By: Mae Cornes

The pandemic has dramatically altered lives, pushing people toward digital and online platforms. While enabling remote work, online education, and virtual social interactions, this shift has also heightened cybersecurity threats, such as phishing attacks, ransomware, and data breaches.

In these critical times, the work of cyber security leaders like Lokesh Yamasani is invaluable and relevant. With nearly twenty years of professional experience in IT security, Yamasani has demonstrated a keen ability to pinpoint cybersecurity vulnerabilities and craft effective countermeasures. His advocacy of the Zero Trust architecture—a system that insists on no implicit trust and requires verification for every access request, irrespective of user location—mirrors the industry’s consensus toward more stringent, continuous verification methods in cybersecurity.

In an interview with CEO Weekly, Yamasani shares his insights on the rise of cybersecurity post-pandemic and what has changed. He outlines strategies for organizations to tackle these emerging threats. His thoughts shed light on the importance of adaptive cybersecurity in an era of digital acceleration and increasing cyber vulnerabilities.

Can you share how cybersecurity has evolved since the onset of the pandemic? What do you consider the ‘new normal’ in cybersecurity?

Lokesh: Since the pandemic, more organizations have moved their technology assets to the cloud. This rapid shift to the cloud increased the attack surface of organizations exponentially in a short time, giving less time for security leaders and teams to prepare proactively to mitigate security risks. In addition to the cloud, more organizations started rapidly adopting automation and AI technologies. The new cybersecurity normal involves proactively planning for security risk mitigation concerning the rapid adoption of cloud, automation, and AI technologies. In this era, security risk mitigation needs to move at the speed of business.

Having been in the security industry for nearly two decades, what cybersecurity threats have become more prevalent or significant in the post-pandemic era?

Lokesh: Cybersecurity threats concerning cloud computing, automation, and AI technologies have increased and evolved significantly in a short time due to their rapid adoption in the post-pandemic era. These threats are becoming more prevalent for cloud, automation, and AI service providers than individual organizations. If a threat actor, say a hacker or cybercriminal, could compromise one of those service providers, they could potentially exploit this breach and target the respective cloud, automation, and AI service providers’ customer organizations.

How has shifting to remote or hybrid work models impacted organizational cybersecurity strategies?

Lokesh: The shift to a remote or hybrid work model has significantly impacted organizational cybersecurity strategies, as security leaders and their teams rapidly adapt to the organizations’ new technologies, such as automation and cloud.  In the hybrid work era, organizational cybersecurity strategies must keep up with threats related to ever-evolving container security, LLM security, automated business processes, and the pace at which organizations adopt these technologies. 

In the recent past, cybersecurity strategies only accounted for cloud security for the most part. Given the rapid adoption of automation and AI, strategies must also account for these new technologies. A simple example of such a strategy is to start documenting the top five cybersecurity threats to cloud, AI, and automation separately and work from there. There could be some overlap of cybersecurity threats between these three. They may look even the same at first glance, but they are different if you dive deeply into mitigating cybersecurity threats specific to each of these. For example, deception-based cybersecurity threats may be more specific to AI than the cloud.

What essential cybersecurity measures should businesses implement to navigate the new normal effectively?

Lokesh: To navigate the new normal, start looking at cloud, AI, and automation as three separate business processes helping respective organizations run their businesses. Once you start looking at them as separate pieces of the same puzzle, it becomes more apparent to put essential and specific cybersecurity measures for each. Thinking of all three as one piece of the puzzle leads to gaps and ineffective cybersecurity measures.

Given the larger number of security risks caused by more people working remotely and the shift to digital operations, how should companies and professionals adjust their plans for responding to security incidents?

Lokesh: Organizations must adapt to forward-thinking and diligent incident response strategies by considering all technological and business processes. Often, organizations consider only technological processes by assuming that all technical processes are mapped to all business processes. This is not always the case with most organizations. 

Hence, it’s crucial to view technical and business processes separately and ensure they are fully integrated and incident response strategies. This ensures organizations have the most effective approach to managing all types of security incidents in line with all applicable security, compliance, and regulatory requirements.

The cybersecurity skills gap has been a longstanding issue. How do you bridge these gaps?

Lokesh: Yes, the cybersecurity skills gap has been a longstanding issue as organizations rapidly adapt to the constantly evolving technologies and changing how businesses operate. To manage security risks and threats in such a scenario, security leaders and their teams must keep up-to-date with how these latest technologies work in-depth and effectively understand how business processes adapt to such technologies. 

In the recent past, I’ve had my team constantly learn about the widely prevalent and adopted technologies by providing them ample opportunities to learn them practically and how businesses adapt to them. Bridging the gaps is two-fold in this scenario: it’s essential to constantly learn about evolving business processes as much as technological ones, as one is meaningless without the other.

Based on current trends, where do you see cybersecurity in the next few years, especially considering potential shifts in cyber threats and defense mechanisms?

Lokesh: Based on current trends, cybersecurity threats and related measures will constantly evolve in line with technology adoption, predominantly on cloud, AI, and automation. In the future, these three can still be the face of the game, but there’s also something new that will arise, such as quantum computing. Regardless, security leaders and organizations’ security strategies must adapt to continuously evolving technological and business processes.

Finally, what advice would you give individuals and organizations to avoid cyber threats in this new normal?

Lokesh: Be vigilant and stay up-to-date with new technologies so that organizations and individuals can adapt their security strategies accordingly. Often, existing or new technology and security strategies are not integrated at all levels, leading to gaps in securing the technology and related business processes and making organizations easy targets for cyber attackers. In addition, I would advise organizations to adopt the Zero Trust Architecture and implement cybersecurity best practices at all levels and layers without exceptions or excuses. There’s more to discover and do to solidify the level of cybersecurity each organization has continuously. I am happy to be at the forefront of this challenge. 

Published by: Martin De Juan