Interview with Manish Mimani, Founder and CEO of Protectt.ai

By Puja Sharma

Manish Mimani is the founder and CEO of Protectt.ai, where he uses his extensive experience in global technology platforms and digital transformation to drive the company’s growth and innovation.

In his conversation with IBS Intelligence, Mimani highlighted Protectt.ai’s advanced, multi-layered mobile threat defense solutions, which enhance security and provide a seamless user experience across mobile applications, devices and transactions.

How important is it for organizations across industries, especially FinTech, to regularly update mobile apps and operating systems to protect against the growing number of security vulnerabilities?

For organizations across industries, especially FinTech, regularly updating mobile apps and operating systems is crucial. Mobile apps are the frontline of customer engagement, especially in industries like banking and fintech, where sensitive financial data is constantly in transit. Security vulnerabilities are constantly evolving and cybercriminals are always looking for new ways to exploit weaknesses. In 2023, the Reserve Bank of India (RBI) noted that the increase in digital transactions has increased the sector’s vulnerability to cybercriminals. By not updating, organizations are exposed to both known and unknown threats, such as zero-day vulnerabilities, malware attacks, or unauthorized access attempts.

Regular updates help patch vulnerabilities and improve security features, making apps resilient to new cyber threats. Furthermore, modern mobile operating systems come with enhanced security protocols, and if these are not applied, a gap can arise between app security and the platform’s evolving security standards. In industries like FinTech, where trust and compliance are paramount, regular updates can ensure not only the security of the app, but also the organization’s reputation and customer trust. In this fast-paced threat landscape, staying up to date is a fundamental step in a holistic Mobile App Security strategy.

What role do two-factor authentication and strong, unique passwords play in improving digital security, especially in industries that handle sensitive financial data?

Two-factor authentication (2FA) and strong, unique passwords play a crucial role in improving digital security, especially in industries that handle sensitive financial data. The importance of these measures has increased significantly, especially as digital payment fraud in India saw a sharp rise, reaching Rs 14.57 billion by March 2024, according to a report citing data from the Reserve Bank of India (RBI). However, as cyber threats continue to evolve, it is essential to emphasize the importance of integrating these practices into a broader security strategy, such as Zero Trust Authentication. These approaches, such as passwordless login and persistent authentication, assume that no user is trusted by default, eliminating the dependency on passwords and providing better protection against advanced cyber-attacks.

Additionally, Device & SIM Binding technology plays a key role in strengthening security by linking a user’s identity to a specific mobile device, creating a unique digital identity for each app user. This method helps combat digital identity fraud by ensuring that only genuine users can access their accounts from their registered devices. Together, 2FA, strong passwords, Zero Trust Authentication and Device & SIM Binding create a robust, multi-layered security framework that is crucial for protecting digital accounts in the increasingly vulnerable banking and financial sectors.

How can companies across industries increase awareness of cyber threats, such as unverified apps and phishing attacks, and stay ahead of emerging challenges?

To increase awareness of cybersecurity threats and stay ahead of emerging challenges, companies across all industries can take the following steps:

• Cybersecurity Awareness Month (CSAM): Cybersecurity Awareness Month is a globally recognized campaign held across all industries in October. This campaign aims to raise awareness of cybersecurity best practices and initiatives. Companies can get involved this month by hosting events, distributing educational resources and collaborating with industry partners to promote cybersecurity best practices. This initiative reminds both employees and consumers to prioritize security and stay informed about emerging threats.
• Consumer and employee training: Regular training sessions are essential for promoting a robust safety culture within organizations. Employees should be trained to recognize phishing attempts, understand the dangers of downloading unverified applications, and implement safe online practices. Additionally, consumers can benefit from targeted training that informs them of the security risks of mobile apps and provides guidance on verifying the legitimacy of apps before downloading them.
• Awareness campaigns: Implementing consumer awareness campaigns significantly increases knowledge about cybersecurity threats. These campaigns can use a variety of channels, including social media, blogs and newsletters, to distribute informative content that highlights the importance of cybersecurity and provides best practices for safe online behavior. Compelling images and interactive content can effectively attract attention and reinforce critical messages.
• Webinars and workshops: By hosting webinars and workshops, organizations can explore specific cybersecurity topics in more depth. These sessions, with industry experts, can provide valuable insights into the latest threats and best practices for risk mitigation. Interactive formats encourage participants to ask questions and share experiences, promoting a deeper understanding of cybersecurity challenges.

What best practices should be implemented across the industry to maintain strong cyber hygiene, including scanning for malware, avoiding suspicious links and regularly backing up critical data?

Best practices for maintaining strong cyber hygiene in organizations:

Runtime Application Self-Protection (RASP) for mobile application security: the next generation shield:

• RASP is an advanced security technology that allows applications to defend themselves against cyber attacks in real time.
• By building security features into applications, RASP detects and mitigates malicious activity at runtime, providing a dynamic defense against evolving threats.
• It proactively detects and neutralizes threats such as code injections, reverse engineering and unauthorized access.

Zero Trust device and SIM binding:

• Zero Trust Device and SIM Binding ensures that only authenticated devices and users can access sensitive information by treating every access request as a potential threat.
• This approach includes continuous authentication and validation, and SIM binding links a user’s identity to their SIM card, improving protection against SIM swapping and device tampering.
• It is a crucial layer of security to protect mobile applications and transactions against advanced attacks.

App Hardening: Strengthening the Basics:

• App hardening techniques protect mobile applications against reverse engineering, code injection, and other vulnerabilities.
• Key techniques include code obfuscation, which makes the code difficult to decipher, and RASP, which monitors and protects applications at runtime.
• Application hardening significantly reduces the attack surface and improves the security of mobile banking applications.

Real-time threat detection: stay one step ahead:

• Real-time threat detection is critical to mobile banking, where rapid identification and response to threats are critical.
• AI and ML-driven systems analyze user behavior to detect anomalies and respond to threats in real-time.

Compliance with international standards (ISO certificates):

• Organizations can increase their cyber resilience by following international standards such as ISO, which outline effective information security management systems.
• Compliance with such standards helps ensure comprehensive cybersecurity practices and improves the overall security of the organization.

How can companies foster a cyber-resilient culture through continued education, promoting best practices, and encouraging collective responsibility for digital security across industries?

Building a culture of cyber resilience in a digitalized environment:

• Establishing cyber resilience:
  • A culture of cyber resilience can be achieved through continuous education and promoting shared responsibility for digital security across all sectors of India’s highly digitalized environment.
• Mandatory cybersecurity training:
  • Organizations should invest in regular cybersecurity training programs, which all employees, regardless of role, must participate in.
  • The training should cover modern cyber trends, phishing detection, creating secure passwords and implementing Zero Trust Authentication methods.
• Encourage a cybersecurity culture:
  • Stimulating cyber awareness: Rewarding employees for following cybersecurity best practices or reporting potential threats to promote a sense of responsibility for digital security.
  • Implementing a ‘Zero Trust’ model: Treating all network activity as a potential threat, ensuring continuous monitoring and validation of users and devices to minimize the possibilities of compromise.
  • Collective responsibility: Digital security should be an organization-wide concern, not just a departmental responsibility. Leaders, including CEOs and CISOs, must lead by example to promote cybersecurity practices across the organization.
• Proactive cybersecurity measures:
  • Integrating cybersecurity into organizational culture strengthens companies’ ability to withstand evolving cyber threats.
• Securing mobile banking apps:
  • Financial institutions must prioritize securing mobile banking apps as digital transactions become the norm.
  • Taking advanced security measures ensures that mobile banking platforms are safe and reliable and promotes customer trust.
• Investments in security technologies:
  • Continued investments in security technologies and practices are essential to revolutionizing the security of mobile banking apps and ensuring long-term success in the face of increasing cyber threats.