What are your roles and responsibilities as CISO of Rakuten? How is the Rakuten security team synergised with the IT team and other business functions?
My responsibilities include maintaining Rakuten India’s IT infrastructure security, supervising information security governance, and implementing advanced cybersecurity and privacy safeguards. Rakuten’s security team collaborates extensively with the IT team and other business units on projects such as the security governance program.
This program connects Rakuten India’s information security, cybersecurity, and privacy pillars, resulting in a unified governance framework.
As the CISO, how do you align Rakuten India’s cybersecurity strategies with the organisation’s overarching business objectives?
In today’s interconnected digital landscape, cybersecurity is not just a technical necessity but a fundamental component of business strategy. I ensure that cybersecurity plans are meticulously designed to align with overarching business objectives, ensuring that security measures enhance rather than hinder operational efficiency
By integrating risk management and compliance into strategic planning, we at Rakuten proactively identify potential threats, mitigate vulnerabilities, and establish robust protocols to safeguard critical assets. This approach not only fortifies an organisation against cyber threats but also fosters a culture of resilience, enabling seamless operations even in the face of evolving security challenges.
In what ways is Rakuten India leveraging emerging technologies such as AI and ML to enhance its cybersecurity framework?
AI has significantly transformed cybersecurity by enhancing threat detection, incident response, and risk management. Its ability to analyse vast amounts of data in real time allows organisations to identify and mitigate cyber threats more efficiently than traditional methods. AI-driven security systems can detect anomalies, predict potential attacks, and automate responses to minimise damage.
Rakuten has developed SixthSense AI, an in-house cybersecurity solution designed to enhance performance and security. SixthSense AI focuses on API monitoring, a crucial aspect of cybersecurity in the era of Generative AI (Gen AI). APIs facilitate digital interactions, but they also introduce vulnerabilities, such as unauthorised access and data leaks. SixthSense AI employs AI-driven monitoring, vulnerability management, and compliance tools to secure APIs, ensuring real-time threat detection and operational resilience.
What are the most significant challenges you foresee at the intersection of AI and cybersecurity, particularly as organisations increasingly adopt AI-driven tools and systems?
The most serious issues are attackers leveraging AI to craft highly convincing phishing emails that mimic legitimate sources, making them harder to detect. AI-driven malware can autonomously adapt and evade traditional security measures, increasing the risk of system breaches.
Cybercriminals use machine learning to analyse vulnerabilities and launch targeted attacks with unprecedented precision. Deepfake technology enhances social engineering tactics, deceiving users into revealing sensitive information.
How do you ensure a balance between fostering technological innovation and maintaining robust security protocols within a dynamic and fast-evolving digital landscape?
Embedding cybersecurity into innovation ensures that security is a fundamental aspect rather than an afterthought, reducing vulnerabilities from the start. Cross-team collaboration between developers, security experts, and stakeholders strengthens defences and enhances threat awareness. Continuous adaptation of security protocols helps mitigate emerging risks, ensuring resilience against evolving cyber threats.
By combining proactive defence strategies with innovation, organisations can safeguard their digital assets while driving technological progress.
From a CISO’s perspective, what emerging cybersecurity trends or technologies should organisations be preparing for over the next few years?
Organisations should prepare for AI-driven cybersecurity, Zero Trust Architecture and enhanced IoT security. When implementing AI, keep data quality in mind. Maintaining high data quality in AI implementation prevents misinformation and ensures reliable decision-making in cybersecurity frameworks.
