As cyber threats escalate, particularly ransomware attacks, Indian firms face increasing pressure to strengthen their cybersecurity measures. Despite the significant rise in attacks, India’s regulatory environment has yet to mandate comprehensive cyber recovery for regulated entities. This gap poses a critical challenge, as businesses must proactively develop and implement robust recovery strategies to safeguard their operations.
“The key question for firms in India is how they are protecting their systems against ransomware. It is not a matter of if, but when a cyber attack will happen. Organisations need to diligently work towards recovery strategies, ensuring they can recover in case of an attack,” said Harish Soni, Cyber Resiliency Practice Leader, Kyndryl India in an interview with TechObserver.in.
Edited Excerpts:
Could you share how Kyndryl approaches cybersecurity and resiliency, especially considering the diverse organisations you work with?
Cyber resiliency has been a core practice for us for over 30 years, with a mature framework and a workforce of over 10,000 across the globe. Recent cyber attacks are the primary disruption we have seen in the market. Even before ransomware, natural disasters posed significant risks for customers. Our approach to resiliency has evolved over time from regulatory, digitalisation, and modernisation perspectives. We scale our services and practices accordingly.
We do not just provide technology; we integrate and mature it, adapting to changing ransomware situations and emerging threats. Organisations must work with the right technology partners and integrators to create sustainable solutions. Our partnership with Veeam focuses on cyber recovery solutions like air-gapped backups, immutability, and scanning. Our teams collaborate globally to develop cohesive solutions that address cyber recovery for our customers.
Do you see any unique challenges from a resiliency perspective in India?
From an Indian perspective, the regulatory environment has not mandated cyber recovery for regulated entities. The number of attacks has increased, with ransomware attacks rising by over 60% year-on-year. Other disasters have not seen such a steep increase. The key question for firms in India is how they are protecting their systems against ransomware. It is not a matter of if, but when a cyber attack will happen. Organisations need to diligently work towards recovery strategies, ensuring they can recover in case of an attack.
Considering the rapid increase in attacks, what measures should be prioritised?
Indian organisations face twice the number of ransomware attacks compared to the global average. Multiple reasons contribute to this, including geopolitical factors. As the fastest-growing large economy, Indian companies are becoming more competitive globally, attracting attention from bad actors. Regulators must play a significant role in driving mandates. The competitive nature of business should also encourage organisations to take data protection more seriously. Compliance and business considerations both drive the need for robust data protection strategies.
We see a lot of emphasis on AI by businesses of all sizes. Can AI play a role in enhancing resiliency?
Organisations must responsibly use AI, leveraging its power to build operational insights. For example, Kyndryl Bridge, our AI-powered platform, uses AIOps to provide visibility into various endpoints, helping solve future problems and boost resiliency. AI’s power lies in using data insights to create actionable dashboards. Cyber resiliency benefits from AI by identifying potential issues and enabling proactive measures. AI can provide insights into hardware problems, application stack issues, and other potential disruptions, allowing organisations to address them before they escalate.
Could you share how Kyndryl and your partner ecosystem works on cyber resiliency in India?
India’s technology landscape is strong, and organisations are heavily investing in digitalisation. At Kyndryl, we rely on partner ecosystems to deliver technology and achieve customer objectives. For example, in our partnership with Veeam and Red Hat, we focus on building modern data resiliency platforms. This partnership allows customers to adopt containerisation solutions with integrated data protection and modernisation. Kyndryl stitches the entire solution end-to-end, ensuring customers have a comprehensive, reliable solution.
Organisations need to rethink their cyber resiliency journey. It is not just about implementing a solution but ensuring they can recover from disasters or cyber attacks. They need to conduct tabletop exercises, develop comprehensive runbooks, and work with partners like Kyndryl and Veeam to build robust solutions. Cyber resiliency requires a holistic approach, not just a checkbox exercise. Expertise from joint ventures is crucial to developing effective solutions.
