Hello, CyberTech community. Welcome to part #13 of the CyberTech Top Voice interview series with Krishna Vishnubhotla, Chief Scientist and VP of Product Strategy & Threat Intelligence at Zimperium.

The latest CyberTech Interview with Krishna Vishnubhotla is an interactive Q&A-styled conversation. In the interview, Krishna highlights the need to protect businesses through proactive measures, addressing the growing threats targeting mobile devices. As smartphones and tablets become essential tools for work and personal use, the mobile threat landscape has expanded, with cybercriminals increasingly targeting mobile platforms. Today, the links between mobile security and cyber threats are undeniable. Mobile devices, once seen as relatively secure compared to traditional desktops, are now prime targets for a range of cybercriminal activities. The result is a complex mobile security environment where traditional methods are no longer sufficient.

This is where solutions like Zimperium come into play. A leader in mobile security for iOS, Android, and ChromeOS, Zimperium provides a comprehensive suite of tools to protect against the full spectrum of mobile threats.

Join us in shaping the future of cybersecurity. Learn more about how Zimperium tackles the distinct challenges of protecting mobile assets, and why CISOs need MAPS and MTD solutions.

Here’s what Krishna had to say to our AI and mobile cybersecurity community.

Hi Krishna, welcome to the CyberTechnology Top Voice Interview Series. Please tell us about your journey and how you arrived at Zimperium.

Krishna: I’ve always been passionate about software and technology, and my education was a natural extension of that enthusiasm. The first seven years of my career were immersed in the world of software developers, testers, and release engineers, where I gained a deep understanding of the intricate dynamics of building, testing, and releasing complex software. This hands-on experience laid the groundwork for the next decade, which I dedicated to consulting and guiding customers in adopting enterprise-grade solutions in DevOps and Mobile Security. This unique combination of technical expertise and customer-centric problem-solving has equipped me to bridge the gap between engineering and business, delivering impactful, scalable solutions.

How You Can Become a Cybersecurity Hero- ISC2

Please give us a snapshot of the 2024 mobile threat landscape. How is it different from the one we witnessed in 2022-2023?

Krishna: The mobile threat landscape in 2024 is marked by an alarming escalation in attack sophistication and scale. Enterprises now face a growing challenge, with at least 900 million to a billion smartphones connecting to corporate systems annually—excluding the surge of tablets and IoT devices. This number continues to rise, with the average employee juggling 5 to 11 work-related apps alongside a staggering 80 personal apps on the same device, creating a fertile ground for threats.

Mobile-targeted phishing attacks (mishing) have surged, with 83% of phishing sites specifically targeting mobile users. Unique mobile malware samples have risen by 13% year-over-year, with riskware and trojans from sideloaded apps accounting for 80% of observed threats. Platform risks are also significant; 1% of iOS devices and 14% of Android devices in enterprises are non-upgradable, leaving them vulnerable to exploitation. Alarmingly, over half (54%) of organizations have reported data breaches stemming from inappropriate access to sensitive information on mobile devices.

In 2024, bad actors are doubling down on scalable mobile attack techniques like mishing and malware, fully exploiting the fact that mobile devices and apps remain the least protected endpoints within enterprises. This evolving threat landscape demands a renewed focus on mobile security to counter increasingly sophisticated campaigns targeting the weakest links.

Are modern CISOs and mobile AppSec teams prepared against new malware families such as ATS and TOAD? What makes these families so difficult to identify and control? 

Krishna: My simple answer is “NO”. 

Many organizations are still grappling with securing traditional endpoints and IT systems over mobile security, leaving teams underfunded and without the specialized tools needed to address the unique challenges of mobile devices and apps. Furthermore, they are trying to use server-side security technologies and non-mobile-focused products for mobile security. The real issue is that mobile security is still seen as a nice-to-have and not a top three priority for most enterprises. Across the board, mobile threats are barely visible or understood, as is their impact.

What is the biggest challenge for a CISO today? How does Zimperium enable security teams to overcome these challenges?

Krishna: The biggest challenge for a CISO is gaining a comprehensive understanding of the risks tied to their mobile footprint and evaluating the actual effectiveness of their security investments. Mobile devices introduce unique access-related risks, such as app vulnerabilities, unpatched OS versions, malware, missing, etc.  Many CISOs invest in MDM, MAM, or Virtual Device environments, but they lack sufficient clarity around what they do not protect against, leaving organizations vulnerable to data breaches and compliance issues.

Through research and threat data analysis, Zimperium’s primary goal is to help CISOs make informed decisions by providing much-needed clarity. To address this, CISOs need solutions that go beyond basic device management and provide real-time visibility into mobile threats, contextual risk assessments, and actionable insights.

Only by bridging this visibility gap can organizations effectively safeguard their mobile ecosystems and make informed security decisions.

Please tell us a little bit about Zimperium Mobile Threat Defense and how it utilizes AI and Automation against malware-as-a-service and MITMs.

Krishna: AI is at the heart of our MTD solution. Models trained on billions of mobile threat data points, identify malicious behaviors, zero-day threats, and network anomalies in real time.

By utilizing on-device detection, Zimperium ensures continuous protection even without cloud connectivity, enabling rapid and accurate threat mitigation. Automated workflows isolate compromised devices, block malicious apps, and neutralize MITM risks, providing enterprises with proactive and scalable security.  The solution’s adaptive AI allows it to update its detection and protection capabilities over-the-air, enabling businesses to secure their mobile ecosystems against the rapidly evolving mobile threat landscape.

Please elaborate on the AI-enabled threat exposure management for specific industries: 1) healthcare, 2) telecom, and 3) retail

Krishna: The objective of AI-enabled mobile threat exposure management is to build the capability needed to detect, assess, and mitigate mobile-related risks, safeguarding both enterprise systems and user trust.

Healthcare:

In healthcare, mobile devices are integral for telemedicine, remote monitoring, and accessing electronic health records (EHRs). However, they expose sensitive patient data to threats like ransomware, phishing, and unauthorized access. Mobile apps and devices must be secured against vulnerabilities, such as unpatched software or malicious sideloaded apps. AI-driven solutions offer real-time anomaly detection and device hygiene insights, ensuring compliance with regulations like HIPAA while protecting critical patient information.

Telecom:

Telecom providers face a growing attack surface as 5G adoption accelerates, introducing risks like SIM swapping, malware targeting customer apps, and network interception. Mobile apps used for account management and communication are especially vulnerable to tampering and credential theft. AI-enabled solutions monitor network traffic for rogue activity, secure telecom apps against reverse engineering, and detect fraud patterns, helping to protect infrastructure and customer trust.

Retail:

In retail, mobile apps for e-commerce and loyalty programs are frequent targets of malware, phishing, and fraudulent activity. These threats can compromise payment systems, expose customer data, and damage brand reputation. AI-powered security solutions safeguard payment transactions, prevent account takeovers, and assess third-party integrations for vulnerabilities. This ensures secure mobile experiences for customers while protecting retailers from data breaches and revenue loss.

For young professionals looking to build a career in cybersecurity, which certifications and academic resources would you recommend?
For young professionals entering cybersecurity, certifications and education remain critical, but their role is evolving in a world where specialized content is abundant. Traditional certifications like CompTIA Security+ and Certified Ethical Hacker (CEH) provide foundational knowledge and hands-on skills, while advanced options like CISSP or GIAC Security Essentials (GSEC) cater to more experienced professionals.

For those focusing on mobile device and app security, certifications like GIAC Mobile Device Security Analyst (GMOB) and Certified Mobile Application Security Tester (CMAST) are highly relevant.  However, the growing availability of targeted resources on platforms like OWASP, SANS, Udemy and Coursera allows learners to dive deep into niche topics like Android & iOS security, Mobile Penting,  Malware Analysis without waiting for formal courses.

What kind of skill development and hiring trends do you foresee for cybersecurity professionals in the next 3 years– your guidance for professional development?

Krishna: For cybersecurity sellers, the industry must combine technical fluency with strong consultative selling skills to address the unique challenges of their buyers. Understanding key concepts like Zero Trust, threat intelligence, and compliance requirements is critical for building credibility with technical decision-makers. With the rise of AI-driven tools, sellers must also articulate the measurable ROI of their solutions, such as reduced risks or cost savings. Success in this space requires continuous learning, a problem-solving mindset, and the ability to build trust over long sales cycles.

For cybersecurity engineers, the industry is increasingly valuing experience over traditional degrees, particularly as the demand for skilled professionals continues to outpace supply. While degrees still hold value for foundational knowledge, hiring trends show a shift toward practical, demonstrable skills.

In cybersecurity marketing, having professionals who deeply understand technology is becoming significantly more important than relying solely on traditional marketing mechanics. The unique complexity of the cybersecurity landscape and the technical audience it targets demand a blend of technical expertise and marketing acumen to effectively communicate value and build trust.

What are your predictions for the cyber tech market in 2025?

Krishna: The cybersecurity market will likely experience a significant shift towards mobile-centric solutions by 2025. More adjacent security solutions will integrate mobile-centric capabilities, reflecting the growing reliance on these platforms for both personal and enterprise use.

The Mobile Supply Chain Risk Assessment sector is poised for rapid growth as organizations recognize the need to secure third-party apps, in-app components, APIs, and SDKs in mobile ecosystems. As a result of leveraging AI, Low Code Development platforms will gain efficiencies, but will also make vulnerabilities more difficult to identify and fix.

Additionally, organizations will start to move away from managing entire devices and toward developing self-defending apps—applications equipped with built-in security mechanisms to protect themselves across any device or environment. 

Thank you so much Krishna for participating in our CyberTech Top Voice Interview series. We look forward to having you and Zimperium again!

Recommended CyberTech Interview: Fintech’s Digital Fortress Under Attack: Cybersecurity Challenges in 2025

To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com

To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com

About Krishna Vishnubhotla


Krishna Vishnubhotla is an accomplished expert in the SaaS sector, renowned for driving startup success through innovative product and marketing strategies. He specializes in mobile application security, demonstrating a strong ability to craft and implement product visions that lead to substantial revenue increases. Krishna also oversees a global customer success portfolio and has forged valuable strategic partnerships. His leadership extends to spearheading revenue initiatives, catering to a wide range of clients across various industries.

About Zimperium

Zimperium is the leading provider of mobile security solutions, offering real-time, on-device protection against known and unknown mobile threats. With advanced AI technology, Zimperium delivers comprehensive security for mobile devices, applications, and networks, safeguarding organizations from data breaches and financial loss.