Shrenik Bhayani joined Kaspersky Labs as the General Manager for South Asia in 2017. Bhayani was instrumental in transforming the organization from an underdeveloped satellite sales team to a high-performing business unit that ramps revenue, market share and profitability. He is also tasked with building the Kaspersky brand in B2B and B2C market segments. Prior to his stint at Kaspersky Labs, Bhayani was the country manager at Unify.
In an exclusive interview with CSO India, Bhayani spoke about the biggest challenges in the cybersecurity landscape and also shared tips for CSOs to have the best security strategy in place for their organizations.
What are the three biggest cybersecurity challenges that you see in 2019?
First one is the attack surface - the increasing amount of automation systems and tools gives cyber criminals the opportunity to plan and execute attacks.
Secondly, the level of general threats are underestimated. A lack of public access to information about security issues within industrial enterprises have a negative effect on the assessment of threat levels at enterprises.
Thirdly, it’s the misunderstanding enterprises have about threat specifics and the sub-optimal choice of protection. Developers create products prone to artificial attacks created by researchers themselves, instead of real world day-to-day threats, which results in rendering industries vulnerable to real-life attacks.
Which technologies are disrupting the cybersecurity landscape?
The constantly evolving technology shapes the future of business. In the recent times, organizations are leveraging new
technologies to keep up with the changing dynamics of the market. But as things growing rapidly, a lot of technology disruptions are set to make a mark in the coming years.
One of the key technologies playing a major role in cybersecurity is Artificial Intelligence (AI). The growth of AI has been very significant in recent times. AI can be leveraged to detect any kind of suspected malware. AI has the potential to become the single most disruptive force of technology in coming years.
Blockchain too has become increasingly popular among businesses today, resulting in a major demand for blockchain-related services. Many large corporations, even small businesses, are planning to integrate blockchain into their businesses. Another technology that can play a major role in cybersecurity is Augmented Reality (AR). Snapchat is the perfect example of using augmented reality. It is one of the fastest growing technologies, and has made its mark.
How can enterprises be better prepared to deal with zero-day attacks and advanced persistent threats?
“Today’s cybersecurity approach in terms of solutions and services don’t just have to be as advanced as the threats, but should be able to strike down a threat even before it hits.”
Organizations can keep themselves safe from these exploits by employing several means of detection. These means can include using virtual local area networks (VLANs) to protect transmitted data, firewall, and secure Wi-Fi system to protect against wireless malware attacks. Individuals can minimize the risk by keeping their OS and software updated or by only using websites with SSL (Security Socket Layer), which secures information being sent between the user and the site.
An APT is a long-term attack meant to locate and exploit highly sensitive information. Here are few steps that businesses can take to be better prepared:
1) Educate all employees about phishing scams: Deploy a training program that teaches employees what to look for, what to do and who to notify if they spot something suspicious.
2) Make sure all security patches are installed: APT hackers look to exploit any weakness in the system, which is why it's so crucial to run updates on all cybersecurity programs. If updates and patches are avoided or delayed, you're leaving your company vulnerable to attacks.
3) Additional safety measures for most sensitive information - don't automatically assign administrator rights to staff accounts if they don't need them.
4) The best way to mitigate risks is to work with an experienced cybersecurity company, one that offers both APT intelligence reporting and the support needed to identify and stop threats.
What impact will artificial intelligence and automated threat intelligence have on cybersecurity initiatives in the coming times?
Artificial intelligence and automated threat intelligence are the next big things which will expand in terms of technological benefits. Both have immense advantages to businesses as it can detect cyber threats and protect businesses from them. As a proactive measure, security teams need to embrace cyber threat intelligence, encompassing technical, operational, tactical and strategic threat intelligence into their existing security operations to leverage specific intelligence.
Today’s cybersecurity approach in terms of solutions and services don’t just have to be as advanced as the threats, but should be able to strike down a threat even before it hits. Hence, it is of critical importance that organizations today enhance their predictive and pre-emptive capabilities with cyber threat intelligence.
What is your advice to CSOs and other top-level security management professionals?
Have a specific budget allotted for cybersecurity in your company. Even if the budgets are not very high, make sure that you at least have a basic security solution that is required to protect your network. Be aware of the smallest details; for instance, if an employee has just moved out of the organization, make sure that their official IDs are taken care of.
Train your employees well. In most cases, they are the first and most vulnerable targets for cyber criminals. Have a strategy in place for threat detection and incident response. Always keep a backup ready for your important data and never let go of small details, even if you may think they won't affect you.