Well-informed employees act as 1st line of defense against cyber threats: Cisco’s Samir Mishra

The shift to digital technologies and the increasing virtualisation of services have blurred traditional security boundaries, making organisations more vulnerable to online threats. In an interview with TechCircle, Samir Kumar Mishra, Director, Security Business, Cisco India & SAARC, underscores the need for businesses to reassess their cybersecurity strategies, adapt to the changing environment, and improve their cyber defense. He also explains how cyber security skilling can help in combating online threats. Edited experts:
 
In your view, what are the key challenges CISOs are currently grappling with when it comes to cybersecurity?

In today's digital landscape, chief information security officers (CISOs) face various complex challenges that demand a new approach to cybersecurity. The expansion of connectivity has brought unprecedented levels of risk, providing cybercriminals with more opportunities to disrupt critical infrastructure and global economies. What was once about hacking for fun has transformed into sophisticated attacks driven by financial gain, disruption and espionage. This shift has affected essential sectors like fuel pipelines, power grids, healthcare systems and the food industries.

Moreover, the volume and sophistication of cyber threats have overwhelmed CISOs, leading to a proliferation of disparate security tools that often lack integration, are overly complex, and ill-equipped to combat advanced and costly attacks originating from various sources. In addition, the shortage of skilled cybersecurity professionals makes it challenging for organisations to stay ahead of evolving threats.

To address these challenges effectively, CISOs need to transition towards security platforms rather than relying on a multitude of disjointed tools. They should also seek simplified, unified, and multi-layered security solutions, including a leading Zero-Trust framework. By adopting an 'always check, never trust' principle, businesses can help prevent or mitigate against several different types of attacks that target the cloud and network.
 
Artificial intelligence is increasingly being used in cybersecurity. How can organisations leverage AI to enhance their cybersecurity posture?

Today’s cyber-attacks are more sophisticated and relentless than ever before, making it increasingly difficult for security professionals to keep pace with the sheer volume and complexity of threats. That is where AI comes in. AI is enhancing the cybersecurity stack — from detecting anomalies in vast troves of data to coordinating fast, automated responses, thereby limiting damage if a breach actually occurs. AI-driven security solutions can analyse vast datasets in real time, identifying anomalies and potential threats faster than human operators. They can also automate threat response, reducing manual intervention and response time. Additionally, AI-powered machine learning models can continuously adapt and evolve, staying ahead of emerging threats. By integrating AI into their cybersecurity strategies, organisations can strengthen their defense and respond more effectively to evolving threats.
 
That said, AI is also leading to more cyber security risks. How do firms address that?

Responsible use of AI holds great potential for organisations to achieve accelerated productivity and smarter decision-making. However, it is crucial to recognise the risks such as, data breaches, bias and discrimination, legal infractions, and more, associated with irresponsible usage. At Cisco, we believe that defining responsible generative AI practices is paramount for organisations to reap the benefits while safeguarding security, privacy, and human rights. To establish a robust framework, organisations should begin by creating an internal policy that educates employees on the safe and responsible use of generative AI tools. This policy should emphasise the importance of avoiding the inclusion of confidential or sensitive information in AI-generated content. Employees should be encouraged to exercise caution and thoroughly review the responses generated by these tools for accuracy and potential bias.
 
What kind of cybersecurity roles are in demand today and in the near future?

Beyond the existing roles like cyber security risk analysts, cyber security analysts, and penetration testers, organisations will have a growing need for experts in emerging positions such as DevSecOps engineers, quantum cybersecurity specialists, Internet of Things (IoT) engineers, and IoT security analysts with specialisations in AI, data forensics, and wireless network security reflecting the ever-evolving nature of cybersecurity challenges. The lack of skilled professionals, coupled with an exponential increase in data breaches, has left organisations vulnerable to attacks and breaches. As businesses grow, the demand for cybersecurity talent will only continue to grow in the years to come.
 
What are your thoughts on cybersecurity skilling/reskilling, considering there is a dearth of skilled manpower in this space?

With the speed and scale of digitisation across the country, there is an increased demand for skilled cybersecurity professionals as organisations look to defend themselves against an evolving and complex threat landscape. At the technology level, organisations can adopt proactive measures and leverage advanced security solutions like Extended Detection and Response (XDR), to enhance their security posture, ensure adherence to regulatory requirements, and foster a culture of cyber resiliency. Establishing an advocacy program where security advocates monitor employees' progress in various security training initiatives and share success stories not only personalises the training experience but also empowers individuals with the knowledge gained, reinforcing its value for the entire organisation. Additionally, companies should prioritise employee cybersecurity training and awareness programs to create a security-conscious workforce. Well-informed employees can act as the first line of defense against cyber threats, reducing the likelihood of successful attacks.
 
What is Cisco doing to overcome skill shortage?

To help address the growing shortage of skilled talent, Cisco Networking Academy has trained over 1.3 million students since inception through 718 partnerships with educational institutions and partners. We offer courses in emerging technologies like networking, programming, cybersecurity, etc. Also, we have recently committed to train 500,000 people with cybersecurity skills over the next three years. In addition, under our India Cash Grant program, we have partnered with the NIIT Foundation to launch the CyberSuraksha program with a commitment to training 1 million underprivileged individuals in cybersecurity by 2025, with 100,000 trained so far.
 
How do you see the future of cybersecurity and how can organisations stay resilient in the face of evolving threats?

As the world becomes more connected, the need for security controls and alignment to compliance regulations will essentially mandate security to be the core component to any new innovation, and the users and customers of those services will demand it too. With data becoming the foundation of everything we do, organisations must embed data protection and privacy deeply into their culture and ongoing operations. As threats intensify this year and beyond, cybersecurity resilience, preparedness, and response must be at the forefront.