Anil Bhasin is the regional vice president for the India and SAARC at Palo Alto Networks. Bhasin has over 25 years of experience in the industry, and joined Palo Alto Networks from Cisco, where he spent 12 years in leadership roles including the Services business for India & SAARC. Prior to joining Cisco, Bhasin had a two-year stint at Getronics as a national sales manager.
In an interaction with CSO India, Bhasin talks about cybersecurity challenges, role of AI and advice for CSOs.
What are the three biggest security challenges that you see in 2019?
Some of the biggest challenges that organisations face today are:
IT talent shortage: More than half of the organisations in the industry today face cybersecurity skills shortage. According to Cybersecurity Ventures, globally, the projected demand will increase exponentially.
High cost of implementation: Strong security can be costly for a company to implement internally. The licensing fees, the cost of a specific hardware for a security solution as well as labour required for maintenance is immense. Therefore, companies today use cloud service providers to run their IT infrastructure.
Compliance and regulations: Maintaining a good compliance posture becomes a greater challenge as rules and regulations change quickly. Indian organisations which have global presence must make sure that they adhere to both global as well as local transacting country compliance norms. Hence, they need to have visibility of their current status and what is required to be fully compliant.
Which technologies are disrupting the cybersecurity landscape?
As organisations turn digital and more advanced, breaches have also grown exponentially, both in terms of numbers and the extent of damage that they do to businesses and their reputation. Emerging technologies such as big data analysis, artificial intelligence and blockchain can help organisations reclaim surrendered ground snatched by sophisticated threats, limited internal resources and a widening attack surface.
Cyberattacks are becoming more sophisticated and cybercriminals now combine multiple techniques including malware, ransomware and social engineering to compromise data. Technologies like blockchain, AI/ML, and big data analytics are ideal to revolutionise the way companies think about cybersecurity.
We generally assume that all threats are ‘information stealing’ in nature. But that has changed, and the threats have become multi-faceted. Companies need to secure themselves from such cyberattacks by thinking ahead of cybercriminals.
How can enterprises prepare better to deal with unknown vulnerabilities?
Maintaining security operations in enterprises is vital, as preventing incidents is comparatively less expensive than responding to them. The key is to implement effective security automation. The right security automation platform reduces the amount of time and effort human security professionals have to spend on manual tasks.
Security automation can be integrated into the existing infrastructure of a company and whenever a threat is detected, AI can analyse it and determine whether it should be sent to the security professional for further action or not. AI can determine its importance and act on it accurately. AI and machine learning can make the whole security automation system smarter as the cyberthreat landscape evolves.
What impact will artificial intelligence and automated threat intelligence have on cybersecurity initiatives in the coming times?
“Indian organisations which have global presence must make sure that they adhere to both global as well as local transacting country compliance norms. Hence, they need to have visibility of their current status and what is required to be fully compliant.”
The future of cybersecurity will benefit from more AI-enabled prevention and protection systems. These systems are also likely to allow humans to interact with the AI algorithm easily. AI algorithm can detect any changes that appear abnormal. It also helps in gaining insights into sources of potential threats from external as well as internal sensors.
AI can reduce the workload for cybersecurity analysts by helping intelligently automating the manual tasks as well as prioritise the risk areas for attention. Hence, redirecting human efforts towards higher value activities.
The organisation can use AI and automated threat intelligence to enhance their cybersecurity efforts. They can also use AI to automate and improve businesses processes. It facilitates intelligent responses to attacks based on shared knowledge and learning. This helps in the efficiency of employees as they can focus on investigating high probability signals rather than spending time finding them.
What is your advice to CSOs and other top-level security management professionals?
The role of the security professionals has evolved from being just a technical expert to a decision-maker. It has now moved to the boardroom level and hence it is critical to keep oneself abreast of not only the latest technologies and upgrades but also encompassing learning more rapidly, communicating more effectively, knowing more about the business, and matching the capabilities of an ever-improving set of attackers. CSOs are now expected to encourage and work towards upskilling employees through training programmes and certifications.