Yogesh Suryawanshi, Chief Information Security Officer, Kirloskar Brothers Limited
Yogesh Suryawanshi, Chief Information Security Officer, Kirloskar Brothers in an interaction with CIOTechOutlook, shared his views and thoughts on how threat intelligence can be operationalized to proactively guard against ransomware tactics, techniques, and procedures, as well as what strategies businesses can adopt to evaluate and mitigate ransomware risks stemming from their supply chain ecosystem.
Yogesh Suryawanshi is a seasoned Cybersecurity Leader and CISO at Kirloskar Brothers Limited. With a rich background across Wipro, Cognizant, and Capgemini, he has driven enterprise-wide IT and security transformation programs. His expertise spans risk governance, incident response, and regulatory compliance, underpinned by a strong foundation in cybersecurity architecture and controls.
Legacy infrastructure often lacks the resilience and adaptability to defend against modern ransomware tactics. What proactive strategies can organizations adopt to modernize critical systems without disrupting operations?
Replacing older systems isn’t always possible, especially when they are deeply tied to daily operations. But you can still modernize safely. Start by building a test environment - a “digital twin” that mimics your actual systems. Use this to test changes or security updates before applying them live. Start by creating a safe test setup using low-cost virtual machines to try patches and changes before applying them in live environments
Implement a Zero Trust approach, where no user or system is trusted by default - even inside the company. This limits how far attackers can move if they get in. If replacing a system isn’t an option, protect it by isolating it from other systems and restricting what it can access. Also, ensure you have secure backups stored separately from your main network. If ransomware strikes, these backups will help you recover without paying a ransom. Lastly, use intelligent monitoring tools to detect unusual activity early and respond automatically to contain threats.
Small and mid-sized businesses often lack the resources for enterprise-grade ransomware protection. What cost-effective yet proactive cybersecurity strategies can smaller organizations implement to defend against ransomware?
No tool is perfect, and no individual has all the answers. It’s the right technology choices, continuous validation, and leadership vision that turn risk into resilience. For small and mid-sized businesses, defending against ransomware isn’t about stacking tools but it’s about making smart, focused moves. Start with identity. MFA should be mandatory on email, VPNs, and backups. Use conditional access and apply least privilege across accounts. Most attacks begin with compromised identities - this is where you win early.
Next, think offensively. Set up simple honeypots to detect suspicious activity. Use free tools like MITRE Caldera or Infection Monkey to test how your defenses hold up against real-world tactics. Do not just scan for known issues but test what can actually break. Then, invest in visibility. Even basic SoC or MDR services can give you insights into where threats are occurring. Map these against frameworks such as MITRE ATT&CK to identify weak points in your controls.
Finally, spend wisely. Don’t buy for every threat. Invest in areas where attacks are actually hitting, whether that’s identity, email, or endpoints.
In short: secure identities, test constantly, follow the signals, and invest where it counts. That’s how SMBs build resilience without burning budget.
Many organizations collect threat intelligence but struggle to convert it into actionable insights. How can threat intelligence be operationalized to proactively guard against ransomware tactics, techniques, and procedures?
Many organizations gather threat intelligence but struggle to act on it. To make it useful, start by understanding what threat intelligence really is - the “who, what, why, when, and how” of cyberattacks. Its purpose is to provide actionable insights for proactive defense.
Start by knowing “who is behind you and what they are after.” Your first and most valuable source of threat intelligence is your own environment. Analyze intrusion attempts, successful attack patterns, and threat hunting observations from your SOC or MDR provider. This helps cut through the noise and focus only on what’s truly relevant.
Next, use ransomware dashboards to identify active gangs targeting your sector—like manufacturing—and study their Tactics, Techniques, and Procedures (TTPs). Then compare these TTPs with your current defenses. If there are gaps, strengthen them specifically against those methods.
Finally, bring in commercial threat intelligence feeds and integrate IoCs into your firewalls, EDR/XDR, SIEM, and email filters. But don’t treat all feeds equally—prioritize IOCs linked to active ransomware gangs and APTs relevant to your industry.
When you combine your internal attack data with external intelligence and align it to real threats, you create a focused, proactive defense—not just a long list of alerts.
Ransomware attackers increasingly target supply chains and third-party vendors as entry points. What strategies can businesses adopt to evaluate and mitigate ransomware risks stemming from their supply chain ecosystem?
Ransomware attackers are no longer just targeting companies directly—they’re going after your vendors, suppliers, and third-party software providers to find an easier way in. While you can’t control their security, you can control how much risk they bring into your business.
Start by identifying which third parties have access to your systems, data, or are part of the software you use. Focus your efforts on these key partners. Ask the right questions: Do they use secure logins (like multi-factor authentication)? Do they have backup plans and ways to detect unusual activity?
If a partner connects to your network, make sure they only access what they absolutely need. Keep them in separate environments where possible and monitor their activity.
Also, pay attention to threat updates and tools such as ransomware dashboards and EPSS, which show which software and vendors are being targeted the most. If something you use is being actively attacked, act fast, update it or isolate it.
Most importantly, strengthen your internal defenses. Even if an attack comes through a third party, strong internal security such as limited user access, good backup practices, and employee awareness—can help contain the damage and keep your business running.
A robust backup strategy is a critical safeguard against ransomware, yet many companies fail to test their recovery capabilities regularly. What are best practices for proactive backup and recovery planning that ensures minimal data loss and operational downtime?
A backup is your last line of defense during a ransomware attack but attackers know that too. Modern ransomware groups deliberately target backups first, using tactics designed to make recovery impossible.
They often look for connected backup drives, shared folders, or cloud storage linked to your network. In many cases, they use stolen admin credentials to disable backup services or delete backup files before launching the main attack. Once your backups are gone or corrupted, you are left with no choice but to pay. That’s why having backups isn’t enough, you need to make sure they are secure, isolated, and regularly tested.
Start by ensuring you have immutable and offline backups - copies that can’t be changed, deleted, or reached through regular access paths. Cloud providers such as AWS and Microsoft offer this feature, and it should be enabled for your critical data.
Run periodic recovery drills, not just to test if data can be restored, but also to measure how quickly and completely systems can come back online. Also, make sure your backup admin accounts are protected with MFA and not reused elsewhere. A strong, tested recovery plan—not just having backups can be the deciding factor between a quick recovery or a costly, business-crippling event.
