While the pandemic forced businesses to rapidly expand their attack surfaces, has it truly translated into lasting cybersecurity preparedness? Anil Valluri, MD and VP, India and SAARC at Palo Alto Networks, points out that despite a substantial 75% increase in cybersecurity budgets in India for 2023, the nation still records the highest number of disruptive cyberattacks in the JAPAC region.  This highlights a critical reality: organisations are often playing catch-up against a relentless tide of cybercrime.

Anil sheds light on the top concerns facing organisations today, the talent gap plaguing the industry, and top priorities for the cybersecurity giant in 2024.

Here are the edited excerpts:

Amid the pandemic's digital surge, have businesses become more exposed with expanded attack surfaces? How do you see the cybersecurity landscape today? 

The pandemic served as a wake-up call for CEOs and CISOs.  They became acutely aware of the security risks associated with a rapidly expanding attack surface, whether on-premises or remote.  Our recent State of Cybersecurity survey reinforces this – 75% of respondents in India reported increased cybersecurity budgets in 2023 compared to 2022.  However, this increased spending highlights a concerning trend.  

While companies are investing more, India also experienced the highest number of disruptive cyberattacks within the JAPAC region.  This suggests a struggle to keep pace with the evolving threat landscape.

The biggest threats today include ransomware and malware as the barrier to entry for these has been lowered significantly.  The rise of Ransomware-as-a-Service (RaaS) groups has commoditised these attacks, making them accessible to even less sophisticated actors. 

Generative AI is now being used to create highly convincing phishing emails, further blurring the lines between legitimate and malicious content.  Beyond these targeted attacks, there's also a more widespread seasonal threat – clickbait articles.  These articles often lure users to websites with outdated code, making them vulnerable to compromise or infection.

Can you elaborate on the specific challenges businesses face today in keeping pace with evolving threats, despite increased spending?

There is a critical gap between how long attackers require to compromise newfound vulnerabilities and how long organisations take to resolve them (on average, 6 days). To keep up, a very high degree of cybersecurity automation is required. For example, in a typical day, Palo Alto Networks analysts see 36 billion security alerts, of which most are actioned automatically. Without such a high degree of automation, they would be inundated with security alerts, leading to fatigue, and increasing the chances of a cyberattack. Therefore, a high degree of automation is quintessential to addressing modern-day threats.

In fact, 80% of security alerts are triggered by just 5% of the security rules within most organisations’ cloud environment. This lopsided distribution highlights the importance of refining and optimising security rule configurations to enhance the hit-rate when detecting threats. By focusing on the critical rules that generate the majority of alerts, organisations can streamline their response mechanisms, reduce alert fatigue, and better allocate resources to address the most significant security risks within their cloud infrastructure.

How is Palo Alto Networks integrating AI and ML, particularly Generative AI, into its cybersecurity strategies?

We are big believers that innovation is the key to watertight cybersecurity. Last quarter, we spent more than USD 400 million on R&D alone; that’s unprecedented within the space. Cortex XSIAM – our autonomous security platform is the latest example of the cutting-edge products developed in-house. It leverages AI/ML to automate security processes requiring vast amounts of data analysis and repetitive tasks to improve analyst productivity.  

Despite a diverse portfolio of products, the common thread stringing them all together is that they all increase automation, decrease analyst fatigue, and reduce complexity. Those are the three key priorities when developing any new product at Palo Alto Networks.

Given the demand for cybersecurity professionals that far outstrips supply, what are the most pressing challenges for businesses in closing this talent gap? 

Limited Cybersecurity Talent Pool: Individuals who graduate with specialisations in cybersecurity are few and far between. Instead, most graduates specialise in broader IT fields. This is because cybersecurity as a discipline is still up-and-coming. Additionally, given the extremely dynamic nature of the field, courses and curricula often are rarely updated enough to keep up with modern-day threats. This makes it tough to find freshers who can hit the ground running from day one. 

Upskilling the Existing Workforce: But companies can prepare for this. With a strong focus on upskilling and reskilling initiatives, the time and resources spent on hand-holding freshers can be minimised. This includes providing free access to digital learning resources across various skill levels and industry areas. While the initial costs of setting up this infrastructure may be high, when extrapolated organisation-wide, it will pay for itself in increased productivity.

What’s your advice for talent leaders to attract and retain top cybersecurity professionals in this competitive environment?

TeamLease Digital highlights a 30% gap in cybersecurity demand, with 20,000 roles open. 

Talent leaders must move beyond ‘experience’ and look for relevant skills. They must remember that traditional cues of predicted performance are only helpful guides, not definitive indicators. 

Relying solely on ‘relevant experience’ can offer a false sense of reassurance to recruiters. They may be misled into thinking that things within the organisation won’t drastically change, so past experience will remain relevant. Consequently, when things do change due to the rapid pace of technology, recruiters realise this approach is myopic.

What do you see as the key opportunities in the cybersecurity domain today? 

Cybersecurity never stops; even in times of global slumps and macroeconomic headwinds. Therefore, we recognise the societal importance of having competent cybersecurity professionals and want to do our part in helping.

We already have 315 Indian institutes under Palo Alto Networks cybersecurity academy program, equipping students with the next-generation of cybersecurity knowledge and skills needed to succeed in today’s rapidly changing cyber threat landscape. 

There’s immense opportunity in the fully automated SOC as we move into a realm of increasingly automated and advanced cyber threats. Cybersecurity vendors that help customers achieve the highest levels of SOC automation are going to add the most value.