Leveraging AI is the best defense against AI-powered attacks: Zscaler’s Deepen Desai

Artificial Intelligence (AI) can be a double-edged sword that fortifies cyber security on one hand and unleashes new forms of cyber threats on the other. In an interview with TechCircle, Deepen Desai, Chief Security Officer (CSO) and Head of Security Research, at American cloud security company Zscaler — which also has a substantial presence in India — discusses AI’s unique role in enterprise cyber security, emphasising efforts to combat cybercrime. He also details the company's growth and expansion plans for the Indian market. Edited excerpts:

What are the most concerning threats in cyberspace today that companies should be aware of?

Indian businesses are at the forefront of AI adoption, ranking second globally in AI/ML transaction volume, as we’ve seen in the latest ThreatLabz 2024 AI Security Report. However, this evolution brings new cybersecurity challenges, including sophisticated AI-driven attacks such as phishing, deepfake social engineering, and advanced malware. The ThreatLabz Ransomware Report reveals an 18% increase in global ransomware attacks over the past year, with ransom payments reaching a record $75 million. The rapid spread of AI enables threat actors to launch highly convincing phishing campaigns and deploy undetectable malware, often evading traditional security measures.

What specific enterprise risks do you observe from AI adoption, especially with the GenAI boom?

In 2024, AI-powered cyber-attacks and ransomware incidents have gone up significantly. A notable deepfake vishing campaign cost an organisation $25 million, and over 10,000 organisations were affected by VPN zero-day attacks, which exploit outdated IT systems. Ransomware remains a significant threat, with cybercriminals collecting $1.1 billion in 2023 and historic payouts of $75 million in 2024. Moreover, the proliferation of AI allows threat actors to automate complex attacks, from discovering vulnerabilities to data exfiltration.

How are companies like Zscaler addressing the emerging threats in cyberspace?

To combat these threats, organisations should adopt Zero Trust architecture. For example, Zscaler's AI-powered Zero Trust Exchange can help organisations enhance segmentation, reduce attack impact, and eliminate future AI-driven threats. We believe leveraging AI is the best defense against AI-powered attacks. Our use of Generative AI and machine learning allows us to stop attacks at every stage, analysing vast amounts of log data to predict and prevent breaches before they occur. Zscaler's AI models detect and disrupt advanced threats, blocking millions of attacks daily, thereby improving security outcomes for enterprises and mitigating emerging risks.

What key factors should CISOs consider for cloud security?

CISOs should prioritise Zero Trust for continuous verification of user and device traffic to minimise compromise risks as cloud adoption increases. AI-powered solutions provide real-time threat detection and segmentation. Data Loss Prevention (DLP) should be implemented across all channels with full TLS inspection, while Identity and Access Management (IAM) enforces strong multi-factor authentication and least-privilege access to prevent unauthorised entry.

How are companies addressing the cybersecurity talent shortage in India?

India faces a cybersecurity talent shortage, with an estimated need for 800,000 professionals. This demand is projected to reach one million by 2025, highlighting the importance of continuous evaluation of cybersecurity strategies and investment in training for Gen Z, alongside upskilling the current workforce. Many graduates lack practical experience, making it difficult to secure jobs. To address this, Zscaler has partnered with the All-India Council for Technical Education (AICTE) and EduSkills Foundation to provide 100,000 virtual internships and over 3,000 job opportunities, equipping students with hands-on experience. Bridging the cybersecurity skills gap requires collaboration among government, academia, and industry, along with raising awareness of cybersecurity careers.

What are the company's India-specific plans for the next 12-18 months?

India is a strategic market for Zscaler, and we aim to assist organisations in navigating the evolving threat landscape. Over the next two years, the company plans to expand through strategic partnerships and R&D efforts, promoting the adoption of Zero Trust architecture and AI-powered cybersecurity. As regulatory requirements change, Zscaler will help businesses comply and strengthen their security frameworks. The company aims to enhance talent acquisition, deepen customer relationships, and expand its partner ecosystem to foster innovation in cloud security, enabling Indian businesses to achieve their security objectives.