Cyber-security Must Focus On The Human Point

by Moumita Deb Choudhury    Jun 07, 2017

 Surender

A dramatic shift has already taken place in the enterprise technology world. With Cloud, Mobility, Internet of Things and Artificial Intelligence occupying the center stage, there has been an increased focus on security. For enterprises, securing devices and applications are becoming essential. Cyber security company Forcepoint’s focus is centered on enabling companies to drive towards understanding people’s behaviors and intent as they interact with data and IP wherever it resides, i.e. protecting the human point. By delivering IT systems that meet this objective, Forcepoint helps customers provide open, unobstructed access to data, while reducing risk.

In an exclusive conversation with CXO Today,  Surendra Singh, Country Director, Forcepoint, discusses how IT Security professionals risk being obsolete unless they keep up to date and adapt to this changing IT environment. Despite the dynamic IT landscape, from security perspective, the one thing that has remained common through the life cycle of IT is the human interaction. This human interaction with IT tools and systems is increasingly being exploited by hackers to gain access to enterprise critical business data and intellectual property.

How do you see the security landscape in India and globally?

The security attacks are increasingly becoming complex and sophisticated. They are targeted and launched for financial gains. Last year witnessed number of attacks in the form of Ransomware, DDoS and Botnets across various industries. Cyber attackers are now casting a wider net, attacking not just computers and mobile phones but also Internet-connected devices like security cameras or routers, which have exponentially increased the risk landscape.

The security challenges are rising from the rapid integration of the digital and physical and it is being felt globally. As these spheres become increasingly reliant on one another, their influence in boardrooms, across borders and in the halls of government is expanding.

What are the latest trends in the cyber-security domain? 

As more and more technologies get added to secure IT infrastructure, hackers are looking at different ways to gain entry into organisation’s network and steal critical business data and IP. The human point is becoming critical in the way the attacks are being carried out. A large number of ransomware attacks carried out in past one year is an example of how hackers are looking to compromise people. While employee education to ensure proper secure behavior while dealing with corporate information and IT tools is still a hot topic, organisations are uncovering the need to protect critical business information from targeted attacks like cyber espionage and finding anomaly in behavior of the people that may be voluntary or involuntary.Another issue is fast vanishing perimeter of organisations, with many of them adopting cloud-first approach, it is important to know what is happening to enterprises critical data in cloud; who is interacting with it and how it is being used.Millennials are coming into workforce and they represent a cultural shift in the way they consume and share information. They tend to have elevated trust of technology and a tendency to embrace new connected devices that often lack sufficient security to protect data and privacy. They are more open to share personal information on social media and prefer using own digital devices.

What is the level of awareness about cyber-security among Indian enterprises and what level of readiness do they show to invest in it? 

 As India starts consuming more technology, it is becoming vulnerable to cyber security attacks. Indian enterprises spend on security is increasing every year but so is the number of security attacks. As per CERT-In data, a total number of 44,679, 49,455 and 50,362 cyber security incidents were observed during the years 2014, 2015 and 2016, respectively.

 However, Indian enterprises are becoming aware of the impact of IT security on businesses as they go in for digitization. Enterprises today are looking for a business partner that can help them achieve their security requirements rather than looking for a super niche security feature that a small vendor can provide.

Which segment is most inflicted with cyber-threats and which segment generates the maximum demand for security solutions? 

Today, hackers are targeting any and every industry as long as they have something to gain out of it. Certain industries and verticals are more likely to be victimized by cyber threat than others due to the potential value of their data and IP. Healthcare, IT & ITeS, BFSI, Government and Manufacturing are some of the sectors where there is increased digitization in India and they are also amongst the top most cyber-attacked industries.

 Tell us about your India and Global operations- Challenges and opportunities in this space. 

Digital will dominate enterprise IT strategies in 2017 with more and more enterprises attaining digital maturity. Trends like IoT, AI, mobility, bimodal IT and other technological innovations will continue to push the envelope towards digitization worldwide. Industry will also make focused investments in cybersecurity as the surge in cloud, digital applications and devices sets up a never ending game of catch up.

IT security teams will have to craft security policies keeping view of millennials in workforce who have more trust on technology. Similarly, with General Data Protection Regulation (GDPR) coming in force in May 2018, one would see increased investment into strengthening of data protection controls.

On the technology side, next year will increase in number of apps using voice-active AI platform. The rise of voice-activated AI to access Web, data and apps will open up creative new attack vectors and data privacy concerns. Also, the cloud is another expanding vector of attack. It is expected hackers will increasingly target cloud service providers to disrupt businesses moving to the cloud. They will do so by exploiting underlying vulnerabilities in cloud infrastructure or launching DDOS attacks.

 What is your business strategy for this year?

Cybersecurity must move from a technology-centric view to one that understands human behavior and intent and employs systems that can effectively do the same. Forcepoint’s strategy is to help customers rethink cybersecurity by focusing on the human point, i.e. the way people interact with critical business data and intellectual property.  With our new businesses in place, Forcepoint will quickly deliver innovation around these human points of interaction. This approach will deliver the level of capabilities our customers need in the future.