Dipesh Kaura urges CISOs to act as behavioral detectives, using AI, collaboration, and culture to stay ahead of insider threats.
As insider-driven risks account for over a third of global breaches, cybersecurity leaders face challenges beyond traditional defenses. In this exclusive interview with CISO Forum, Dipesh Kaura, Country Director – South Asia at Securonix, shares his vision for modern cybersecurity leadership. He highlights the role of AI-powered behavioral analytics, cross-functional collaboration, and ethical monitoring in addressing hybrid work risks. Kaura stresses that CISOs must evolve from cost centers to business enablers, driving resilience and credibility. With insider threats averaging $17 million per breach, he emphasizes the critical mindset shifts needed to safeguard organizations in today’s complex threat landscape.
CISO Forum: Insider-driven risks now make up more than a third of breaches globally. What should be the **top three priorities for CISOs** as they adapt to this reality in 2025?
Dipesh Kaura: Top three priorities. First things first, you need to upscale. With the advent of Gen AI, CSOs must upgrade their skills and learn to utilize AI in the right context. The goal is to achieve meaningful business outcomes while also ensuring effective communication within teams and across the organization. Upskilling is no longer optional; it is essential for staying relevant and effective.
Second, CSOs must foster collaborative approaches that integrate with cross-functional teams such as HR, legal, and finance. Threats today spread horizontally, and with AI making both defense and attacks more sophisticated, collaboration becomes a critical necessity. Just as organizations adopt AI for protection, attackers also use AI to their advantage. Stronger integration within teams ensures faster response and minimizes blind spots.
Third, organizations need well-defined internal policies—clear dos and don’ts that address insider threats and establish security as a shared responsibility. While the CISO is ultimately accountable, acting as the captain who sets rules and policies, security cannot rest on a single desk. Unless every user takes ownership, even the best tools will fail. Negligence or ignorance at the user level creates vulnerabilities no system can fully close.
Therefore, the culture of security must be embedded across the organization. Cyber defense must evolve into a collective responsibility where everyone contributes to safeguarding the enterprise. Tools, policies, and leadership direction matter, but without a culture of shared accountability, defenses will always have gaps. These three priorities—upskilling, collaboration, and cultural responsibility—are the most critical to address.
Security is everybody’s responsibility. Unless that culture comes in, no matter how many tools you deploy, they will fail.
CISO Forum: How has the permanence of hybrid work changed the way CISOs view insider threats, especially with employees accessing sensitive systems across multiple devices and networks?
Dipesh Kaura: It all comes down to the policy perspective. With hybrid work becoming the new normal, having the right policies in place—and implementing them effectively—has become the cornerstone of enterprise security. Policies define the rules of engagement, and without them, even the most advanced tools fail to deliver meaningful results.
To implement these policies, organizations often need additional layers of technology. Identity access management systems, privilege management tools, and continuous monitoring mechanisms are essential. Their success, however, relies on oversight. This is where the Security Operations Center (SOC)—whether described as a cyber response center, security monitoring center, or cyber defense center—plays a crucial role. The SOC must have full visibility into how data and security activities are being monitored across the enterprise.
When policies and tools work in tandem, monitoring multiple devices becomes easier. A fundamental practice is ensuring that all logins, regardless of origin, connect back to a secure, centralized source. If this source is protected with the right access controls, it becomes the most effective way to secure hybrid workforces. Policies may also block simultaneous logins from multiple devices by the same employee, while geotagging adds another safeguard by flagging inconsistent login locations.
Take a practical example: a senior resource in Mumbai relies on a laptop, phone, tablet, and home computer. All are internet-enabled and thus vulnerable. If a login attempt surfaces from Dubai or Hyderabad while the employee is active in Mumbai, monitoring tools like SOC, UEBA, or SOAR should instantly flag it as suspicious.
Policies can also be contextual. If an employee is on a video call, that geolocation can serve as validation, automatically suspending other login attempts. Properly configured, such measures prevent unauthorized access even in hybrid setups.
Ultimately, securing hybrid work requires more than acquiring tools. It demands a complete ecosystem of monitoring technologies, strong policies, and effective response mechanisms. Regular “fire drills,” much like physical safety checks, must confirm that alerts and defenses are functional. This blend of policy, practice, and preparedness ensures that when incidents occur, the right triggers activate at the right time to keep organizations safe.
CISO Forum: Generative AI has boosted productivity but also created new vectors for data exposure. How should CISOs prepare for insider misuse or unintentional leaks through AI tools?
Dipesh Kaura: The more exposure there is to the open internet, the greater the risk becomes. I’ve always been a strong advocate for fostering cyber maturity—both at the organizational and individual level—by implementing the right policies and checks.
Today, everyone knows that if you want anything, you go to ChatGPT. But regulating the use of ChatGPT is even more critical. The type of access granted and the keywords allowed or disallowed during that access can make a significant difference. Can organizations create a scenario where authentic, licensed access is provided, automatically discouraging the use of non-licensed applications that risk exposure and data theft? Such rules, methodologies, and policies must be established.
It also comes down to maturity and awareness. People need to know clearly what they should not be doing. By defining boundaries, you indirectly set what is permissible. Licensed access, authentic sources, and restricted usage for those handling sensitive data are essential. For individuals working with mission-critical information, all non-essential access should be suspended. One mistake—often unknowingly—can lead to serious breaches or data leaks.
Of course, security and convenience are opposites. More restrictions mean less comfort but higher security. Fewer restrictions mean greater access but also higher risk. Striking the right balance is key. Regulation—clearly defining what access is allowed while providing controlled leverage to the right tools—can minimize data exfiltration, maintain privacy, and prevent breaches. And compared to the cost of a violation, this investment is minimal.
CISO Forum: From UEBA to AI-reinforced SIEM platforms, what **practical AI capabilities** Should CISOs prioritize today to strengthen detection and response against insider activity?
Dipesh Kaura: Insider threat is a reality, and it is growing bigger with every passing day. Earlier, such threats were more visible in the banking sector, but now they have spread across industries. With the rise of e-commerce and the growing sensitivity of organizational data, insider threat is a far bigger reality today than it was a decade or even five years ago.
In this environment, monitoring user behavior becomes critical. With the help of AI, it is possible to predict whether a behavior is rogue or heading in that direction. This is especially important during appraisals, when resignations are submitted, or when employees are serving notice periods.
For organizations with hundreds, thousands, or even 50,000 users, manual monitoring is impossible. Here, tools like UEBA—when integrated with AI and connected to SOC operations—become essential. UEBA can identify deviations when a user attempts unusual actions, such as accessing data they never touched before, downloading inappropriate files, or sending out unrelated information. These alerts allow administrators to intervene quickly: “This user is deviating from their regular behavior and may pose a risk.”
AI-enhanced UEBA also leverages analytics and external data sources to predict potential outcomes, enabling organizations to review risky behavior before it escalates. While AI provides insights, control and decision-making remain with the organization.
In today’s hybrid environment where users operate from multiple devices and locations, UEBA combined with AI is indispensable. It enables accurate, predictive detection of insider threats, strengthening organizational defenses against evolving risks.
CISO Forum: Employee Monitoring Raises Ethical and Cultural Questions. How can CISOs balance user privacy with the enterprise’s need to detect malicious or negligent behaviour?
Dipesh Kaura: It is the way the world changes. At one point in time, what was seen as spyware or a breach of privacy—questions like, “Why do you want to see what I am doing on my laptop?”—belonged to an era when employees entered the office, logged in with biometric attendance, and worked together on machines within corporate premises. Then came the BYOD phase, where “bring your own device” was introduced, though with limited access and controls.
The next major shift was hybrid work and work-from-home, which has now become a reality. This created new challenges. Organizations suffered losses due to misconduct—employees logging in but not working, or moonlighting with multiple laptops for different companies at the same time.
This is why measuring mechanisms are necessary. Organizations must track user activity to safeguard information. With new laws, higher monitoring requirements, and more sophisticated attacks, behavior monitoring has become essential. It is no longer unethical, because work behavior and patterns have changed dramatically.
From a cyber defense perspective, the risks are greater. A UK case showed how attackers remotely took over power stations, shutting them down and plunging the country into darkness. Such incidents prove how abnormal machine behavior can be flagged through user entity detection. For employees at home, with weaker internet security, the risk increases, making immediate corrective action vital.
In today’s environment, monitoring is not mistrust but assurance. Ethics and models have evolved—these technologies are now critical for protecting corporate assets and addressing misconduct.
CISO Forum: The average insider breach now costs over \$17 million. How should CISOs communicate the urgency of insider risk management to boards and CEOs in terms of **business impact, not just security metrics**?
Dipesh Kaura: First things first, this requires a change of mindset. CISOs are now being viewed as a security pillar within the organization, and security expenditures are often seen as a cost center. However, today’s scenario demands a shift in perspective. Just like a CTO or CIO, the CISO must also be recognized as a business enabler. The money or infrastructure deployed for cybersecurity should not be considered an expense but an investment in security.
Once this perspective changes, the way outcomes are evaluated also changes. When you talk about investment, you are talking about business value. While no organization can guarantee complete protection from cyberattacks, having the right tools, processes, and people in place ensures quick detection and response. This minimizes or even eliminates downtime, saving significant amounts of money—benefits that far outweigh the cost of security.
The challenge is that these benefits are not easily quantifiable on a daily or monthly basis. Yet, the day cybersecurity is viewed as an investment, it will be recognized as essential for keeping the business running. It safeguards organizational credibility, protects brand reputation, and even stabilizes stock prices—areas that can be severely damaged if a breach becomes public.
CISOs must now be seen not only as security leaders but as true business enablers. Encouragingly, this shift is already underway. Many organizations are transforming their security policies, methodologies, and spending, with some even beginning to measure ROI. This change will continue to drive the evolution of cybersecurity’s role—and it has already begun.
CISO Forum: As insider threats grow more complex, what **new skills, collaborations, or leadership approaches** will tomorrow’s CISOs need to stay ahead of both external and internal risks?
Dipesh Kaura: They need to gather behavioral intelligence about insider risks that are occurring. Organizations must introspect and understand what they have gone through, including the types of insider threats already encountered. When I say “check on the insider threat,” it means evaluating the potential damage a user could cause and how such actions might create a damaging scenario for the organization. The first step is to understand behavioral aspects, leverage insider risk analytics, and assess how these threats could impact operations.
Second, they need to upskill in AI and develop fluency in automation. By mastering the subject and understanding how it works, leaders can design more effective protection strategies. Much also depends on how the organization manages its data—how much of it is stored in the cloud, how much is sensitive, whether distinctions between sensitive and non-sensitive data exist, and who has access to what.
Cross-functional collaboration is another crucial element. Ten years ago, boards and leadership required mentoring to even acknowledge that cybersecurity threats were real. Today, that shift has happened—leadership understands the importance of cybersecurity and accepts that no one is immune. Still, they need well-defined protection mechanisms. The same applies to AI. Leaders must be shown how AI works, how it can serve as a business enabler, and how it might also disrupt. Demonstrating the competitive landscape, with examples of how peers are adopting AI, will require mentoring at the leadership level.
I often say this in conferences: organizations must build resilience-oriented strategies. You cannot protect everything, and prevention alone will not suffice. Once preventive measures are in place, the focus must shift to recovery—how resiliently and quickly you can bounce back when something goes wrong. Accountability and recovery planning are just as important as prevention.
Finally, greater investment in building diverse teams is essential. The attack surface has expanded infinitely, with dozens of new technologies emerging. Smaller, cross-functional teams with diverse expertise can manage larger responsibilities, collaborate effectively, and build integrated defense mechanisms. This diversification helps organizations define roles clearly and address complex challenges with a holistic perspective.
