As cyber threats grow alongside the expansion of digital payments and AI, businesses face increasing pressure to enhance their cybersecurity frameworks. Despite technological advancements, many organisations still struggle with securing sensitive data and responding swiftly to cyberattacks.
“AI is a powerful tool to fill the talent gap in cybersecurity, but it also introduces new risks. Companies must balance innovation with responsible use to protect privacy and data,” said Dharshan Shanthamurthy, Founder CEO at SISA, in an interview with TechObserver.in.
Edited Excerpts:
How do you see the cybersecurity landscape evolving with the rise of AI and machine learning? And what should be the strategy for businesses to stay secure in this new environment?
The impact of AI and machine learning on businesses, including cybersecurity, is enormous. We are just scratching the surface of what AI can do. From a cybersecurity standpoint, AI provides a classic use case. One of the biggest challenges in cybersecurity is the scarcity of talent. AI can help fill this gap by being a valuable tool to defend networks.
We look at AI in two ways: AI for cybersecurity, where AI is used as a defense mechanism, and cybersecurity for AI, where we address the risks AI itself introduces. As businesses increasingly adopt AI, ensuring privacy and responsible AI use becomes critical. We have developed what we call the AI PRISM, which stands for Privacy, Risk, and Information Security Management. It’s essential to make sure AI is used ethically and for the benefit of society without causing harm.
In terms of strategy, businesses should look at AI as a tool to improve productivity and efficiency. While there was some hype around AI, especially with the rise of tools like ChatGPT, the long-term benefits will be substantial in helping people and businesses work smarter.
Over the years, digital payments have grown massively, across mobile, online, IVR, and other platforms. But with that growth comes security challenges. Based on your experience, what are the most significant security concerns businesses face in the digital payment space?
The digital payment industry is unique in many ways, primarily because it is highly regulated for good reason. It deals with sensitive data from people like you and me, which makes it a high-value target for attackers.
If a hacker gains access to digital payment data, like card numbers or bank information, it is far more valuable than simply getting login credentials from a social media platform. In fact, on the dark web, the price for a single digital payment record can range from $25 to $150, while non-sensitive data might go for just a few dollars.
Businesses in the digital payment industry face several challenges. First, they must comply with stringent regulations, which, if ignored, can result in severe penalties. Second, they are prime targets for cybercriminals, with ransomware attacks being a significant threat. We have seen instances where ransomware brought down entire banks. Lastly, businesses are growing rapidly, often at rates of 12-15% annually, which puts added pressure on their security infrastructure.
A key focus for these businesses should be on timely detection and response to threats. That is why we collaborated with the Data Security Council of India to develop a framework called MXDR (Managed Extended Detection and Response), a new paradigm in cyber defense. Additionally, data discovery and classification are crucial because, with the rise of AI, data is everywhere, and organisations need to regain control over it.
Your company recently secured a patent for technology related to Aadhaar data management. Could you elaborate on this technology and how it enhances security?
Data security is a critical focus, especially with the introduction of the Digital Personal Data Protection (DPDP) Act, which imposes fines of up to ₹250 crore for non-compliance. Aadhaar data, being highly sensitive, is a key focus for us.
We developed a patented technology that helps organisations discover, identify, and protect Aadhaar data across various formats. Whether it is biometric data, such as fingerprints, or Aadhaar numbers hidden in images or invoices, our tool, SISA Radar, scans the entire environment remotely and identifies where the sensitive data resides. This gives organisations complete control over their sensitive data, helping them comply with UIDAI‘s regulations. Our patented feature specifically targets Aadhaar data discovery, but the tool can do much more, including broader data protection.
Earlier, you spoke about the challenges in digital payments. What about mobile payments? Innovations in this area are booming. What security trends do you foresee in the next few years for mobile payments?
Mobile payments are an exciting area. I was fortunate to be involved with UPI in its early stages, and seeing its current success is incredibly rewarding. One trend we see is that mobile phones themselves could become acceptance devices. Right now, we use point-of-sale (POS) terminals to process payments, but in the future, we may be able to use mobile phones for this purpose.
For instance, when you want to exchange contact details between two phones, you simply tap them together. The same concept could apply to payments, where tapping two phones together would facilitate a payment transaction. While these innovations are exciting, they will also bring new security challenges, which regulators will need to address.
From a business perspective, how was SISA’s last financial year, and what key verticals are driving demand for your solutions?
SISA has been in the cybersecurity space for 18 years, with a strong focus on securing the digital payment industry. We are proud to have contributed to the industry’s standards development and growth, both in India and globally. Our solutions range from compliance and security testing to managed detection and response services, and we operate from Sydney to San Francisco.
Over the last 12-24 months, we have also expanded into the government sector, working with public sector units (PSUs) to improve their security posture. Our forensics-driven approach to cybersecurity allows us to build solutions based on real-world breach data, which makes them highly effective.
We have established a hardware security lab in our North Bangalore campus, and we are excited about the work being done there. It is a crucial step toward addressing hardware-related security concerns.
