Dealing with modern-day cyber threats calls for agile, proactive, and context-aware security strategies that combine machine precision with human intuition
Words by Karan Karayi
While tech has become a central facet of our personal and professional lives, the flipside of its omnipresence is that it has opened us up to threats on multiple fronts. No matter the size of company or industry, or the degree of exposure, the risk is now a given, and everyone (and indeed everything) is fair game.
How then does one navigate this tumultous landscape? Pankit Desai, Cofounder and CEO, Sequretek, offers a playbook to stay one step ahead of threats known and unknown.
As geopolitical risks grow, cyber threats have become more sophisticated. How should businesses rethink their cybersecurity posture in this volatile global environment?
Geopolitical risk today is no longer a distant concern—it is immediate, widespread, and increasingly impactful. There is virtually no region untouched by friction, including our own, as recent events in our neighborhood have clearly demonstrated. One of the most significant and inevitable outcomes of modern conflict is cyber warfare which now extends beyond state infrastructure to target every facet of digital life. No sector is immune. Every company, every industry, regardless of type or size, is fair game.
Whether it’s ransomware, supply chain disruptions, or identity-based attacks, these threats are now integral to how we must approach cybersecurity. In this ongoing era of geopolitical volatility, one critical concept gaining prominence is Continuous Threat Exposure Management (CTEM), a program popularized by Gartner around a year and a half ago. CTEM enables organizations to assess their threat landscape continuously—covering external and internal surfaces, identities, and networks—on a 24/7 basis at an asset-level.
This constant visibility is essential for detecting and addressing both internal and external threats. Alongside this, the evolving concept of Zero Trust must now account for device integrity, user behavior, and operational context to effectively manage identity risks. To stay ahead of increasingly sophisticated threats, Organizations must now adopt a more proactive approach to threat hunting and defense. This includes leveraging advanced cyber deception techniques and deploying decoy infrastructures to better understand the tactics, techniques, and procedures (TTPs) used by attackers.
By simulating how adversaries might attempt to infiltrate your environment, security teams can gain valuable insights into potential attack paths and vulnerabilities. These capabilities are becoming essential—not only for strengthening defenses but also for anticipating how both customers and adversaries perceive and interact with your digital landscape.
With critical infrastructure and mid-size enterprises increasingly becoming cyber targets, how does Sequretek ensure both scale and affordability in its security offerings?
Critical infrastructure has long been one of the most effective and frequent targets for cyberattackers—precisely because the impact is widespread and deeply disruptive. Whether it’s the banking ecosystem, transportation networks, telecom, or utilities, these sectors remain high-risk, especially in periods of heightened geopolitical unrest.
In response to these evolving threats, we’ve introduced an integrated, enterprise-wide detection and response platform anchored in Continuous Threat Exposure Management (CTEM). We believe this approach represents a fundamental shift in how security is viewed and implemented in the market today.
Historically, organizations relied on a fragmented collection of tools—such as EDR/XDR for endpoint threats, SIEMs or SOCs for log analysis, and separate systems for vulnerability and patch management. CTEM, by contrast, brings all of these capabilities under a unified lens. It enables organizations to visualize pre-exploit exposure pathways across their entire attack surface, assess how a breach might occur, and validate risks proactively.
For instance, while traditional vulnerability tools focus on CVE scores, CTEM identifies which vulnerabilities are actively exploitable, maps them to potential attack paths, and prioritizes remediation based on business impact. Similarly, while identity management tools govern access and privileges, CTEM can correlate identity exposures—such as credentials found on the dark web—with risk levels across the external attack surface.
This integrated view of exposure, context, and response gives organizations a clearer understanding of where they are most vulnerable—and how they can act decisively to reduce cyber risk.
How do you see AI and ML transforming the next wave of cybersecurity, and how can companies balance automation with human oversight in threat detection?
A fundamental challenge with traditional cybersecurity technologies has been their rule-based architecture, which relied heavily on human intervention—not just to configure and maintain rules, but to ensure consistent implementation across every point of defense in the organization. This dependence made threat detection and response labor-intensive and prone to gaps. If a specific use case wasn’t fully understood or a threat variant went unrecognized, organizations often learned through a costly breach—sometimes becoming the guinea pig for others to adapt their defenses.
Artificial Intelligence (AI) and Machine Learning (ML) have transformed this dynamic. One of their most significant contributions is reducing dependency on human input by training algorithms to detect and adapt to new threat variants autonomously. This ability to recognize patterns and respond to evolving attack techniques in real time is a game changer.
Another critical benefit lies in tackling alert fatigue, a persistent problem in security operations. By filtering vast volumes of alerts and highlighting only the most relevant anomalies, AI helps analysts focus on real risks rather than being overwhelmed by noise. AI and ML technologies now help filter and contextualize this data, distinguishing between known good, known bad, and ambiguous activity. As a result, only the most relevant, high-risk anomalies are escalated for human review.
At the same time, we strongly believe in maintaining a “human-in-the-loop” approach. While AI can greatly enhance security capabilities, it cannot fully replace human judgment. AI is a powerful enabler—but humans remain essential to interpreting nuance, making informed decisions, and adapting strategies as threats evolve. It’s also important to recognize that attackers are leveraging AI with equal, if not greater, enthusiasm- creating hyper-personalized phishing campaigns, polymorphic malware, and executing attacks at scale—often in ways that bypass traditional security defenses. These AI-powered threats are more deceptive, more targeted, and more difficult to detect than ever before.
As defenders, we must match and outpace this innovation. That means not only deploying AI-enabled tools, but also building agile, proactive, and context-aware security strategies that combine machine precision with human intuition.
As a trusted partner to BFSI, pharma, and manufacturing firms, what sector-specific trends are you seeing in cyber risk—and how must strategy evolve in response?
The BFSI sector operates under intense regulatory overhang. Larger institutions may have the resources and lead time to build mature security frameworks, but small and mid-sized players face the same regulatory scrutiny—often with fewer resources. This makes it essential to offer tailored security strategies that align with evolving compliance mandates while driving actionable outcomes.
Another critical concern for this sector is the exponential rise in third-party integrations, fueled by the Fintech revolution. The rapid adoption of external platforms has transformed customer experience—but it has also expanded the attack surface. As a result, third-party risk management has become a non-negotiable priority. A breach at any point in the supply chain can cascade quickly, potentially compromising the entire organization. Identifying, assessing, and mitigating these risks proactively is now central to cybersecurity planning.
Finally, at its core, BFSI remains a B2C industry—placing identity security at the forefront. With increasing credential theft, phishing attacks, and fraud attempts, safeguarding customer identities has become critical. Institutions must remain hyper-vigilant about identity-based threats and ensure robust, real-time threat detection and prevention mechanisms are in place.
