As cyber threats grow more sophisticated and identity emerges as the new security perimeter, enterprises and governments alike are being forced to rethink how trust, access, and resilience are built in a digital-first world. In this in-depth conversation, Machine Edge Global speaks with Anirban Mukherji, Founder and CEO of miniOrange, a cybersecurity veteran with over 27 years of global experience spanning IBM Security, RSA Security, and his own identity-focused venture. Mukherji shares sharp insights on India’s escalating cyber fraud challenge, the evolution of identity-led security, the critical role of citizen awareness, and why collaborative platforms like the Identity Shield Summit 2026 are essential to strengthening India’s cyber resilience.
Your journey in the cybersecurity and identity space spans both deep technology and enterprise leadership. What key inflection points have shaped your identity-led security philosophy?
I bring over 27 years of experience in cybersecurity, including 13 years at miniOrange, with prior roles at IBM Security and RSA Security in Boston. My work has consistently focused on identity and access management at enterprise scale.
Across organisations, I’ve observed that many high-impact security incidents are symptoms of a deeper issue—ineffective identity and access governance. When users are not authenticated securely, or when access is over-provisioned, risk multiplies rapidly.
A strong identity-first security approach ensures frictionless yet secure sign-ins, reinforced with multi-factor authentication, and enforces least-privilege access so users have only what they need to do their jobs. This principle has proven repeatedly to be foundational for reducing risk, improving operational resilience and enabling secure digital growth.
With rising cyber frauds across sectors such as BFSI, startups, healthcare, and among everyday citizens, what do you believe India’s governance ecosystem is currently lacking in its cybersecurity approach?
India is facing a significant escalation in cyber frauds across all sectors, and the scale of the problem is deeply concerning. For instance, in the PCMC region of Pune alone, annual cyber fraud losses are estimated at nearly ₹1,000 crore roughly ₹3 crore per day. When viewed at a national level, the economic and societal impact is enormous.
The most critical gap in India’s current cybersecurity governance is the under-recognition of the true nature of this threat. These incidents are not isolated cases of individual hackers. What we are dealing with is organised cybercrime-structured, well-funded operations that function much like enterprises. These gangs often comprise hundreds or even thousands of individuals, supported by dedicated infrastructure, intelligence, and standardised operating procedures.
Technically, these networks exploit multiple weaknesses simultaneously. They use mule accounts across banks to rapidly route and split stolen funds, convert them into cryptocurrencies and move the money outside India within minutes, making recovery extremely difficult. This level of sophistication requires an intelligence-led, coordinated response rather than fragmented, case-by-case enforcement.
Another major challenge is the lack of scale and collaboration in our response mechanisms. Limited resources often result in higher-value fraud cases receiving priority, while smaller-value losses such as ₹2–3 lakh may not receive the same urgency, despite being financially devastating for individuals. Today, we do not yet have the infrastructure or capacity to address thousands of cybercrime incidents simultaneously and equitably.
India’s governance ecosystem needs a scalable, intelligence-driven cybersecurity framework, one that treats cyber fraud as organised crime, strengthens inter-agency collaboration, and builds response capabilities at national scale.
How important is citizen awareness in addressing cyber frauds, and where does India need to strengthen its efforts?
Citizen awareness is one of the most critical yet underdeveloped pillars of India’s cybersecurity posture. A large proportion of current frauds, including so-called ‘digital arrest’ scams, succeed not because of technical vulnerabilities, but because of misinformation and fear. It is important to clearly state that ‘digital arrest’ has no legal basis; it is a construct created by fraudsters.
Many citizens are unaware of this, and even fewer know where or how to report cybercrime when it occurs. While some metro cities such as Mumbai have established cybercrime helplines and reporting mechanisms, cyber frauds are increasingly targeting semi-urban and remote regions, where access to such support systems is limited or poorly communicated.
This creates a significant last-mile gap in India’s cybersecurity ecosystem. Without simple, widely accessible reporting mechanisms and continuous public education, fraudsters will continue to exploit fear, urgency and lack of awareness.
Going forward, cybersecurity must be treated as a shared responsibility. Alongside technology and enforcement, India needs large-scale, sustained citizen awareness programs, clear and unified reporting channels, and consistent messaging across regions. An informed citizen is often the first and most effective line of defence against cybercrime.
miniOrange operates at the intersection of identity, access management, and cybersecurity. How do you see the role of identity security evolving in today’s digital-first enterprises?
Ans: Identity has become the new security perimeter in digital-first enterprises. As organisations move to cloud, SaaS, remote work, and API-driven ecosystems, the traditional network boundary no longer exists. What remains constant is identity users, devices, applications and services and how access to them is governed.
Earlier, identity security was largely about authentication verifying who someone is. Today, it has evolved into a continuous, risk-based control layer that governs who can access what, when, from where and under what conditions. Identity security now sits at the intersection of user experience, security, and compliance.
In modern enterprises, strong identity security must deliver three things simultaneously: frictionless access for legitimate users, adaptive security through multi-factor and contextual authentication, and strict enforcement of least-privilege access once a user is inside the system. This shift is central to Zero Trust architectures, where access is never assumed and always verified.
Looking ahead, identity security will increasingly be driven by intelligence and automation using behaviour, device posture and risk signals to dynamically adjust access in real time. Enterprises that treat identity as a foundational security layer, rather than a standalone IT function, will be far better positioned to scale securely in a digital-first world.
Identity Shield Summit 2026 is positioned as a focused platform on identity-centric security. What inspired the idea behind the summit and what gap does it aim to address?
With 27 years of experience in cybersecurity, and exposure to leading global conferences particularly in the US, I have seen how global ecosystems collaborate and share critical threat intelligence. My vision was to bring that same international-level exposure to India.
This Summit is designed as a global-standard cybersecurity platform in India, bringing together software professionals, government stakeholders and armed forces to gain firsthand insights into global threats, evolving fraud patterns and real-world solutions under one roof.
While many conferences in India remain highly exclusive, cyber threats impact every level of society, including the grassroots. Hence, this Summit is intentionally inclusive and accessible, ensuring cybersecurity knowledge reaches those who need it most.
Our goal is simple: democratize global cybersecurity knowledge and strengthen India’s cyber resilience.
How does the summit translate discussions into actionable outcomes for enterprise security leaders and drive growth across the cybersecurity industry?
The core objective of the Identity Shield Summit 2026 is to build a truly industry-wide platform, it is not a miniOrange-specific conference in any sense. Our vision is to create a neutral, collaborative ecosystem for the entire cybersecurity and digital identity community.
This year, over 25 leading cybersecurity and platform companies will be showcasing their solutions, and more than 200 enterprise organizations will be participating in discussions across diverse, real-world security challenges and use cases. The summit is designed to encourage cross-industry dialogue rather than brand-centric conversations.
The rationale is simple: cyber adversaries collaborate extensively to execute sophisticated attacks. To counter this effectively, those responsible for securing citizens, enterprises, and national infrastructure must collaborate even more closely. Identity Shield Summit provides that collaborative environment where problem-solvers come together to exchange insights, share best practices, and collectively shape stronger security outcomes.
Beyond knowledge exchange, the summit also aims to create broader economic and regional impact. Just as sports tourism and medical tourism drive economic growth in different Indian cities, we are fostering what we call “Knowledge Tourism.” Pune, as the host city, will welcome participants from across India and abroad, particularly from South Asia, with speakers and delegates traveling from countries such as the USA, UAE, Kazakhstan, and Vietnam.
Our larger goal is to position the summit as a global knowledge hub one that benefits professionals through meaningful knowledge sharing while simultaneously contributing to the economic growth of the region. By bringing people, ideas and innovation together on one platform, the Identity Shield Summit moves beyond discussions and delivers tangible value at both industry and ecosystem levels.
How is miniOrange helping enterprises transition from reactive security approaches to a proactive, identity-first security model?
miniOrange helps enterprises move from “firefighting” (reactive) to “prevention” (proactive) by establishing Identity as the primary security perimeter through three technical pillars:
● Adaptive Zero Trust: Unlike reactive models that trust anyone inside a network, miniOrange uses an Adaptive Risk Engine. It evaluates real-time telemetry – IP reputation, Geo-velocity and Device Fingerprinting – to proactively “step up” authentication or block access before a breach occurs, rather than alerting after the fact.
● Dynamic Privilege Management (JIT): To eliminate the risk of “standing privileges,” miniOrange implements Just-In-Time (JIT) Provisioning. This grants administrative access only for a specific window, effectively shrinking the attack surface so there are no permanent “keys to the kingdom” for hackers to steal.
● Automated Identity Governance: Using SCIM protocols, miniOrange automates the user lifecycle. By instantly de-provisioning access across 6,000+ apps when an HR status changes, it proactively eliminates “zombie accounts” is one of the most common entry points for lateral-movement attacks.
How would you assess India’s cybersecurity maturity compared to global markets?
India’s cybersecurity maturity is at a pivotal inflection point when compared to global markets. Traditionally, India has been globally recognized as a powerhouse in cybersecurity and IT services, and over the last 25 years this service-led model has played a significant role in building India’s credibility and scale in the global digital economy. However, the global landscape is now rapidly shifting.
With the convergence of AI, cloud-native architectures, and increasingly sophisticated cyber threats, service-centric models alone are no longer sufficient. Global leaders are investing heavily in product-driven cybersecurity ecosystems, indigenous IP and deep-tech innovation. This is where India has both a challenge and a historic opportunity.
I strongly believe India needs nearly 2 million skilled cybersecurity professionals to meet its internal demand and global responsibilities. More importantly, Indian enterprises must now focus on building and producing cybersecurity products within India, not just delivering services. A strong domestic product ecosystem will reduce dependency on foreign technologies, strengthen national digital resilience and position India as a trusted global cybersecurity backbone.
India has a unique advantage: a massive and growing pool of software professionals graduating every year. If this talent is systematically upskilled in cybersecurity, AI-driven threat intelligence, identity security and critical infrastructure protection, it can become one of the country’s greatest strategic assets.
Compared to mature global markets, India is still evolving in terms of product innovation and cybersecurity R&D, but the direction is clearly positive. With supportive policy frameworks, growing startup momentum, and increased awareness at the enterprise and government levels, the next 5–10 years will be crucial. This period can define India’s transition from a service leader to a global producer of cybersecurity technologies.
If executed well, India has the potential not only to catch up with global markets, but to set global benchmarks in affordable, scalable and AI-driven cybersecurity solutions making India a central pillar of the world’s digital security infrastructure.
What role do SMEs and mid-market enterprises play in India’s cybersecurity landscape, and how can they strengthen identity defenses without adding operational complexity?
In the heart of India’s digital transformation, SMEs and mid-market enterprises have evolved into the “Silent Guardians” of the global supply chain. No longer just standalone businesses, you are the high-speed engines and trusted bridges connecting local innovation to global ecosystems. Because you hold the keys to these vast networks, your security posture has become your “digital reputation.” With the advent of the DPDP Act, your role has shifted from simple utility to profound responsibility; you are now the custodians of citizen data and a foundational pillar of India’s digital sovereignty.
At miniOrange, we believe that for a growing team, security that is difficult to use is security that will be ignored. To strengthen defenses without drowning in operational complexity, the philosophy must shift from “restricting access” to “intelligent verification.”
This begins by authenticating the context of a login rather than just the user. By recognizing the rhythm of your business granting seamless entry for a routine morning login in Bengaluru while triggering biometric checks for a 3 AM attempt from an unfamiliar IP – you ensure high security where it matters most without slowing the daily grind. We must also move toward passwordless experiences, leveraging smartphone biometrics to eliminate the primary cause of breaches while offering your workforce a premium, modern experience.
Furthermore, in lean IT environments, automation acts as your “extra employee.” Automating identity lifecycles ensures that when a salesperson joins or leaves, their access to tools like Tally or Google Workspace is updated instantly, killing off “zombie accounts” without manual effort. Finally, securing your most sensitive assets shouldn’t require a massive security center. By using agentless solutions to vault administrative credentials, you gain genuine peace of mind, knowing your critical infrastructure is locked down tight yet remains effortlessly accessible to the right people.
What is your message to Indian citizens on safeguarding themselves against cyber threats?
My appeal to every citizen is simple yet crucial: if you have not experienced a cyberattack so far, do not assume that you never will. Cyber threats do not come with warnings, and awareness is the first line of defence.
Avoid answering calls from unknown numbers and never click on suspicious links or download unverified applications on your phone. When it comes to financial safety, adopt a disciplined approach maintain two separate bank accounts: one for daily transactions and another exclusively for savings. Ensure that the savings account is not linked to any online transactions, UPI, or cards, so it remains inaccessible to cybercriminals.
Equally important is limiting your digital footprint. Avoid sharing personal details, daily routines, or sensitive information on social media. People who are not part of your real, physical world should ideally not be part of your online world either. The fewer unknown connections you have, the lower the risk of being targeted or compromised.
Most social media and digital platforms already offer strong built-in security features. Citizens must actively use them. Enabling two-factor or two-step verification on all accounts especially banking, email and social media is no longer optional; it is essential.
Before transferring any money, pause and verify. Think twice or even three times. Cross-check the account details and contact number, and confirm the purpose of the transaction before proceeding. A moment of caution can prevent a lifetime of loss.
Despite all precautions, if a cyber incident does occur, act immediately. Inform your bank without delay and report the incident to the cybercrime cell or cyber police to seek timely assistance.
Above all, stay informed. Cyber frauds are evolving every day, and continuous awareness is the strongest protection. By remaining alert and adopting basic digital hygiene, every citizen can significantly reduce their risk and stay safe in the digital world.