How do you see the cybersecurity threat landscape changing in 2023?
As per Splunk’s 2023 Predictions Report, Cybercrime-as-a-Service economy will accelerate the volume and effectiveness of cyberattacks and companies can expect to face an increasingly complex environment. Security conversations will start shifting and organisations will be focused on improving their cyber resilience as part of their continuous digital transformation efforts. To do so, organisations need to leverage on data-centric security solutions to stay resilient against relentless cyberattacks and ransomware.
In India, particularly finance organisations, digitally-native solution providers and government agencies with mission critical services and systems, data security will be a key tenet in building cyber resilience. Additionally, with the advent of 5G in India, organisations will be eager to expand use cases that will help improve customer experience. This in turn will open more doors to security threats and vulnerabilities. For organisations to stay ahead in 2023, business leaders need to start leveraging on analytics-driven security solutions in order to achieve cyber resilience and future-proof themselves.
What would be the major tech trends in cybersecurity this year?
Given that cyber threats will continue to grow and multiply due to the ongoing convergence of data from multiple sources, ransomware will evolve from a service to an economy. This will bring a shift in the role of CISOs as they will have to go beyond their traditional job scope and take on more responsibilities to mitigate and address the growing number and effectiveness of cyber-attacks. Automation will also be a critical tool to fight the growing cyber-crimes as it reduces mundane work for security teams to keep up with the ever-expanding attack surface. Additionally, automation will help platforms and businesses grow to be more intuitive as it detects the problem faster and orchestrates the best response minimising errors and miscommunication. On a positive note, security is a data problem whereby the cyberattacks can be overcome by introducing the necessary security and observability tools to keep bad actors at bay as businesses continue to innovate.
You spoke about risks for financial services companies. Could you elaborate on what their primary and secondary concerns are presently?
One of the trends that we are seeing across financial services, not just in India, is the need to have coverage for what the industry has called “insider threats”. So, it’s actually the threats that exist within an enterprise. It could be users, it could be system administrators, it could be the data owners.
Cybercrime is up by 500 per cent and there’s an emerging industry where the threat actors are offering their services to commit cybercrime for a range of motivations. It could be to steal credentials, or to extort money through ransomware campaigns. And the other trend that we’ve been seeing is the ability to commit fraud. So, if you think about banking and finance and online and e-commerce providers, the critical assets that they provide or they hold, the data that they hold is people’s private information.
The greatest threat to us all is the leakage of PII data, whether it’s being held by banks, or by the telecommunication sector or by governments. And the importance of actually keeping the data secure at all times under all conditions must be a common priority.
Currently, we are all anticipating a recession. Against this backdrop, have your hiring plans changed or has your India approach changed a bit? How does it work out for Splunk over the next year?
We continue to look at India as a high potential growth market. We are always on the lookout for how we can expand in an economic fashion throughout any market. But with regards to India, because of the size of geography, different industry verticals – an organisation like Splunk can potentially address the issues. For us, being partner-friendly and partner-led is that scaling mechanism. We are still fairly bullish around the fact that there are needs and gaps within organisations tied to cybersecurity.
After the draft law becomes legislation in India, there will probably be another investment cycle around compliance, looking at the current operations and how to actually leverage the assets that have been procured, whether it’s Splunk in the Security Operations center, or whether it’s other technologies.
For our Splunk cloud offering in India, just like our other instances across other parts of Asia and the world, we have planned functional uplifts and upgrades in terms of new capabilities that we believe will open up new segments of revenue for our India business.