MiIdentity in conversation with Chetanya Kunndra
The MiIdentity team was joined by Chetanya Kunndra to talk about cyber security – exploring what attracted him to the field, his thoughts on cyber security education, and his advice for companies and individuals for increasing awareness and protecting themselves in the digital space.
Chetanya’s interest in cyber security was sparked during his Bachelor of Technology degree in Computer Studies. Having spent time as a software engineer at a startup after graduating, he later completed his Master of Technology degree in Cyber Security, solidifying his interest in the field. He soon began his career as a Cyber Security Consultant.
“I was motivated to jump into cyber security because it’s a dynamic field,” he reveals, “with every client, the risk posture and challenges changed. I went into consultancy because it ties into the niche concepts of cyber security. While many in cyber security begin with bug bounties and penetration testing, I chose to dive deep into the core concepts of cyber security.”
Defending from attack through cyber security
As countries pursue digitisation, such as India’s ‘Digital India’ initiative, cyber security is more important than ever. In this digital world, robust cyber security, cyber security awareness training, and data management are the first lines of defence for companies against attackers. To understand the implications of cyber security and threats relevant to their organisation, companies can look to cyber security experts like Chetanya to strengthen their IT systems.
To combat external attacks, penetration testers are mobilised to simulate cyberattacks, with the aim of identifying and reporting security vulnerabilities in computer systems, networks, and infrastructure. When external vulnerabilities are found, fixes and patches are implemented to stop hackers from exploiting those weaknesses.
Internal attacks happen when a hacker has already compromised a company’s network, this is where Chetanya’s expertise applies.
“I advise companies on how attackers move within their network,” he explains. “From a company’s perspective, it’s essential for them to understand how they can identify that their network has been compromised. Cyber criminals are so advanced now that they can be in your own network, and you won’t realise it until it’s too late.”
Chetanya’s aim is to prevent companies from needing to respond to an internal cyber-attack. By identifying existing flaws and vulnerabilities within their networks, attackers will be unable to penetrate the infrastructure beyond the perimeter.
Improving cyber security with education and awareness
When consulting, Chetanya finds that companies often have limited security measures – such as incorrect cloud configuration, no MFA (multi-factor authentication), and insufficient application firewalls – making their websites and networks prone to cyber-attack. He also finds that company software is being created with flaws from the outset, caused by poor understanding and methodology from software developers for writing insecure codes. This starts with education.
“Education institutions – where students learn how to code – are not teaching them how to write code securely because it’s not one of the mandatory aspects of that teaching,” Chetanya says, “so it becomes a company’s responsibility to ensure their developers are writing secure code and that their code is being thoroughly tested.”
“By setting clear SOPs (standard operating procedures) to follow within the company, software developers can ensure they are creating secure code and reliable products, and cyber security engineers can create robust networks,” he adds.
Beyond developers and engineers, training and education plays a major role in cyber security for individuals in an organisation at every level. Improving cyber security awareness reduces the chance of a successful cyber-attack within a company, and the knowledge benefits employees in their personal lives as well.
“Humans prove to be a very weak link to compromising an entire company,” says Chetanya, “for example, many employees fall for phishing and CEO scam emails. Being able to identify these threats and knowing what to do is key to preventing breach of an organisation’s infrastructure.”
As for individuals, Chetanya urges awareness. He recommends educating themselves on personal cyber security by reading articles on common threats and forming a basic understanding for identifying key gaps that could lead to compromise and how to improve their own cyber security.
“Generally, people don’t need that much in-depth cyber security knowledge. They just need to protect themselves from falling for scammers, not clicking on malicious links, websites, or executable files (.exe),” he explains. “And, of course, if anything sounds too lucrative, then it’s most probably a scam.”
Protecting personal data
As people become more security aware, companies are implementing measures to help their users keep their data secure, such as MFA features that make use of third-party authenticator apps or on-device biometric verification. This is great news for users, especially when many apps collect and store vast amounts of sensitive data, such as emails, instant messages, photos, and banking information. However, often these settings are hidden away within app security settings, rather than front and centre when users first access. This raises the question of whether companies – whose apps and services collect personal data – should be held accountable for enforcing security features for their users.
“From an individual’s perspective, protecting personal data is one’s own responsibility. Any opportunity to protect your own data should be taken by checking settings when creating accounts,” says Chetanya. “Considering the large amounts of data being collected by platforms like Google, it’s their responsibility to protect the data they collect and store on their own servers. Both parties need to properly secure themselves and their data by taking responsibility for themselves.”
Individuals can stay ahead of data breaches by monitoring their personal data using services such as MiIdentity. The MiIdentity platform gives users the power to monitor their identities and financial information across the internet, dark web, and financial bureaus, providing real-time alerts when data is found. Once alerted, users are provided support to secure their compromised identity and can receive inconvenience payments in cases of monetary loss resulting from identity theft, such as replacing a stolen passport or mitigating lost funds from a fraudulent transaction.
“MiIdentity is definitely a unique and interesting solution, something I personally haven’t seen before,” Chetanya comments.
As we discuss monitoring apps and services, Chetanya has a positive outlook but warns monitoring companies not to be intrusive. “Tools that enable you to monitor your own accounts and show how vulnerable you are or your exposure on the internet are definitely a must,” he says, “but monitoring tools need to implement certain controls so as not to invade on a person’s privacy, they shouldn’t see what’s not to be seen.”
Cybercrime challenges in India
Cyber literacy is a complex matter for a country whose population is, in many cases, still new to technology.
“Lots of the population is literate, but they’re not necessarily tech literate against cybercrime,” explains Chetanya. “Then there is a portion of the population that does not know or necessarily care about technology such as their phones, bank accounts, and the IT cyber space.”
With the cyberspace environment new or unfamiliar to so many, people need to stay safe online and in control of their personal identities. In a proactive effort, MiIdentity is empowering people in India with the necessary visibility and awareness one needs to stay safe.
In 2022, the Indian government implemented a helpline (1930) for reporting online financial fraud and other cybercrimes. Chetanya agrees that it’s important for individuals to report cybercrime, so that government agencies are aware of what is happening on the ground. “Appointed officers can tackle the complaints and reports,” he says. “Once it’s reported, it’s their responsibility to handle it.”
Chetanya also believes that while Indian companies are more aware of the threat of cybercrime, there needs to be management to bring them up to modern cyber security standards, meaning less reason to carry out cybercrime.
“Over the past couple of years the number of people who are fighting cybercrime or responding to cybercrime has increased. Still, in comparison to the amount of cybercrime that is happening, the enforcement is much less,” he says. “Companies need to upskill their own workers to ensure that they can combat cybercrime at various levels, not just at a company level but at an individual level as well.”
Quick ways to protect personal identity
As our conversation draws to a close, we asked Chetanya for his top tips for individuals to look after their personal identity in the real and digital world.
“First, when receiving messages or phone calls from unknown numbers, just ignore them. That’s one simple way to avoid scams,” he suggests. “Second, be aware of QR codes being used to request money, as this is not typically how payment apps work. And third, do not install apps from unverified sources – always download from official stores such as Apple App Store or Google Play Store, unless it’s from a trusted source like your own office or a government portal.”
Interested in proactively monitoring your digital identities? Simply send us your name and email address to learn more.