Inspira Enterprise, a global cybersecurity firm boasting over 500 clients across more than 10 countries, has opened a DFW-based Cyber Fusion Center—a cybersecurity facility designed to predict, fight, mitigate, and respond to cyber threats. The company, which launched its North American operations with headquarters in North Texas in 2022, partners with tech giants IBM, Microsoft, Saviyant, and more to equip the centers with capabilities like automation, machine learning, AI, and back-end management.
Located in Westlake, the cybersecurity center—which is more than 4,000 square feet and employs 13 people working in the security operations center—is built to handle and automatically respond to upwards of 150,000 cyberthreats per second, which translates to 30–40 terabytes of data per day. With Cyber Fusion Centers across India, UAE, the Philippines, and now in North Texas, Inspira provides 24/7 support to its roster of clients through the cybersecurity facilities.
North Texas is no stranger to cybersecurity threats. The City of Dallas was impacted by a hack that released personal data and forced the city to shut down services for months. Dallas County Appraisal District Paid a ransom after it was attacked. More recently, Medical City Healthcare’s parent company was hacked and data from 11 million patients was being sold on the dark web.
At the helm of Inspira’s North American operations is CEO Amit Gandre, who, prior to May 2022 when he joined Inspira, spent the last 18 years as a managing director in Deloitte’s higher education and government practice leading strategic cybersecurity transformations for Deloitte’s clients. Gandre also served as Deloitte’s government and public services cloud cyber risk service leader.
At the close of 2023, Gandre expects the Americas division of Inspira—which currently accounts for 13 of 500 worldwide clients—to report 25 percent year-over-year revenue growth. By the end of the 2023 fiscal year, Gandre forecasts headcount to rise to upwards of 100 employees in Inspira’s America division. That’s an increase from 25, where it stands today. Globally, Inspira has more than 1,500 employees.
“Obviously, we’d like to double, triple, quadruple our clients—and we have the scale and capacity to do so—but that’s not our focus right now,” Gandre said. “I want to our clients to see us as an ally and a security provider that is thinking about cybersecurity differently.”
Over the last 24 months Inspira has acquired two companies and looking ahead toward growing the America’s division, co-founder Vishal Jain is continuing to keep an eye on the M&A market.
“We’ve been in conversations to acquire cybersecurity services companies in the U.S. that we could integrate into our business to add from an offering perspective and add a customer base which we can help cross sell into all our other services,” Jain said. “There are a lot of niche players in the market that have growth constraints after a certain point. But we’ve been working with bankers to see if there’s debt financing available and exploring different rounds. In terms of large equity raise, we’re probably another 18 to 24 months out. Because of all the investments we’ve made on the cybersecurity centers, we’d like to reap the benefits of the revenue and operate at an optimum level, and then we can go to the market for a capital raise.”
D CEO recently sat with Gandre, Jain, Inspira’s American Director and Head of Cyber Fusion Centers Dennis Joshua, and IDC cybersecurity analyst Phil Harris to discuss all things cybersecurity and the state of the industry in North Texas.
D CEO: Talk to me about the state of cybersecurity right now and, looking ahead, how is Inspira working to move the needle in the industry?
JOSHUA: “More than 80 percent of ransomware attacks today are caused by phishing. By 2031, that’s going to be a damage spend off $265 billion just for ransomware. Today, a business or a user in that business is getting attacked by ransomware every 14 seconds. And that’s going to change in 2031 to every two seconds. So, the scale at which ransomware is growing is so high that it brings us to one problem: there is a shortage of cybersecurity talent. We have more than 3.5 million jobs that are unfilled. So keeping that in mind, our vision for the Cyber Fusion Centers is to make sure we partner with the local academia in North Texas and bring the talent in—but not just bring the talent in, also structure the whole talent creation by getting into the early stage of their curriculum working with their faculty and working with their cybersecurity classes. That will allow us to actually build joint prototypes of our experience centers.”
GANDRE: “We have created partnerships with the University of Texas at Dallas, Collin College, and the University of Dallas for a cybersecurity talent pipeline. Doing that was a must. It is important not just for us directly to benefit from talent development but also for organizations around us to benefit from it. Everybody’s looking for top talent. But it’s one thing to look for top talent. It’s also super important to attract new students into cybersecurity before they enter the workforce. So that’s what our focus is.”
HARRIS: “Cybersecurity is now a business conversation. And CEOs, CFOs, CIOs all want to know how they are going to solve the broader problem of cyber threats, and it not impact the business at the same time. So, understanding the business side of cybersecurity right now is probably the most key thing organizations can do today. And that’s one of the things I’m also looking at, in a study I’m doing, is once cybersecurity companies engage the customer, at what level is it important for the senior executives in that organization to see that there’s a cyber partner out there that can actually help them accomplish what they want—at whatever price tag it is—and give them what they need for information so that they can make proper decisions out there and how to secure their company?”
D CEO: How is Inspira educating its clients—the CEOs, the CFOs, the CIOs, and all employees at all levels or businesses—about cyber threats?
JAIN: “So we continuously monitor the largest steel manufacturer in India, we monitor their entire network and all events going on for them. And a suspicious phishing email was clicked by 15 people the other day within that organization. And because we’re monitoring 24/7, I think we were able to curb that problem, isolate that problem, and make the other 40,000 people aware, and just knock that attack out. So that’s reactive work. And then there’s a proactive aspect to our business, as well, where we are training these organizations for security awareness. We’re making sure all teams are trained on security, how to look at links, and how to look at phishing attacks in, how to continuously monitor, and understanding the flood of traffic. And we’ve got teams and experts who are doing this on an every minute basis across the globe. So we’re able to isolate these challenges when they happen, and mitigate those challenges. Our ability to respond is as extremely important as it is to prevent it from the start. So we’re able to manage those two ends of it.”
D CEO: How are recent technological advancements—things like AI, augmented reality, ChatGPT—changing the way aggressors attack corporations and how is it changing the way you approach security?
GANDRE: “In my 22 years in cybersecurity, tools come and go. All things come and go. I think it’s important to understand them and to leverage the full potential of tools. But also, I think it’s important not to overly rely on them. While all the technological advancements are amazing, there are also so many organizations that are just starting security 101. For our more mature clients, these new technologies are something we are definitely innovating in with them.”
JAIN: “The cybersecurity industry has been using AI, machine learning, and automation now for eight to 10 years. But, yes, now it’s getting more mainstream, and we are looking at it as another layer that we have to protect. There’s heavy usage, there is a lot of data entry, so what we have to protect is the usage and the data—which is going to flow out of certain organizations or flow out from certain people into the public domain. And our job is all about safeguarding that. So, what we’re really talking about is the landscape and the function—the usability is increasing. This tech is not creating new threat vectors, it’s just creating more usage. And as soon as there’s more usage, there’s more demand, and when there’s more demand there are things to protect. This is just another avenue for organizations and people to dump some of their HR data into ChatGPT and expect a response. So, those are things that we have to protect. We recently added a ChatGPT advisory class for our clients to teach them how to approach it.”
HARRIS: “When ChatGPT came out it was a signal for me that it’s now happening: we’re starting to see AI that can actually start learning. That was a ‘Wow, fantastic, and oh my god’ moment all in one. Because we immediately started seeing people push their company’s sensitive and confidential data into ChatGPT only because they wanted it to write a report for them. And it became this thing that all of a sudden people were like, ‘Oh my god, finally, we can increase productivity.’ But at the same time, they’re pumping their sensitive data in to an artificial intelligence without security. That’s a bad thing. The downside to ChatGPT is people are going to rely on it too much—and assuming that the answers it gives you are correct is a misconception. Now is the time when we need people in these fusion centers to have the ability to discriminate the responses that come in from these AI tools to tell clients, ‘Yep, that’s correct. I know. That’s correct. So go ahead, go forth, and remediate.’ Or, ‘That doesn’t look quite right. Let’s do a little more research on this and figure out why did we get this answer from the generative AI?’
“Now, let’s talk about the hacker, the attacker. ChatGPT is a perfect platform to help them start popping out malware. It’s perfect. And even if it’s not perfect, it’s handled most of the work, so that they can then produce more malware, and even more creative types of malware that we don’t even know about. See, the attackers are storing vulnerabilities and keeping them hidden until they’re ready to use them. Now they have a tool that can help them start finding creative ways to expose those vulnerabilities with new pieces of malware. And they can have these things already lined up, ready to go, and ready to pull the trigger in a moment’s notice. It’s going to put the attackers ahead of the game. According to the FBI, the attacker community is at least three years ahead of everybody else. Well, I think this has the opportunity to catapult that more than three years of being ahead of everyone else.”
D CEO: No crime evolves faster than cybersecurity. How hackers attacked two years ago is not how they attack today and how they attack today won’t be how they attack two years from now. So, how do you stay ahead of the threat?
GANDRE: “We are constantly educating our clients and never saying no to them when they tell us, ‘I don’t have the budget’ or ‘I don’t know how to do this’ or ‘this is not doable for us right now.’ We need to take that next bold step and try to solve that problem for them and come to a solution to get them where they need to be. Because attackers are doing it. They’re not holding back; they’re constantly evolving. So if there’s an attacker out there that’s constantly evolving and we have a customer that’s not willing to evolve, that’s a problem—and we have to solve that problem. So we have to be bold in how we move in this market.”
HARRIS: “It is particularly crucial time and place in the history of cybersecurity—and I’ve been involved since the early 1980s, with mainframe computers. The benefit for having a partnership with service providers is more important now than ever, but they become a centralized hub of knowledge, especially on how to deal with the threats that are coming out on a second-by-second basis. And to expect your organization to continuously deal with that training and education in house, it’s not going to happen. In large organizations, the employees doing the training most likely don’t focus on just this one thing. They focus on a million and one things. So service providers can actually be a pivotal capability to solve the many cyber problems.”
GANDRE: “In fact, all the things we do in our CFC are all about automation. We want to automate as much as possible because we understand the talent gap; we understand it’s difficult to find the talent to keep up. And it takes time to grow new people, as well. And so our goal is to automate. And I think more service providers just need to figure out ways to continuously invest in cybersecurity. And that’s what we do at Inspira.”