Cybercrime is predicted to inflict damages worth $6 trillion this year, according to a report by McAfee. A significant portion of this crime is perpetrated against innocent players, who unwittingly fall prey to sophisticated cyber attacks. Pavan Kushwaha was one such. During his time as an engineering student, he was the victim of the garden variety phishing attack where he accidentally divulged personal details on an unverified website URL. Kushwaha recalls, “I couldn’t believe how simple it was to hoodwink someone who is more tech aware than others. I realized there are bigger scams out there to prey on people who are not even half as informed as I was.”

This led Kushwaha and his collegemates Paratosh Bansal and Dip Jung Thapa to set up Kratikal, an enterprise cybersecurity solutions provider in 2013. The startup has over 125 enterprise customers, in India and overseas, including HDFC Bank, Tech Mahindra, Nykaa, Pine Labs and Himalaya. A comprehensive suite of services include application security testing, server security testing, network penetration testing, cloud security testing and IoT security testing, through solutions like ThreatCop, KDMarc, Threat Alert Button and KP Monitor.

The use of AI in cybersecurity is critical to the success of almost all solutions provided by Kratikal. Kushwaha says Kratikal’s solutions are built with a mix of human intelligence and machine intelligence, with the sole purpose of limiting threats to individuals in enterprises. “You’d be surprised to know that most of the times, an organization’s vulnerabilities are compromised through individual missteps. Kratikal aims to provide security at the individual level – for employees, their customers and vendors.”

In 2018, Kratikal launched ThreatCop, an AI and ML-based simulation product for risk assessment and cyber awareness. This solution allows organisations to get a real-time risk analysis of threats by providing a platform that simulates popular cyberattacks like phishing and ransomware among others. ThreatCop gives you a complete overview of the most common threats that organization is prone to, and the common behaviours displayed by employees that would make them more susceptible to attacks. This helps security teams at organisations to educate its employees to be more cautious. Kushwaha’s team once ran a simulation for 12,000 employees of a financial services solution provider. Out of these, 6,225 employees submitted their credentials to unverified links – exposing their company to a 50% possibility of being hacked. “We worked with the team, and brought down the incidence rate to just around 400 of their employees. Over time, we hope to bring down the incidence rate to less than 1% of a workforce – if we can make 99% of employees aware, those are good odds,” explains Kushwaha.

Cybersecurity is a 24/7 vigilance game, one that is humanly impossible to keep up. The nature of threats these days are way more sophisticated and aren’t confined to a single geography or industry. Kushwaha believes this is where AI can be a game-changer, to guide people towards informed decision making about their own security. Kratikal’s Threat Alert Button (TAB) is an incident response tool that runs a quick check on incoming emails to alert the recipient of suspicious URLs and pop-ups. This feature is especially helpful as more employees move to a permanent/semi-permanent mode of work, a change triggered by the pandemic. “The advantage of perimeter security, usually provided by an organization, is firewalls and PDR protocols. Employees bringing their own devices to work have to put their systems through stringent security checks – but these protocols are missing now. Home networks seldom have such inherent security features, and this has led to a drastic increase in cyber incidents in the past year,” explains Kushwaha.

With remote work and a conscious move away from conventional perimeter security measures become the new normal for professionals, Kushwaha and his team are gearing up for a busy 2021 to strengthen their existing product pipeline and roll out more products in the coming months. Kushwaha recently filed a patent for an AI-based phishing monitoring system that does live-tracking of spoofing efforts on an organization’s websites, domains, mobile apps and any cloud-based property.

Kratikal raised $1mn in funding in December 2019, led by Gilda VC, Art Venture, and Magnetic’s founder Rajeev Chitrabhanu. Shangrila Infotech LLP, Equentia Natural Resources, Artha Ventures, LetsVenture, and angel investor Madhusudan Gopinath also participated in fundraise. The startup has been incubated under the Ministry of Telecom and has won the Jury Choice Aware at Nasscom Product Conclave in 2018. ThreatCop was recognised as one of the top 10 innovative products in 2017 by Data Security Council of India (DSCI).