'We Have Been Working Extensively With Academia' Saket Modi, Co-founder & CEO, Safe Security

The number of moving parts that require cybersecurity oversight in the BFSI sector is too high for traditional risk management practices to be efficient - be it human error or the cyber risk posture of crown jewels, cloud assets, different lines of business or third-party and SaaS providers.

Tell us about your venture? How did Safe-Security start? How was the journey so far?

Safe Security was incubated from IIT Bombay in 2012 as a cybersecurity services company with two of my Co-founders - Rahul Tyagi and Vidit Baxi. When we started, we offered a range of cybersecurity services including Red Teaming, Vulnerability Assessment, Penetration Testing and Boardroom training and more to Fortune 500 companies globally, but soon realized that our customers needed a more dynamic, objective and real-time, enterprise wide Cyber Risk Management platform. In early 2020, we pivoted from being a services company to a product company and launched our Cybersecurity & DIgital Business Risk Quantification platform SAFE, and pioneered a brand new category of products in cybersecurity.

Cyberattacks have evolved significantly in the last decade, yet cybersecurity continues to be a black box for most senior business leaders, and needs a fundamental shift. To date organizations invest in cybersecurity products such as EDRs, anti-virus, firewalls and more without knowing the before and after impact on their breach likelihood. Security and Risk management leaders still continue to evaluate cybersecurity through jargonized subjective measures, and keep adding cybersecurity products to reactively defend against cyber attacks.

Our platform SAFE brings a unique way to manage, measure and mitigate cyber risks proactively and enable Security and Risk management leaders to not only make cybersecurity an informed business decision, but also helps them communicate more effectively with all stakeholders. Our journey has been exciting and all I can say is that we are just getting started.

What services does Safe-Security provide?

We are a SaaS (Software as a Service) product company. SAFE uses a Supervised Machine Learning engine to give an output both in the form of a Breach Likelihood Score (between 0-5) and the financial risk an organization faces. Along with this, SAFE provides prioritized actionable insights based on technical cybersecurity signals, external threat intelligence, and business context of what and where are the "weakest links" across people, process, technology, cybersecurity products and third parties. The Breach Likelihood scores (SAFE Score) are calculated both at a macro and micro level and can also be measured for particular Lines of Business (LoB), Crown Jewels , Departments.

For the first time, organizations can now see their real-time risk posture and make informed business decisions on cybersecurity.

What are the present cybersecurity approaches in the BFSI sector?

The BFSI sector has been one of the fastest to adopt digital technologies be it adoption of cloud infrastructure or mobile banking. However, from a cybersecurity perspective, the industry continues to depend heavily on cybersecurity products and services alone and has a traditional audit based compliance heavy approach. Businesses in this sector need to move beyond such approaches and adopt a more proactive and real-time approach to risk management.

The top cybersecurity threats in the industry? How can they be mended?

The pandemic has forced rapid digitization of financial products across the globe, and cybercriminals took advantage of the lack of organization’s preparedness to manage such a scale of digitization. Cyberattacks in India rose by almost 300 per cent last year to reach 1,158,208 against 394,499 in 2019, according to data from India’s Computer Emergency Response Team (CERT-In). We have seen multiple organizations across a range of sectors in India getting hacked in the past 12-16 months. Some of the biggest cybersecurity threats in India’s financial institutions today include insider threats & attacks, risks arising from third and fourth parties and ransomware to name a few.

Currently, an average enterprise globally has anywhere between 10-45 cybersecurity products to manage different security risks. While these products perform well individually, there is no coherent viewpoint for the security team - all the products work in silos. There needs to be a two-fold improvement to this approach. First, there should be an integrated and objective view on a single dashboard that corroborates data from all these products along with prioritized actionable insights on what’s failing and what is working. Second, the impact of these vulnerabilities has to be represented in a universally understood language - business consequences (could be the financial impact, loss of reputation, customer retention, etc - depending on business priorities).

How Risk Quantification and prediction of breaches through ML-based engines can help the sector?

The number of moving parts that require cybersecurity oversight in the BFSI sector is too high for traditional risk management practices to be efficient - be it human error or the cyber risk posture of crown jewels, cloud assets, different lines of business or third-party and SaaS providers. The knowledge of breach likelihood across these vectors tells the security team exactly what is going well and what can be improved in the form of a measurable metric. It also allows them to convey the real-time financial impact of a breach to the Board and EC - making cybersecurity a shared responsibility.

Tell us about Safe Security's leadership in Risk Quantification and breach prediction

We have created a brand new category of products in the cybersecurity market. With our platform SAFE, organizations for the first time can manage, measure and mitigate their cyber risks across people, process, technology and third parties in real-time along with the financial impact of a breach. We have been working extensively with academia including MIT Boston, IIT Bombay and other premier institutes in the country and to constantly evolve our breach prediction algorithm. As a result of our clear leadership in the segment, we are backed by prominent industry leaders and institutions across the globe. Most recently, BT Group led a round of $33 million in the company.

What are the emerging trends in cybersecurity?

There are multiple emerging trends in cybersecurity today, but what I am most excited about is the shift from reactive to proactive cybersecurity practices.

Some use cases wherein the BFSI sector is using Safe Security's product to predict breaches and how it has helped them?

Today, we have multiple customers in the BFSI sector globally who are using SAFE to manage their enterprise wide cyber risk in real-time. A Fortune 250 bank uses our platform to get a real-time cyber risk posture of its critical business units that contribute the highest to its revenue. For example, their CISO, CIO and Board track the Breach Likelihood scores of retail banking, SWIFT banking, core banking, ATM networks among others. This also provides a quantitative, real time view of the likelihood of a ransomware attack on any of the business units along with providing the financial risk estimate. This is extremely unique and no other product in the industry today can provide such micro (asset wise) and macro (business unit wise) insights in real-time.