In an interview with SafetyDetectives, Mr. Ganesh Narayanan, Co-founder of IARM, discussed the establishment of IARM, their core services, underrated cybersecurity threats, the balance between proactive and reactive measures, the role of AI and machine learning in cybersecurity, IoT device security, and upcoming trends in the field.
Can you talk about your journey and what motivated you to establish IARM?
Initiating the establishment of IARM was driven by a profound passion to create a pioneering Cyber Security Organization. As we charted our plan, it became evident that the trajectory of Cybersecurity’s evolution holds immense significance, poised to transform into a standalone industry. Recognizing this paradigm shift, our vision strategically positions us as trailblazers exclusively dedicated to providing Cybersecurity services.
Amidst an industry landscape saturated with security companies predominantly focused on product-centric approaches, we identified a critical void—dedicated Cybersecurity services. While numerous security products abound, the demand for specialised and comprehensive services remains largely unmet. IARM fills this void with a deliberate emphasis on offering product-neutral services. Our suite of meticulously crafted services go beyond merely responding to current threats; they are designed to preemptively safeguard digital assets and critical infrastructures in the ever-changing landscape of digital security. Currently we are serving 150 customers across 12 countries, Having offices in India, USA and Singapore
What are the main services offered by IARM?
At the core of IARM’s service offerings is the ADIO model—Assess, Design, Implement & Operate—a systematic framework ensuring a holistic approach to cybersecurity. Our commitment to clients begins with a meticulous Technical and Process Assessment across IT, OT, and IoT networks. IARM’s Integrated Assessment and Risk Management delivers tailored solutions, addressing diverse needs at each stage of the ADIO model.
IARM’s service spectrum spans Cyber Risk Assessment, Vulnerability Assessment, Penetration Testing, Compromise Assessment, Compliance readiness (HITRUST, SOC2, ISO 27001, CPRA), SIEM Implementation, 24×7 Security Monitoring, Governance, Risk, and Compliance (GRC) services, virtual Chief Information Security Officer (vCISO) services,and Staff Augmentation Support for IT, OT, and IoT networks. Serving customers across all industry and domain verticals, from BFSI, Healthcare, IT, Manufacturing, Life Sciences, Automobile, Oil and Gas
In your opinion, what are the most underrated cybersecurity threats businesses face today?
In the ever-evolving landscape of cybersecurity, it’s crucial to identify and address not only the well-known threats but also those that often fly under the radar. Among the most underrated cybersecurity threats facing businesses today, I would highlight the escalating risk of AI-Powered Attacks. The utilisation of artificial intelligence by malicious actors introduces a level of sophistication that can exploit vulnerabilities and execute targeted attacks with unprecedented precision.
Another formidable threat that often doesn’t receive its due attention is Supply Chain Attacks. This encompasses not only direct third-party vulnerabilities but also the shadowy realm of Shadow IT Attacks. Businesses are interconnected through intricate supply chains, making them susceptible to breaches that can originate from seemingly peripheral entities.
Additionally, the pervasive integration of IoT devices introduces a subtle yet potent threat vector. The sheer volume of interconnected devices presents a challenge in terms of security oversight, potentially serving as gateways for cyber adversaries. It’s imperative for businesses to recognize and fortify against these underrated threats through a holistic cybersecurity strategy, combining proactive measures, robust monitoring, and ongoing adaptation to emerging risks.
What’s your perspective on the balance between proactive and reactive cybersecurity measures?
It’s a dynamic interplay between anticipation and adaptability, striking the right balance to create a comprehensive and effective cybersecurity strategy. However, the current trends that we find is that most of the organisations are still in reactive mode. The organisation Security team have to invest their time and effort in building a cyber resilient framework, continuous risk assessment, implementation of cutting edge technologies, build Incident Response playbook for all major threats and perform mock drills on a periodic basis
What role does AI and machine learning play in modern cybersecurity solutions?
Artificial intelligence (AI) and machine learning (ML) play significant roles in modern cybersecurity solutions by enhancing the ability to detect, prevent, and respond to cyber threats. AI and ML can analyse vast amounts of data from various sources to identify patterns and anomalies that may indicate a cyberattack. They can detect subtle deviations from normal behaviour and raise alerts. These technologies can establish a baseline of normal user and system behaviour, allowing them to recognize unusual activities that may indicate a security breaches
AI and ML are powerful tools in modern cybersecurity, enabling organisations to analyse data to make real-time decisions, and adapt to evolving threats. By automating tasks, improving accuracy, and providing better threat visibility, they enhance an organisation’s overall security posture and its ability to respond effectively to cyber threats. However, it’s important to note that while AI and ML are highly effective, they should be used in conjunction with other cybersecurity measures and not solely as the solution.
With the increasing number of IoT devices, what are the primary security concerns and how can they be mitigated?
IoT devices, spanning from smart home gadgets to industrial sensors, often grapple with limited processing power and security features, rendering them susceptible to a spectrum of threats. Notably, vulnerabilities permeate every layer of IoT architecture, extending from hardware to application, necessitating a robust security approach.
IARM has meticulously curated an exclusive service dedicated to IoT security. Our comprehensive assessment traverses end-to-end, encompassing scrutiny of hardware, firmware, communication, and application layers. This strategic approach ensures a thorough examination of potential vulnerabilities across the entire IoT ecosystem.
Mitigation strategies are imperative and should be tailored based on the identified IoT security gaps within an organisation. Prioritising IoT security demands a proactive stance, with organisations conducting regular security assessments spanning from the hardware layer to the application layer. Selecting a cybersecurity service provider with the requisite knowledge, experience, and capability to review and recommend security standards becomes paramount in fortifying the security posture of IoT products
What cybersecurity trends should businesses be most aware of in the coming year?
Cybersecurity is a rapidly evolving field, and staying aware of emerging trends is crucial for businesses to protect their digital assets. While it’s essential to adapt to specific industry and organisational needs, the following are the areas that the business should focus to stay secure.
- Ransomware Evolution: Ransomware attacks are becoming more sophisticated and targeted. Businesses should be prepared for tailored ransomware attacks that leverage data exfiltration, double extortion, and the targeting of critical infrastructure.
- AI Powered Threats & Defences: AI and machine learning are increasingly used by both attackers and defenders. Businesses should anticipate AI-powered cyberattacks, such as deepfakes and AI-generated phishing. Similarly, AI and ML will play a pivotal role in identifying and mitigating threats.
- IoT Device Security: With the proliferation of IoT devices and edge computing, businesses should focus on securing these devices and data at the edge. The risk of IoT-related attacks shall continue to increase.
- Regulatory Requirements: Organisation should keep an eye on evolving data protection regulations, on a global level and ensure compliance with any new or modified data privacy laws in the country that they operate.
- Cybersecurity Workforce Shortage: There’s a significant shortage of skilled cybersecurity professionals. Businesses should invest in identifying a Cyber Security Service & Solution Partners and also have inhouse cybersecurity talent to maintain robust defences.
Businesses need to adapt to these trends by continuously monitoring their cybersecurity posture, staying informed about emerging threats, and investing in cybersecurity technologies and practices to protect their digital assets and sensitive data. Regular risk assessments and a proactive cybersecurity strategy are crucial in this evolving landscape.