"To me, cyber resilience means being able to keep the business running smoothly if there’s a cyberattack and ready for all eventualities with granular level action plans."
You’ve worked across retail, telecom, pharma, and manufacturing. How do you tailor security leadership to each sector without losing a unified framework?
Core security principles like risk & incident management, data protection, compliance etc. remain consistent, adapting leadership to each sector involves understanding the business priorities, regulatory landscape, and threat environment specific to that industry. In retail, the focus is on protecting customer data, ensuring PCI-DSS compliance, and managing large-scale transactional environments. Early response & detection to fraud and strong endpoint security are crucial.
In telecom, the priority is to secure vast infrastructure, dealing with high-volume network traffic, and maintaining service availability. Compliance with national-level regulations and addressing privacy considerations are paramount in this sector.
In pharma, more focus on compliance (like HIPAA or GDPR), protection of intellectual property and R&D data, and secure collaboration with third parties. Security strategy here is more towards insider threat protection and data lifecycle controls.
In manufacturing, the challenge lies in aligning IT and OT security, protect legacy systems and industrial control systems (ICS) while managing supply chain risks. Uptime is critical, so network segmentation and operational continuity are focal areas.
Yes, the locks can be placed at every door, but that comes with the hardship of unlocking each of them for normal work.
On the contrary, yes, there is a risk associated with placing fewer locks, and someone CAN compromise a door without a lock, but that is where you have multiple other onion peel layers to protect against it.
Despite the differences, I maintain a unified security framework by anchoring it to core pillars like governance, active monitoring, threat detection and response, and user awareness. I follow industry-specific controls and standards. Regular risk assessments and stakeholder engagement ensure that adaptations remain aligned with businesses.
What does “cyber resilience” really mean to you, beyond the jargon?
To me, cyber resilience means being able to keep the business running smoothly if there’s a cyberattack and ready for all eventualities with granular level action plans.
It involves being prepared by knowing what could go wrong and having a clear plan. It also means reacting quickly if something happens, fixing it fast and limiting the damage. Bouncing back is critical , with a focus on getting things back to normal as quickly as possible. Finally, cyber resilience includes learning from each event, understanding what happened and making sure it doesn’t happen again.
We often hear the term “risk-based security.” What does that actually look like when applied at scale in real-time decision-making?
Risk-based security focuses on our time, money, and efforts on what matters most for business instead of trying to protect everything equally.
At scale and in real-time:
We first identify what’s most valuable to the business. We need understand what can go wrong and its impact. Then, we prioritize our actions. We fix the critical vulnerabilities or loopholes. E.g. if a core system exposed to the internet, we secure it first.
In real-time decision-making, our response is tailored to the context:
Unusual activity on a low-risk system, we log it and keep an eye on it.If that same activity identified on a high-risk, business-critical system, we act immediately. So instead of a one-size-fits-all approach, risk-based security is about being smart and focused, making quick decisions based on what’s truly important to the business at that moment.
With your diverse range of work across various sectors, how does the information risk surface change across sectors, and what stays the same, according to you?
In my experience, the information risk surface means where and how data can be exposed or attacked.
In retail, the focus is on protecting customer payment data and stopping fraud. The risk surface is wider at the front-end like POS systems, online stores, and third-party apps.
In telecom, the challenge is managing huge volumes of user data and network infrastructure. Risks include service outages, SIM fraud, and privacy breaches.
In pharma, it’s all about protecting intellectual property, research data, and patient information. Insider threats and compliance issues are major concerns.
In manufacturing, the focus is on production uptime and industrial systems (OT). Risks come from outdated systems and supply chain vulnerabilities.
Despite these differences, certain elements remain consistent across sectors. Human error, such as, clicking a phishing link or misconfiguring a system, is always a common risk.
The need for strong identity and access controls, data protection measures, and an effective incident response is a constant.
Additionally, maintaining trust with customers, partners, and regulators is a critical factor in all industries.
In your opinion, where do automation and AI actually make a difference in enterprise security, and where do they create new risks?
In cybersecurity, AI can make a significant difference by enhancing efficiency and effectiveness in several key areas. It enables, faster threat detection and automating Level 1 and Level-2 Security Operations Center tasks, streamlining processes.
AI can also execute automated responses for certain actions like isolating a system or scanning a system for vulnerabilities. Further, it can help in reducing alert fatigue by filtering out the noise and showing security teams only the most important alerts.
Regularly scan systems and prioritize fixes based on risk.
However, AI also introduces several new risks that must be managed carefully.
Blind trust in AI can lead to missed subtle attacks or false positives, underscoring the need for human oversight.
Further, misconfigured automation may take the wrong action and can cause more damage than the attack itself.
Furthermore, hackers are now increasingly leveraging AI too, for smarter phishing emails or faster initial reconnaissance scan of your network. Finally, since AI needs data to learn, improper handling of this data could inadvertently expose sensitive information.
Looking ahead, what’s the next major blind spot companies are sleepwalking into?
One major blind spot I see companies sleepwalking into is trusting too much in their technology stack without fully understanding the risks behind it especially with third parties and AI tools.
Companies are using more cloud services, vendors, and partners than ever with many don’t have full visibility into how secure those partners really are. A weakness in vendor ecosystem can become a doorway into your systems.
Over usage of AI but don’t fully know data is being shared, usage of it is not known.
Over-relying on automation with the tools.
Ignore the basics of patching, complex passwords and employee awareness.
About Kishan Kendre:
Kishan Kendre, Global Head – Information Security, Blue Star Ltd., brings over 19 years of experience in IT, with a focus on cybersecurity, IT management, and enterprise architecture.
He develops and leads information security programs, implementing policies to protect enterprise systems and data from internal and external threats. Kishan builds strategic technology roadmaps, aligning them with NIST, ISO 27001, and COBIT 5 frameworks to strengthen organizational security.
His hands-on expertise includes managing large-scale security implementations for over 100,000 users across retail, telecom, IT/ITES, and petrochemical sectors. Having worked in end-user, consulting, and OEM environments, he effectively integrates people, processes, and technology to enhance security resilience.
Kishan’s practical approach to anticipating risks and deploying tailored solutions ensures enterprises maintain robust defenses in a dynamic threat landscape.
