AI for Security and Security for AI will become de facto approach: IBM

Companies have been scrambling to get their cyber security defences ready and prepared, following the rise of Gen AI attacks. In fact, Gen AI capabilities are allowing attackers to execute more targeted attacks in less time.

Pradeep Vasudevan, Country Leader, Security Software, IBM India & South Asia, tells us more. Excerpts from an interview: 

DQ: What are the key factors contributing to evolving data security and privacy challenges in India?

Pradeep Vasudevan: The rise of Gen AI is creating new ways to both attack and defend enterprise assets. In terms of attacks, there are two primary vectors: attacking the organization and attacking the AI. With quicker access to automation and Large Language Models (LLMs) acting as cybercriminals’ handyman, Gen AI capabilities are allowing attackers to execute more targeted attacks in less time. 

Further, as attackers’ AI capabilities mature, AI will enable more speed, precision, and scale for attackers. One such example is the advent of AI-engineered phishing attacks such as fraudulent emails, which can achieve a high level of persuasiveness, acceleration and scale resulting in a higher click rate.

With organizations ramping up on hybrid multi-cloud environments, securing shadow data is also becoming difficult for Indian organizations. IBM’s 2024 Cost of a Data Breach report revealed that 34% of data breaches studied in India involved data stored on public clouds and 29% across multiple environments (including public cloud, private cloud and on-prem). 
 
DQ: How is IBM helping Indian businesses strengthen their data privacy and security strategies? 

Pradeep Vasudevan: IBM has been actively integrating AI and Gen AI into our security solutions, centered around the IBM watsonx platform, which is built to be open, trusted, targeted, and empowering. For example, the AI and automation capabilities embedded within the IBM Security Guardium portfolio span the entire data security lifecycle. 

By leveraging machine learning, Guardium can help organizations find shadow data stores they didn’t know existed, and then identify and classify their sensitive and regulated data. Similarly, Guardium uses machine learning to perform outlier detection, which continually monitors the behavior of an organization’s privileged users and alerts security teams when potentially malicious activity is happening, providing early warning of attacks.

In India, the BFSI sector is a huge focus area for IBM, and with Guardium we are helping several leading banks secure their sensitive data stored in databases, data warehouses, and other structured data environments. 

For example, one of India’s largest private banks is using Guardium Data Protection to secure its open databases and cloud databases. The bank opted to invest in Guardium as the traditional data security platforms it was using were not sufficient to cover its cybersecurity risks. Their team can now take advantage of Guardium as it supports databases consumed as a service from the cloud, including AWS RDS and Azure Database-Platform-as-a-Service. 
 
DQ: Ahead of the DPDPA implementation, what are the immediate steps Indian businesses can take to ramp up their cyber security posture?

Pradeep Vasudevan: While the industry awaits the rollout of the DPDP Act 2023, organizations must proactively reevaluate their security posture and ensure the fundamentals are in order. 

First, prioritize data security and privacy – businesses must adopt a robust data security framework and protect critical data across the cloud. Second, businesses should invest in robust identity and access management solutions to safeguard the identities of their employees and customers. This will help avoid unauthorized access to sensitive information and potential breaches. Finally, businesses should leverage AI for Security and Security for AI to stay ahead of adversaries. 

As per the 2024 IBM Cost of a Data Breach Report, organizations that used AI and automation extensively shortened the data breach lifecycle by 112 days and incurred an average INR 130 million less in breach costs, compared to organizations without security AI and automation deployments.

DQ: What are some interesting industry trends to look out for in 2025?

Pradeep Vasudevan: There are three key trends that I anticipate. First, as Gen AI applications move from pilot to production, AI for Security and Security for AI will become the de facto approach for Indian businesses. 

Second, with cyber criminals becoming more targeted in their attacks, organizations will make data security and privacy and identity protection, enabled by AI and automation, core components of their security strategies. Finally, as the implementation of key regulations like the DPDP Act gains momentum, businesses will have to prioritize trust and compliance to safeguard themselves.