In an interview with TimesTech, Garry Singh, President, IIRIS Consulting, speaks about the evolving landscape of cyber risk, infrastructure security, and emerging vulnerabilities in a hyper-connected world. He explains why boards must treat cyber threats as business-interruption risks rather than compliance obligations, while highlighting security challenges linked to 5G networks, Industrial IoT, satellite systems, and the growing convergence of digital infrastructure.
Read the full interview here:
TimesTech: Many organisations still treat cyber risk as a compliance requirement. In your experience, do boards underestimate the true financial and operational costs of cyber and infrastructure disruptions? Where are they getting it wrong?
Garry: Yes, many boards still underestimate cyber and infrastructure risk because they evaluate it as a compliance issue rather than as a business-interruption multiplier. Where they get it wrong is in three areas:
- They model breach cost but not cascading operational impact, including production downtime, vendor disruption, reputational erosion, and capital market sensitivity.
- Cyber risk is often isolated within IT governance rather than integrated into enterprise risk modelling and continuity planning.
- Infrastructure interdependencies are poorly stress-tested. In our advisory work, we see organisations that secure their perimeter but fail to simulate systemic disruption across supply chains and digital ecosystems.
The real financial impact of cyber is rarely the regulatory penalty; it is the duration and scale of operational paralysis. Boards that treat cyber as a resilience strategy, not a compliance obligation, demonstrate stronger recovery and valuation stability.
TimesTech: As India accelerates its 5G rollout, do you believe the country’s infrastructure is secure enough for a hyper-connected economy? What vulnerabilities should policymakers and enterprises be paying closer attention to?
Garry: India’s 5G rollout is ambitious and strategically important. The question is not whether it is secure today, but whether security architecture is evolving at the same speed as deployment.
Three vulnerability domains require urgent focus:
- Network slicing integrity: virtual segmentation assumes isolation, but misconfiguration or weak orchestration layers can allow lateral movement between slices.
- Edge infrastructure exposure: 5G decentralises processing, meaning every edge node becomes a potential access vector if not hardened properly.
- Supply chain and firmware assurance: telecom infrastructure relies on multi-vendor ecosystems, and firmware-level vulnerabilities are often the least audited and most consequential.
Policymakers must prioritize secure-by-design telecom architecture, and enterprises must align 5G integration with zero-trust principles. Hyper-connectivity without hyper-segmentation creates systemic exposure.
TimesTech: Industrial IoT is transforming manufacturing and logistics. Is this shift unintentionally expanding the attack surface for cyber adversaries? What risks are most overlooked in smart factory environments?
Garry: Yes, Industrial IoT significantly expands the attack surface because it merges IT systems with operational technology that was never designed for internet exposure.
The most overlooked risks in smart factory environments include:
- Legacy industrial control systems connected without segmentation
- Persistent third-party remote access channels
- Inadequate firmware governance
- Flat network architecture, which allows lateral movement
- Sensor manipulation affecting physical processes
Unlike traditional cyber breaches, Industrial IoT incidents can have physical and safety consequences.
In infrastructure risk assessments, we often find that production optimisation receives investment priority, while resilience modelling lags. Smart manufacturing requires secure convergence, not just connectivity.
TimesTech: You bring defence intelligence thinking into the corporate world. How does a military-grade intelligence approach change the way civilian tech infrastructure security is designed and managed?
Garry: A defence-intelligence framework changes security from static defence to dynamic anticipation.
Military-grade thinking assumes adversary capability, not theoretical risk. It emphasizes:
- Continuous threat intelligence integration
- Red-team simulation and adversarial modelling
- Layered redundancy
- Containment planning
- Rapid decision escalation protocols
In civilian infrastructure, this translates to designing systems for survivability, not just breach prevention. Traditional corporate security focuses on stopping attacks. Defence intelligence focuses on detecting early signals, containing damage, and ensuring continuity under stress. That mindset fundamentally reshapes architecture, governance, and crisis response.
TimesTech: With satellite networks supporting everything from navigation to financial systems, how secure is satellite data in today’s rapidly evolving space technology landscape? What new risks are emerging?
Garry: Satellite infrastructure has become foundational to navigation, financial synchronization, telecom backhaul, defence systems, and disaster response. Security maturity is improving, but new risks are expanding simultaneously. Emerging vulnerabilities include:
- Signal spoofing and jamming attacks
- Cyber intrusions targeting ground control stations
- Firmware tampering within satellite hardware supply chains
- Data interception during satellite-to-ground transmission
- Increased orbital congestion, which complicates monitoring and incident response
As Low Earth Orbit constellations scale rapidly, the attack surface expands beyond terrestrial boundaries. Satellite data protection must now be viewed as hybrid infrastructure security, combining space technology assurance with terrestrial cyber governance. Space is no longer a passive communications layer; it is becoming a contested strategic domain.
TimesTech: From due diligence to forensic investigations and cyber risk advisory, what patterns are you seeing across global markets that signal where the next major infrastructure vulnerabilities may lie?
Garry: Across the global scenario of due diligence, forensic investigations, and cyber risk advisory engagements, several patterns are emerging:
- Convergence risk: IT, OT, telecom, AI, and satellite systems are integrating faster than governance models can adapt.
- Speed-to-digitalisation: Infrastructure is being connected before resilience architecture is stress-tested, meaning risk modelling is consistently outpaced.
- Overreliance on automation: AI and hyper-automation are increasing operational efficiency, but adversarial AI capability is evolving in parallel.
The next major infrastructure vulnerabilities will likely emerge not from isolated breaches, but from systemic interdependencies, where multiple layers of technology converge without unified security oversight.
Future risk is ecosystem risk. Organisations that move from control-based audits to resilience modelling and adversary simulation will be better positioned to withstand that shift.
