© 2021 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Seemant Sehgal, Breachlock: “digitization is paramount to business success”


Penetration testing has become a necessity for most comprehensive cybersecurity defenses. And providers are taking the concept even further by using AI to discover potential vulnerabilities.

PTaaS or Pen Testing as a Service is a new cloud-based service, which automates parts of the pen testing process, thus serving as a more efficient way of looking for vulnerabilities. But the possibilities behind this improved system are endless, as it combines an automated and human approach.

We reached out to Seemant Sehgal, Founder & CEO of Breachlock, which delivers comprehensive PtaaS, to learn more about PTaaS and Breachlock’s journey to success.

Following the establishment and growth of the company, what has the journey been like for BreachLock?

It’s been an exciting and humbling journey. While you may see BreachLock as an overnight success, my journey from a corporate leader to a start-up founder took a good twenty years. I started BreachLock back in 2019. Since then, we’ve gained a lot of recognition with our unique approach to Penetration Testing. In our very first year, BreachLock was picked by SC magazine for the Industry Innovator award. 2020 was a rough year with COVID-19. Despite that, we have grown 80% YoY. We currently serve 600+ clients across the US and the UK. We are also thrilled to be recognized as a market disrupter by many leading industry analysts. In July 2021, we were acknowledged by Gartner as a sample vendor in the Pen Testing as a Service (PTaaS) space. It’s been a roller coaster ride, just like giving birth to a baby and then nurturing it to where it is today.

You mention that BreachLock was founded in the cloud. What was the reason behind this decision?

I have been in the cyber security industry for two decades now. I have witnessed an accelerated shift to the cloud in the last five years. With that shift, cybersecurity also needs to adapt. BreachLock has taken a cloud-first approach since its inception. Businesses are currently in an environment of continuous development and continuous innovation, in which applications are being developed at increasing velocity. Before this extreme velocity, some companies could afford to put off security testing until the last possible moment. That’s no longer possible. As dev teams work faster to push code almost every hour of the day, applications are more accessible to threat actors. Cloud-based application security testing platforms like BreachLock optimize across speed, scalability, accessibility, and cost-effectiveness.

In recent years, penetration testing has become standard practice. Can you briefly describe what the process is like?

In a traditional penetration test, one or more cybersecurity experts use a wide array of tools and techniques to seek out vulnerabilities in a system. If they find any bugs, they try to exploit them, and they use their findings to help development teams address weaknesses in their assets and software. With the emergence of PTaaS platforms, we can now benefit from the power of AI to achieve the same result in a much more scalable manner.

What types of cyber-attacks are the most common nowadays, and how damaging are they?

Since the beginning of the pandemic, cybercriminals have started engaging in more diverse types of attacks, and these attacks are a lot more damaging than they were previously. The FBI reports that the number of cyberattacks has quadrupled over the past two years. The scope of the average attack has increased too. In 2017, data breaches exposed about 197- million records, but in 2020, that figure ballooned to 37 billion. According to IBM, the average cost of a data breach went from $7.91M in 2018 to $8.64M in 2020.

The most common types of attacks exploit human error and software vulnerabilities. Malware, for instance, has increased 800% since last year. Now that employees are subject to less oversight from IT and security teams, phishing attacks have become the most common cause of data breaches.

How did the pandemic influence the ways in which threat actors operate?

The pandemic has had a profound impact on how threat actors are operating. Once organizations switched to remote and hybrid work, the threat landscape started to evolve almost overnight. Suddenly IT teams weren’t able to provide the same level of oversight as they were before. At the same time, businesses were quickly moving to provide more digital products and services, often working faster to deploy new code than security teams could keep up. These changes opened up new opportunities for cybercriminals, who began carrying out more attacks—and more types of attacks—than we’ve seen previously. For instance, a lot of health tech start-ups emerged during the pandemic. As a result, health records that were initially isolated in a clinic were now made available to patients from their handheld devices.

With the number of cyberattacks rising every day, why do you think certain organizations are still reluctant to implement proper cybersecurity measures?

In my experience, there are a few reasons companies neglect cybersecurity. Many organizations that aren’t engaging in regular penetration testing don’t have a good grasp of their vulnerabilities, so they don’t necessarily understand the pressing need to secure their assets. You don’t secure what you don’t see. Just because they can’t see those vulnerabilities, though, does not mean the vulnerabilities aren’t there.

In your opinion, which industries should put extra effort into robust cybersecurity features?

If the last year has taught us anything, it’s that digitization is paramount to business success. “Digital transformation” is more than a buzz phrase; it’s a business imperative. Because of that, all business should be rethinking their approach to cybersecurity.

But in particular, I would call out healthcare, financial services, and computer software. The healthcare industry is in the middle of a rapid evolution, pivoting to telehealth offerings and electronic record-keeping to streamline operations. That means they’re subject to greater risk than they were previously. The potential impact of a cyberattack on a healthcare provider is devastating.

And given the increase in cyberattacks against financial services and computer software companies—and the potential for widespread disruption should these attacks succeed—these industries should take a closer look at their security.

Besides regular penetration tests, what other security measures can companies take to protect themselves against cyberattacks?

Unfortunately, there is no one size fits all approach to cyber security. Therefore, I always encourage teams to be situationally aware. If you know your attack surface and the threat landscape, you can prioritize your defense. Besides that, I recommend that every business should focus on basic security hygiene such as timely patching, firewalls, and proper access control. Besides that, a continuous security awareness and training process for your workforce are a must have for every business.

Would you like to share with us what’s next for BreachLock?

As they say, the best is yet to come. We are a young team of mission-driven professionals in four countries. We’re aiming to expand our technology portfolio, and we’ll continue to enable businesses across the globe to find and fix their security gaps before the cybercriminals get to them. Our ambition is to change the way the industry looks at pen testing – to make it far simpler and more scalable. Innovation is in our DNA, and that will continue to drive us forward.

Leave a Reply

Your email address will not be published. Required fields are marked