As Managing Director at Symantec, Gaurav Agarwal is responsible for leading Symantec's enterprise security business in the India & SAARC region. He has over 20 years of experience in the IT sector and prior to joining Symantec, Gaurav had leadership roles at other leading IT companies including Cisco and IBM.
In an interaction with CSO India, Gaurav Agarwal threw light on the prevailing threat landscape and how Symantec has prepared to help enterprises fight the advanced forms of cyber-attacks.
What are the three biggest security challenges that you see in 2019?
Enterprises are on the fast track in their digital transformation journey to stay relevant and ahead of their competition. The threat landscape continues to grow in parallel as it becomes more dangerous and complex, and one of the biggest challenges for enterprises today is to stay ahead of new forms of cyberattacks that are emerging.
Formjacking – a new form of money-making attack, is one such example. According to Symantec 2019 Internet Security Threat Report Vol. 24, formjacking compromised an average of 4,818 unique websites each day in 2018, representing a serious threat for both businesses and consumers.
As headlines of cyberattacks increase in number and frequency, enterprises are placing utmost importance on cybersecurity. However internally, security professionals are still struggling to tackle the burden of integration. There are simply too many security solutions and point products in the market, making it extremely complex for enterprises to choose the right combination.
Compliance and regulations continue to pose huge challenges for enterprises. Organizations need to have strict guidelines in place to handle data, and that includes specific policies and practices for cyber security. While many companies have bulked up privacy teams; brought in new resources including data protection officers; invested in GDPR compliance and more, an IAPP survey found that less than half of respondents said they are fully compliant with GDPR.
Which technologies are disrupting the cybersecurity landscape?
As we move towards greater innovations and technological advancements, attackers are finding new ways to disrupt and extort. Based on Symantec’s cyber security predictions for 2019, attackers will be exploiting Artificial Intelligence (AI) systems to aid attacks as many AI systems are home to massive amounts of data. There is a growing concern about the fragility and susceptibility of these systems to malicious input that can corrupt their logic and affect their operations.
Attackers will also enlist AI techniques to supercharge their own criminal activities. AI could be used to make phishing and other social engineering attacks even more sophisticated by creating extremely realistic video and audio or well-crafted emails designed to fool targeted individuals. AI could also be used to launch realistic disinformation campaigns.
How can enterprises prepare better to deal with zero-day attacks and advanced persistent threats (APTs)?
In a world where the perimeter is disappearing, it’s not enough to simply defend against exploits and threats. Advanced threats, such as ransomware, remote access trojans, advanced persistent threats (APTs) and zero-day attacks, are on the rise and security professionals can no longer rely on using individual point products at each control point to stop them.
The process of uncovering threat data across endpoint, network and email gateways is manual and time-consuming, which gives attackers an edge. What enterprises need is a unified solution that can secure across endpoints.
While zero-day attacks demand proactive security monitoring and software-defined approaches, they are becoming harder to acquire. This has been largely driven by an increased focus across the industry on identifying and patching vulnerabilities.
“Attackers will enlist AI techniques to supercharge their own criminal activities. AI could be used to make phishing and other social engineering attacks even more sophisticated by creating extremely realistic video and audio or well-crafted emails designed to fool targeted individuals.”
Many major software companies now have bug bounty programs, incentivizing third-party researchers to identify bugs in code. There is also heightened awareness among end-users about the importance of keeping software up-to-date.
What impact will artificial intelligence and automated threat intelligence have on cybersecurity initiatives in the coming times?
Machine learning and artificial intelligence can help in enabling cyber defense tools and many see a cybersecurity superhero in the form of ML and AI capabilities folded into modern-day tools and platforms. AI and ML-enabled cybersecurity tools have a much better shot at identifying and detecting attack vectors from a collective morass of data points than any individual threat analyst or team of security professionals.
According to PWC’s 2018 Global State of Information Security Survey, 27 percent of organizations plan to invest in cybersecurity defenses that incorporate some form of AI and ML. While AI and ML has been two trending words in the last few years, Symantec has already been leveraging AI capabilities for the last 10 years. Symantec is also exploring how to leverage next-gen technologies such as neural networks to solve security challenges.
What is your advice to CISOs and other top-level security management professionals?
According to Gartner researchers – IT security professionals have routinely said they regard hacks and data breaches as virtually inevitable. Although security spending is increasing, there is still a need for CISOs to argue successfully for new resources while also demonstrating that existing resources are being used effectively.
Here are some ways that can help:
Assess the harm that existing investments have handled and explain the harm broadly: IT security teams seeking new resources should first show how existing programs have (or haven’t) worked.
Create a full-company risk assessment that compares IT security risks with other business risks: IT security is fundamentally about managing risk and mature corporations manage risk globally, not in isolation. Pitches for greater IT security resources should be made in the context of an organization’s overall risk profile.
Shape IT security programs around the organization’s overall corporate strategy: CISOs need to analyze their companies’ overall strategies, and develop security programs around concrete new programs or initiatives rather than general threats.
Ask whether past “best practices” regarding security budgets still make sense, and explain why they may not: Clearly identifying cost drivers may help CISOs convince even non-technical board members to reexamine conventional budgetary wisdom.
Promote an organizational culture of security: Educating employees on security awareness offers potentially positive returns in terms of mitigating risks.