Lowdown on how small businesses can navigate the cybersecurity labyrinth

India’s 60 million micro, small and medium enterprises (MSMEs) employ over 100 million people and contribute nearly 30% of gross domestic product.

“The sheer scale of small businesses, digitalisation, and hybrid work all make it very interesting for threat actors to launch fresh attacks,” said Atul Agarwal, Regional Vice President and Country Manager, India at Okta.

He was speaking at a fireside chat titled ‘Small biz, big target: Navigating the cyber jungle’ during TechSparks 2024 in Bengaluru.

The small and medium-sized businesses (SMBs) of yesterday, Agarwal said, are the enterprises of today, because they are all going to scale to become enterprises and beyond.

“Digitization is something that cuts across enterprises and SMBs, which means that cybersecurity comes as a part of it. The more the digitisation, the more the threat surface from a cybersecurity standpoint,” he said.

How AI impacts cybersecurity

Much like cloud, whose advent dates back to around 15 years, Agarwal believes that AI will go through its hype cycle and normalisation cycle, but there will be use cases eventually.

India is at the cusp of AI and cybersecurity. AI spending in India is forecast to hit $5.1 billion by 2027, as per a joint report by Intel and IDC. “Yet India continues to be the third-largest country globally for phishing attacks,” he said.

Citing an example on how AI at scale is occurring from a cybersecurity threat standpoint, Agarwal highlighted how people usually take to social media – typically LinkedIn – to post about new joinings.

“Now imagine people doing that at scale, and this is when employees and companies are the most vulnerable because it is the best time for any threat actor to get into your organisation's environment,” he said.

AI, according to him, is being used in a significant way to make attacks more realistic, more contextualised, and more personalised. It's also about pivoting towards solutions that leverage AI at scale.

AI is not an option for Okta, an identity verification company.

“Almost 10% of the world's population logs in to Okta every month with about 800 monthly million active users. We need AI at scale to make sure if there is any incident happening in any part of the globe, you're able to give policy recommendations to someone else in the same vertical. Therefore, AI and cybersecurity are intertwined,” said Agarwal.

Role of identity in mitigating risks

Identity is essentially about knowing employees, extended workforces, customers, and making sure that each of them have the right access at the right point of time.

“As SMBs or enterprises scale, there is fragmentation all over. There are different technology stacks, multiple CIOs, business leaders, varied tools, and most of it is not utilised because they don't know who needs to use what. And that's a big cost to the business,” Agarwal noted.

Another factor is around experience. “At the time of login, users just want to fill up a lengthy form. So how do I use identity and ensure they're being asked for the right snippet of information at the right point?” he said, pointing to the Digital Personal Data Protection Act.

The legislation ensures that companies can't just gather data from customers. It has to come out of their own will.

“Identity is like the glue that gets the tech stack together, enhances experiences because it makes them more personalised, and ensures that threat signals are picked up across the board. Identity is the core of solving for fragmentation across your business,” he said.

There's no one magic weapon, Agarwal said, that solves it all. But what companies can do is to ensure that they are way ahead of threat actors in terms of preparedness.

“When you're running an organisation or SMB, make sure that you look at cybersecurity not just as investments in different tools and boxes but also about how it touches each and every aspect of your business,” he said, adding that cybersecurity should be viewed as an evolving journey that impacts customer experience too.