A CISOs biggest concern is to protect the data of the organization. It is not so simple always as the lack of awareness among the employees might just complicate things further for the CISO rather than assisting him/her.
Cybersecurity education is a critical tool for enterprises faced with an increasing volume of constantly evolving threats. ”
Mr.Shrenik Bhayani, General Manager, Kaspersky Lab (South Asia)
What are the current technological challenges that the CISOs are facing?
The constantly evolving technology is shaping up the future of business. The biggest challenge that CISO faces today is protecting the data. CISO should always stay ahead of the game as his job is to protect not only his company’s data but also their client/ user’s data, a stolen data can prove fatal for the company.
With people being more and more dependent on technology security has definitely become more complicated. In addition to it, there is a boom in the business of hacking as hackers are constantly finding new and sophisticated ways to attack with evolving technology. With growing digitalization things are now started getting connected to each other; for e.g. now there are multiple ways that are possible to transact or withdraw your money. To keep up with the development in the increasing number of interlinked systems is also a major task for the CISO. Newly launched products or technology that come without any in built security can also be a possible challenge for a CISO.
Awareness is also a major concern in cybersecurity, most of the people aren’t updated about it and they don’t think it’s essential for the business. Earlier in India there was no specific budget that was allotted in a firm for cybersecurity. A small organization often thinks that they don’t need cyber security as they won’t be a potential target for hackers. We have often heard tech giants also falling in the trap of hackers and losing tons of valuable data. There are times when employees avoid some strange functioning in their emails and the ignorance of that often leads to a huge cyber-attack. So, carelessness from the company as well as employees can also be a huge challenge that a CISO faces.
The vendor landscape has started to leverage AI & ML for protecting the threat landscape. What is your organisation proposing to customers?
As modern threat landscape continues to expand, leveraging artificial intelligence and machine learning by companies to do business has become one of the key practices. At Kaspersky Lab we use the Humachine formula- which means efforts by human and machine. Even with the presence of AI in our products, we like to give it a human touch to analyse possible threats that could affect the processing of the company. We follow the strategy of working with an advanced technology like AI and using our human expertise to analyse these advanced technologies to prepare our products.
What are the solutions that you offer to them to face those challenges?
We have developed our solutions by understanding the threats and targeted attacks on SMEs. We therefore offer a variety on endpoint solutions that can be altered according to the company’s requirements and suiting their cybersecurity budgets. Kaspersky’s endpoint security solutions include Kaspersky Hybrid Cloud Security, Security for Microsoft Office 365, Kaspersky Security Business Total, Kaspersky Threat Management and Defense, Industrial Cybersecurity and Fraud Prevention.
How do you think the Indian Data Protection Bill will affect the Cyber Security solutions that you offer to the Enterprises?
As a global company, we comply with local laws and regulations. Respecting and protecting customer privacy is a fundamental principle of Kaspersky Lab’s approach to processing data. Kaspersky Lab only processes that data which is necessary for product functionality to perform as promised, for example, to identify new and as yet unknown threats and offer better solutions to customers. The company does not attribute this data to specific individuals, anonymises it in most cases and robustly protects it.
How is data protected in transit between the vendor and the client as well as between?
All data sent to Kaspersky Lab by users is not attributed to a specific individual and is anonymised wherever possible. Actions to achieve this include deleting account details from transmitted URLs, obtaining hash sums of threats instead of the exact files, obscuring user IP addresses etc. The data provided is protected even during transit, in accordance with stringent industry standards, including encryption, digital certificates, segregated storage and strict data access policies.
Security training is a key element of operational success, how does your organisation help or do you think, customers are adequately, training their staff on awareness?
There are a lot of companies that are now giving cybersecurity utmost priority. Cybersecurity education is a critical tool for enterprises faced with an increasing volume of constantly evolving threats. IT Security staff needs to be skilled in the advanced techniques that form a key component of effective enterprise threat management and mitigation strategies. Equipping your team with the most up-to-date knowledge will help defend your organization against even the most sophisticated attacks. We at Kaspersky Lab provide Comprehensive corporate training programs covering digital forensics, malware analysis and incident response topics.