India’s digital economy is expanding at a staggering pace—cloud adoption, fintech innovation, and mobile-first commerce are reshaping the country’s enterprise landscape. Yet with opportunity comes risk: in 2024 alone, India recorded more than 17.3 billion web application and API attacks, the second-highest tally in the Asia-Pacific region. The convergence of legacy IT, modern microservices, and uneven security practices has created one of the world’s most complex threat surfaces. Add to that the rise of AI-driven ransomware campaigns, and Indian enterprises now face an urgent test of resilience. In this conversation with CISO Forum, Reuben Koh, security strategist at Akamai, unpacks what’s fueling the surge, why traditional defenses fall short, and how organizations can adapt to the realities of a borderless cyber era.
Director of Security Strategy for Asia Pacific & Japan
Akamai Technologies
CISO Forum: India recorded over 17.3 billion web application and API attacks in 2024, the second-highest in the APAC region. From your perspective, what unique factors are driving such an intense wave of ransomware activity in the country?
Reuben Koh: India has one of the fastest-growing digital economies, with rapid adoption of cloud services, fintech platforms, and mobile-first commerce. Several of the world’s largest consulting firms, which manage extensive global enterprise infrastructure, are also based in India. This expansion has created a massive and diverse attack surface across industries such as financial services, retail, and telecommunications, all of which are highly attractive to threat actors due to the sensitive data and transaction flows they handle. At the same time, the uneven implementation of strong security practices, visibility gaps around shadow and zombie APIs, and the coexistence of legacy IT systems with modern microservices make Indian enterprises particularly vulnerable.
Furthermore, ransomware groups are increasingly leveraging AI-driven tools to automate reconnaissance, identify vulnerable endpoints, and scale attacks at unprecedented speed. India’s large base of small and mid-sized businesses, many of which lack advanced cyber defenses, presents a broad set of easy targets. Geopolitical motivations, the presence of organized cybercrime groups in APAC, and the growing monetization opportunities via stolen financial data and digital identity abuse further amplify this threat.
CISO Forum: As enterprises move deeper into hybrid and remote models, traditional security perimeters are breaking down. What new approaches are proving most effective in defending today’s borderless networks?
Reuben Koh: Traditional perimeter-based security is no longer sufficient as workloads are distributed across cloud environments, endpoints, and third-party networks. Organizations are increasingly adopting zero-trust architectures, microsegmentation, and AI-driven threat detection to protect these borderless networks.
Microsegmentation, such as Akamai Guardicore Segmentation, limits lateral movement by isolating workloads and servers, ensuring that even if an endpoint is compromised, the threat cannot spread to cause further damage. AI-powered solutions, such as real-time visibility, behavioral analytics, and automated security policies, enable the rapid detection and containment of attacks, including ransomware. Layering these with endpoint detection and response platforms, cloud security gateways, and continuous monitoring creates a defense-in-depth approach that scales across global and hybrid environments, reducing risk and strengthening cyber resilience.
CISO Forum: In high-stakes scenarios where hundreds of thousands of endpoints are exposed, speed is everything. What critical steps allow large, complex organizations to secure themselves within weeks rather than months—without halting day-to-day operations?
Reuben Koh: Large organizations can secure hundreds of thousands of endpoints quickly by focusing on a few critical steps that combine speed, visibility, and automation. First, gain granular visibility into all workloads and traffic to identify high-risk systems and communication paths. Next, deploy microsegmentation or similar controls in alert-only mode to map interactions and test policies without disrupting operations.
Once traffic flows and system dependencies are mapped, implement rapid response policies and automated enforcement to contain threats immediately if detected. After mapping traffic patterns, organizations can transition to rapid response by enabling containment policies and automated enforcement that neutralize threats immediately upon detection. Layering AI-powered monitoring, endpoint detection, and real-time access controls ensures that attacks are blocked in real time. Finally, a phased rollout and continuous monitoring allow protections to scale smoothly across the enterprise, strengthening defenses without halting day-to-day business.
CISO Forum: At the same time, Indian businesses face growing compliance demands alongside escalating cyber threats. How can security leaders balance regulatory requirements with the need for agility and fast response?
Reuben Koh: Security leaders in Indian businesses can strike a balance between regulatory compliance and agility by adopting integrated, automated solutions that align and streamline both security and compliance processes. For example, Akamai’s DNS Posture Management and API security solutions exemplify this approach. These tools provide continuous visibility into DNS configurations and API behaviors, enabling organizations to detect misconfigurations, unauthorized changes, and vulnerabilities in real-time, while also reporting on potential compliance violations should they occur. By automating adherence to critical security frameworks such as NIST, PCI DSS, and HIPAA, businesses can significantly reduce compliance costs while strengthening their security posture. This proactive approach allows for rapid identification and remediation of issues, ensuring that security measures are both practical and aligned with regulatory requirements.
Akamai’s solutions integrate seamlessly with existing security tools and cloud management systems, providing real-time alerts, streamlining incident response, and enhancing overall security posture. This integration ensures that security teams can respond swiftly to emerging threats without compromising compliance.
CISO Forum: Prevention often dominates the ransomware conversation, yet containment and minimizing the blast radius are equally crucial once an attack slips through. What strategies are proving most effective in limiting damage when breaches occur?
Reuben Koh: When prevention alone is insufficient, as is becoming increasingly evident with the rise in large-scale data breaches, the ability to contain attacks like ransomware quickly and limit their spread becomes critical. The focus here is no longer about the initial breach but instead on the attack’s ability to spread across the network. Enterprises can stop the spread with solutions that isolate workloads down to the process level, blocking lateral movement and protecting high-value assets. Akamai’s Guardicore Segmentation delivers this capability, protecting across hundreds of thousands of endpoints within weeks, providing immediate visibility, enforcing policies rapidly, and reducing recovery times from weeks to days. Paired with Akamai’s Zero Trust portfolio, including Akamai Enterprise Application Access, MFA, secure DNS, and real-time threat intelligence, organizations can minimize the blast radius, maintain continuity, and accelerate recovery with confidence. By integrating containment and layered defenses, Akamai helps enterprises remain operational even when attackers breach the perimeter.
CISO Forum: Looking ahead, what three priorities should consulting and professional services firms in India adopt over the next 12–18 months to strengthen resilience against ransomware?
Reuben Koh: Consulting and professional services firms in India need to prioritize reinforcing Zero Trust security and microsegmentation. Akamai research shows that organizations with extensive segmentation across mission-critical assets recover from ransomware nearly three times faster than those with limited segmentation. This demonstrates the importance of isolating workloads and limiting lateral movement, particularly in sprawling technological environments like large enterprises, where visibility is often limited.
Additionally, there needs to be an increased focus on investing in always-on monitoring and threat intelligence. Proactive visibility, vulnerability assessments, and real-time detection, powered by continuous intelligence, help identify anomalous activity early and contain attacks before they escalate, especially threats that may have evaded initial defenses. Finally, building robust incident response and recovery strategies that go beyond prevention, ensuring secure backups, layered defenses, and well-tested playbooks to quickly restore operations.
CISO Forum: Finally, beyond technology investments and compliance checklists, what mindset shift do CISOs need to adopt to build cyber resilience in this rapidly evolving threat landscape?
Reuben Koh: CISOs must adopt a mindset grounded in simplicity, focus, and adaptive preparation. Building a culture of resilience requires teams and individuals to take mutual ownership and drive accountability for securing not just the key digital services, but also all the building blocks and processes that lead to the successful delivery of those services.
Taking APIs as an example, a recent Akamai study highlighted that while many Indian C-suite leaders claim to have complete API inventories that are critical to securing applications, only a small fraction of AppSec teams agree. Even fewer understand which APIs handle sensitive data. This disconnect undermines resilience. CISOs must break down silos between executives and security professionals, fostering unity around existing APIs that expose sensitive data and identifying where risks lie. Embracing a mindset that prioritizes real-time discovery, ongoing risk assessment from development through runtime, and shared ownership ensures not only compliance but also a proper security posture. When leadership, AppSec, and DevOps align and accountability is embedded across teams, organizations can adapt swiftly, withstand evolving threats, and demonstrate meaningful resilience beyond checklists.
