Govt, startups big opportunity for security firms in India: Jeff Abbot

IT software and security company Ivanti was founded in January 2017 by combining two software services providers - Landesk and Heat Software. From offering IT management services, the South Jordan-Utah-headquartered company quickly moved into the cyber security space - through a series of acquisitions - to fuel its growth trajectory. In an interview with Tech Circle, Jeff Abbott, Chief Executive Officer at Ivanti, who came to India last month, shares his views on the cyber landscape and why companies pay attention to cyber hygiene and follow a proactive approach to cyber security in today's hybrid world. He also gave an account of the India market expansion and growth strategies. Excerpts:

What are the biggest security challenges companies are facing today? How do you see the cyber security scenario in India?

Of the many threats in cyberspace, ransomware attacks have become the most prevalent and pose one of the biggest challenges affecting enterprises and governments alike. 

As far as India is concerned, ransomware attacks are among the biggest cyber threats (too). Other challenges in cyberspace include companies often falling victim to social engineering, phishing attacks, unpatched vulnerabilities, remote desktop protocol attacks, lack of threat intelligence, and poor security awareness training. 

The misuse of artificial intelligence (AI) tools (such as ChatGPT and more) is another big threat that can lead to significant risks. It’s now possible for AI programming systems to create false information and present it as facts – and even trick cybersecurity experts into thinking the information is true.

What would you suggest for organizations to prevent ransomware attacks?

So, there’s no easy way to stop ransomware attacks, or any cyber-attack for that matter. But one can reduce such incidents by understanding the root causes of the problem. The first important step is to have a strong sense and practice of cyber hygiene. That includes best practices like installing antivirus and malware software and scanning for viruses, patch management to fix software vulnerabilities and also using firewalls to stop unauthorized users from getting information. It’s important to update apps, web browsers, and operating systems on all devices regularly. This may sound simple but most companies still ignore basic cyber hygiene and hence fail to keep sensitive data secure. In that sense, it is important that every company follows a proactive and not a reactive approach to security.

Can you tell us what it really means to be proactive?

One aspect of proactive security is providing insights on vulnerabilities so that administrators can perform the necessary actions to remediate them quickly. The best ways organizations can build a proactive approach is through security awareness training of every employee, including C-level executives about the signs and indicators of phishing, social engineering, and other cybersecurity events so that they can quickly identify and report issues instead of becoming a victim. 

Second, through penetration testing that uncovers vulnerabilities that other detection and monitoring systems won’t. And finally, by using new technologies such as machine learning (ML) that provide organizations with methods of stopping attacks before a compromise.

How important is the India market in Ivanti’s overall growth strategy?

India is a very strategic market for us. We have 850 employees in India spread across Bangalore, Mumbai, Hyderabad campuses out of the total 3000 employees, that is nearly 26-27% of our employees. We have recently moved some of our European development centres to India. 

What are the key sectors you are focusing on in India? 

We see a lot of potential in the government sectors as well as startups. Industry reports, including that of Ivanti, have shown that cyberattacks on government agencies have become profound in the last 12 months. We have conducted an investigation into the cyber hygiene of Indian state government domains and found several potential gaps in their current security practices. 

For example, over 10% of domains in Indian states do not have the Secure Sockets Layer (SSL) encryption, without which hackers easily attack their sensitive data. Additionally, we found over 700 credentials with passwords from all state domains leaked onto the deep and dark web, making these domains extremely vulnerable to phishing and ransomware attacks, credential misuse, and impersonation. 

We are meeting government officials and reporting the matter to them so that we can figure out the best way to mitigate such incidents from happening. We have partnered with IT body Nasscom and the Ministry of Electronics and Information Technology (MeitY) and are talking to startups, government and private entities on the importance of proactive cyber security looking for specific areas in which we can partner.