In today’s evolving cyber landscape whereattackers are well funded, moving faster, and attacks are getting more sophisticated, Symantec’s AtulAnchan talks about what CISOs need to do to secure networks and their protect data in the rapidly changing threat environment.
Q1. How are tech trends like cloud, BYOD and IoT altering the approach to enterprise cybersecurity?
Ans: The threat landscape is always changing, and malware can infiltrate the enterprise at any point in the attack chain. The reality is no single technology can stop all malware, all the time and multiple technologies are a fundamental requirement for the future of endpoint security. Today, businesses and their IT managers must balance the desire to give employees the freedom to use a range of devices including personal devices (BYOD), to access company network resources that may harm the safety of the network and its data assets. Symantec has also been seeing enterprise customers move their IT workloads to hybrid cloud infrastructures at a remarkable pace.
“IT managers must balance desire to give employees the freedom to use a range of personal devices (BYOD) to access company network resources, that may harm the safety of the network and its data assets.”
Director Systems Engineering – India
According to a report from McKinsey’s Silicon Valley, forty eight percent of large enterprises with off-premise workloads have handed off at least one workload to a hyperscale provider [Amazon, Google, Microsoft] in the last year, and that number is expected to rise to roughly 80% by 2018. The survey also determined that security and compliance continue to be the top barriers to cloud adoption, especially for large enterprises. Not too surprising that cost is the third most important consideration – not the main driver for adoption.
Q2. Where do Indian organizations lack in the face of repeated threats when compared to west?
Ans: Symantec’s Internet Security Threat Report 2016 highlighted that India remains to be a top source as well as the destination of cyber-attacks. The report also shows that Indian enterprises need to plan for repeated targeted attacks as they were the 6th most targeted in Asia, with targeted organizations on the receiving end of two attacks on an average. There is an organizational shift by cybercriminals as they are adopting corporate best practices and establishing professional businesses in order to increase the efficiency of their attacks against enterprises and consumers. This new class of professional cybercriminal spans the entire ecosystem of attackers, extending the reach of enterprise and consumer threats and fueling the growth of online crime. Thus, hackers have started attacking more often and with more damaging consequences.
In this evolving cyber landscape, adversaries are well funded and moving faster, attacks are getting more sophisticated and time to detection is taking too long. Moreover, with security experts facing a rapidly changing threat environment Symantec is addressing the workforce skills gap in this area. Symantec announced a partnership with NASSCOM where we intended to train over 50,000 cyber security professionals over the next few years. It also intended to fund the scholarship for 1000 women undertaking cyber security certification by NASSCOM. These initiatives are an attempt to bridge the cyber security workforce gap that exists in the country; thus, building a secure ecosystem of the future.
Q3. In 2015, Symantec reported more than 430 million new pieces of malware. What do you think is fueling this surge in malicious activities?
Ans.The volume of malware proves that professional cybercriminals are leveraging their vast resources in attempt to overwhelm defenses and enter corporate networks. Many people believe that keeping to well-known, legitimate websites will keep them safe from online crime. However, cybercriminals were found adopting corporate best practices and establishing professional businesses to increase the efficiency of their attacks against enterprises and consumers. This new class of professional cybercriminal spans the entire ecosystem of attackers, extending the reach of enterprise and consumer threats and fueling the growth of online crime.
- What makes small businesses increasingly vulnerable to attacks from cybercriminals?
Ans: Symantec’s Internet Security Threat Report Vol. 21, observed a steady increase in attacks targeting businesses with less than 250 employees, with 43 percent of all attacks targeted at small businesses in 2015. It revealed that Indian enterprises need to plan for repeated attacks. It is no more a question of, if or when you will be attacked- but how often. The report highlighted that in 2015, Indian organizations were the sixth most targeted in the APJ region and faced two targeted attacks on an average. In fact, 1 in 2 attacks were aimed at small businesses in India.
Small businesses have smaller IT budgets, and consequently spend less on security than their large enterprise counterparts. However, this trend has continued for years, in spite evidence that shows a greater proportion of targeted spear-phishing attacks each year are intended for small businesses. In 2015, 43 percent of targeted spear-phishing blocked by Symantec was destined for small businesses, compared with 34 percent in 2014. One of the most difficult challenges is in knowing when your organization is in the sights of cyber-attackers, particularly when most cyber-security headlines focus on nation states vying for company secrets, and the tens of millions of credit card details and other personal data exposed in breaches. It’s all too easy to believe that a targeted attack only happens to other companies. However, no business is too small or too obscure to become a target.
Q4. How different is the approach to cyber-security for a small business when compared to a large enterprise?
Ans: Small and medium-sized businesses often have less adequate security practices and resources, making them vulnerable to attack. Given the restriction in security infrastructure, small enterprises lack the expertise and awareness on the advanced and professional skills of cybercriminals. Attackers are increasingly targeting smaller businesses that have a relationship with a larger company. Once an SMB is compromised, it’s used as a stepping stone into larger networks that SMBs have access to.
Q5. What is your advice to CIOs securing sensitive enterprise data between on-premises systems and cloud services?
Ans: The technology pendulum is always swinging. A chief information security officer must be prepared to swing with it—or get clocked. Today, enterprises depend on data flowing across platforms used by employees, customers, partners and vendors in an environment that includes on premise, mobile and cloud. Now, as mobile and IOT devices continue to populate the enterprise at a rapid rate, the IT model is changing again—to the provisioning of information on a just-what’s-needed, just-in-time basis from centralized servers consolidated in the cloud. Everything that was known in a CIO world has really changed in the last five years and while there’s much excitement, the changes also present challenges as it relates to security and protecting that data as it traverses inside and outside the firewall.
CIOs and IT professionals must be able provide that access – securely – to their employees. Employees want access to data and applications wherever they travel. Hence IT professionals have to enable employees to do their work wherever they are, whether in a coffee shop, at home, in the office or traveling globally. IT executives can safeguard their organizations by securing and authenticating the identity of the people who access corporate apps and information. They can also implement solutions and policies to govern the movement of sensitive information to prevent its relocation to insecure places where it can be leaked or stolen. With Symantec Endpoint Protection 14, new and established technologies can be combined in a single, lightweight agent to stop known and unknown threats across multiple vectors, going far beyond the reach and capability of point products. That same agent can also collect the data companies need to feed endpoint detection and response (EDR) via Symantec and third-party consoles.