On this episode of the Futurum Tech Webcast – Interview Series, I am joined by Rubrik’s CEO, Bipul Sinha, for a conversation on cyber resilience and how organizations can achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. We also explore living in the era of AI, and while advancements in AI have allowed businesses to use data in new and powerful ways, it’s also created an even greater attack surface area that must be secured.
Our discussion covers:
- An overview of Rubrik and how it is solving customer challenges in cyber resilience
- A high-level perspective on the evolving state of cybersecurity, including the impact of cyberattacks and their frequency, as well as AI’s impact on the industry
- What cyber resilience is and why it’s important
- Key findings from Rubrik’s research on the current state of cybercrimes including breaches and ransomware
- The human and psychological impact that cyberattacks are taking on the people who are navigating these cyber events
- The nature of what cybersecurity teams may face in the future
To learn more about how to become cyber resilient, register for the Rubrik Zero Labs Summit: The Journey to Secure an Uncertain Future here.
Watch the video below, and be sure to subscribe to our YouTube channel, so you never miss an episode.
Listen to the audio here:
Or grab the audio on your streaming platform of choice here:
Disclaimer: The Futurum Tech Webcast is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we do not ask that you treat us as such.
Transcript:
Daniel Newman: Hey, everyone. Welcome back to another episode of the Futurum Tech Podcast. I’m Daniel Newman, your host, CEO of The Futurum Group. Very excited for this first of a three-part series that we’re going to be doing with Rubrik, talking about the need for cyber resilience.
Today, we have Bipul Sinha, he’s going to join us. He’s the CEO of Rubrik. We’re going to kick off. We’re going to dive into not just the need, but we’re going to be talking about the landscape, what’s going on in cybersecurity today, what enterprises are thinking about. We’re going to probably talk a little bit about AI because who isn’t and so much more. But without further ado, Bipul, someone I’ve gotten to know a little bit and someone I’m very excited to get to know more, welcome to the show.
Bipul Sinha: Good to see you. Thank you so much for this opportunity.
Daniel Newman: Yeah, it’s really good to have you here. It was nice just a few weeks back to sit down with you in San Jose. But look, you’re everywhere. I’ve been watching, following what Rubrik is up to and the timing for this conversation couldn’t really be any better. I mean, you can’t turn the news on most days without hearing about what is going on in cybersecurity companies, vulnerabilities, people’s private and personal data, and all the risks, of course, that as I mentioned, AI are creating for these things.
But before we jump into all things, cybersecurity, Bipul, can you just give a little bit of a sense to everybody of Rubrik and the company and what your focus is on in terms of providing services to your customers?
Bipul Sinha: Rubrik is a cybersecurity company. We deliver data security to enable our customers achieve cyber resilience. We sit at the epicenter of data security and AI, and our thesis is that attacks are inevitable and the only way to combat this cyber attack issues is to have a strong cyber resilience, cyber recovery strategy. That’s what we are delivering at Rubrik.
Daniel Newman: Yeah, I like how you said that. Bipul, for a long time, I’ve been saying it’s not if you get hacked, it’s when. Of course, there’s so much attack surface now and there’s so many from much more benign risks that get created with tracking all the way to very serious threats that can be ransomware, that can cost companies huge amounts of money, and also of course, long-term risks in their relationships with their customers. Having the right partners as an enterprise to deal with your data, your cyber resiliency is so important.
You alluded to this, I’ve alluded to this. The thesis is that it’s going to happen and we’re seeing it in the headlines. So many companies, companies with great CISOs, great IT departments, and many technology partners are still falling victim to cyber-attacks. Give me a little bit of your perspective on the state of cyber as you really can’t seem to get away from it even when you think you’ve got everything protected.
Bipul Sinha: If you look at the cybersecurity industry in the last two or three decades, the industry has been busy trying to stop attacks, building prevention solution, taller walls, and wider modes. But the situation is very asymmetric. Attackers have to be get right once and defenders have to be get right 100% of the time. That’s why no prevention strategy is complete. Attacks will happen, obviously, prevention is needed and you have to do it. But businesses have to rethink their cyber strategy and their strategy has to be assume attack, assume breaches, and how do you continue to operate the business even in presence of cyber attacks and cyber breaches.
Daniel Newman: Well, it’s probably happening all the time, right? I mean if you’re a large enterprise, you’re probably constantly swatting off attacks. Of course, as you alluded to Bipul, that you’re right most of the time, meaning whether it’s your automations, your SAMs, they’re dealing with these things all day long. But they only have to get in once. Once they’re in, the risks are huge. Do you think we’re seeing, I mean is AI… What about frequency? I mean is this happening more because it feels like… I mean I remember watching the movie Hackers almost two decades ago. It felt like this has been going on forever. I mean is the velocity and the pervasiveness of attack greater now because of technology?
Bipul Sinha: If you look at the digital transformation cloud acceleration, it has created significant larger surface area of attack. Also, our digital life, our digital activities only increasing. This large surface area of attack is creating more opportunity for attackers to get in and do damage. So if you look at the volume, velocity, variability of attacks, it is ever escalating. In fact, according to some stats, there will be one ransomware attack every two seconds within the next 10 years. That’s a scary prospect, particularly for an industry that earns $200 billion a year.
Daniel Newman: Yes, it’s interesting that you point that out. When you hear one every two seconds and yet you’re sitting there as a CISO or you’re leading IT or even on the board of directors of an enterprise, you have to be thinking like, “We’re safe now, but for how long?” So it really brings up the question of cyber resilience, Bipul, because we started this conversation like, “Well, you can’t prevent everything.” Of course, you hear about things like zero trust architectures, which if you do zero trust the way it’s defined, supposedly there should be no opportunity.
But we also know the amount of proactivity that zero trust creates and it creates almost a wall in the enterprise between security and the people that are good, which creates some ripple. How should companies think about cyber resilience in order to be successful?
Bipul Sinha: Cyber security is not just one thing, it’s multiple strategies. If you think about prevention, zero trust is very important because you need to only allow authenticated entities to interact with your IT systems. It is very important, but that itself is not enough because, as you know, attackers are not breaking in, attackers are logging in with stolen identities. How do you ensure that attacks that are inevitable? Because attacks are psychological. Since attacks are inevitable, how do we ensure that a business is a continuing operation?
The only way to do that is to have a strategy which says, “Continue to operate, recover quickly, recover surgically, understand the risk aspects, make sure that you’re ready for a cyber attack, and continue to operate.” That’s what we are focused on in Rubrik delivering cyber resilience to every organization around the world. Because again, cyber is inevitable, attacks are inevitable, and not planning for cyber resilience is a failure to plan. Cyber resilience is truly the strategic cyber defense strategy that is needed for every organization around the world.
Daniel Newman: I like how you put that. If I’m doubling down on this, is that a company cannot afford to be completely sidelined during a period of time in which it may have had its surface attack or been breached. The resilience really comes down to have you built an organization that can cope potentially for a period of time while it’s negotiating. If it was to be breached for something like a ransomware attack, the company still needs to be able to get systems back online because otherwise, it starts to double, triple, the risk and the cost associated become much more significant than just what you’re going to pay.
You have significant losses of customers, you have damaged supply chains, you potentially have financial operations seized, employees not being paid, and of course, massive harm to your reputation. Being able to get back up and running while you’re dealing with the breach is probably something that is almost inexcusable not to have a plan for.
Bipul Sinha: Our Rubrik Zero Labs, we actually did a survey of 1,600 plus IT and security leaders. What we found was that 70% plus organizations are willing to pay ransom. Situation is so dire because prevention strategies are not working to get back in business. But then the crux of the matter is that even after paying ransom, only 16% of organizations were able to successfully recover with the decrypter technology that they got from the threat actor.
The issue is not that whether they’re paying ransom as a solution, paying ransom is not a solution because more than 80% of the time you can still not recover and your business has existential threat. That’s why a strategy of cyber resilience and cyber recovery has to be part of the most critical cyber defense strategy because without that, businesses will be out of business.
Daniel Newman: Yeah, that’s a great point. There’s a continuum and depending on what gets breached and how much data and how you handle it and criminality and geography, there’s lots of different factors that companies have to consider. But you’re absolutely right. Ideally, you have the ability to stand everything back up and get back to operating and not have to negotiate or deal with that. Great point.
You mentioned psychology, Bipul, and you were mentioning that there’s a lot of psychological… I’ll use the word brain damage that goes on with trying to manage these ongoing attacks that are happening every day. If you feel like no matter what you do, you can never fully get ahead of it. Then we talk about some of this. It’s pretty much you’re always playing defense, you’re always on defense.
But for the people on the front lines, Rubrik works very closely. It helps these people that are on the frontline trying to really help companies and organizations, institutions, non-for-profits defend their critical data. How are people coping with navigating the complexities and the endless cycle that it feels like because it never ends? If you avert one attack, that’s just a moment and then here it comes again.
Bipul Sinha: See, the issue is that we have framed the cybersecurity in a bad way traditionally. We have framed the cybersecurity as fight this and you will prevent it. We have to reframe this discussion as prevention is required, but it’ll not be enough. If the businesses solely rely on prevention, that is really, really bad strategy. They need to assume breaches will happen and they have to have a comprehensive cyber resilience strategy. If you frame it that way for people that you try to prevent 99.999% of the attack, but some things will get in and you have a strategy to recover from it.
Because look, I mean our own Rubrik Zero Lab survey found that one-third of the organization had a leadership change after a cyber attack. 98% of the people complained about some form of psychological, emotional upheaval, trauma because of cyber attack. Because we have framed this discussion wrong, and this is why the Rubrik is creating a new future of cybersecurity, which is around cyber resilience because solely relying on, again, the prevention strategy is a failure to plan.
Daniel Newman: Yeah, that’s a great point. I mean with the fact of the matter is one is you’re pointing out part of why the board and people at the very senior level of organizatoins… I talked to a lot of enterprises, Bipul, and I’ll tell you that there’s still this weird wall between, what I would call, productivity enhanced technologies like gen AI and how it’s become the rage in the boardroom because people feel it can drive productivity and create efficiency. It’s very P&L-centric.
Cybersecurity sometimes feels a little bit like insurance. So it gets left to this other group to think about. It’s like, “Well, as long as everything’s running fine, this isn’t a big deal.” This doesn’t help us sell more, it doesn’t help us stay. But that’s not actually true because the moment you are breached, you suddenly realize like insurance, the moment your house gets struck by lightning, the moment that you get rear-ended at a stoplight and you realize how important having that insurance is, that’s a little bit like what cyber is.
Sometimes it doesn’t get the cool factor that like, “Hey, this automated generative AI tool that’s going to write your sales proposals for you.” But when you avert a breach or you’re able to then deal with that breach, like you said, suddenly you’re like, “Wow, this is really important.” How do you help executives and boards get over that hump of looking at cyber as this thing over here while they look at the cool new, whether it’s ERP with gen AI or Salesforce tools, or how do you get to see security in a bit more of a positive for business light?
Bipul Sinha: If you look at our economy, we live in a capitalist economy and capitalist economy is on a relentless march towards productivity because that’s what keeps our standard of living high, and that’s what keeps the prosperity and technology innovation in our society. If you think about it, there has always been the productivity and security of opposing forces. This was opposing force because the cybersecurity was viewed as a prevention tool that I can stop everything.
If you reframe the discussion as cyber is cost of doing digital business, and if you see this as a cost of doing digital business and have the right technology to be able to continually operate your business even in presence of cyber attack, then this discussion changes. Because now you can frame the discussion saying that, “I’m going to get maybe 30% productivity gain because of this technology and it’ll cost me maybe 3% to 5% or 2% in terms of cost of doing business for cyber to protect this.” Net significant gain in productivity while you are protecting the business, protecting the organization, giving people a sense of safety and security, and continue to accelerate your digital business, continue to deliver digital products and services to your customers and partners with high confidence.
Daniel Newman: I’ll add one more. I genuinely do believe that you can really put into the P&L the value of being able to continuously run your business. As AI continues to scale, Bipul, data, PII, all these things, I think there will be some companies that will be sturdy, businesses that will end up failing because they did not address security and they will never come back from a breach where the data that was exposed, it’s irreconcilable for people. They cannot see themselves ever doing business again.
That happens once or twice, and it’s going to become a bigger and bigger priority at the highest levels of organizations to get their cyber resilience strategy right. Now I’ve alluded a few times in this conversation to AI and I haven’t stopped yet and not let you give me your take. At this point, I would love to get your thoughts. What do you think of this AI boom and what do you think its impact is going to be on the cybersecurity industry?
Bipul Sinha: We are in a very early days of this new generative technology and its impacts that’s going to be on our work and our society overall. This AI technology has implications both for attackers as well as for defenders. Obviously, it helps attacker escalate their attack and scale their attacks because now they can generate code automatically. They can deploy things with a lot more automation. At the same time, defender also have to use the AI to fight fire with fire because you can’t bring a knife to a gunfight and attackers are bringing gun to this fight in form of AI.
This is where it is paramount for businesses to really think about cyber resilience and apply AI technology into it to deliver complete cyber resilience, to be able to understand what the hell is going on. Because again, volume, velocity, and variability of cyber attacks have gone beyond human comprehension. You have to bring machine and machine comprehension to understand, “Are you ready for an attack? Where did it happen? How far it went? How do you do surgical recovery without being able to get reinfected?” That’s what Rubrik is delivering in our Rubrik Security Cloud.
Daniel Newman: I tend to believe that the AI boom will create this incredible acceleration for both sides, which by the way is not really new. We’ve seen tech and AI isn’t really new. I think a lot of people out there, because last November ChatGPT, are suddenly paying more attention to it. But for a long time, we’ve seen continued sophistication and it’s been a cat-and-mouse game, and that will not change whether it’s nation, states, and governments, whether it’s large enterprises and whether it’s organizations or even small-time, of course.
Even just things like improving our hygiene for things like passwords, Bipul, your name, and your date of birth or whatever is probably not the best password, but people still do it every single day, which is why there’s so much risk. We’ve covered the gambit here. We’ve covered a lot of ground. I’d love to end. This can feel a little bit hopeless when you listen to this. You think about everything we’ve said, like, “Well, you’re going to get breached and the tech’s going to get better and you’re going to get…” Of course, if you’re in the security business, there’s some value in the need.
But at the same time, with the work you’re doing at Rubrik and with the work some of your peers and you are doing in the industry, I saw your interview with CrowdStrike recently. There’s also some room for hope, right? I mean, there is some room for people and companies, enterprises, and individuals to feel that there’s some hope that they can keep their data state safe, they can keep their enterprises safe. Share a little bit about maybe what you see in terms of a cause for optimism in the cyber landscape going forward.
Bipul Sinha: If you look at the state of cyber, it is about right talent, right technology, and right best practices. Best practices is the most important part because you can get 80% of the way there by creating cyber awareness in your employee base, in your partner base to make sure that everybody’s aligned. This is where the good news is. The good news is that cyber is now mainstream. With ransomware attacks, with what is happening, what happened at MGM and other places, it has now in the psyche of the masses. As a result, this awareness is creating people do more hygiene work, so have the right password, make sure that all the right security procedures are taken care of.
This is where the board and the CEOs are really pushing their organization to create awareness about our cyber, create best practices. Because again, best practices can take you 80%, 90% of the way. Believe it or not, even today, majority of the attacks are happening because of known issues. We have to overcome our own, whether we are procrastinating or not applying patches or being a little bit careless about our password, having a welcome one as our password. All of these things combined is a good news for the industry because we can get a whole lot of way by taking care of these known issues, taking care of the standard best practices.
Daniel Newman: Our password should not be password ideally. I’ve heard so many great stories over the years. When I say great, they’re sad, but it’s prophetic. “How did you get breached?” Visual hacking. “I left a sticky on my desk or on my laptop at Starbucks and someone snapped a photo of my password and login.” It’s pretty unbelievable. But that still does happen.
Bipul, I want to say what a pleasure it’s been. There’s so much ground to cover. As we know, six months from now, a year from now, there’ll be more ground, there’ll be more sad and horrible stories about companies and individuals that have been through a lot. It will be just another reason why companies, their leaderships, and of course their security leaders need to be focused on building cyber resilience. I hope you’ll come back so we can talk some more. But for now, congratulations on the success so far with Rubrik, and I look forward to continuing to follow your story as you continue to build solutions to fight cybersecurity into the future.
Bipul Sinha: Thank you so much.
Daniel Newman: All right, everybody, hit that Subscribe button. Join me and our team for all the Futurum Tech Podcasts and the interview series. This is the first of a three-part series that we’re doing with Rubrik, and we’re going to talk a lot more about cyber resilience. Stay with us, subscribe to us, like and share if you enjoyed this conversation. But for now, I got to go. See you all very soon.
Author Information
Daniel is the CEO of The Futurum Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise.
From the leading edge of AI to global technology policy, Daniel makes the connections between business, people and tech that are required for companies to benefit most from their technology investments. Daniel is a top 5 globally ranked industry analyst and his ideas are regularly cited or shared in television appearances by CNBC, Bloomberg, Wall Street Journal and hundreds of other sites around the world.
A 7x Best-Selling Author including his most recent book “Human/Machine.” Daniel is also a Forbes and MarketWatch (Dow Jones) contributor.
An MBA and Former Graduate Adjunct Faculty, Daniel is an Austin Texas transplant after 40 years in Chicago. His speaking takes him around the world each year as he shares his vision of the role technology will play in our future.