Cybersecurity, which used to be a niche area years back, is now of critical importance today. With technological advancement and data abundance, we are getting susceptible to data breach and cybersecurity threats, says Rakesh Kharwal, Managing Director, Cyberbit, India/South Asia & ASEAN. In this interview with Jyoti Bhagat of Elets News Network, Kharwal talks about Cyberbit and the significance of investing in cybersecurity modules.
Q: Tell us something about your journey in the cybersecurity domain.
I have spent around 25 years in the IT industry, all across hardware, software, consulting, etc. In the last 15 years, I have been in the cybersecurity space. I have been with Microsoft for about five years looking after their cybersecurity outreach. I was one of the members behind building the CSO forum of Microsoft. At that time it was a very niche concept. After that, I moved to McAfee, which deals with cybersecurity solutions and served there for more than eight years. I have also worked for more than a year in IBM where I was heading their cybersecurity space. Now I have completed a month in Cyberbit so I am fairly new to this organisation.
Q: That is quite a career graph! What motivated you to join Cyberbit?
Cyberbit, headquartered in Israel, is a company which is a subsidiary of a defence manufacturer. Elbit Systems is the parent company of Cyberbit. Elbit is known for simulation and technology. We do a lot of business globally and in India as well. Cyberbit provides cyber range simulation platform and provides detection, response, automation, and orchestration products across IT and OT networks.
Unlike Elbit, which focuses on Israel, the vision for Cyberbit was completely global. There are offices across the world, in Europe, China, India, etc. In India, the Cyberbit branch opened about a year ago and I would like to call It Cyberbit 1.0. I must say we have tasted success with at least three to four clients for each of our products or services. Hence the management has also decided to invest in India as it is a growing market. That is when I was approached, around three to four months back with the opportunity to set up the business in India and take it forward.
Q: What are your plans for Cyberbit?
We have very aggressive plans for 2019. We want to increase our customer base. We are approaching some of the major prospective clients such as State Bank of India, which is revamping their cybersecurity system, Government of Maharashtra Cyber Cell to name a few. At present, the market is very receptive about cyber range. In the coming months, we want to build a large team. We have got more than 20 people in our team now. We are going to build our global tech support and professional support organisation to India. For the Asia Pacific region, India is going to be the headquarters.
Q: Tell us more about the core products of Cyberbit.
At present, we have got four products. Cyber range is our flagship product. This refers to the range of possible threats you are exposed to, and how you can secure your system against it. Cyberbit has created a simulated platform where you can replicate the organisation’s infrastructure and play around. Along with that, we provide hands-on training on exercising cybersecurity. These are the services included in the cyber range product.
Apart from the cyber range, we work on Endpoint Detection and Response (EDR) space. There is a lot of competition there, unlike range, which is our brainchild. EDR is something which acts as the last resort to detect a threat, something a regular antivirus or an anti-phishing tool cannot detect. We do not play in the traditional EDR space. We play in the advanced sophisticated networks such as the defence organisations like the banks in India. While every other system works on the cloud, we work on the air gap network scenario.
Next is the SOAR network, which stands for Security Orchestration Automation and Response. This platform also brings automation of the regular and manual steps that one takes. Any repeatable or manual action has to be automated and orchestrated for a better response time. SOAR network offers this platform. This is something every SOC organisation is utilising.
The fourth product is the Operational Technology (OT) network security to protect the SCADA or ICS network. Cyber infrastructure is the most critical aspect today. The future of warfare is in this medium. Hence a lot of investment is made in OT network security now.
Q: What are the major challenges in the cybersecurity space today?
One of the challenges is the efficacy of technology. Today, technologies are developed rapidly and they are not devoid of loopholes. Once you discover the technique to alleviate that, someone comes up with a new way to bypass that. This is like a vicious circle. For example, when sandboxing technology came up around five-six years back, everyone thought it was the silver bowl. But within three months people figured out how to bypass it. So every time we are looking for a silver bowl but unfortunately, there is no silver bowl today in cybersecurity.
Another big challenge is time, which is very critical. Earlier the pace was slow to diagnose a breach of security and come up with remedial action. But today, time is the essence. If there is a security breach today, the next morning it will be all over the media and the CEO has to come up with a statement and owe the accountability. So the speed of detection and response time is super critical today.
The third challenge is the massive shortage of trained cybersecurity professionals today. A report by Data Security Council of India (DSCI) states that by 2025, there is going to be a shortage of a million cybersecurity professionals in India. I believe that Indian cybersecurity professionals are not equipped with enough skills. They are learning on the job from each breach.
Q: How do you plan to address these challenges?
I try to look for opportunity in each of these challenges. I take it as a CSR initiative to deploy the cyber ranges across organisations from different sectors. India could be a global hub to train cybersecurity professionals across the world. To me, that is the most exciting part. I believe in the next 12 to 18 months, the game is going to change.
I offer the cyber range platform and someone has to create the content. There is a massive opportunity in state governments, banks, universities, defence organisations, etc. Several engineering colleges have started courses on cybersecurity but the curriculum isn’t strong enough. There is not much scope to acquire skills through the bookish knowledge they transfer. The technologies change in three months and the theories hardly come handy in real life. Today we need people who have worked on multiple vectors of threats in real time.