s approach to cybersecurity differ in the Indian market compared to other regions?

India is a major market for the company because of its expanding digital landscape and its associated cyberthreats. For us customer satisfaction and protection of their data and privacy are of prime importance. While the enterprise segment has similar requirement like any other large global organisation, the Indian SMB and the consumer segments have very unique needs. 

So, we have solutions created to meet those cybersecurity requirements. We are looking to help our customers pre-empt and prevent cyberattacks rather than just protect against them. That is why we are talking about solutions like Kaspersky Threat Intelligence service and Kaspersky Industrial Cybersecurity solutions to our customers in India. Our marketing strategy is in line with the solutions we have. 

For the B2C segment, we are focused on interesting partnerships with personalities that the users can relate to. For instance, we partnered with Mumbai Indians, the popular cricket team to create awareness about cyber security in the personal space. For the B2B segment, our marketing strategy involves working with the customers to understand their specific requirements and help them take a cyber immune strategy rather than just preventive measures against cyber threats. Our business is

growing, and this success is a testament to the power of effective strategy and teamwork that are driving our company forward. We are continuing our commitment to technology excellence to meet our customers’ needs and exceed their expectations.

4. Innovations in Cybersecurity: Can you tell us about any new innovations or product developments from Kaspersky that are specifically geared towards addressing the unique security concerns of Indian enterprises?

Amid the constantly evolving cyberthreat landscape, it is vital for companies to have a comprehensive cybersecurity solution they can trust and rely on for effective protection. We have seen that many organisations find it tough to deploy the right security tools that can help to detect and prevent advanced threats on time. This is what we are constantly addressing and continuously developing solutions to meet all the cybersecurity requirements of businesses, helping them build up reliable cybersecurity frameworks. In fact, we have recently launched Kaspersky Next. It is a new line of cybersecurity products that includes robust endpoint protection powered by AI capabilities and goes beyond the classic EPP (Endpoint Protection Platform). The new solutions bring together EDR (Endpoint Detection & Rescue) and XDR (Extended Detection and Rescue) for corporate customers of any size and industry. 

These advanced and effective cybersecurity solutions help companies to withstand the more prevalent, evasive, and sophisticated attacks, providing businesses with total visibility, control, rapid response and proactive threat hunting. To make it easy for smaller organisations also to adopt Kaspersky Next, we have made it deployment-agnostic that allows for both cloud and on-premise installations. Companies can manage it either through a streamlined console to perform core cybersecurity tasks quickly, or via an enterprise-grade console with more granular controls and advanced monitoring.

The new product line helps companies build crucial cybersecurity functions, to provide robust protection against multiple types of threats that business face the most, such as ransomware, malware and data breaches, and avoid infrastructure penetration through business email compromise, supply chain attacks, exploits and other vulnerabilities.

5. Cybersecurity Awareness and Education: With the growing number of cyber threats, what initiatives is Kaspersky taking to raise awareness and educate businesses and consumers about the importance of cybersecurity in India?

Security awareness is an important part of a corporate cyber resilience strategy, yet a large percentage of CISOs are not satisfied with the current state of affairs. Our research shows that despite spending a considerable amount on upskilling their cybersecurity teams, most organisations are not satisfied with the cybersecurity training they receive. That is why Kaspersky has developed a comprehensive suite of training programmes to train technical and non-technical staff within an organisation on various aspects of cyber security. 

We have Kaspersky Expert training for various levels of cyber security professionals and help them upgrade their skillsets in various aspects of cybersecurity. The programmes cover digital forensics, malware analysis, and incident response. Not just this, we also have cyber training for business leaders within an organisation to foster strong cyber security culture in their workplace. The online training programme aims to raise awareness about the modern cybersecurity threat landscape and introduce the executives to the proper use of cybersecurity skills, as successful cyberattacks and breaches lead to major disruptions in a company’s IT infrastructure. 

6. Challenges in the Indian Market: What are some of the challenges you’ve encountered while leading Kaspersky in India, and how are you addressing these challenges?

As India embraces rapid digitisation, the businesses, and government sectors are reaping substantial benefits. However, this digital revolution has brought forth significant cybersecurity challenges at the same time. While large businesses are more ready to boost their cybersecurity infrastructure, it is the SMB sector that needs handholding and awareness. They understand threats like phishing, but most are still under a false sense of security that they are safe from more malicious attacks like ransomware. Most, especially in the SMB segment. still do not think that ransomware is a menace to their businesses. The challenge is to change their mindset towards such cyber dangers. Indian companies will continue to be under threat from ransomware in 2024 as ransomware has evolved from version to 2.0 to version 3.0. This presents an opportunity for us. We are focused on enabling the companies in their fight against ransomware and other cyberthreats. 

Another challenge is the lack of trained infosec resources. Our survey found that 48% of companies require over half a year to find a qualified cybersecurity professional.  We plan to promote our cyber security training and education services to the corporate segment in effort to address this challenge.

7. Partnerships and Collaborations: Can you share any recent partnerships or collaborations that Kaspersky India has formed to strengthen its foothold in the region?

We have been strengthening our presence through partnerships in two key areas. First is our channel presence by tying up with Savex Technologies, one of the leading B2B IT distributors in the country. our full business solution portfolio enables Savex Technologies to offer organisations top-tier security solutions to safeguard their businesses against emerging, unfamiliar, and elusive threats while maintaining resource efficiency. This partnership aims to strengthen our B2B, Managed Services Provider (MSP) and Managed Security Services Partner (MSSP) business in the market.

In order to boost the numbers of next generation of infosec professionals in India, we collaborated with major engineering colleges and universities in India. We signed MoU with IIT Bombay and Manipal Institute of Technology – MAHE to train and develop next generation of security professionals through knowledge exchange, expertise sharing and development of cybersecurity course modules. This initiative is expected to increase and strengthen the talent pool for the growing cybersecurity industry in India.

8. Cybersecurity for SMEs: How is Kaspersky helping small and medium enterprises (SMEs) in India, which may not have the same resources as large organizations, to defend themselves against sophisticated cyber threats?

Malware attacks, phishing and scam threats pose a significant risk to SMBs, with cybercriminals adeptly tricking employees into divulging confidential information. These employees often fall victim to financial scams like fake banking, delivery, and credit service pages designed to deceive unsuspecting individuals. Moreover, we have found that cybercrooks often infiltrate employees’ smartphones, referred to as “smishing” – a clever combination of SMS and phishing, and fool them into divulging sensitive information. In such a scenario, professional security solutions and services are essential for businesses of every size, including SMBs. Our Kaspersky Next is a range of next-generation AI-driven cybersecurity solutions that can be customised to meet the specific needs of small and medium businesses. 

We offer subscription-based solutions that offer comprehensive endpoint protection to our customers. The Kaspersky Next EDR Foundations offers multi-layered coverage for small business’ entire IT system with comprehensive endpoint protection against a multitude of attack vectors including file-less threats, exploits, and rootkits. While Kaspersky Next EDR Optimum safeguards both financial assets and reputation by protecting core operations and enabling future enhancements. The ideal solution for the evolving security needs of any business.

9. Impact of Digital Transformation: As more Indian businesses undergo digital transformation, how is Kaspersky ensuring that they have the right tools and solutions to safeguard their digital assets?

Cybersecurity should be a key consideration when an organisation is drawing up its digital transformation strategy. Kaspersky offers Indian businesses scalable cybersecurity solutions that can scaled up as the business grows and their endpoints increase. We ensure that our services are always available to our customers, and we detect and neutralise every kind of cyberthreat regardless of their purpose and origin. This ensures that our customers’ assets are protected and safe from intrusion at all times through their digital transformation. We offer comprehensive set of tools, solutions and trainings to ensure that the companies remain resilient against cyberthreats. 

10. Kaspersky’s Growth Strategy: What is your growth strategy for Kaspersky in India over the next few years, and how do you plan to expand the company’s market share in this region?

There are few key things we want to highlight as a cyber security brand. First is the ease of use and the broad-spectrum of solutions that we are bringing to both our B2B and B2C customers. We also plan to strengthen our presence in the country through industry events, awareness programmes and innovative solution launches. 

We would also like to work around the key issue of cyber immunity rather than just cyber security. Additionally, we would like to bring in an open, transparent system to the cyber security user and other stakeholder community; towards this Kaspersky has put its Global Transparency Initiative (GTI) in place. Our transparency centres are part of our GTI and recently we launched our fourth facility in the APAC region. The latest centre, which is in Seoul, South Korea, is a further reinforcement of our commitment to building a more accountable cybersecurity ecosystem.

As an organisation, we constantly challenge ourselves to develop smart solutions that pre-empt a threat rather than just secure a technology setup or system. We regularly assess our technologies’ efficiency in measurable independent tests and assessments to control its quality against modern threats.

11. Trends in Cybersecurity: What are some of the emerging trends in cybersecurity that Indian businesses should be aware of, and how is Kaspersky positioned to tackle these trends?

Kaspersky foresees an uptick in cyber threats in the country in 2024, driven by rapid digitalisation. Phishing, scams, data breaches, and malware attacks are expected to persist, targeting organisations and individuals. Ransomware and Advanced Persistent Threats (APTs), particularly cyber espionage will remain prevalent in the region especially targeting government agencies and large enterprises, financial organisations and critical infrastructures. India will also continue to face a multitude of low-skill, high-scale scams, including illegal loan apps, income tax refund services, and investment fraud, amidst its digital transformation. Social engineering like phishing, baiting, and pretexting will continue to be a prevalent mode of cyberattack on consumers. This has become even more dangerous with the use of AI. 

Also, with the increasing use of AI, mobile devices and IoT enabled, B2C consumers are vulnerable to cyberattacks. IoT devices like smart watches, smart home appliances, voice assistants, smart switches, and fitness trackers leave users exposed to threats. These additional devices change the dynamics and size of what is sometimes called the cyber-attack surface – that is, the number of potential entry points for malicious actors. 

Since the hybrid work culture has become a norm, it poses a cyber security threat to the users’ devices as they use their personal devices to log in both for work and for personal use. Without a comprehensive cyber security solution to protect their connected devices, users are left vulnerable to cyberattacks. 

Another trend that leaves consumers vulnerable to cyber threats is the use of cloud for personal and work-from-home use. The widespread adoption of remote working increased the necessity for cloud-based services and infrastructure drastically, with major security implications. Cloud services offer a range of benefits, but they are also prime targets for attackers. Misconfigured cloud settings are a significant cause of data breaches and unauthorised access, insecure interfaces, and account hijacking.

Kaspersky is adapting to these trends by continually innovating our product offerings, enhancing mobile security features, and investing in AI and machine learning technologies to improve threat detection and response. Additionally, we are committed to educating consumers about cybersecurity best practices through our awareness campaigns and training programmes.

12. Customer-Centric Solutions: Kaspersky has always been known for its customer-centric approach. Can you elaborate on how Kaspersky in India tailors its solutions to meet the specific needs of its clients?

Building and maintaining trust is paramount for Kaspersky. We achieve this by consistently delivering reliable and effective security solutions, ensuring transparency in our operations, and adhering to the highest standards of data protection and privacy. Cybersecurity is a very dynamic industry and our technologies undergo comprehensive audits and are certified in accordance with the most respected global standards to ensure robust security for our customers. 

Improving customer support and experience is a continuous priority for Kaspersky. We have enhanced our support channels to provide timely and effective assistance to our customers, including 24/7 support through various platforms. Our user-friendly interfaces and intuitive product designs ensure that consumers can easily navigate and utilise our solutions. Additionally, we regularly update our products based on user feedback to enhance functionality and address emerging cybersecurity challenges.

13. Future Vision: Where do you see Kaspersky’s India operations in the next five years, and how do you plan to drive the company’s vision forward in this rapidly evolving cybersecurity space?

India is one of Kaspersky’s priority markets in the region, and the cybersecurity ecosystem is maturing significantly. Kaspersky has shown a steady growth in the market with its leading products and services. In 2023, leading organisations and even government agencies in the country faced major cyberthreats and attacks. These incidents brought to the fore the importance of having a strong cybersecurity infrastructure. This is where our expertise and solutions come in. We will continue to push EDR solutions like Kaspersky Endpoint Detection and Response to detect complex threats, investigate incidents, and effectively remediate problems. We have garnered major recognitions in the modern endpoint security with Kaspersky Endpoint Security for Business.  

In 2024, our two focus products are Kaspersky Threat Intelligence and Kaspersky Industrial Cyber Security (KICS). Through these we hope to enable organisations adopt a more evolved and preventive cybersecurity measures. This will take forward our vision of delivering cyber immunity to people and organisations. 

14. Leadership Approach: As a leader in the cybersecurity space, how do you manage and inspire your team to stay ahead of the ever-changing landscape of threats and security needs?

As a team leader managing the growth in a major market like India, it is important that the team is up-to-date with the solutions that we are offering to our customers across segments in India. I ensure that my team is aware of the latest threat landscape, so that they can help our customers adopt the right cybersecurity approach. It is part of my role to ensure that the whole team is on the same page when working towards charting the India growth story. 

15. Advice to Business Leaders: What advice would you give to business leaders in India to ensure they stay protected against the growing risks of cyberattacks?

There are few key things that we advise CISOs and security personnel within an organisation. The main thing is to educate staff about cyber security. For all businesses, making sure that staff are aware of the importance of cyber security is essential. We help the CISOs provide regular, updated cyber security training so that employees are aware to avoid phishing attempts and disclosing sensitive information. Regular user training, education and awareness helps to reduce the likelihood of social engineering attempts targeted at an organisation.

Besides training, we advise businesses to encrypt and back up their data. In the event of a cyberattack, it is important to keep data backed up to prevent serious downtime, loss of data and subsequently financial loss. Ransomware attacks wreak havoc and even backup software could be attacked which could then corrupt the backup files, even with robust security measures in place. Encrypting data will help keep all sensitive information out of the reach of cybercriminals. 

Conducting regular audits is also an important aspect of maintaining a robust cybersecurity setup. It is important to review the cybersecurity policies and regularly check software, systems, and servers to ensure your business is fully secured. Access backed-up files and download them on regular intervals to see how the recovery process will work for your business. Identify potential vulnerabilities, devise ways to overcome them and confirm whether the backed-up files have been corrupted in any way.

We noted that insider data breaches are quite prevalent and we advise our customers to create a comprehensive data use policy that is clear for all to use and put access restrictions in place.  Also, in order to minimise the risk of getting hacked, we advise restricting admin rights to a selected number of staff and granting access for in-need basis. User access control means limiting regular users’ execution permissions and enforcing the principle of least privilege needed to fulfil necessary tasks. One of the risks for businesses is having employees install software on business-owned devices that could compromise the systems. Preventing staff from installing or even accessing certain data on organisation network is beneficial to ensure security.

NaOther measures that we often recommend for businesses include installing a robust firewall, keeping all software and operating systems up-to-date, practicing a strong password policy and ensuring robust endpoint protection.