Safety Detectives interviewed Dhruv Khanna, CEO and Co-founder at Data Resolve Technologies, a company helping over 200 clients across 20+ industries with an all-in-one solution for Data Protection, Employee Monitoring, User Behavior Analytics.
Dhruv shared his perspective on the current and future trends in the cybersecurity industry from his 20+ years of experience in Enterprise Security and Privacy Service Industry (and before joining Data Resolve he was associated with IBM for six years as India-South Asia Service Line Leader for security and privacy services)
How did you get into cybersecurity, and what’s your role now in your company?
My journey into the world of cybersecurity began with a passion for technology and a keen interest in safeguarding digital environments. Early on, I recognized the critical importance of protecting sensitive information in an increasingly connected world. This drove me to delve deep into the field of cybersecurity, where I honed my skills in threat detection, risk assessment, and data protection.
At Data Resolve Technologies, I wear multiple hats. As the CEO and Co-founder, I’m responsible for overseeing the overall strategic direction of the company. This involves setting the vision, defining goals, and ensuring that our team is aligned towards achieving them. Additionally, I’m deeply involved in marketing and sales efforts, leveraging my experience to drive growth and establish meaningful connections with clients.
Throughout my career, I’m proud to have received recognition for our contributions to the cybersecurity landscape. Our team’s efforts have resulted in measurable improvements in threat detection and response times for our clients, leading to enhanced overall security postures. These achievements serve as a testament to our commitment to providing effective and robust cybersecurity solutions in an ever-evolving digital landscape.
What are the most underrated cybersecurity threats businesses face today?
One of the most underrated cybersecurity threats businesses face today is social engineering attacks. These manipulative tactics target human psychology rather than exploiting technical vulnerabilities. Phishing, for example, uses deceptive emails or messages to trick employees into revealing sensitive information or clicking on malicious links.
Another underestimated threat is insider threats, which can be perpetrated by employees, contractors, or even partners with legitimate access to an organization’s systems. These individuals may intentionally or unintentionally compromise security, either through negligence or malicious intent. Additionally, supply chain attacks pose a significant risk.
Hackers may exploit vulnerabilities in third-party vendors to gain access to a target organization’s network. These threats often go under the radar, as businesses tend to focus more on traditional cybersecurity measures like firewalls and antivirus software, but it’s crucial for businesses to invest in comprehensive training and robust security protocols to combat these less conspicuous but equally dangerous threats.
Common mistakes in dealing with these threats include inadequate vetting of third parties, neglecting employee training, and failing to monitor network traffic effectively. To prevent them, businesses should invest in robust cybersecurity practices, including comprehensive employee education and threat intelligence services.
Then there are common vulnerabilities faced by businesses, which often involve outdated software, weak or reused passwords, and inadequate patch management. These vulnerabilities persist regardless of being well-known, because of a lack of awareness, limited resources, or a failure to prioritize cybersecurity. Companies should address these issues by regularly updating and patching systems, enforcing strong password policies, and allocating sufficient resources to cybersecurity efforts.
And what do you see coming in the future?
In the future, several cybersecurity trends are poised to become more dangerous or common due to the rapid evolution of technology.
One of the foremost concerns is the rise of sophisticated phishing attacks. As attackers become more adept at impersonating trusted entities, individuals and organizations alike will face an increased risk of falling victim to these deceptive tactics. Additionally, ransomware attacks are likely to become even more prevalent and destructive. With advancements in encryption techniques and decentralized cryptocurrencies, attackers will have more tools at their disposal to extort their victims. Furthermore, as the Internet of Things (IoT) continues to proliferate, the vulnerability of interconnected devices will present a growing threat, potentially leading to large-scale security breaches and data leaks.
In terms of technologies, artificial intelligence (AI) and machine learning will play a pivotal role, both for cybersecurity and as potential vectors for attacks. AI-powered tools can enhance threat detection and response capabilities, but they can also be used to craft more sophisticated attacks. Quantum computing is another technology on the horizon that could revolutionize encryption standards. While this holds great promise for securing communications, it also poses a significant challenge as current cryptographic methods may become obsolete.
To adapt to these emerging trends, it is crucial to implement a multi-layered approach to cybersecurity. This involves a combination of robust perimeter defenses, endpoint protection, user education, and proactive monitoring. Additionally, data loss prevention (DLP) solutions will play a critical role in safeguarding sensitive information. DLP tools help monitor and control data transfers within an organization, ensuring that confidential data doesn’t inadvertently leak or get into the wrong hands. By implementing DLP measures, we can help mitigate the risks associated with evolving cyber threats and protect our clients’ most valuable assets.
One current problem is the skills gap in cybersecurity. What’s your take on that?
The skills gap in cybersecurity is undeniably a real and pressing issue. As technology advances at an unprecedented rate, the demand for cybersecurity professionals has skyrocketed, outpacing the supply of adequately trained experts. This gap is exacerbated by the evolving nature of cyber threats, which require a constant influx of new skills and knowledge to effectively combat. The situation is further complicated by the fact that the traditional education system often struggles to keep pace with the rapidly changing landscape of cybersecurity.
There are several reasons contributing to the skills gap:
- the field of cybersecurity is highly specialized, and it requires a combination of theoretical knowledge and practical skills that can be difficult to acquire through conventional education alone.
- The ever-evolving nature of cyber threats means that professionals must commit to continuous learning and adaptability, which can be challenging to maintain.
To address the cybersecurity skills gap, there needs to be a multi-faceted approach. This includes fostering partnerships between educational institutions and industry players to ensure that the curriculum is relevant and up-to-date. Additionally, providing accessible and affordable training opportunities, such as online courses and certifications, can help bridge the gap. OpenAI, for instance, is working on creating educational resources and platforms to support individuals looking to enter the field of cybersecurity.
For aspiring professionals, this situation presents both challenges and opportunities. While the skills gap may make it harder to enter the field, it also means that there is a high demand for qualified individuals. Therefore, those who are committed to continuous learning and staying updated with the latest developments in cybersecurity will find ample opportunities to thrive in this dynamic and crucial industry.
What’s your point of view on the current state of cybersecurity awareness?
From my perspective, the current state of cybersecurity awareness is a mixed bag. On one hand, there has been a significant increase in awareness due to high-profile cyberattacks and breaches that have made headlines in recent years. This has prompted individuals and organizations to take cybersecurity more seriously. However, there is still a gap in understanding the depth and complexity of modern cyber threats. Many people and even some businesses may not fully appreciate the evolving tactics employed by cybercriminals, such as sophisticated phishing techniques, ransomware attacks, and social engineering schemes.
Education and training should be prioritized at all levels, from individual users to large enterprises. Regular workshops, seminars, and awareness campaigns can help demystify cybersecurity concepts and empower individuals to take proactive measures to protect their digital presence.
Regarding the balance between proactive and reactive measures, it’s clear that a proactive approach is the most effective way to safeguard against cyber threats. Preventing breaches before they occur is more cost-effective and less disruptive than responding to an incident after the fact. However, it’s also important to have a well-defined incident response plan in place, as no system
Your advice to someone wishing to start a career in cybersecurity?
Starting a career in cybersecurity can be both rewarding and challenging. Here’s some advice to help you navigate this field.
I still see too many people focusing too much on theoretical knowledge without practical experience. In hindsight, I would have pursued hands-on experience and personal projects earlier in my career. Practical skills, such as setting up a home lab, experimenting with vulnerable systems, and participating in Capture The Flag (CTF) competitions, are invaluable. Another mistake is underestimating the importance of communication skills. Cybersecurity professionals need to convey complex technical information to non-technical stakeholders effectively. In hindsight, I would have worked on improving my communication skills from the start.
Most In-Demand Jobs: Cybersecurity is a dynamic field with numerous job opportunities. Roles like Security Analyst, Penetration Tester, Incident Responder, and Security Engineer are in high demand. As technology evolves, positions related to Cloud Security, IoT Security, and DevSecOps are also expected to grow.
As for resources and Learning, start with foundational knowledge by pursuing certifications like CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and Certified Information Security Manager (CISM). Online platforms like Coursera, edX, and Cybrary offer courses on various cybersecurity topics.
Always keep in mind that cybersecurity is a constantly changing field. To stay relevant, continuously expand your knowledge and skills. Join cybersecurity communities, participate in CTFs, attend conferences, and consider advanced certifications like Offensive Security Certified Professional (OSCP) or Certified Information Systems Security Professional (CISSP). Never stop learning. Also, keep up with industry news through blogs, podcasts, and conferences. Experiment with open-source tools and build a personal portfolio of projects.
There are also some common myths in the cybersecurity field that I want to address here.
One includes the belief that you must be a coding genius or have a specific background to succeed. In reality, people from various educational and professional backgrounds can thrive in cybersecurity. Another misconception is that cybersecurity is all about hacking. While penetration testing is a part of it, the field encompasses a wide range of responsibilities, including risk assessment, compliance, and incident response. Finally, job security in cybersecurity is not absolute. It depends on your skills and the evolving threat landscape, so continuous learning is key.
Starting a career in cybersecurity is exciting and offers ample opportunities for growth. Be prepared to adapt, learn continuously, and embrace a dynamic and rewarding journey in this ever-evolving field.