Quantifying cyber risks helps minimise threats: Rahul Tyagi of Safe Security

Online threats have increased manifold in an increasingly digital world, and organisations need to get everyone onboard in order to have a proactive cyber security framework, said Rahul Tyagi, Co-founder, of Safe Security, a cyber security startup.

During a fireside chat at Yourstory's Tech Leaders’ Conclave 2024 in Bengaluru, on how organisations can assess potential cyber threats and put in place guardrails, Tyagi said, “One should know the risks they are facing, and based on that develop the (security) architecture. Organisations should also be to quantify the amount of investment needed for cyber security.”

On one hand, cyber criminals are increasingly getting sophisticated with their tools and approach, while, on the other hand, organisations are not fully geared up to meet any potential threats.

“The biggest misconception is that security is the IT department’s problem,” remarked Tyagi and emphasised that organisations must bring everyone on board in the cybersecurity framework.

In many cases, organisations are not aware of the various cyber threats they face. The department in charge of security needs to speak about the possible damages, if adequate measures are not taken. At the same time, the finance department also needs to be convinced that the security measures are the right investments to make.

“The idea is there should be maximum reduction in the risks, and then whatever is left, turn it towards cyber insurance,” he said.

According to Tyagi, while large organisations are aware of the threats and take necessary measures to create a cyber security ring, many smaller organisations may see this as a lower order priority. But this is not necessarily the case as cyber criminals are lurking around to spot new targets, he said.

He highlighted how cyber criminals have changed tactics over the years.

“Earlier the best defence against ransomware was to have a data backup but now they (cyber criminals) are capable of infiltrating even the cloud-based systems,” he said.

Tyagi pointed out how, in the past, each file had a unique signature; cyber intrusion was detected if there was any anomaly in the signature. Now, cyber security companies have started monitoring behaviour patterns through AI tools. However, this is also put to test as cyber criminals are using online links to break into systems.

Cyber criminals of today are largely interested in two things: financial profit and data, said Tyagi.

In addition, state-sponsored acts, which aim to damage public infrastructure like electricity or water, present a big danger, he added.