Safety Detective: Tell me what motivated you to start your company.
Pavan Kushwaha: It has very much been a rollercoaster ride so far for us. And the reason is that we started this company as kids. We were in college back in 2012 when my social media account got hacked. I tried to investigate the possible reasons, and because of that, we ended up having a cybersecurity startup.
If you go to the data, 90-95 percent of attacks are happening because of the people. That’s a huge, huge problem, and that problem cannot be solved by a firewall, antivirus, or any other system that you put in. It’s a lack of cybersecurity awareness problem that has to be resolved by inculcating cybersecurity awareness among people themselves.
In the nine years that we have been in this space, we have released a couple of rounds of funding, experimenting in different geographies, and we already have around 400,000 to 500,000 users actively using our product, with more than 600 enterprise customers across the globe.
Today we run this cybersecurity firm with more than a hundred amazing people.
When the company started, we would very much focus on what kind of value we wanted to give to the customers. One guy looked into the entire research segment, one guy looked into the sales part, and one guy looked into the strategic decisions. It has always been a passion for all of us, and that’s why it’s been such a wonderful journey.
SD: What is your company’s flagship product?
PK: Our company’s flagship product is ThreatCop, which is a cyberattack simulation tool, which we initially called a People Risk Assessment Engine. It simulates different kinds of cyber threats on the employees of an organization, be it phishing attacks, ransomware attacks, or smishing attacks.
Like I mentioned previously, 90 percent of the attacks happen because of the people, and the best way to attack employees is via the communication media that we use: emails, SMS, and calls. Hackers try to capture that communication medium and hijack it so that they can get the maximum amount of the data to do the maximum amount of destruction.
This product acts as a hacker and attacks the employee and gives you an exact idea of how many people are open to those attacks, clicked on the links, and ended up getting hacked. It means, they have some of the data or installed malware that we had given them, which is non-malicious, non-hazardous malware. And by doing this, we get to know the cyber threat posture of an organization, termed as the Phish Risk Rate.
Let’s say, today if a hacker tries to target your organization—what are the ways the hacker can get inside the organization? We wield an excellent threat variant profile of an individual user along with their hack record on previous data breaches as well as the active breaches.
SD: What verticals use your services?
PK: Kratikal is in every vertical. We serve around 12 major industries including financial industries, internet companies, manufacturing units, pharma companies, banks, and insurance companies. We are sector agnostic because security does not focus on a particular industry. It’s for everybody.
SD: What are the worst cyberthreats today?
PK: The email-based attacks are targeting people because there is no technology that can solve this problem. They play with humans’ minds using social engineering attacks. We need to really focus on the people in any organization. We have to build a “human firewall” inside an organization to make sure that you are protected from those attacks.
SD: Where would you say cybersecurity is headed now that we’re living through this pandemic?
PK: It’s getting stronger. When you work from home, you don’t have the same kind of controls, firewalls, antiviruses, and other technology that was there previously. To make sure that you focus on these things, we have to work extensively on a solution that helps you identify these threats in real-time and also combine human intelligence with activation intelligence so that you can tackle the threat in a much more advanced manner.
One of our products is called Threat Alert Button. You install it into an O365 or a G Suite, whatever you’re using. This way, if you are working from home and you want to verify that an email that you received is legitimate or fake or if the links or attachments in that email is a virus or malware or not, you click on that button, you get the details right in front of you.
Cybersecurity is heading towards a much more mature side. Where it was focusing on enterprise security, now companies have started focusing on solutions and security for work-from-home situations. So, combining your security solution along with the work-from-home solution is the next big thing that is going to happen.