The 1975 Bollywood classic Sholay is often hailed as one of the greatest films in Indian cinema. Its gripping storyline, memorable characters, and iconic dialogues have captivated audiences for decades. But beyond its cinematic brilliance, Sholay offers valuable lessons for today’s Chief Information Security Officers (CISOs).
At first glance, Sholay and cybersecurity may seem worlds apart, but a closer look reveals striking parallels.
The fight between the heroes and the villainous Gabbar Singh mirrors the battle CISOs face against cybercriminals today. Let’s delve into some key themes from Sholay that resonate with the challenges CISOs navigate in the ever-evolving cybersecurity landscape.
Building a Strong Defense: The Ramgarh Strategy
In Sholay, the peaceful village of Ramgarh is terrorized by Gabbar Singh and his band of dacoits. The village lacks the strength to defend itself, so the leader, Thakur Baldev Singh, hires two experts—Veeru and Jai—to protect it. This decision represents the village’s move from vulnerability to proactive defense.
Cybersecurity Lesson: Like Thakur, CISOs must acknowledge that vulnerabilities exist and act decisively to strengthen defenses. A key aspect of cybersecurity is recognizing gaps and bringing in specialized expertise to fill them. Whether it’s deploying next-gen firewalls, endpoint detection systems, or expert teams to monitor threats, building a layered and comprehensive defense strategy is crucial for protecting the “Ramgarh” of your organization.
The Importance of Monitoring and Response: Veeru and Jai as SOC Analysts
Veeru and Jai don’t just sit in the village; they actively patrol, engage with the villagers, and scout the enemy’s movements. Their strategy is to stay one step ahead of Gabbar’s attacks, anticipating his moves and planning countermeasures.
Cybersecurity Lesson: In the digital world, CISOs must set up a robust Security Operations Center (SOC), where dedicated teams continuously monitor network activity, analyze potential threats, and respond swiftly. Just as Veeru and Jai’s vigilance helps Ramgarh prepare for attacks, a well-coordinated SOC team identifies and neutralizes threats before they can harm the organization. Early detection is often the difference between a close call and a catastrophic breach.
Insider Threats: Trust But Verify
One of the most harrowing moments in Sholay occurs when one of Gabbar’s men infiltrates Ramgarh as a trusted informant. This insider threat nearly leads to disaster, showing that even in tightly-knit communities, vigilance is critical.
Cybersecurity Lesson: Insider threats remain one of the most dangerous vulnerabilities for any organization. CISOs must adopt a “trust but verify” approach. Implementing policies like least-privilege access, user behavior analytics, and strict access controls ensures that even trusted insiders are monitored. Employees may unintentionally compromise security, or worse, act with malicious intent. Tools like identity and access management (IAM) and privileged access management (PAM) help minimize these risks.
Resilience in the Face of Attacks: Recovering from Breaches
Despite the best efforts of Veeru and Jai, Gabbar and his gang do manage to launch successful attacks on Ramgarh. However, instead of folding, the heroes and villagers regroup and fight back. They adapt to the situation and develop new strategies to outwit Gabbar.
Cybersecurity Lesson: No matter how secure an organization believes it is, breaches can and will happen. What defines strong cybersecurity is the ability to recover quickly and learn from attacks. CISOs need to focus not only on prevention but also on resilience—having incident response plans, backup systems, and a disaster recovery process in place. This ensures that when an inevitable breach occurs, the organization can bounce back with minimal disruption.
The Gabbar Singh Archetype: Evolving Threat Actors
Gabbar Singh, the film’s central villain, is ruthless, unpredictable, and evolves his tactics throughout the movie. He’s not an ordinary dacoit but a mastermind who continually adapts his strategies based on what Veeru, Jai, and the villagers do.
Cybersecurity Lesson: Cybercriminals today, much like Gabbar, are constantly evolving. From ransomware groups to state-sponsored actors, hackers continually refine their techniques, shifting from brute-force attacks to sophisticated social engineering or multi-vector threats. CISOs must adopt a mindset of constant vigilance, always updating their defenses and training their teams on the latest attack vectors. Threat intelligence and staying ahead of the cybersecurity curve is key.
The Power of Collaboration: Everyone Plays a Role
In Sholay, Veeru and Jai cannot defeat Gabbar alone. The entire village comes together in the final battle. Even the once hesitant villagers realize they must contribute to protect their community.
Cybersecurity Lesson: Cybersecurity isn’t just the responsibility of the CISO or the IT department. Every employee plays a role. Security awareness training is crucial for building a culture of cybersecurity. Whether it’s avoiding phishing scams, reporting suspicious behavior, or following security protocols, a collective effort is needed to defend against cyberattacks. Just as Ramgarh united to defeat Gabbar, organizations must foster collaboration across all departments to maintain a robust security posture.
Know Your Enemy: Understanding the Threat Landscape
Throughout the movie, Veeru and Jai spend time studying Gabbar’s tactics and movements, gaining insight into his plans. This helps them anticipate his attacks and prepare accordingly.
Cybersecurity Lesson: For CISOs, understanding the threat landscape is critical. Threat intelligence gathering, continuous learning about the latest malware, ransomware tactics, and hacker groups like Lazarus or APTs (Advanced Persistent Threats) are essential. Knowing your adversary allows you to anticipate their moves and take proactive steps to defend against their attacks.
Final Thoughts: CISOs as the Thakur of Cybersecurity
Thakur Baldev Singh, the retired police officer, represents the quintessential CISO of Sholay. Although Thakur cannot fight Gabbar directly due to his physical limitations (he has lost his arms), his wisdom, strategy, and leadership are what ultimately lead to Ramgarh’s victory. Like Thakur, CISOs must lead with foresight, create robust defenses, and rally their teams to face modern cybercriminals.
In today’s digital age, Sholay serves as more than just entertainment—it’s a reminder that even the strongest defenses must be constantly evaluated, adapted, and reinforced.
Whether it’s protecting against insider threats, building resilience, or fostering a collaborative security culture, the lessons from this iconic film resonate deeply with the challenges CISOs face in safeguarding their organizations against cybercriminals.
As Gabbar Singh said, “Joh darr gaya, samjho mar gaya” (Whoever is afraid, is already dead).
In cybersecurity, fear can lead to inaction. It’s the CISOs who are fearless, vigilant, and prepared who will emerge victorious.
