Cyber resilience shift: Commvault Field CTO warns traditional recovery tactics are falling short

Cyber resilience has become a critical focus for organisations as cyber threats continue to evolve. With traditional security measures no longer enough, businesses need to ensure they can recover quickly and effectively when attacked.  

In an interview with TechCircle, Darren Thomson, Field Chief Technology Officer for EMEA & India at Commvault, discusses the increasing importance of cyber resilience and the challenges organisations face, particularly in markets like India, where issues like security hygiene, regulatory compliance, and skill shortages are prominent. Edited Excerpts: 

How do you define next-generation cyber resilience, and why is it more important than ever? 

Before joining Commvault a year ago, I spent four years in cyber insurance, which gave me a fresh perspective on cyber risk. Insurers excel at risk modeling, whether for natural disasters, car insurance, or shipping, using actuarial science, a blend of math, big data, and artificial intelligence (AI). Over the past decade, they've applied these methods to cyber risk, uncovering unexpected insights. 

Traditionally, cybersecurity has focused on protection and detection blocking threats and quickly identifying breaches. Despite massive investments, even top banks spending nearly half a billion dollars annually on security tools still suffer breaches. Actuarial findings confirm that protection and detection alone aren't enough. 

We need to enhance early warning systems to proactively spot evolving threats before traditional indicators emerge. Equally important is resilience preparing for inevitable breaches and ensuring rapid recovery. At Commvault, we emphasise not just security but cyber resilience: expanding the NIST framework to include early detection and robust recovery. Security is about preventing attacks; resilience is about bouncing back. 

With cyber threats growing more complex, how should organisations rethink data protection to ensure business continuity? 

Commvault is bridging the gap between data protection and security with AI-powered technology for early threat detection. One key innovation is our deception technology, which creates a realistic decoy of the production environment to divert attackers, allowing us to analyse their tactics and improve threat intelligence. 

We also integrate anomaly detection into our backup solutions, spotting unexpected changes in data like encryption or entropy shifts, that may indicate a potential threat. Additionally, our threat detection technology scans for known malware and leverages AI to identify zero-day attacks. 

Beyond detection, we work closely with security partners. If we detect suspicious activity, we alert the Security Operations Center (SOC), which can conduct forensic analysis and respond accordingly whether isolating compromised data or restoring a clean snapshot. 

This AI-driven, proactive approach enhances security by integrating traditional data protection with advanced threat response, keeping pace with the evolving threat landscape. 

How do you think the role of AI is changing the cybersecurity space? 

AI and machine learning are among six major tech trends, alongside cloud computing, social media, and software supply chains. AI is a double-edged sword while it enhances cyber defense, helping companies like Commvault detect attacks and anomalies, cybercriminals use the same technology for malicious purposes. 

Cybersecurity has always been an arms race, constantly evolving to counter new threats. Today, investing wisely in AI is more crucial than ever, as it can exponentially empower both defenders and attackers. If AI-driven threats go unchecked, they’ll escalate beyond control. Conversely, over-reliance on AI in unsuitable areas can also be risky. 

At Commvault, we prioritise responsible AI use, ensuring compliance and collaborating with governments to stay on track. We've integrated AI and machine learning since 2016, long before recent media hype. As threats evolve, we’re doubling down on AI to develop early warning detection systems because defending against AI-driven attacks requires AI-driven defense. 

As AI driven threat detection is also becoming a very key part of modern security. So how does your company leverage AI in its platform to mitigate cyber risk? 

We use AI in multiple ways to enhance security, automation, and data management. Our AI-driven threat detection engine continuously scans backed-up data for known malware, zero-day attacks, and polymorphic threats. Machine learning, with its strength in pattern recognition, is key to identifying these risks. 

AI also helps classify data, highlighting potential risk areas. In recovery, it determines which applications and data should be replicated to a secure, isolated environment in case of a breach. 

Automation is another crucial area, AI streamlines early warning detection, protection, and recovery, making complex processes more efficient. We also have our built-in AI chatbot. It leverages support data and best practices to assist both our engineers and customers. Using natural language processing, Ali provides clear answers to backup and data management questions. AI is at the core of our approach, ensuring smarter, faster, and more secure operations. 

What emerging trends do you see in data protection and cyber resilience for hybrid cloud infrastructures in the next 3-5 years? 

AI will be a major focus over the next 3–5 years, both in defending against AI-driven attacks and leveraging AI for stronger cybersecurity. Key areas include self-healing resilience systems for autonomous prevention and recovery, as well as compliance automation. 

Regulatory pressure is growing, with frameworks like Reserve Bank of India's (RBI) regulations and Europe’s DORA requiring regular cyber recovery testing. Many organisations aren’t prepared, risking financial penalties or worse—irrecoverable breaches. This push for cyber resilience is accelerating, especially in areas where Commvault is deeply involved. 

In India, one in three organisations faced a data breach last year, a trend unlikely to improve. CISOs now recognise breaches as inevitable and are shifting focus to recovery strategies, ensuring they can bounce back. 

Cybersecurity governance at the board level is another critical trend. Security and infrastructure teams must work together, good backups alone won’t ensure recovery. Identifying clean data after an attack requires collaboration with security teams. 

AI regulations will also evolve, but overregulation could hinder progress while criminals continue innovating. Striking the right balance is crucial to avoid stifling innovation while staying ahead of cybercriminals. 

Incident response planning must integrate security and data protection, with actionable playbooks. Testing recovery capabilities will also be a priority, organisations need confidence in their ability to restore critical systems. The ultimate goal? A cyber-resilient strategy so strong that paying ransoms becomes unnecessary, forcing ransomware gangs out of business. 

What do you see as the biggest challenges enterprises face when implementing cyber-resilience strategies, particularly in India compared to the global market? 

I travel across Europe, the Middle East, Africa, and India, meeting IT teams and their leaders. Despite regional differences, the core challenges remain the same. 

The biggest issue is education. Many businesses mistakenly believe disaster recovery will protect them from cyberattacks, but traditional solutions don’t address cyber threats. The distinction between disaster recovery and cyber recovery is poorly understood by both businesses and regulators worldwide. 

Another challenge is the segregation of IT teams into security and infrastructure. This is common in India, where I’ve seen firsthand that businesses only realise the importance of integration once they understand what strong cyber resilience looks like. Bridging these teams is crucial for effective security. 

Smaller businesses in India also struggle with basic security hygiene—multi-factor authentication, proper backups, patch management, and change control are often lacking. Regulatory compliance is another hurdle, as companies navigate evolving laws. 

Finally, there's a skill shortage. Even in India, where technical talent is abundant, there aren’t enough professionals with the right expertise to implement strong cyber resilience strategies. Expanding recruitment and skill development is essential.