Platform

Insights You Need

ColorTokens Named a Forrester Wave Microsegmentation 2024 Leader Badge

Download Report

By Industry

By Use Case

Services ZERO TRUST AS A SERVICE

Let's Win Together!

Partner Program Overview

Designed to deliver unparalleled customer value and accelerated mutual growth by harnessing partner expertise and ColorTokens cybersecurity technology.

Learn More
Become a Partner

Resource Center

View all Resources

Asset Type

Customer Success Stories

View all
What's New
Analyst Mentions, Awards, & Certifications
View All
platform-forrester-badge

ColorTokens named a Leader in the Forrester Wave™ Microsegmentation Solutions report.

Download Report

ColorTokens named a Leader again. The only vendor among 15 to achieve a perfect 5.0 across key feature categories.

Access Report

Xshield™ earned a spot on Constellation's Shortlist™ for Microsegmentation

Learn More
arrow Back
March 24, 2026 | 35 min

Breach Readiness in 2026 Is Urgent: A Practitioner’s Tale

In this episode of Breach Ready Dialogues, Agnidipta Sarkar, Chief Evangelist at ColorTokens, speaks with Sanjeev Mehrotra, Senior VP and Global Head of Cybersecurity and Risk Management at Tech Mahindra, about what actually happens when breaches hit and why breach readiness is becoming urgent in 2026.

Drawing from real-world breach experience across industries, they discuss how organizations respond under pressure, why business continuity plans often fail in practice, and what separates teams that regain control from those that struggle for months.

The conversation focuses on how leaders should think about material impact and minimum viable digital business, and why microsegmentation is emerging as a foundational capability to contain attacks, reduce blast radius, and keep critical operations running.

They also cover zoning, supply chain exposure, OT environments, and how attackers are shifting tactics, including the rise of destructive attacks and AI-driven threats.

Agni and Sanjeev

Agnidipta Sarkar: Hello. Good morning, good afternoon, good evening, no matter where you’re joining the Breach Ready Dialogues. Welcome to the next session. Today I have with me senior VP and Global Cyber Security and Risk Management Head Sanjeev. And what we are going to delve about is as usual for the breached dialogues, but probably a little shift for people who have been listening to cybersecurity podcasts.

Agnidipta Sarkar: We are trying to create a shift from cybersecurity tooling to cybersecurity resilience, or other cyber resilience. And the whole idea is based on the acceptance that breaches will happen. And we need to figure out how we will emerge from the breaches or, and breach readiness is core to that  philosophy.

Agnidipta Sarkar: The new protagonist is going to be a breach ready leader, someone who has understood that the perimeter is a myth and who has understood that when breaches happen, the best way is to be ready for it. And just execute things calmly so that you’re in full control of the attack and not the attacker.

Agnidipta Sarkar: With that, let me pass over to Sanjeev. Why don’t you introduce yourself, Sanjiv.

Sanjeev Mehrotra: Hey, thanks Agni. Pleasure to be with you over this dialogue. My name is Sanjeev. I’m working as senior VPN, global Head for Cybersecurity and Risk Management at Tech Minecraft. As a part of this role I’m sharing seed with the CXOs and board members to provide them effective dialogue and an overall functioning of secure it and ensuring that the right kind of GRC.

Sanjeev Mehrotra: Practices that take place. Having said that while that continues to be a part of bread and  butter for what I do and live for I have been associated with couple of breaches at various levels, with the customers, helping them overcome them on a. On a day-to-day basis, helping them rebuild it and helping them secure the entire estate from a future perspective.

Sanjeev Mehrotra: So that is some of the interesting stuff that I have done for the customers and continue to do that.

Agnidipta Sarkar: Oh, thank you. So you bring in a very different perspective too. The usual breach readiness discussions we have, and I’m very happy to tell you that I have hosted different personas on this platform.

Agnidipta Sarkar: We’ve had a cybersecurity researcher, we’ve had analysts we’ve had. Forensic investigators. I hope to get someone from who understands the mental health of people involved in breaches. I hope to get some legal guys as well. And now I have you who’s got this experience with  breaches.

Agnidipta Sarkar: Let me go into the kind of experience that you might have had. And what I’ve realized in this journey is that no experience. Is inadequate because there are no books about how you handle breaches. There are tons and tons of books that talk about crisis management. Now, in a breach.

Agnidipta Sarkar: It’s not traditional crisis management because all your facilities are standing and yet your business is not happening. The chaos is digital. In fact I remember there used to be a tool that Netflix that they developed called as the Chaos Monkey. So what they would do is that in order to figure out whether the system is good enough, robust enough to test the resilience, they would randomly shut down a microservice in some part of the world.

Agnidipta Sarkar: And then they would make sure that, they’re able to sustain that disruption. But  that’s controlled chaos. I think where we are headed about breaches, what we want to tell the listeners of this podcast is that breaches will happen. There are ways to handle it. I’ll. I would want if you can spend some time on some of the breaches without naming them.

Agnidipta Sarkar: Probably. If you have, I understand some of them might be very confidential. Tell us some of the experiences that you’ve had.

Sanjeev Mehrotra: Yeah, interesting thing. And rightly put across Agni. There is no playbook, there is no cheat sheet, there is no coaching that is available. And I don’t think for years to come, there can be one such playbook that is available, how to deal with a breach or a challenge.

Sanjeev Mehrotra: I talk of two breaches, which are diametrically opposite from an industry perspective. One is in a financial segment where the hill broke loose. And the exact word, which is lysis. You could sense it across up to CEO and board members. People don’t know how the settlements are  happening.

Sanjeev Mehrotra: People don’t know, what are the next set of transactions trying to revert back to manual working, which is just not possible. Penalties mounting up regulators on top of the individuals and kios everywhere. You handle it with calmness. Look at what can be rebuilt, piece by piece module by module, bring up the businesses.

Sanjeev Mehrotra: Put in a crack team, which works practically 24 by seven in terms of rebuilding, working across customers, your environment, everything possible, including the partners in place. The other example I’ll take off is the fashion industry, which is typically, into manufacturing of fashion products.

Sanjeev Mehrotra: There, it’s the workers are off, people don’t know how to handle it. The union is onto that, because of other regulatory issues that come into picture. A similar kind of a scenario. While the bank had some kind of people who could really bring up the systems, the fashion industry didn’t have anybody technical enough to bring up those  systems.

Sanjeev Mehrotra: So you have to really, some of that part, you have to really work with them to re-engineer. The good thing that both the industry people did was not to yield to the requirements of the attacker. They didn’t pay a single penny. And that worked very well for everybody in the process. So those are two diametrically opposite things.

Sanjeev Mehrotra: What really worked well over a period of time is to develop a quick track plan in terms of what is it? Draw back quickly. Looking at the business line and making it working. When making it working. You also go back to the regulator and the other compliance functions to ensure that you brought it up, show it as a proof of putting to the market, and then one after the other that you bring it up.

Sanjeev Mehrotra: The cost doesn’t stop there. Acne, once you have brought the bare minimum business up the ask from the insurers go up. They look forward to the zero day attack pattern because that’s the requirement that any industry  has from the insurance industry has from the marketplace. And that’s where you really need to engage with real good people who can help you find that.

Sanjeev Mehrotra: And then comes the next step, which is where, everybody wants to look at the future and ensure that similar thing doesn’t happen. And the storyline continues. It doesn’t. And in a few days, weeks, it continues for over an year. If you look at the complete lifecycle and all of this can actually be averted to a great extent if there is a bit of planning and thinking that can happen ahead of time.

Sanjeev Mehrotra: And some of the elements I will say, which can minimize the loss, definitely identity everybody is talking of and bringing identity. But I would also say every organization has got an active sitting inside them. Most people agree to that. How can you minimize that impact and to minimize that impact?

Sanjeev Mehrotra: The concept of microsegmentation can really help. Minimize the attack, take off the  environment which is not working, and ensure that the rest of the business is brought up quickly. So that’s minimizing the loss, ensuring that the attacker can’t move from one area to another. And it is applicable to all industries.

Sanjeev Mehrotra: It’s not limited to banking, financial. It can be done for manufacturing. It. Can be done for healthcare, it can be done for any of your transport be it airlines or anything. You can deploy that concept across every part of the industry. So that’s an indus, that’s an industry-wide phenomenon that people should look at.

Sanjeev Mehrotra: So as to the minimize the impact in case they are really attacked.

Agnidipta Sarkar: True, in fact, there are a couple of things that I think that we should take back as learnings and as you said, there are no books about this. It, we have to rely a lot on what’s happening across the world and how are people handling these situations.

Agnidipta Sarkar: I am noticing a trend and. I would say it’s a disturbing trend that comes to my mind,  and that is okay. It’s both encouraging and discourage and dis, disturbing. It’s encouraging because people are paying less and less ransom. So that’s the encouraging part, so we are discouraging ransomware, attackers, disturbing parties.

Agnidipta Sarkar: The ransomware attackers are now therefore pivoting. They’re saying, in any case, I’m not gonna get money. So what they’re doing is something like, what NotPetya was it? It was a malicious tool disguised as ransomware. So you would feel that, a system got locked up and you’ve got a ransom notice, and now you, if in some way you’re preparing to recover those systems from the ransomware, that’s not gonna happen.

Agnidipta Sarkar: The ransomware attacker has no intention of. Unlocking the system for you. Because they know if they go ahead with the ransomware discussions, there are other risks that happen. There are there, laws and, authorities will come in, they  might get caught. And there are empty instances of nowadays ransomware attackers being caught and put behind bars.

Agnidipta Sarkar: At the same time, some, sometimes the negotiations go very bad. They don’t get all the money that they wanted. They thought that they will get, so they are going in a different direction. They’re taking the money from somewhere else, and they’re going to cause inexplicable harm by shutting down systems.

Agnidipta Sarkar: And they’re timing it with the growth or the innovation that an organization does.

Sanjeev Mehrotra: Absolutely Agni. A live example of that is the famous shoemaker disruption that has happened recently. Yes. They didn’t take away any of that HR data per se, or a personal data of the organization.

Sanjeev Mehrotra: Correct. The segment of the entire business, part of the discussion where they had the entire supply chain data, they had access or they. Put across a good amount of data, little close to about 1.5 terabyte of data, which had all the  business logic, which had all the, financial numbers in terms of how the business for that particular shoemaker is something.

Sanjeev Mehrotra: And the objective was, they make money by selling that. So it’s like my secret sauce. The secret sauce of that company is what they want to. Publish and sell it across in the market so that competitors or other startups can can actually make money out of it by buying it and start their business or do whatever.

Sanjeev Mehrotra: It’s so that’s exactly the modus. So operandi and people are changing and businesses are getting to a bigger and bigger risk.

Agnidipta Sarkar: You’re, what you’re alluding to is very important to consider from the perspective of A CEO. For example, let’s say there is a cyber attack and you lose some data.

Agnidipta Sarkar: The CEO perspective is we need to protect stakeholder interests and we need to comply to applicable laws like GDPR or CCPA, and we need to make sure that data is not lost and we need to take care of all these things. The board will come and say,  what is our risk appetite? Why don’t we put, why don’t we park about $10 million in the case of a penalty that we have to give, and then go ahead and do the business that we are supposed to do.

Agnidipta Sarkar: This attack changes all that, because now your risk perspective is if you had to do some kind of a risk acceptance or a risk tolerance mechanism or some mechanism to say that if this happens, we are going to spend this money and then continue doing business. The whole thing is changed because now you need to redraft your entire supply chain.

Agnidipta Sarkar: Absolutely you need to change the way that you’ve been doing business because your co business logic and your way of doing business is now publicly available, which means your competitors can pick up the same mod opera operandi and win against you in the markets that you were winning earlier. So this is a completely different paradigm now, and unlike losing  personal data, in my view, this is far more complex when it comes to handling this whole thing.

Agnidipta Sarkar: You talked about microsegmentation and I’ll just come back in a minute. I think there are two things that boards need to think about. The first thing is what is the maximum, material impact that we will tolerate in dollars, whatever be that number. The second is, if a breach does happen, what would be that minimum viable company that we will operate, or minimum viable digital business that we will operate?

Agnidipta Sarkar: And we plan for that. And that’s where microsegmentation plays a role because you can then define through the microsegmentation that these are my critical systems. These need to be alive. This is my minimum viable digital business, and hence my material impact is going to be at certain amount. But that’s not key.

Agnidipta Sarkar: The key thing is you need to keep changing it every year, every iteration, I was reading a blog a few minutes ago before we  got on this call, and somebody said. ISO 27,001 has been around for a very long time, and they do revisions every six years. Sure, attackers are going to wait for them to come out with the next revision before they come out with a new technique.

Agnidipta Sarkar: But the point is not that one of the key things that 27,001 actually teaches you is continuous improvement, and I think that’s one way to do it. But I would like to hear from you what you think is. It is absolutely critical for we, and we talked about microsegmentation for organizations to become breach ready.

Agnidipta Sarkar: Where should they start? Is micro, in your view, is microsegmentation a foundational capability and then they can build everything onto it. For example, they can integrate EDR into it. They can integrate the firewall for enforcement. They can integrate NAC to it. They can integrate SSIM to it. How do you see that evolving?

Sanjeev Mehrotra: Agni I’ll step back. Where you said, where the CFO has skipped, say, 10 million to pay for penalties  and stuff like that, they can also go back and add to some amount of insurance in the whole process.

Agnidipta Sarkar: Yes.

Sanjeev Mehrotra: None of those amounts is going to suffice if the secret sauce or the business logic of the organization gets stolen and is available.

Sanjeev Mehrotra: Correct because the 10 million, 20 million, whatever you put aside, is not even a fraction. It’s a rounding of error given the size of business that those individuals are running. So no matter what you put aside doesn’t make any sense to your point, second point or the last point that you referred.

Sanjeev Mehrotra: Microsegmentation to me, fundamental thing, it’s a fundamental building block. People should reconsider the way they are looking at their networks. Microsegmentation should be considered for as a first thing in the system because you have to also look at, as I said earlier it’s not about whether you’ll get attacked or not, it’s about how ready you are when you are attacked, when the attack

Agnidipta Sarkar: happens,

Sanjeev Mehrotra: when the attack happens, and how much minimization of.

Sanjeev Mehrotra:  Impact can you really work on so it’s like it’s no more the approach that you protect the crown jewels and then you get to the network side of it. You plan it, network up right up to the crown jewels where the minimum viable organization or the business part of the world continues to work. And.

Sanjeev Mehrotra: Upon. So microsegmentation does help in a big way. It can be integrated with anything, everything, and can be brought in as a part of the core working of any security and network infrastructure or for that reason, the whole of it infrastructure and the entire application paradigm. That forms the basic and fundamental thing as we move ahead.

Sanjeev Mehrotra: However, there are other things associated with the microsegmentation. You have to be also classifying your data in terms of how you look. Look at it. You have also to look at which zones, which sectors which are part of your applications. You look at how do you micro segment, so there is a larger play to the entire IT system that you have to think through.

Sanjeev Mehrotra: But yes, these kind of fundamental shifts will  definitely redefine the way organization, minimize the impact in case of an adverse scenario.

Agnidipta Sarkar: Yeah, I think that’s the key takeaway. How do you minimize the impact and continue doing business? And you talked about zones, in, in, in my way of looking at things.

Agnidipta Sarkar: If you’re looking at microsegmentation, then zoning must be thought very deeply. It needs to be your primary design criteria. In fact I remember I, I spoke at a forum once I think it was Forrester, in, in Sydney last year. And in that forum, somebody asked me, that I talked about the fact that everybody has a network security diagram, which shows computers with IP addresses on a network, and you have a picture of a server.

Agnidipta Sarkar: You have a picture of all that, and I asked them, that’s a network diagram. Have you ever seen a security diagram? And people were. Like

Sanjeev Mehrotra: exactly.

Agnidipta Sarkar: Yeah. How does a security diagram look like? And I said,

Sanjeev Mehrotra: you  actually hit the nail on the head and sorry to cut you here, Agni. What typically happens in most organizations is whenever they’re looking at these kind of microsegmentation or some task like this, it is always, first, the network team knows most of it.

Sanjeev Mehrotra: They knows the graphic flow, they know the IP addresses, so let’s go ahead with them as. Front end for that. My take is, are you doing microsegmentation because you want to have a microsegment? The answer is no. You’re spending on microsegmentation because you want to minimize the impact in case of a bad,

Agnidipta Sarkar: you want to become breach ready, become

Sanjeev Mehrotra: you want to become breach ready?

Sanjeev Mehrotra: Yeah, please add and if you have to be breach ready, it is the security people who should be at the forefront looking at how the entire schema can be drawn up. Tying all the six, seven pieces of security together and bringing it into a central part and then start about it. Giving a simple piece of way and saying that, look, I can do microsegmentation, I can do it on a route or in a switch, or I can deploy it as a  software.

Sanjeev Mehrotra: Is one piece of it, but thought through and done properly does make a lot of sense and helps. Preserve their core.

Agnidipta Sarkar: Yes. I think the industry has moved away from design concepts and I think we no longer consider security patterns as input to design, and I think that’s very important because if you are able to say that, in, in my mind initially at a very high level, I would say that there are four zones, which every company must be having.

Agnidipta Sarkar: Zone one, let’s say the most critical zone where you have your. Critical systems, which is your minimum viable company? No I’m not even talking crown jewels because some people say the CEO’s laptop is not crown jewels. Or CEO’s laptop is crown jewels. Some people say that the network file server there are backups, so it’s not really a crown jewel.

Agnidipta Sarkar: I wouldn’t talk about crown jewels in that sense, I’m saying. Craft out. Begin with the crown jewels. By all means, begin with an asset list that you have, but  craft out what is the minimum organization that you want to operate. Then there is a breach. What is the minimum that you want to operate? And if you say that minimum is, let’s say 60% of your enterprise.

Agnidipta Sarkar: The next year when you come back and reevaluate, or next, I wouldn’t say even year, next iteration, after you’ve completed the microsegmentation, gone through a one round of exercising and making sure that you’re able to do it, increase that number from 60 to 65% or 80 to 85%, whatever, be that number the reason is when you think of it like this, then.

Agnidipta Sarkar: If you go and talk to most cyber leaders today, they would say, I have a business continuity plan. So in the event of a breach, I’ll invoke my business continuity plan and I’ll come back to whatever is my lights on approach. And my point is, typically a business continuity plan would be 15 to 30% of your enterprise.

Agnidipta Sarkar: But if you’re doing microsegmentation and you’re not thinking that  microsegmentation can actually help you limit your blast radius, and therefore you can now think of an unaffected business segment, which is about 80% of your organization, and then invoke the business continuity plan for the part that got affected the 20%.

Sanjeev Mehrotra: You talked of a very interesting topic here, business continuity plan and experiences. Most companies have it, but in reality, even a 15% looks like a tall order. It’s on paper. Many times it is not tested. It has not been thought through. It’s an afterthought that comes into picture.

Sanjeev Mehrotra: That this is what we need to do because there is some compliance or a regulatory requirement that comes into picture. And I also know of some companies who are really doing it very nicely. They work with it with the regulators and ensure what they have said is what they’re complying with. And once a year, they will do that as a religious exercise too.

Sanjeev Mehrotra: But,  very few, it’ll not even a single percentage, I’ll say that, who have been proven that way, end to end, that they are complying to that kind of a requirement. So going back to that point, BCP invoked, what is it that you will invoke in A BCP? Because there is nothing that is stripe, that is nothing that is tested.

Sanjeev Mehrotra: So a reality check in that case is, again, an answer to that is microsegmentation. It helps you, if you were to plan for a 15, 30% or 25% of a BCP plan, investing that much ahead of time into the right technology helps you build the BCP plan automatically. You need not plan for it.

Sanjeev Mehrotra: You just put in the right technology ahead of time, do the right kind of microsegmentation, right kind of zonings and move on from there. You be, and you would achieve about 80%. You have achieved 80% the plan. You have done the BCP planning. It’s just then documenting it. That becomes your BCP document.

Agnidipta Sarkar: Yes. And it goes the other way around. It’s it’s,

Agnidipta Sarkar: you actually remind me of  OT incidents. So I was talking to, I was talking to somebody who has been training ISO six iss, a 6 2 4, 4 3, and his view was that, in ot is very different from it. And there are control system networks and when there is a breach or or a cyber attack, you are not thinking of confidentiality.

Agnidipta Sarkar: You’re not thinking of you’re thinking of availability, you’re thinking of reliability, you’re thinking of, safety. These are the thoughts in your mind. So that’s how you react to a cyber attack in ot. So to come back to connect it to what you were saying about business continuity, is that in the world where business, where cyber attacks have a physical result.

Agnidipta Sarkar: Somebody if you remember those water supply systems were shut down sometime ago last year, by a cyber attack. So these are cyber physical systems. And if that can happen which I think there was one water form somewhere in Europe, sorry, I’m wrong. The Roman, the Romanian  power system.

Agnidipta Sarkar: The power utility was, had a cyber attack this year.

Sanjeev Mehrotra: Got it. So if you look at with all the geopolitical issues on an increase today, the war is not looked at by humans. It’s a cyber war that runs and imagine, there are pipelines moving from one short, one another. If somebody alters the pressure into the pipeline, it’s not that the gas or whatever liquid is being pumped in the pipeline will get delivered or not.

Sanjeev Mehrotra: It can threaten the human lives. It can cause kiosk, it can mean a lot than people can think of. Imagine there is a complete control taken over by anybody on your electricity supply. Everything will come halting down. How many days, how many months can a person really work on a diesel generator?

Sanjeev Mehrotra: And there are places where people have not even tested working off a DG as a fallback for days, weeks, and months together. So it is very important that that we also look at from an OT segment how things  work and really plan for it in a real life scenario. While OT and IT are very different, the thought processes of people managing OT infrastructure and IT infrastructure are quite different.

Sanjeev Mehrotra: But the importance of OT infrastructure in today’s world is. It should be taken more, should be taking more importance over the traditional IT infrastructure because geopolitical situations will happen and the cyber war will take over the human war. And that’s where the real compliance really building up a good OT systems, bringing in the right kind of microsegmentation.

Sanjeev Mehrotra: And as you said, we breach ready around those things is the real test of war that the world should look at today.

Agnidipta Sarkar: Absolutely right. And the good news is and I’m just going back to what you can do if there was a breach, and how do you prepare to become breach ready? The good news is that today, micro-segmentation technology can be adopted in days.

Agnidipta Sarkar: Not months and years in days, because earlier it used to take a long time, people would deploy their agents and they would start watching what’s happening, and then based on that, they would customize the microsegmentation agent and put rules and policies in there to stop a future attack or to create network communications and so on and so forth.

Agnidipta Sarkar: Today it’s very fast. We just, you can connect it with your EDR. You can, it doesn’t matter whether you have CrowdStrike defender or whatever, you can just connect it to there, do an API to API connection. You don’t even need an agent now. It’s truly agentless,

Sanjeev Mehrotra: right?

Agnidipta Sarkar: And you should be able to use that and integrate your microsegmentation, your concepts of the zoning part, right?

Agnidipta Sarkar: Remember I talked about the critical part of the zoning and then. You would have three more layers of zones, which could have multiple micro segments. But the idea then is that when you get  down to those levels of detail, you should be able to do it very quickly and get into a shield sub mode as shield sub was a moniker that was used by Seesaw in 2023, if I’m not wrong, to encourage people to stand up to ransomware.

Agnidipta Sarkar: And I’m saying that once you’ve put in microsegmentation using EDR, the elbow room for an unauthorized user to navigate through a valid account reduces considerably because you now, you cannot find an empty port, an open service, an unused management system, or exploiting a valid account. To do something that the account is not allowed to do.

Agnidipta Sarkar: All those become issues.

Sanjeev Mehrotra: Yeah. Yeah. I know what you’re saying is absolutely right. And as you were talking, I was visualizing it that it’s a layered approach kind of a thing. And if I were to imagine a  spear over there, the center of it is the minimum minimum business organization that needs to be protected, minimum

Agnidipta Sarkar: viable digital business.

Sanjeev Mehrotra: Minimum viable digital organization that we need to protect and work upon. We bring in controls. During microsegmentation. And by doing that, what we have done is we have brought in a complete layer of risk reduction. So by deploying these kind of tools in microsegmentation, we do a rapid risk reduction for the customer or the organization we are working in.

Sanjeev Mehrotra: And it brings in a high impact actions across all towers. To reduce exposure. It could be your workload, it could be identity, application, data, whatever we are talking of. It brings in a good amount of impact across all of that. And it also helps give me a visibility or customer, a visibility by bringing in a continuous monitoring what is happening.

Sanjeev Mehrotra: Feel in control. I know what is happening and I can confidently stand  tall and go and have better business decisions taking rather than worrying in terms of how my infrastructure or how my business would be protected. So those are actually the benefits that we drive out of the whole process. If I could translate what you were saying into a business world,

Agnidipta Sarkar: yeah, absolutely. And at the end of the day whoever is adopting a breach ready posture has to think in a very structured manner on what does it look like as the end goal, I get into these events and then many people say. You know how can you work? Visibility is what is very important.

Agnidipta Sarkar: I don’t deny visibility is important because without visibility you really can’t do anything. But you can’t stop at visibility. You can’t say that, okay, let’s implement and let’s see how different systems are talking to each other. Really, that’s a good thing to have. That’s a good thing to start. But what next?

Agnidipta Sarkar: Because your real value comes when you are able to stop. Disconnect to systems without,  without, and this is very important. This is coming from my years of experience as a ciso without having an operational impact that a business leader can fight back. Because the moment you disconnect to systems, there would be the entire business community who has to say, who keeps saying and I think you’ve seen this across all your customers.

Agnidipta Sarkar: The business teams will always complain. It doesn’t work for them. IT teams will always complain that business guys don’t understand what’s important and that fight, they don’t give

Sanjeev Mehrotra: us enough time

Agnidipta Sarkar: that, yeah, that fight will go on. I’m not saying that, but the fact is that the real value of being breach ready or the day that you realize that you have the power to disconnect to communicating segments without your business leader coming and saying, you know what?

Agnidipta Sarkar: This is not acceptable. On the other hand, your business leader goes. To the media and says we had an unprecedented cyber attack. However, we continue operating our services for our customers. We  have deployed si cybersecurity experts to to the zone where the attack has been contained, and they’re working on it to take out the attacker.

Agnidipta Sarkar: But business is as usual. If you have to say that, then you have to be in cohort with, in, in Kahoot with the business leaders. In saying that when I disconnect something, you are going to win. Not me.

Sanjeev Mehrotra: Not me. Absolutely. And the business also has to understand there is a part of it they’ll have to give of away.

Sanjeev Mehrotra: But they’ll have to ensure that the core of it is what they protect and continue within life. The paraphernalia around the whole thing can be quickly built. Let’s take a very simple example. Let’s take an example of an airport. The airport, we all give our bags. They go through that three scanning, four scanning mechanism where they are scanned for various unwarranted products that we may or may not carry in the whole process.

Sanjeev Mehrotra: Vis is the entire turbine system, which is powering the entire airport.  If for whatever reasons there is an attack that happens and an airport has got a microsegmentation, they can silently cut off the entire belt. That’s, transporting all the goods and or taking all the suitcases from us into the cabins.

Sanjeev Mehrotra: Done. There is a kiosk, there is a challenge manageable with little penalties, with little adjustments. The airports can get over it, the airlines can get over it. What if the entire turbine goes down? The entire airport gets ized in the whole process. So that’s a real life example of how a microsegmentation can really help.

Sanjeev Mehrotra: Even a industry outside of banking or a financial banking sector or outside of a fashion industry to really get benefited from it. And similar is the case with any of these manufacturing segments. For the shoemaker it would’ve been easy, if they had taken off some of the human data.

Sanjeev Mehrotra: They could have gone, you could paid for it. They  could have lived with the PII issue and, paid for it or made up for it over a period of time. But in this case, look at them. They have lost the entire, business secret sauce.

Agnidipta Sarkar: Somebody told me. Yeah, you’re absolutely right. I’m saying, somebody told me the other day.

Agnidipta Sarkar: So

Sanjeev Mehrotra: that’s the price that you actually pay for if you have not planned through and really look for it from a breach ready perspective.

Agnidipta Sarkar: That. That brings me to another topic, but before I go ahead. As I was saying, somebody told me the other day that people should stand up and realize that microsegmentation can be done for suppliers.

Agnidipta Sarkar: You could have one microsegment for supplier, one, you could have another one for supplier two, I believe, even in the ITES industry. Segmenting customer ODCs could be a good use case. And then there could be manufacturing companies, as you talked about, where different kind of suppliers are segmented in a different way.

Agnidipta Sarkar:  System integrators separately, man, maintenance equipment suppliers separately and so forth. So to your point that makes sense. But let me come to the last part of our discussion. And that is about AI because today everywhere I go there is ai, and it seems that the entire stock market is driven by what anthropic is doing.

Agnidipta Sarkar: They upset other stocks twice in a row, right? First they wiped out, what, $10 billion. And then yesterday day before yesterday was another wipe out. Because they came out with some other feature and people are reacting to it. And my view is that I believe the only technology that can withstand us an AI based cybersecurity cyber attack is probably microsegmentation.

Agnidipta Sarkar: Because if there is nothing to attack, what will you attack?

Sanjeev Mehrotra: Agni, that’s a very interesting aspect today life does not exist without  AI and existing along with AI is becoming a tougher call, and to beat ai. It’s not necessarily you bring in AI only. It is important you have to at places because you have to look at some of the fundamentals where you can avert it at the root of it.

Sanjeev Mehrotra: So you have to bring in that element. But really look at that element from a perspective where you have a secure ai. You cannot have an AI just brought in into the system. And, today. The challenge with the AI is that everybody’s coming out of it, and people don’t know how an MCP of one will communicate with the other.

Sanjeev Mehrotra: The challenge around MCP remains a bigger one, so security of AI does come into picture. However, having said that, you’re right. A microsegmentation, with AI based prevention or non-AI based can actually help. Shell off that piece of infection from the system and make sure that the business is running with whatever is left.

Sanjeev Mehrotra: It’s it’s a, it’s I have got a problem. There’s a gangrene in the part of the body. It’s  better to remove it rather than letting it spread through the whole part of the body. So you shave off that portion, rest of it is okay, you move on, understand, learn to live with it, work around, and that’s how life moves.

Sanjeev Mehrotra: So that’s how microsegmentation is.

Agnidipta Sarkar: Yeah. And that, that’s what I’m saying. When I look at cyber attacks today, every news I hear, and I also monitor the SEC disclosures that come up. Look at it this way, there seems to be there seems to be significant shift on, on how people are reporting cyber attacks.

Agnidipta Sarkar: And that’s very interesting because it seems to me that the discussion that we are doing right now, the fact that, when breaches happen just like it says OT is a different world, I would say breach. Post breach scenario is a very different world and not many people know much about it.

Agnidipta Sarkar: There’s a significant shift in how people are looking at  investing in cyber cybersecurity and they’re focusing more on cyber resilience. On the ability to continue doing business unaffected by cyber attacks as they happen because you really cannot be in a position today with that vent of, because AI is only speeding up at things.

Agnidipta Sarkar: So if somebody’s doing something bad, it’s gonna to happen faster. That’s,

Sanjeev Mehrotra: you’re right. Agni and post breach the entire landscape changes and it also leads to change of people at times. It’s a bigger scenario. So the way things move after breach is very different.

Sanjeev Mehrotra: And I think it’s a topic in itself. We should look at, if we can have a different coverage on that

Agnidipta Sarkar: next discussion, you and me.

Sanjeev Mehrotra: Next discussion will be whenever we get time, we should do that. And that should be a topic in itself. But rather than getting prepared after breach, I would say be breach ready.

Sanjeev Mehrotra: Yes. And look at intelligently investing in terms of what you’re doing. Look at microsegmentation, proper zonings look at identity,  look at securely choosing your AI components and and not really get into that scenario.

Agnidipta Sarkar: I would say that at this point in time, every digital initiative that you consider, make sure you have budget for microsegmentation, for that every digital initiative.

Agnidipta Sarkar: It, then you don’t need to have a big budget. You need to have a budget for that business and make sure that business is ready to face the next cyber attack. And this is not theoretical because, it really doesn’t matter what you are doing and and what you will be able to manage. If you go with a zero trust approach, which says, we assume that breaches will happen.

Agnidipta Sarkar: You’d be far more prepared because you’re gonna come from that aspect. What do I need to do to make sure that my minimum viable digital business will survive the next cyber attack?

Sanjeev Mehrotra: Absolutely.

Agnidipta Sarkar: Great talking.

Sanjeev Mehrotra: Yeah.

Agnidipta Sarkar: Sanjeev, great talking to you.

Sanjeev Mehrotra:  Likewise,

Agnidipta Sarkar: we spent a lot of time maybe more than what we had budgeted, but I, it was very nice discussion.

xshield-logo

Explore the Platform

forrester-badge

Download Report

Request Your Free Customized Demo

In this episode of Breach Ready Dialogues, Agnidipta Sarkar, Chief Evangelist at ColorTokens, speaks with Sanjeev Mehrotra, Senior VP and Global Head of Cybersecurity and Risk Management at Tech Mahindra, about what actually happens when breaches hit and why breach readiness is becoming urgent in 2026.

Drawing from real-world breach experience across industries, they discuss how organizations respond under pressure, why business continuity plans often fail in practice, and what separates teams that regain control from those that struggle for months.

The conversation focuses on how leaders should think about material impact and minimum viable digital business, and why microsegmentation is emerging as a foundational capability to contain attacks, reduce blast radius, and keep critical operations running.

They also cover zoning, supply chain exposure, OT environments, and how attackers are shifting tactics, including the rise of destructive attacks and AI-driven threats.

Agni and Sanjeev

Agnidipta Sarkar: Hello. Good morning, good afternoon, good evening, no matter where you’re joining the Breach Ready Dialogues. Welcome to the next session. Today I have with me senior VP and Global Cyber Security and Risk Management Head Sanjeev. And what we are going to delve about is as usual for the breached dialogues, but probably a little shift for people who have been listening to cybersecurity podcasts.

Agnidipta Sarkar: We are trying to create a shift from cybersecurity tooling to cybersecurity resilience, or other cyber resilience. And the whole idea is based on the acceptance that breaches will happen. And we need to figure out how we will emerge from the breaches or, and breach readiness is core to that  philosophy.

Agnidipta Sarkar: The new protagonist is going to be a breach ready leader, someone who has understood that the perimeter is a myth and who has understood that when breaches happen, the best way is to be ready for it. And just execute things calmly so that you’re in full control of the attack and not the attacker.

Agnidipta Sarkar: With that, let me pass over to Sanjeev. Why don’t you introduce yourself, Sanjiv.

Sanjeev Mehrotra: Hey, thanks Agni. Pleasure to be with you over this dialogue. My name is Sanjeev. I’m working as senior VPN, global Head for Cybersecurity and Risk Management at Tech Minecraft. As a part of this role I’m sharing seed with the CXOs and board members to provide them effective dialogue and an overall functioning of secure it and ensuring that the right kind of GRC.

Sanjeev Mehrotra: Practices that take place. Having said that while that continues to be a part of bread and  butter for what I do and live for I have been associated with couple of breaches at various levels, with the customers, helping them overcome them on a. On a day-to-day basis, helping them rebuild it and helping them secure the entire estate from a future perspective.

Sanjeev Mehrotra: So that is some of the interesting stuff that I have done for the customers and continue to do that.

Agnidipta Sarkar: Oh, thank you. So you bring in a very different perspective too. The usual breach readiness discussions we have, and I’m very happy to tell you that I have hosted different personas on this platform.

Agnidipta Sarkar: We’ve had a cybersecurity researcher, we’ve had analysts we’ve had. Forensic investigators. I hope to get someone from who understands the mental health of people involved in breaches. I hope to get some legal guys as well. And now I have you who’s got this experience with  breaches.

Agnidipta Sarkar: Let me go into the kind of experience that you might have had. And what I’ve realized in this journey is that no experience. Is inadequate because there are no books about how you handle breaches. There are tons and tons of books that talk about crisis management. Now, in a breach.

Agnidipta Sarkar: It’s not traditional crisis management because all your facilities are standing and yet your business is not happening. The chaos is digital. In fact I remember there used to be a tool that Netflix that they developed called as the Chaos Monkey. So what they would do is that in order to figure out whether the system is good enough, robust enough to test the resilience, they would randomly shut down a microservice in some part of the world.

Agnidipta Sarkar: And then they would make sure that, they’re able to sustain that disruption. But  that’s controlled chaos. I think where we are headed about breaches, what we want to tell the listeners of this podcast is that breaches will happen. There are ways to handle it. I’ll. I would want if you can spend some time on some of the breaches without naming them.

Agnidipta Sarkar: Probably. If you have, I understand some of them might be very confidential. Tell us some of the experiences that you’ve had.

Sanjeev Mehrotra: Yeah, interesting thing. And rightly put across Agni. There is no playbook, there is no cheat sheet, there is no coaching that is available. And I don’t think for years to come, there can be one such playbook that is available, how to deal with a breach or a challenge.

Sanjeev Mehrotra: I talk of two breaches, which are diametrically opposite from an industry perspective. One is in a financial segment where the hill broke loose. And the exact word, which is lysis. You could sense it across up to CEO and board members. People don’t know how the settlements are  happening.

Sanjeev Mehrotra: People don’t know, what are the next set of transactions trying to revert back to manual working, which is just not possible. Penalties mounting up regulators on top of the individuals and kios everywhere. You handle it with calmness. Look at what can be rebuilt, piece by piece module by module, bring up the businesses.

Sanjeev Mehrotra: Put in a crack team, which works practically 24 by seven in terms of rebuilding, working across customers, your environment, everything possible, including the partners in place. The other example I’ll take off is the fashion industry, which is typically, into manufacturing of fashion products.

Sanjeev Mehrotra: There, it’s the workers are off, people don’t know how to handle it. The union is onto that, because of other regulatory issues that come into picture. A similar kind of a scenario. While the bank had some kind of people who could really bring up the systems, the fashion industry didn’t have anybody technical enough to bring up those  systems.

Sanjeev Mehrotra: So you have to really, some of that part, you have to really work with them to re-engineer. The good thing that both the industry people did was not to yield to the requirements of the attacker. They didn’t pay a single penny. And that worked very well for everybody in the process. So those are two diametrically opposite things.

Sanjeev Mehrotra: What really worked well over a period of time is to develop a quick track plan in terms of what is it? Draw back quickly. Looking at the business line and making it working. When making it working. You also go back to the regulator and the other compliance functions to ensure that you brought it up, show it as a proof of putting to the market, and then one after the other that you bring it up.

Sanjeev Mehrotra: The cost doesn’t stop there. Acne, once you have brought the bare minimum business up the ask from the insurers go up. They look forward to the zero day attack pattern because that’s the requirement that any industry  has from the insurance industry has from the marketplace. And that’s where you really need to engage with real good people who can help you find that.

Sanjeev Mehrotra: And then comes the next step, which is where, everybody wants to look at the future and ensure that similar thing doesn’t happen. And the storyline continues. It doesn’t. And in a few days, weeks, it continues for over an year. If you look at the complete lifecycle and all of this can actually be averted to a great extent if there is a bit of planning and thinking that can happen ahead of time.

Sanjeev Mehrotra: And some of the elements I will say, which can minimize the loss, definitely identity everybody is talking of and bringing identity. But I would also say every organization has got an active sitting inside them. Most people agree to that. How can you minimize that impact and to minimize that impact?

Sanjeev Mehrotra: The concept of microsegmentation can really help. Minimize the attack, take off the  environment which is not working, and ensure that the rest of the business is brought up quickly. So that’s minimizing the loss, ensuring that the attacker can’t move from one area to another. And it is applicable to all industries.

Sanjeev Mehrotra: It’s not limited to banking, financial. It can be done for manufacturing. It. Can be done for healthcare, it can be done for any of your transport be it airlines or anything. You can deploy that concept across every part of the industry. So that’s an indus, that’s an industry-wide phenomenon that people should look at.

Sanjeev Mehrotra: So as to the minimize the impact in case they are really attacked.

Agnidipta Sarkar: True, in fact, there are a couple of things that I think that we should take back as learnings and as you said, there are no books about this. It, we have to rely a lot on what’s happening across the world and how are people handling these situations.

Agnidipta Sarkar: I am noticing a trend and. I would say it’s a disturbing trend that comes to my mind,  and that is okay. It’s both encouraging and discourage and dis, disturbing. It’s encouraging because people are paying less and less ransom. So that’s the encouraging part, so we are discouraging ransomware, attackers, disturbing parties.

Agnidipta Sarkar: The ransomware attackers are now therefore pivoting. They’re saying, in any case, I’m not gonna get money. So what they’re doing is something like, what NotPetya was it? It was a malicious tool disguised as ransomware. So you would feel that, a system got locked up and you’ve got a ransom notice, and now you, if in some way you’re preparing to recover those systems from the ransomware, that’s not gonna happen.

Agnidipta Sarkar: The ransomware attacker has no intention of. Unlocking the system for you. Because they know if they go ahead with the ransomware discussions, there are other risks that happen. There are there, laws and, authorities will come in, they  might get caught. And there are empty instances of nowadays ransomware attackers being caught and put behind bars.

Agnidipta Sarkar: At the same time, some, sometimes the negotiations go very bad. They don’t get all the money that they wanted. They thought that they will get, so they are going in a different direction. They’re taking the money from somewhere else, and they’re going to cause inexplicable harm by shutting down systems.

Agnidipta Sarkar: And they’re timing it with the growth or the innovation that an organization does.

Sanjeev Mehrotra: Absolutely Agni. A live example of that is the famous shoemaker disruption that has happened recently. Yes. They didn’t take away any of that HR data per se, or a personal data of the organization.

Sanjeev Mehrotra: Correct. The segment of the entire business, part of the discussion where they had the entire supply chain data, they had access or they. Put across a good amount of data, little close to about 1.5 terabyte of data, which had all the  business logic, which had all the, financial numbers in terms of how the business for that particular shoemaker is something.

Sanjeev Mehrotra: And the objective was, they make money by selling that. So it’s like my secret sauce. The secret sauce of that company is what they want to. Publish and sell it across in the market so that competitors or other startups can can actually make money out of it by buying it and start their business or do whatever.

Sanjeev Mehrotra: It’s so that’s exactly the modus. So operandi and people are changing and businesses are getting to a bigger and bigger risk.

Agnidipta Sarkar: You’re, what you’re alluding to is very important to consider from the perspective of A CEO. For example, let’s say there is a cyber attack and you lose some data.

Agnidipta Sarkar: The CEO perspective is we need to protect stakeholder interests and we need to comply to applicable laws like GDPR or CCPA, and we need to make sure that data is not lost and we need to take care of all these things. The board will come and say,  what is our risk appetite? Why don’t we put, why don’t we park about $10 million in the case of a penalty that we have to give, and then go ahead and do the business that we are supposed to do.

Agnidipta Sarkar: This attack changes all that, because now your risk perspective is if you had to do some kind of a risk acceptance or a risk tolerance mechanism or some mechanism to say that if this happens, we are going to spend this money and then continue doing business. The whole thing is changed because now you need to redraft your entire supply chain.

Agnidipta Sarkar: Absolutely you need to change the way that you’ve been doing business because your co business logic and your way of doing business is now publicly available, which means your competitors can pick up the same mod opera operandi and win against you in the markets that you were winning earlier. So this is a completely different paradigm now, and unlike losing  personal data, in my view, this is far more complex when it comes to handling this whole thing.

Agnidipta Sarkar: You talked about microsegmentation and I’ll just come back in a minute. I think there are two things that boards need to think about. The first thing is what is the maximum, material impact that we will tolerate in dollars, whatever be that number. The second is, if a breach does happen, what would be that minimum viable company that we will operate, or minimum viable digital business that we will operate?

Agnidipta Sarkar: And we plan for that. And that’s where microsegmentation plays a role because you can then define through the microsegmentation that these are my critical systems. These need to be alive. This is my minimum viable digital business, and hence my material impact is going to be at certain amount. But that’s not key.

Agnidipta Sarkar: The key thing is you need to keep changing it every year, every iteration, I was reading a blog a few minutes ago before we  got on this call, and somebody said. ISO 27,001 has been around for a very long time, and they do revisions every six years. Sure, attackers are going to wait for them to come out with the next revision before they come out with a new technique.

Agnidipta Sarkar: But the point is not that one of the key things that 27,001 actually teaches you is continuous improvement, and I think that’s one way to do it. But I would like to hear from you what you think is. It is absolutely critical for we, and we talked about microsegmentation for organizations to become breach ready.

Agnidipta Sarkar: Where should they start? Is micro, in your view, is microsegmentation a foundational capability and then they can build everything onto it. For example, they can integrate EDR into it. They can integrate the firewall for enforcement. They can integrate NAC to it. They can integrate SSIM to it. How do you see that evolving?

Sanjeev Mehrotra: Agni I’ll step back. Where you said, where the CFO has skipped, say, 10 million to pay for penalties  and stuff like that, they can also go back and add to some amount of insurance in the whole process.

Agnidipta Sarkar: Yes.

Sanjeev Mehrotra: None of those amounts is going to suffice if the secret sauce or the business logic of the organization gets stolen and is available.

Sanjeev Mehrotra: Correct because the 10 million, 20 million, whatever you put aside, is not even a fraction. It’s a rounding of error given the size of business that those individuals are running. So no matter what you put aside doesn’t make any sense to your point, second point or the last point that you referred.

Sanjeev Mehrotra: Microsegmentation to me, fundamental thing, it’s a fundamental building block. People should reconsider the way they are looking at their networks. Microsegmentation should be considered for as a first thing in the system because you have to also look at, as I said earlier it’s not about whether you’ll get attacked or not, it’s about how ready you are when you are attacked, when the attack

Agnidipta Sarkar: happens,

Sanjeev Mehrotra: when the attack happens, and how much minimization of.

Sanjeev Mehrotra:  Impact can you really work on so it’s like it’s no more the approach that you protect the crown jewels and then you get to the network side of it. You plan it, network up right up to the crown jewels where the minimum viable organization or the business part of the world continues to work. And.

Sanjeev Mehrotra: Upon. So microsegmentation does help in a big way. It can be integrated with anything, everything, and can be brought in as a part of the core working of any security and network infrastructure or for that reason, the whole of it infrastructure and the entire application paradigm. That forms the basic and fundamental thing as we move ahead.

Sanjeev Mehrotra: However, there are other things associated with the microsegmentation. You have to be also classifying your data in terms of how you look. Look at it. You have also to look at which zones, which sectors which are part of your applications. You look at how do you micro segment, so there is a larger play to the entire IT system that you have to think through.

Sanjeev Mehrotra: But yes, these kind of fundamental shifts will  definitely redefine the way organization, minimize the impact in case of an adverse scenario.

Agnidipta Sarkar: Yeah, I think that’s the key takeaway. How do you minimize the impact and continue doing business? And you talked about zones, in, in, in my way of looking at things.

Agnidipta Sarkar: If you’re looking at microsegmentation, then zoning must be thought very deeply. It needs to be your primary design criteria. In fact I remember I, I spoke at a forum once I think it was Forrester, in, in Sydney last year. And in that forum, somebody asked me, that I talked about the fact that everybody has a network security diagram, which shows computers with IP addresses on a network, and you have a picture of a server.

Agnidipta Sarkar: You have a picture of all that, and I asked them, that’s a network diagram. Have you ever seen a security diagram? And people were. Like

Sanjeev Mehrotra: exactly.

Agnidipta Sarkar: Yeah. How does a security diagram look like? And I said,

Sanjeev Mehrotra: you  actually hit the nail on the head and sorry to cut you here, Agni. What typically happens in most organizations is whenever they’re looking at these kind of microsegmentation or some task like this, it is always, first, the network team knows most of it.

Sanjeev Mehrotra: They knows the graphic flow, they know the IP addresses, so let’s go ahead with them as. Front end for that. My take is, are you doing microsegmentation because you want to have a microsegment? The answer is no. You’re spending on microsegmentation because you want to minimize the impact in case of a bad,

Agnidipta Sarkar: you want to become breach ready, become

Sanjeev Mehrotra: you want to become breach ready?

Sanjeev Mehrotra: Yeah, please add and if you have to be breach ready, it is the security people who should be at the forefront looking at how the entire schema can be drawn up. Tying all the six, seven pieces of security together and bringing it into a central part and then start about it. Giving a simple piece of way and saying that, look, I can do microsegmentation, I can do it on a route or in a switch, or I can deploy it as a  software.

Sanjeev Mehrotra: Is one piece of it, but thought through and done properly does make a lot of sense and helps. Preserve their core.

Agnidipta Sarkar: Yes. I think the industry has moved away from design concepts and I think we no longer consider security patterns as input to design, and I think that’s very important because if you are able to say that, in, in my mind initially at a very high level, I would say that there are four zones, which every company must be having.

Agnidipta Sarkar: Zone one, let’s say the most critical zone where you have your. Critical systems, which is your minimum viable company? No I’m not even talking crown jewels because some people say the CEO’s laptop is not crown jewels. Or CEO’s laptop is crown jewels. Some people say that the network file server there are backups, so it’s not really a crown jewel.

Agnidipta Sarkar: I wouldn’t talk about crown jewels in that sense, I’m saying. Craft out. Begin with the crown jewels. By all means, begin with an asset list that you have, but  craft out what is the minimum organization that you want to operate. Then there is a breach. What is the minimum that you want to operate? And if you say that minimum is, let’s say 60% of your enterprise.

Agnidipta Sarkar: The next year when you come back and reevaluate, or next, I wouldn’t say even year, next iteration, after you’ve completed the microsegmentation, gone through a one round of exercising and making sure that you’re able to do it, increase that number from 60 to 65% or 80 to 85%, whatever, be that number the reason is when you think of it like this, then.

Agnidipta Sarkar: If you go and talk to most cyber leaders today, they would say, I have a business continuity plan. So in the event of a breach, I’ll invoke my business continuity plan and I’ll come back to whatever is my lights on approach. And my point is, typically a business continuity plan would be 15 to 30% of your enterprise.

Agnidipta Sarkar: But if you’re doing microsegmentation and you’re not thinking that  microsegmentation can actually help you limit your blast radius, and therefore you can now think of an unaffected business segment, which is about 80% of your organization, and then invoke the business continuity plan for the part that got affected the 20%.

Sanjeev Mehrotra: You talked of a very interesting topic here, business continuity plan and experiences. Most companies have it, but in reality, even a 15% looks like a tall order. It’s on paper. Many times it is not tested. It has not been thought through. It’s an afterthought that comes into picture.

Sanjeev Mehrotra: That this is what we need to do because there is some compliance or a regulatory requirement that comes into picture. And I also know of some companies who are really doing it very nicely. They work with it with the regulators and ensure what they have said is what they’re complying with. And once a year, they will do that as a religious exercise too.

Sanjeev Mehrotra: But,  very few, it’ll not even a single percentage, I’ll say that, who have been proven that way, end to end, that they are complying to that kind of a requirement. So going back to that point, BCP invoked, what is it that you will invoke in A BCP? Because there is nothing that is stripe, that is nothing that is tested.

Sanjeev Mehrotra: So a reality check in that case is, again, an answer to that is microsegmentation. It helps you, if you were to plan for a 15, 30% or 25% of a BCP plan, investing that much ahead of time into the right technology helps you build the BCP plan automatically. You need not plan for it.

Sanjeev Mehrotra: You just put in the right technology ahead of time, do the right kind of microsegmentation, right kind of zonings and move on from there. You be, and you would achieve about 80%. You have achieved 80% the plan. You have done the BCP planning. It’s just then documenting it. That becomes your BCP document.

Agnidipta Sarkar: Yes. And it goes the other way around. It’s it’s,

Agnidipta Sarkar: you actually remind me of  OT incidents. So I was talking to, I was talking to somebody who has been training ISO six iss, a 6 2 4, 4 3, and his view was that, in ot is very different from it. And there are control system networks and when there is a breach or or a cyber attack, you are not thinking of confidentiality.

Agnidipta Sarkar: You’re not thinking of you’re thinking of availability, you’re thinking of reliability, you’re thinking of, safety. These are the thoughts in your mind. So that’s how you react to a cyber attack in ot. So to come back to connect it to what you were saying about business continuity, is that in the world where business, where cyber attacks have a physical result.

Agnidipta Sarkar: Somebody if you remember those water supply systems were shut down sometime ago last year, by a cyber attack. So these are cyber physical systems. And if that can happen which I think there was one water form somewhere in Europe, sorry, I’m wrong. The Roman, the Romanian  power system.

Agnidipta Sarkar: The power utility was, had a cyber attack this year.

Sanjeev Mehrotra: Got it. So if you look at with all the geopolitical issues on an increase today, the war is not looked at by humans. It’s a cyber war that runs and imagine, there are pipelines moving from one short, one another. If somebody alters the pressure into the pipeline, it’s not that the gas or whatever liquid is being pumped in the pipeline will get delivered or not.

Sanjeev Mehrotra: It can threaten the human lives. It can cause kiosk, it can mean a lot than people can think of. Imagine there is a complete control taken over by anybody on your electricity supply. Everything will come halting down. How many days, how many months can a person really work on a diesel generator?

Sanjeev Mehrotra: And there are places where people have not even tested working off a DG as a fallback for days, weeks, and months together. So it is very important that that we also look at from an OT segment how things  work and really plan for it in a real life scenario. While OT and IT are very different, the thought processes of people managing OT infrastructure and IT infrastructure are quite different.

Sanjeev Mehrotra: But the importance of OT infrastructure in today’s world is. It should be taken more, should be taking more importance over the traditional IT infrastructure because geopolitical situations will happen and the cyber war will take over the human war. And that’s where the real compliance really building up a good OT systems, bringing in the right kind of microsegmentation.

Sanjeev Mehrotra: And as you said, we breach ready around those things is the real test of war that the world should look at today.

Agnidipta Sarkar: Absolutely right. And the good news is and I’m just going back to what you can do if there was a breach, and how do you prepare to become breach ready? The good news is that today, micro-segmentation technology can be adopted in days.

Agnidipta Sarkar: Not months and years in days, because earlier it used to take a long time, people would deploy their agents and they would start watching what’s happening, and then based on that, they would customize the microsegmentation agent and put rules and policies in there to stop a future attack or to create network communications and so on and so forth.

Agnidipta Sarkar: Today it’s very fast. We just, you can connect it with your EDR. You can, it doesn’t matter whether you have CrowdStrike defender or whatever, you can just connect it to there, do an API to API connection. You don’t even need an agent now. It’s truly agentless,

Sanjeev Mehrotra: right?

Agnidipta Sarkar: And you should be able to use that and integrate your microsegmentation, your concepts of the zoning part, right?

Agnidipta Sarkar: Remember I talked about the critical part of the zoning and then. You would have three more layers of zones, which could have multiple micro segments. But the idea then is that when you get  down to those levels of detail, you should be able to do it very quickly and get into a shield sub mode as shield sub was a moniker that was used by Seesaw in 2023, if I’m not wrong, to encourage people to stand up to ransomware.

Agnidipta Sarkar: And I’m saying that once you’ve put in microsegmentation using EDR, the elbow room for an unauthorized user to navigate through a valid account reduces considerably because you now, you cannot find an empty port, an open service, an unused management system, or exploiting a valid account. To do something that the account is not allowed to do.

Agnidipta Sarkar: All those become issues.

Sanjeev Mehrotra: Yeah. Yeah. I know what you’re saying is absolutely right. And as you were talking, I was visualizing it that it’s a layered approach kind of a thing. And if I were to imagine a  spear over there, the center of it is the minimum minimum business organization that needs to be protected, minimum

Agnidipta Sarkar: viable digital business.

Sanjeev Mehrotra: Minimum viable digital organization that we need to protect and work upon. We bring in controls. During microsegmentation. And by doing that, what we have done is we have brought in a complete layer of risk reduction. So by deploying these kind of tools in microsegmentation, we do a rapid risk reduction for the customer or the organization we are working in.

Sanjeev Mehrotra: And it brings in a high impact actions across all towers. To reduce exposure. It could be your workload, it could be identity, application, data, whatever we are talking of. It brings in a good amount of impact across all of that. And it also helps give me a visibility or customer, a visibility by bringing in a continuous monitoring what is happening.

Sanjeev Mehrotra: Feel in control. I know what is happening and I can confidently stand  tall and go and have better business decisions taking rather than worrying in terms of how my infrastructure or how my business would be protected. So those are actually the benefits that we drive out of the whole process. If I could translate what you were saying into a business world,

Agnidipta Sarkar: yeah, absolutely. And at the end of the day whoever is adopting a breach ready posture has to think in a very structured manner on what does it look like as the end goal, I get into these events and then many people say. You know how can you work? Visibility is what is very important.

Agnidipta Sarkar: I don’t deny visibility is important because without visibility you really can’t do anything. But you can’t stop at visibility. You can’t say that, okay, let’s implement and let’s see how different systems are talking to each other. Really, that’s a good thing to have. That’s a good thing to start. But what next?

Agnidipta Sarkar: Because your real value comes when you are able to stop. Disconnect to systems without,  without, and this is very important. This is coming from my years of experience as a ciso without having an operational impact that a business leader can fight back. Because the moment you disconnect to systems, there would be the entire business community who has to say, who keeps saying and I think you’ve seen this across all your customers.

Agnidipta Sarkar: The business teams will always complain. It doesn’t work for them. IT teams will always complain that business guys don’t understand what’s important and that fight, they don’t give

Sanjeev Mehrotra: us enough time

Agnidipta Sarkar: that, yeah, that fight will go on. I’m not saying that, but the fact is that the real value of being breach ready or the day that you realize that you have the power to disconnect to communicating segments without your business leader coming and saying, you know what?

Agnidipta Sarkar: This is not acceptable. On the other hand, your business leader goes. To the media and says we had an unprecedented cyber attack. However, we continue operating our services for our customers. We  have deployed si cybersecurity experts to to the zone where the attack has been contained, and they’re working on it to take out the attacker.

Agnidipta Sarkar: But business is as usual. If you have to say that, then you have to be in cohort with, in, in Kahoot with the business leaders. In saying that when I disconnect something, you are going to win. Not me.

Sanjeev Mehrotra: Not me. Absolutely. And the business also has to understand there is a part of it they’ll have to give of away.

Sanjeev Mehrotra: But they’ll have to ensure that the core of it is what they protect and continue within life. The paraphernalia around the whole thing can be quickly built. Let’s take a very simple example. Let’s take an example of an airport. The airport, we all give our bags. They go through that three scanning, four scanning mechanism where they are scanned for various unwarranted products that we may or may not carry in the whole process.

Sanjeev Mehrotra: Vis is the entire turbine system, which is powering the entire airport.  If for whatever reasons there is an attack that happens and an airport has got a microsegmentation, they can silently cut off the entire belt. That’s, transporting all the goods and or taking all the suitcases from us into the cabins.

Sanjeev Mehrotra: Done. There is a kiosk, there is a challenge manageable with little penalties, with little adjustments. The airports can get over it, the airlines can get over it. What if the entire turbine goes down? The entire airport gets ized in the whole process. So that’s a real life example of how a microsegmentation can really help.

Sanjeev Mehrotra: Even a industry outside of banking or a financial banking sector or outside of a fashion industry to really get benefited from it. And similar is the case with any of these manufacturing segments. For the shoemaker it would’ve been easy, if they had taken off some of the human data.

Sanjeev Mehrotra: They could have gone, you could paid for it. They  could have lived with the PII issue and, paid for it or made up for it over a period of time. But in this case, look at them. They have lost the entire, business secret sauce.

Agnidipta Sarkar: Somebody told me. Yeah, you’re absolutely right. I’m saying, somebody told me the other day.

Agnidipta Sarkar: So

Sanjeev Mehrotra: that’s the price that you actually pay for if you have not planned through and really look for it from a breach ready perspective.

Agnidipta Sarkar: That. That brings me to another topic, but before I go ahead. As I was saying, somebody told me the other day that people should stand up and realize that microsegmentation can be done for suppliers.

Agnidipta Sarkar: You could have one microsegment for supplier, one, you could have another one for supplier two, I believe, even in the ITES industry. Segmenting customer ODCs could be a good use case. And then there could be manufacturing companies, as you talked about, where different kind of suppliers are segmented in a different way.

Agnidipta Sarkar:  System integrators separately, man, maintenance equipment suppliers separately and so forth. So to your point that makes sense. But let me come to the last part of our discussion. And that is about AI because today everywhere I go there is ai, and it seems that the entire stock market is driven by what anthropic is doing.

Agnidipta Sarkar: They upset other stocks twice in a row, right? First they wiped out, what, $10 billion. And then yesterday day before yesterday was another wipe out. Because they came out with some other feature and people are reacting to it. And my view is that I believe the only technology that can withstand us an AI based cybersecurity cyber attack is probably microsegmentation.

Agnidipta Sarkar: Because if there is nothing to attack, what will you attack?

Sanjeev Mehrotra: Agni, that’s a very interesting aspect today life does not exist without  AI and existing along with AI is becoming a tougher call, and to beat ai. It’s not necessarily you bring in AI only. It is important you have to at places because you have to look at some of the fundamentals where you can avert it at the root of it.

Sanjeev Mehrotra: So you have to bring in that element. But really look at that element from a perspective where you have a secure ai. You cannot have an AI just brought in into the system. And, today. The challenge with the AI is that everybody’s coming out of it, and people don’t know how an MCP of one will communicate with the other.

Sanjeev Mehrotra: The challenge around MCP remains a bigger one, so security of AI does come into picture. However, having said that, you’re right. A microsegmentation, with AI based prevention or non-AI based can actually help. Shell off that piece of infection from the system and make sure that the business is running with whatever is left.

Sanjeev Mehrotra: It’s it’s a, it’s I have got a problem. There’s a gangrene in the part of the body. It’s  better to remove it rather than letting it spread through the whole part of the body. So you shave off that portion, rest of it is okay, you move on, understand, learn to live with it, work around, and that’s how life moves.

Sanjeev Mehrotra: So that’s how microsegmentation is.

Agnidipta Sarkar: Yeah. And that, that’s what I’m saying. When I look at cyber attacks today, every news I hear, and I also monitor the SEC disclosures that come up. Look at it this way, there seems to be there seems to be significant shift on, on how people are reporting cyber attacks.

Agnidipta Sarkar: And that’s very interesting because it seems to me that the discussion that we are doing right now, the fact that, when breaches happen just like it says OT is a different world, I would say breach. Post breach scenario is a very different world and not many people know much about it.

Agnidipta Sarkar: There’s a significant shift in how people are looking at  investing in cyber cybersecurity and they’re focusing more on cyber resilience. On the ability to continue doing business unaffected by cyber attacks as they happen because you really cannot be in a position today with that vent of, because AI is only speeding up at things.

Agnidipta Sarkar: So if somebody’s doing something bad, it’s gonna to happen faster. That’s,

Sanjeev Mehrotra: you’re right. Agni and post breach the entire landscape changes and it also leads to change of people at times. It’s a bigger scenario. So the way things move after breach is very different.

Sanjeev Mehrotra: And I think it’s a topic in itself. We should look at, if we can have a different coverage on that

Agnidipta Sarkar: next discussion, you and me.

Sanjeev Mehrotra: Next discussion will be whenever we get time, we should do that. And that should be a topic in itself. But rather than getting prepared after breach, I would say be breach ready.

Sanjeev Mehrotra: Yes. And look at intelligently investing in terms of what you’re doing. Look at microsegmentation, proper zonings look at identity,  look at securely choosing your AI components and and not really get into that scenario.

Agnidipta Sarkar: I would say that at this point in time, every digital initiative that you consider, make sure you have budget for microsegmentation, for that every digital initiative.

Agnidipta Sarkar: It, then you don’t need to have a big budget. You need to have a budget for that business and make sure that business is ready to face the next cyber attack. And this is not theoretical because, it really doesn’t matter what you are doing and and what you will be able to manage. If you go with a zero trust approach, which says, we assume that breaches will happen.

Agnidipta Sarkar: You’d be far more prepared because you’re gonna come from that aspect. What do I need to do to make sure that my minimum viable digital business will survive the next cyber attack?

Sanjeev Mehrotra: Absolutely.

Agnidipta Sarkar: Great talking.

Sanjeev Mehrotra: Yeah.

Agnidipta Sarkar: Sanjeev, great talking to you.

Sanjeev Mehrotra:  Likewise,

Agnidipta Sarkar: we spent a lot of time maybe more than what we had budgeted, but I, it was very nice discussion.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.