AI-Driven Threats, Fragile Resilience, and the Boardroom Mandate

12
Feb

As part of its thought leadership series, the CyberSec India Expo team speaks with Nantha Ram Ramalingam, a seasoned cybersecurity leader with over 17 years of experience shaping enterprise security strategies across global organizations.

Nantha Ram Ramalingam is a Global Cybersecurity Leader currently serving as Director & Head of Cybersecurity for the India Global Capability Center of a U.S.-headquartered Fortune 100 retail enterprise. He leads enterprise initiatives across Zero Trust, Cloud Security, AI-driven automation, and OT security transformation.

Excerpts:

Q. How are AI, deepfakes, and automation transforming the enterprise threat landscape, and what new risks do they introduce for organizations?

The enterprise threat landscape has shifted from being primarily tool-driven to intelligence-driven. Artificial intelligence (AI) and automation are now deeply embedded in adversarial operations, significantly lowering the cost, skill barrier, and time required to execute sophisticated attacks.

AI is enabling attackers to:

  • Generate highly personalized phishing emails at scale using scraped public data
  • Automate reconnaissance and vulnerability discovery
  • Develop polymorphic malware that adapts to evade detection
  • Conduct password spraying and credential-stuffing with enhanced precision
  • Create deepfake voice and video impersonations of executives

Deepfakes have elevated social engineering risk. Voice cloning and AI-generated video can convincingly simulate senior leadership, enabling fraudulent fund transfers, sensitive data disclosures, or reputational manipulation. Traditional awareness training alone is no longer sufficient to counter such realism.

Automation also changes the attack velocity. What once took weeks of manual effort can now be executed in hours. Attack campaigns are becoming more iterative, adaptive, and persistent.

Simultaneously, enterprises are rapidly integrating AI into business operations. This introduces internal risks, including ungoverned data exposure, model manipulation, prompt injection vulnerabilities, and shadow AI use.

The reshaping of the threat landscape is therefore twofold: AI as an adversarial multiplier and an enterprise risk surface.

Organizations must respond with identity-centric controls, behavioural detection, AI governance frameworks, and continuous validation of defensive capabilities.

Q. Do you think that there is a gap between documented cybersecurity strategies and real-world resilience, and how can organizations bridge this divide effectively?

Many enterprises today possess mature cybersecurity strategies, comprehensive frameworks, and advanced security tooling. However, real-world resilience is often weaker than strategic documentation suggests.

The gap typically manifests in execution.

Common disconnects include:

  • Over-reliance on technology without equal investment in skilled personnel
  • Security metrics focused on compliance rather than response effectiveness
  • Limited executive participation in incident simulations
  • Recovery processes that are documented but rarely stress-tested
  • Siloed ownership between IT, security, and business functions

Resilience is not about preventing every breach. It is about reducing dwell time, containing impact, and restoring operations quickly. Organizations often measure control implementation but fail to measure operational recovery capability.

True resilience requires:

  • Continuous threat hunting and behavioural analytics
  • Regular red-team and purple-team exercises
  • Executive-level tabletop simulations
  • Verified backup integrity and restoration testing
  • Clear decision-making protocols during a crisis

The difference between strategy and resilience becomes evident during disruption. Enterprises that operationalize resilience through drills and measurable metrics recover faster and protect stakeholder trust more effectively.

Resilience must move from policy to practiced capability.

Q. What single cybersecurity priority should CISOs elevate to the board this year, and why is it critical for business risk and resilience?

If CISOs were to elevate one priority to the board this year, it should be enterprise-wide cyber resilience anchored in identity security and AI governance.

Identity remains the dominant attack vector across ransomware, data breaches, and business email compromise. With AI amplifying identity-based threats through deepfakes and automated credential harvesting, identity security is no longer an IT concern — it is a business risk imperative.

Boards should focus on:

  • Privileged access governance
  • Multi-factor and adaptive authentication maturity
  • AI adoption risk oversight
  • Incident response readiness
  • Measurable resilience indicators such as MTTD, MTTR, and recovery time objectives

Cybersecurity discussions must evolve from technical control inventories to business impact and operational continuity. Directors need clarity on how quickly the organization can detect, respond, and recover from a major incident — not just whether controls exist.

In today’s environment, cybersecurity is inseparable from enterprise risk management. The board-level mandate should be clear:

Strengthen identity. Govern AI responsibly. Measure resilience continuously.

Because while breaches may be inevitable, sustained business disruption is not.