Cybersecurity has always been a tight rope to walk on, but some latest paradoxes add to the chaos

LockBit ransomware, SolarWinds, MOVEit, GoAnywhere and BlackCat- do these names ring a bell? If 2023 is any glimpse of how cyberattacks are evolving, we should be pulling up our socks on security with a new fervor.

As is evident in a string of attacks seen across the world in the last few months, there is no corner or channel that attackers will spare as they exploit business vulnerabilities. They are coming from all sides-with a relentless and ruthless ferocity. Be it a major retail chain, or a Casino, or a big city or a hospital, or a utility- no one has been left unscathed with the tentacles of new attack vectors.

What’s alarming and confusing, then, are a couple of dilemmas that have emerged as enterprises confronted these attacks

Should they pay ransomware or not:

While some big policy movements in the US leaned towards a no-pay stance, businesses are still confused about what vertical, situation or degree of attack becomes an exception to a strict no-ransom approach.

Should we use AI or not:

With all the speed, efficiency and insights that intelligent machines usher in, there is no denying of the fact that AI can also challenge transparency of data in an unprecedented way. As opacity and AI hallucinations become everyday realities, businesses grapple with the Sophie’s choice of using AI while also controlling its dangers.

Personalization vs. Privacy:

Almost every business today is running the race of ‘getting the customer right’ and presenting the exact answer at the right time. It is becoming a core pillar of customer experience and engagement journeys. But new data regulations, privacy demands and legal contours of first- and second-party data usage are adding new question-marks to this mix. How much to personalize? Where to stop? What’s the real boundary to watch for?

Globalisation vs. Sovereignty:

On one hand, competitiveness is expanding its arms far and wide with new global opportunities. On the other hand, there are emerging and strict laws on data location, control and disclosure. It’s a tough balance to maintain.

Encryption vs. Surveillance:

Many businesses promise first-party data security to their customers- as a core proposition of their solution. But when certain governments demand visibility of data for security and law enforcement reasons- another dilemma emerges.

Should they disclose attacks or keep mum?

There is no denying that sharing security-attack related information benefits the industry as a whole and helps the security fraternity a lot in understanding threats. But the connotations of attack disclosure on business reputation, cyber insurance and customer trust are too critical to ignore. Again, a tough decision to make for a
business that has suffered a data breach.


None of these paradoxes have a ready-to-eat answer. They all vary in their degree of impact and severity as per circumstances, a business’s unique context and regulatory climate. But it is always helpful to be aware of them and plan a strategy (no matter how half-baked it may seem to you) before you are caught like a deer in the headlights. Being cognizant of your challenges and craving some sort of organizational posture on it- would help you a lot in confronting these dilemmas – if and- when they hit you.