Recent number of growing attacks directed towards Indian enterprises has given cybersecurity its deserved place as one of the biggest concerns of the corporate world. Heading Sales & Operations for Sophos in the subcontinent, Industry veteran Sunil Sharma talks about how enterprise boards are warming up to CIOs and CIOs, newer challenges as cyber-attackers advance their own skills and how synchronized security is the key to security for enterprises today.
“The first fundamental thing what Sophos did is talk about a concept called synchronized security. This concept is towards the best practices CIOs and CISOs should follow.” – Sunil Sharma, VP – Sales India and SAARC, Sophos.
India Inc. has been witnessing phenomenal growth in the recent times. The economy is growing at a GDP of 7 % plus with massive projects being executed. With the rate at which this growth is taking place, digitization has been playing a very vital role in the economy. “Our Prime Minister Narendra Modi has been emphatically reiterating that digitization is a must for us to grow to the next league,” Sunil Sharma, VP Sales for India & SAARC at Sophos exclaims.
In the corporate world, where this growth has been exemplified, cyber attacks have been on a perpetual upward track. As per a recent Geo-malware survey conducted by the Sophos Global Lab it was observed that the attack percentage for India was at a steady rise with a rate of 16.9% which is a big number compared to global levels. “This is huge,” Sunil continues, “It was also observed that we are among the top five countries in the world in terms of these cyber attacks. This is testimony to the fact that as to how our burgeoning economy, with an almost unparalleled growth is attracting cybercriminals and attacks from all over the world.” There has been no discrediting the fact that Indian corporate are becoming victims each and every day as these cyber creeps target enterprises of all sizes. “In the last five years, this growth has come in a hockey stick pattern. We cannot blame the CIOs and CISOs as the organizations never had much of a focus on the information security part. The budgets for information security had been miniscule all the time.”
As per Sophos, by and large there had been two fundamental aspects to enterprise security that had been major challenges to organizations. First and foremost, user awareness or rather the lack of it across all organization has been a major contributor towards such kinds of attacks being executed every now and then. “Bad guys will attack but how does the organization secure itself? Are you aware that when somebody is sending you a simple .doc file that might also be a phishing attack?” Sharma affirms. Joining user awareness in this task is the security infrastructure that these organizations have deployed. “The safety measures… the security solutions which all these major corporate have deployed. Have they mitigated all those risks or are there still loopholes that are being vulnerable to such cyber criminals?” Cybercriminals have been readily taking advantage of these uncertainties in enterprise security.
“We cannot blame the CIOs and CISOs as the organizations never had much of a focus on the information security part. The budgets for information security had been miniscule all the time.”
Are corporate on the right path today?
Sharma believes organizations have started maturing in their approach when dealing with threats. “They may not have been in the past but enterprises today have started realizing that information security for them is fundamental. It is like a palace where the treasure hasn’t been locked and secured properly.” Enterprises have deployed a huge number of network storage devices. There has been complete digitization of infrastructures. Now, with the right understanding, they have realized the need to follow security practice as business practice to protect the precious data which is vital to them. They have understood that only then can their business be immune of such kinds of cyber criminals and their damaging attacks. “They are on the right path… starting from doing an audit to performing vulnerability assessment and management tests. This enables them in understanding what gaps are there and where they need to plug them.”
Enterprise security has transformed today with the availability of right capabilities and competent security professionals. Boards have started to give them a fair ear on budget issues. “This is happening now because of the amount of awareness that these attacks have brought. Cybercriminals have our CEOs more aware, whether it is manufacturing as an industry, or finance, hospitality or the IT/ITES. The trend is being witnessed across all kinds of verticals. As people are becoming more and more aware, it is leading to the organizations becoming more secure.”
Security conversations as enterprises transform
CIOs and CISOs have been heading the security banner for enterprises. “Old setups using legacy platforms are generally silo-ed. It is impossible for sales teams to talk to people at all levels. Most of the times, we have been talking to the CIOs and CISOs only.” Sharma continues, “If you talk about the enterprise class of segment, people are very well aware. CIOs and CISOs willfully own up to the responsibility of securing data and infrastructure completely.” In the mid –market segment, the situation isn’t as spot on. “They need to take precautionary safety measures and integrate the data and systems which are in silos to ensure that they have specific output which they are looking for.”
“As the awareness is increasing and reaching CEOs and CFOs, it has become easier for CIOs and CISOs to get budgets approved.”
However, as Sunil points out, things are improving. “We deal with pragmatic enterprise and mid-market segment quite a lot. My observation is that mid-market segment is becoming more aware nowadays. As the awareness is increasing and reaching CEOs and CFOs, it has become easier for CIOs and CISOs to get budgets approved.” Sophos witnessed this trend when a very famous recent virus breakout crippled hundreds of businesses globally. “Ransomware which has made whole world cry,” Sunil exclaims, “WannaCry has made a huge impact! We have had CIOs coming back to us and saying that now management has given a go ahead. Earlier the boards did not understand this type of an attack but the media coverage that this attack has received has made a lot of people understand as to what the meaning of ransomware is and why anti-ransomware solutions are the need of the hour.”