Lt Col (Dr.) Santosh Khadsare (Retd.) is a Cyber Security and DFIR professional specializing in Digital Forensics. He has joined eSec Forte® Technologies as Vice President (DFIR). He was head of a Digital Forensic Lab at CERT-In, Ministry of Electronics and Information Technology (MeitY) New Delhi.
In addition to his B.E (Electronics and Telecommunications), he possesses additional qualifications such as CHFI, CEH, RHCSA, IVTA (CMU, Pittsburgh, USA), Advance Cyber Forensic Course (CDAC), Cyber Crime Investigator (CCI), Cyber Crime Intervention Officer (CCIO), and Access Data Certified Examiner. Santosh was judged amongst the top three scholars during the MDI-ISAC National Cyber Security Scholar Program for 2020 and awarded the best innovative paper titled “The Role of Digital Forensics in Industry 4.0”.
He has 20+ years plus of rich experience in Digital Forensics, Cyber Laws, Information Security, Cyber Audit, and Incident Response. He is best known in the digital forensics community for his expertise, skillsets, and mentorship qualities.
He has been a speaker at various national and international conferences such as BRICS(2022), Colombo Cyber Security Conference (2022), NASSCOM-DSCI Annual Information Security Summit 2020, International Conference on Cyber Law 2020, Cybercrime & Cyber Security, C0C0N, HAKON, Hackers Day, National Cyber Defense Summit, and GovInfoSec Summit Asia. Also authored various articles on information security and Digital Forensics in national and international publications.
1. Tell us about your journey from an engineering student to a Cyber Security Specialist & DFIR Professional.
I completed my engineering in the stream of electronics and telecommunications from PVG’s College of Engineering, Pune in the last century (1999). Career in cyber security was never on the cards in the initial years hence I started working in the field of telecommunications and Information Technology. One fine day, I came across cyber investigation courses which were launched by Mr. Rohas Nagpal in his institution Asian School of Cyber Laws (ASCL). After personally visiting Pune and understanding the importance of these courses I decided to do my first course in the cyber investigation which was named Cyber Crime Investigator. This is how I entered into the niche cyber field. After that, I did numerous courses related to cyber investigations which led my way into the field of Digital Forensics and Incident Response (DIFR). Along the journey, I also started understanding other verticals within the cyber domain and updating myself on various verticals of cyber audit, and cyber laws, governance risk and compliance (GRC), etc
2. In today’s world, there is a lot of talk about cyber security, particularly with the recent rise of ransomware attacks on the Internet. How can we protect our data and make sure that there are no breaches?
The Internet another networks have brought the world much closer and with that have also come disadvantages as a by-product. Emerging technologies has made human lifestyle easier and they have become a necessity rather than a luxury. In the last two years during Covid-19 everyone was locked in their houses and totally reliant on digital technologies but with that came a surge of cyber-related issues. Every organisation has its own networks and is also connected to the outside world via the internet. Thus, all the threats on the internet also impact that particular organisation. Yes, the rise of ransomware attacks has increased in recent years but that is not the only threat vector being used by cyber threat actors to attack organisations and nation-states in the cyber domain.
Cyber security awareness is the first and most important step that every individual or organisation has to undertake to protect themselves from cyber-crimes or cyber-attacks. It is said that data is the new oil and it has to be protected as it is very valuable hence efforts are made by cyber security professionals to ensure that it is protected in the best possible manner using the state of the art technology available to them. Data can you only be protected if you as an organisation or country have your cyber security measures such as people process and technology in place.
3. In your opinion, what do you think is the most effective way to fight cybercrime like identity theft, data theft, online scams, online fraud, etc.?
As mentioned before as the penetration of the internet increases and digital technologies evolve the threat of cybercrime will increase exponentially and the end user will always be on the receiving end. Financial crimes will reach new heights and other crimes such as cyber-stalking identity theft etc will also affect the day to day life of a common human being.
In my opinion the most effective way to fight this menace is being aware about crimes happening in the cyber world. The government and many cyber security professionals are carrying out numerous cyber awareness campaigns in the country which is the need of the hour. The second important part is reporting when a cyber-crime has happened by various mechanisms put in place by the government such as portals, helplines and cyber police stations. It has been observed that the majority of the people refuse to report a cyber-crime due to numerous issues such as reputation loss or lengthy procedures in getting justice. India is a country has laws, human resources and infrastructure in place to tackle numerous cybercrime cases happening on a daily basis
4. What is your opinion about the current state of cybersecurity in India and what can we do to solve it?
India is a developing country and so the penetration of the internet is increasing day by day. The number of digital assets possessed by every household has increased over the last few years and those not having one or now owning devices such as mobiles, Smart TVs etc. We were one among the first countries to have its Information Technology Act in the year 2000 which was later amended in 2008 and which were followed by IT rules.
With the Digital India initiative, there has been an exponential growth in the IT sector and the services sector. E-commerce has become the way of life and digital payments are the preferred method for financial transactions as of date.
In the field of cyber security, there are various mechanisms which are being put in place by the government and the organisations using digital assets. But with the evolution of numerous technologies the attack surface is increasing day by day and the threat actors are using the same networks for financial or political gains.
Cyber security is a continuous process and has to be addressed by each and every one of us. Not only India but the whole globe is under the threat of cyber-attacks and hence you cannot say at any moment of time that you are fully protected in the cyber domain. So in my opinion we have a long way to go to make India secure in the cyber-space.
5. How far do you agree with the statement: “As the Internet and technology grow, the threats of cybercrime and cyberattacks also grow?” Please explain your thoughts.
I totally, second the above statement as threats of cybercrime and cyber-attack will exponentially grow in years to come. As mentioned technology is no more a luxury but a necessity for every one of us which in turn has increased the attack surface for the attackers to carry out the attacks and succeed if proper cyber security measures have not been put in place. Every household has numerous Digital assets which are not hardened or Do not use endpoint security (for example antivirus on their computers and mobiles) giving an easy pass for an attacker to carry out various types of crimes.
E-commerce and banking transactions being done online thus the cyber threats or increasing. Our footprint on the internet also is being used by the attacker to carry out cybercrime is that such as identity theft or cyber stalking.
6. How important are Cyber Laws? What are the major laws you’ve observed among the developed countries like the US, India, China, etc?
Cyber laws are very important and act as a handy tool to get the perpetrators to justice in the court of law. Having a cyber law in place also assist the law enforcement agencies to curb where Cybercrime is taking place in society.
India was among one of the first countries to have a cyber law called the Information Technology act in the year 2000. This law addressed numerous issues in the cyber domain at that moment of time. As crimes evolved this law was amended in the year 2008 and is also known as IT act 2008 (Amdt). There are many provisions which are being re-looked at this moment of time and in the near future we will have a more refined cyber law which will address all the Cybercrime’s and related issues.
India’s IT Act also gave birth to Cyber organisations such as National Critical Information Infrastructure Protection Centre (NCIIPC) and CERT-India under section 70A and 70B. One of the important things it did was give the mandate the government and 79A to notify Cyber forensic labs as Examiner of Electronic Evidence (EEE), thus making the reports tenable in the court of law.
Similarly, US and China also have their own set of laws to address issues in the cyberspace.
7. What will be the impact of Artificial Intelligence on information security?
Artificial intelligence is a disruptive technology and is going to change the landscape in security. I consider it as a part of a problem and also a part of a solution. Yes, it will assist the mankind in finding solutions to lots of problem statements in the information domain but it will also pose a serious issue on the security side.
I will just give to one example of deep fakes in which with the help of artificial intelligence fake videos of personalities are being made and circulated causing a great security hazard for all of us. On the other hand, can be a powerful tool in protecting the systems against numerous cyber-attacks as they can assist in predicting these attacks.
8. Do you have a story to tell about an incredible case that you solved that you’re really proud of?
Over the years I have been a part of analysing hundreds of cases related to different kind of cyber-crimes and cyber-attacks. Due to constraints I cannot discuss any of them but would surely tell you few approaches which helped me in solving them.
Nowadays most of the digital assets coming to the laboratories for analysis mobile devices which are damaged or in a locked condition using latest encryption techniques. Laboratories are also getting drones and smart gadgets which require analysis. Such kind of cases pose a great challenge but we were able to manoeuvre the challenges and produce results because we had the proper resources and skilled manpower.
9. You have led two National Level Cyber Forensic Laboratories and were responsible for notification, overall functioning, up-gradation, training, analysis, and preparation of reports. What challenges did you encounter while doing so?
Yes, over the past two decades I have been given opportunity to head two Cyber Forensic laboratories and carry out various responsibilities while performing my duty. Notification under 79A of IT Act by Ministry of Electronics and Information Technology scheme is a time-consuming process but if you are able to achieve it you learn a lot and you meet the global standards for digital forensics. Once you are notified your reports get legal sanctity and or a tenable in the court of law.
Continuity of training and upgradation of labs are very important aspects as they help in keeping up to date with various global technological developments in the digital forensics field. Regarding challenges let me tell you one thing every case is a different case and has to be approached in a different manner. You need to have proper skill sets, tools and training to succeed.
10. What’s the most inspiring thing you have learned from your experience as a Cyber Security and Cyber Forensic Specialist?
During my interaction with students and professionals I always mention one thing that if you want to succeed in this field you should have passion and patience. So you are always a student and are learning new things so that the occasion arises you are able to handle in a sound forensic manner. I have learned that every case is a different case and has to have a different approach getting out your tasks as a cyber forensic specialist
For me, inspiration has always been the students and enthusiasts who want to make this as a career option and contribute to this niche field so that India can be a leader in digital/cyber forensics.
11. What is the one thing you would like to say to people who do not know much about cyber security?
I would just say one thing that you don’t have an option of not knowing cyber security. Every user is responsible for the security of the device is the handle. If you have not yet started, start immediately and be part of cyber awareness campaigns which are being run by the government and other cyber security professionals.
12. What would you say is the most rewarding aspect of your job? What will be your advice to those who are seeking a career in Cyber Security & Digital forensics?
A decade back when we used to speak about cyber security and digital forensics, we had very few takers. Not only that the cyber security conferences which were held never stressed or had talks on digital/cyber forensics. But it is good to see today that numerous professionals want to make digital/cyber forensics has a career option. We have to national level universities which are spearheading in churning out professionals in the environment.
To those who are seeking a career let me tell you that you have chosen the right part just have patience you will surely succeed and achieve your objective. I would also like to tell you that have a mentor who will always guide you in the specialisation within the cyber domain. Also take part in conferences workshops and discussions happening around you which will help you in gaining deep knowledge and also increasing your network. I would like to end by saying ‘Mentorship and Internship’ are the key to success.