Dealing with Sophisticated & Evolved Cybercriminals: Shikhil Sharma Astra Security
In an exclusive conversation about contemporary cybersecurity trends Shikhil Sharma, Founder & CEO, Astra Security unleashed some insightful with Faiz Askari of SMEStreet.
Shikhil Sharma an engineering graduate from the prestigious NIIT University, Shikhil consulted a number fintech businesses, startups & banks on cybersecurity. After pointing out gaps in security solutions he founded Astra Security as an enabler to help bridge the same.
Faiz Askari: What are the trends which you observe Shikhil right now? What is your overall status of preparedness?
Shikhil Sharma: Sure. Thanks a lot for having me, a pleasure being with SME street here and to answer your question, I think the threats have been at an all-time high since last year and the moment a world event happens, hackers try to get more creative and take advantage of it by finding loopholes in the system, as well as in social setting and use that big event to actually create more sophisticated cyber-attacks. Enough has been talked about how work from home has defined itself after the COVID situation, and it’s a new era in the way SMEs or even anyone works and that has defiantly posed new threats from cybersecurity perspective too. So, talking about contemporary attacks, like to name a few, I think ransomware has been huge. I mean, I don’t remember maybe a year or so that a CA firm or a small person who’s like literally using just internet and nothing else calling me….and saying that my data has been encrypted and all our clients data was in XYZ systems and all those two or three systems that we use in our firm have been a victim of ransomware and now they’re asking for one Bitcoin as a payment.
So, with situations like these, you cannot expect an SME or a CA firm or a firm next door talking about Bitcoin, but not only they have been educated about it but even scandalized or even being affected by these crazy terms. Similarly, phishing has been another thing as it’s been years, we’ve been learning about phishing, but they’ve become even more and more sophisticated, meaning a security company gets one of the most sophisticated phishing attacks on our employees where they try to extract some information from them. Similarly, for online businesses, there’s been a huge trend in SMEs where they are coming online to make globe their market. With them it’s an excellent thing that they are coming online, but I think, additional threat that poses as just like they have a watchman outside their door, they need to have something in their online stores and online businesses. These are the few trends which I have been noticing.
Faiz Askari: So, cybercriminals are getting sophisticated along with the trends or along with the events that have happened around us. I would like to ask you about the technical side of the cyber threats, as in how is that evolving? Like you named ransomware, phishing attacks or a malware- how’s the technicality of these attacks evolving. Like we have heard in the past about something like zero-day attack. So, from that aspect, where are we heading?
Shikhil Sharma: Attacks and hackers are becoming more intelligent and innovative, thanks to all the innovation that the world is moving towards. Be it your machine learning or AI. So, like you correctly mentioned that ransomware in the world or even zero-day attacks are not known to the world and are being already exploited by hackers is a loose definition for zero-day attacks. I’ll give you another interesting example around that. So, a lot of marketing tools have popped up, let’s say I want the contact information of the right person at SME street. We’ve seen such attacks where hackers put out very targeted attacks, under my name or my co-founder’s name, or some top management and our company’s name and send it to our employees saying that, Hey, due to the COVID situation we are facing a little cash crunch so would you be fine if this month’s salary of yours goes into marketing budget, so we’ve had hackers sending that and being an organization that has given appraisals during the COVID and thankfully our employees being in the cyber security industry, they know what’s happening, but imagine a business where tech is not there core competency…they getting these attacks. They’ll be like, Oh, well, okay, fine.
They will just simply reply or even send across the money and similarly another interesting example, there has been a new AI tech, where they can make any face talk as if they’re talking naturally. I mean, they could just take my picture and make me blabber absolutely anything and while this is an interesting technology, but hackers are using this to impersonate people and less tech savvy people or people which are a generation or a couple of generations above us. These are the people who are gradually coming to internet and now this is the first step getting exposed to these attacks, it means that it’s a lost battle, right? Definitely. These are a few interesting techniques in AI, as well as combined with phishing and new marketing tools being used for a creative hacks.
Stay tuned for the SMEStreet Podcast with Shikhil Sharma
Faiz Askari: How do you see that the SME sector is getting targeted by these cybercriminals and what is your experience in observing this portion of the market?
Absolutely. I think SMEs considering the chunk of businesses that are SMEs versus only enterprises or big businesses, SMEs are huge.. Employment they create is huge, to give you a parallel example, a few months ago, Australia’s, head of the state said that our nation is under a cyber-attack, right? Imagine a head of a state saying that the nation is under attack and when they said the nation is under attack, they meant their government employees, the government agencies, and including the SMEs and their businesses were being attacked for information. So this is something known as APDs like advanced persistent threats, which are usually nation led attacks on other nations, that is something which has been a reality a few months ago. If we see the state of SMEs throughout the world, including India there are less tech savvy people and you can’t expect them to overnight start hiring even cybersecurity or IT teams, right? There must be some sort of a mid-solution where they are able to secure themselves, their businesses, as well as not spend crazy amount of money also there.
Faiz Askari: Is there any study or data which exists in terms of the size of this overall threat or what is the size of this overall market that we can calculate with regards to SMEs being vulnerable in India?
Shikhil Sharma: So again, I won’t have a specific data around that simply because SMEs are coming online as well as increasing in number, at such a fast pace. You’re the expert in the SME space, but correct me if I’m wrong. If I think more than six crore SMEs or MSMEs, exist in India and if let’s say even in a worse case situation also 10% or 20% of them are the ones who have come online and I know for a fact that the number might be more than that, and each of these 10, 20, 30 lakhs, or what the number comes out to be, 50 lakh or something, if 10% of them are also employing even 10 people each, you know, what the number comes out to be. So the threat definitely is huge and the fact that like the end users, like a person who’s being employed at SME not necessarily be related to IT itself, but still they have to go to that ESI portal to file whatever the thing……you have to go to the tax portal to file the stuff…they also have to reply to a few emails every day if they’re working with an organization…that’s where the threat becomes even higher. But in terms of number, I won’t specifically have the exact numbers what it could be big simply because they are ever-growing.
Faiz Askari: Now coming on to Astra security, can you just give us a brief about Astra security, what are the priorities that you have and how do you introduce yourself in this market?
Shikhil: Absolutely, so Astra security is a security suite that makes cybersecurity super simple for businesses, it’s as simple as that and when I say security suite, we come with a website firewall which protects your business in real-time 24×7. It’s like a watchman that you have outside your organization which is on a 24 x 7 duty without any fail and we have a product which scans vulnerabilities in your business and websites, which is like a doctor performing a surgery to uncover all possible vulnerabilities in your business. On top of that, we even give ability to businesses to reward hackers who have found vulnerabilities in our system. So, through this security audit, as well as firewall, we are able to provide a very holistic security to businesses and the best part being that you don’t need to have an IT team or even one person in your IT team can do that. It takes under two or three minutes to go ahead and install an astra system and you’re protected. The amount of protection is better than 90% of the other businesses that are either using a security solution or not using a security solution.
Faiz Askari: You also have a SaaS-based model for cybersecurity, can you give some details about it?
Shikhil Sharma: Oh, absolutely. So, we have a security software as a service module for our business which means that it’s something which is totally on the cloud. You do not have to install anything on your end system, and it is something that starts as cheap as $19 a month, something which you might be paying your tax solution software or anything and the solution takes under three minutes to install in a system and begins protecting a website from there itself. To give you a little bit of an idea, just last year when we were checking stats for the impact that we had, around 31 million plus attacks were stopped by Astra Security on thousands of websites that we protect and around 800,000 plus malicious files were detected. When I say malicious files, these were some crazy malware on e-commerce stores which were stealing credit card information of customers to redirecting to questionable websites, all kinds of crazy things and thousand plus vulnerabilities were discovered by Astra in the last year. So that all happens through our SaaS solution, which can get installed on your website and protect your business from then and there.
Faiz Askari: It was my pleasure listening to this. What is your plan for 2021 especially when we are headed to work post COVID era, and when we are entering into the post COVID era, so what is your go to market strategy during these times?
Shikhil Sharma: So, thankfully being in the IT space we had a very smooth transition over going shifting to work from home. So, in terms of how we are going to operate, we’ve decided to go a hundred percent work from home in 2021. We are considering the growth as a business that we had last year, we had a pleasure of telling that to our employees in Goa in a team retreat that we managed just last week. In terms of growth like I mentioned that we were stopping 31 million attacks, 10,000 plus vulnerabilities uncovered and 800,000 malwares. So, our aim would be to at least 10 X this number in the coming year, which would mean a more affordable and better solution for small and medium businesses, because these businesses are coming online, and someone needs to protect them. So why not Astra security because we deeply care about small and medium enterprises. Our aim would be to 10 x the impact that we have by protecting small and medium enterprises coming online from India.
Faiz Askari: So, what would be the tentative number that you expect from Indian market in terms of number of MSMEs joining your customer list?
Shikhil Sharma: So, in particular, I won’t have a number because when we actually market we try to market globally. We do have several MSMEs and SMEs who are using the solution. But one of the things that we’re considering is doing a bit of a parity pricing and doing better pricing for Indian businesses. So that is something which we are considering in the coming year to ensure that giving a free version or up to certain attacks free for Indian businesses because any protection is better than no protection. So that’s is what we are working towards.