As businesses continue to move workloads and data to the cloud, securing the network becomes a huge challenge. Despite cyber security tools and encryption in the market, many organizations continue to deploy only basic security solutions, leaving the cloud security network vulnerable, which in turn leads to an increase in cyberattacks. At a time when more employees are working remotely and accessing most data and workloads on secured connections, the cloud security network is an area they can’t afford to compromise.
In an exclusive chat with Sohini Bagchi of CXOToday.com, Vishak Raman, Director, Security Business, Cisco India & SAARC explains what it takes for organizations to become ‘cyber smart’ and how CISOs can protect their new normal workforce in post-Covid times. Raman also sheds light on some of the new security offerings from Cisco that he believes can ‘truly make a difference’ in the hybrid workplace. Excerpts.
What cybersecurity trends are you noticing in recent months? Where do you think India stands in its commitment to cybersecurity?
There’s no doubt on the fact that the global security landscape has evolved during the pandemic. There is mounting evidence to suggest companies of all sizes are at greater risk of state-sponsored attacks today than they’ve ever been. We are seeing a phenomenal rise in supply-chain attacks in which attackers target large or strategically important organizations via their suppliers.
India has made it to the top 10 in Global Cybersecurity Index (GCI) 2020 by ITU, moving up 37 places to rank as the 10th best country in the world on key cyber safety parameters. The assessment is done on the basis of performance on five parameters of cybersecurity including legal measures, technical measures, organisational measures, capacity development, and cooperation. While the country scored well on almost all the parameters, the areas that need improvement are technical and organization support. That’s where vendors like Cisco have an important role to play in terms of filling the technical gaps, and what an organization would need in terms of respond to a threat, preventing a threat at an early stage and co-partnering with national cyber security strategy, agencies, how to build tools at scale to prevent large scale mass attacks, making sure that the nation is a lot more resilient towards cyber-attacks.
Now that the hybrid workplace is becoming the new normal, what should CISO’s pay attention to, in order to secure their network?
The hybrid workplace that relies on constant connectivity and collaboration is a hacker’s paradise when not managed well. In this constantly changing mix of office and remote workers, devices move in and out of the company networks, and hence the security staff must be vigilant for threats that may be waiting in employee devices and add security layers on top of all of this. This is where zero trust comes into the picture – the end-to-end security strategy that provides your business with the ability to maintain your most important data because you control that access.
In a Zero Trust model, no one seeking access is trusted by default or rather verification is required from every identity before gaining access to data and network resources from inside or outside the network. Building and implementing Zero Trust architecture helps prevent cyberattacks in hybrid workplaces. Each step along the journey aids in reducing your risk of attacks, but without full visibility over your users and assets, you’ll always be at risk. You need a Security Operations Center (SOC) designed to detect and immediately respond to imminent threats. Cyberattacks happen around the clock and from the CISO’s part it needs consistent monitoring, adapting, and remediating.
What does it mean to be ‘cyber smart’? How do you train employees to become cyber smart?
A cyber-smart workplace culture is an essential part of an organization’s cybersecurity foundation. Building a cyber-smart culture means continuously working to develop a robust cybersecurity program and educate all users on cybersecurity. It is about building institutional awareness on the current cyber threats, knowing how to recognize threat vectors as well as preventing and taking appropriate actions to take once identified.
Phishing emails, followed by unsecured laptops and phones are the biggest risks of cyber-attacks. The human element of cybersecurity cannot certainly be ignored. Attackers are well aware of the shortcomings in people and protection systems. These attackers’ prey on these weaknesses by reaching these users with a lack of awareness and leveraging social engineering with phishing attacks to accomplish their goals.
Developing a cyber-smart culture includes ongoing cybersecurity training, awareness reminders. It even tests to ensure individuals know what to look out for and how to protect the data and devices they work with continuously. A solid cybersecurity awareness program includes educating team members with cyber-education sessions, including online training modules and training videos that focus on awareness around recent cyber threats and cybersecurity best practices.
Companies should also be investing more in cybersecurity build better cloud visibility. Cyber smart companies are already partnering with the best security vendors to strengthen e-mail security, identity access management and end points to reduce risk incidents.
How can organizations – especially in the SMB segment – become cyber smart and deploy the right security solutions in the time of crisis?
While it is a necessity for every organization to become ‘cyber smart’, SMBs in India are more worried about cybersecurity risks and challenges. Our research shows, three out of four SMB owners suffered a cyber incident in the past year, resulting in 85% of them losing customer information to malicious actors, in addition to a tangible impact on business. In fact, given that SMBs typically operate with limited resources and smaller teams, simplicity is the key to successful security deployments. For example, we have observed, most SMBs feel that they have too many technologies and struggle to integrate them.
The good news is that SMBs are increasingly taking a planned approach to understand and improve their cybersecurity posture through strategic initiatives. The key word here is simplicity and Cisco has simplified its offerings in a way by building a complete unified client for SMB that has the layers of security. Cisco AnyConnect for example, was the best fit for SMBs in remote environments and those with simple, hardware-based VPN requirements and Duo and Umbrella, easy to use and deploy double dose of defense to protect against phishing, ransomware and other attacks. Cisco Umbrella protects users from accessing malicious domains by proactively analyzing and blocking unsafe destinations. Duo provides strong multi-factor user authentication or identity access management to stop attackers from using stolen credentials gathered from phishing emails or other techniques to log in to business applications – all these come at a package which is less than 100 dollars.
With the increase in newer technology adoption including AI and blockchain, among others, what kind of new skillsets are needed in the cyber security industry to prevent such sophisticated attacks?
There is a growing pressure and incentive not only to ensure security at the network level, but also within the applications themselves. Having the right skills in application security is important because today’s applications are often available over various networks and connected to the cloud, increasing vulnerabilities to security threats and breaches. Secondly, Digital forensics plays an intrinsic role in determining the cause and purpose of a cyberattack. Finally, companies with a security-first culture empower employees at every level with security tools that make employee’s lives simpler with great user experience and supportive training tailored to specific remote user behaviors and skill sets.
How is Cisco differentiating itself in an already crowded cybersecurity market?
While the security market is crowded, no doubt, Cisco has taken a big bold step towards cyber security. While networking makes up the bulk of our revenue, we have innovated and adapted to major technology transition and have made a clear shift to cybersecurity. Today, cybersecurity is baked in every Cisco product. Cisco is following a platform strategy, offering a full suite of security products to its enterprise customers instead of one-off point solutions.
Our recent acquisitions Kenna security, Portshift and Sentryo are proof enough on how aggressively we are positioning in the cybersecurity market. Cisco’s security platform SecureX provides greater visibility across the entire security portfolio, and covers user and email access, device and endpoint protection, network security, and locking down apps and data and we are backing it with our threat intelligence, Talos. SecureX is a fundamental shift in the customer’s security experience by removing the complexity and providing one unified view on the state of customers’ security services and alerts.
We see segments like cloud security and Zero Trust portfolios are growing faster than ever. Our recent acquisition like Cisco Duo has been recognized as one of the best zero trust tools in the market. Cisco already has 300,000 security customers, and its solutions protect 61 million endpoints and 840,000 networks. Cisco generated $3.4 billion of revenue from its security segment in fiscal 2021 and we will continue the momentum in the cybersecurity space.