Every year the industry spends more than the previous year in terms of dollars and every year the industry suffers more in terms of cyber law than the previous year. In 2016, 81 billion dollars were spent and many organisations who spent this kind of money had to manage all kinds of losses in cyber law, cyber threat etc. In an interview with EC Mohd Ujaley, Ajay Dubey, senior channel manager, Forcepoint says, “Vulnerability will continue to be there from a technical perspective and will be continued to be addressed but this is not enough. What needs to be done is that the human aspect needs to be addressed because a human being in an organisation is the most vulnerable asset in the organisation.”
How the landscape of cybersecurity is evolving ?
If u look at evolution of cyber threats and cyber security industry itself in India or in the world, to the first virus that came into existence, to the first technology solution that came into being to stop that virus. There has always been technology solution to address this technology vulnerability. Everyday there are new vulnerabilities and solutions that are being discovered to prevent cyber threat and is like a continuous cycle. But if we step aside and look at it, it seems to be a never ending problem. Every year the industry spends more than the previous year in terms of dollars and every year the industry suffers more in terms of cyber law than the previous year. In 2016, 81 billion dollars were spent and many organisations who spent this kind of money they had to manage all kinds of losses in Cyber law, cyber threat, etc. One thing is very clear is that vulnerability will continue to be there from a technical perspective and will be continued to be addressed but this is not enough. What needs to be done is that the human aspect needs to be addressed because a human being in an organisation is the most vulnerable asset in the organisation. That is the reason why every year we end up spending more than the previous year and having more data losses and cyber threats than the previous year.
In every organisation there are some super users who have access to all the data, then how do you ensure that they are not able to take out sensitive data?
Like you rightly said, there will be privileged users in every organisation who have some privilege access to data and this privileged people can be subjected to various kinds of stress for example – a person who is one of the most trusted employee of an organisation, due to personal devastation or huge losses in investments or something that has gone wrong in his life from the time he left office and enters office can lead him to misuse his privileged access to sabotage the image, or make some money. This is what the industry is seeing today that there is no way to block this changing behaviour. So what Forcepoint is doing, is that Forcepoint is building and has built a system where these systems are capable in understanding people’s behaviour and accordingly take an action and prevent cyber threat from occurring. So, it’s is about understanding the motivation and behaviour behind each person which will help us to provide better security to organisations.
Most of the technology driven projects in governments are being headed by third party service providers like – OEM, system integrators – who do have access to the data. So, what would be your suggestion for security for such projects?
There are many banks- public and private sector and government customers who handle a lot of sensitive data and who have given privilege access to a lot of third party vendors. There are many people who have access and who are also subjected to the same human behavioural problems. So their behaviour and motivations can change. We need systems, technologies and process where the behaviour and motivations, intentions of these people can be monitored and understood. Based on the above points, it can be controlled and prevented. The product that we have built is called ForcepointInsider threat which is capable of doing all of this.
Have you implemented this particular product with any of the government or private enterprises in India and how has been the experience?
We have implemented this already with a handful of companies and most of these companies are in the financial industry. Another very important vertical where we have addressed this is the telecom companies. Hundreds of people who are managing those networks are being monitored by using this technology and this solution and we have also made significant contributions into government and defence related organisation in the common side and to call centres verticals as well because they handle some critical financial information’s of their clients from any part of the world. Hence, they are also being closely monitored and provided security by these current technologies.
In the back-end, companies might be using 4-5 different technology platforms. Will they be able to integrate your solutions with all possible platforms? Can it safeguard all the different platforms inside an organisation?
Yes, it can very much. This is more or less agnostic to the platform and the way the technology has been built with. Any of these actively currently built platforms are supported by this technology.
How do you balance or address this challenge of privacy v/s security?
The privacy concern varies from country to country, vertical to vertical, organisation to organisation and in an organisation from departments to departments. So, there is no one size that fits all especially in a very sensitive technology like – the Insider threat which can monitor somebody’s behaviour, motivations and intentions as its slightly sensitive. So we have made this entire solution highly customizable. It can be customized to users from different countries, departments, vertical, etc. So, everything is customizable and this will consume a lot of time as a lot of parameters has to be customized. But the beauty of this product is that what exactly a customer wants and that can be given to them due to this feature of customization.
What is your sense of overall security awareness among enterprises and government in India?
Compared to the last three years, in terms of awareness, there has been a tremendous increment and would like to congratulate the entire ecosystem – the customers, re-sellers, OEMs, everybody has contributed equally. Even the government level people have started talking about cyber laws, cyber wars, cyber threats and the general awareness has increased tremendously and this is the one of the best time to be in the cyber security industry.
What are your views on breach notification?
Effectively from 4th January 2017, if there is a breach, people have to notify it to the government or the market in general. I think, in India sooner or later this should happen and the advantage of this is that if there is a breach and if this information is made available to public at large then everything else can be careful against the particular vulnerability. Today, because the news is not available and people are not aware they are not sure whether they should upgrade their system, OS, browser, firewall, etc as IT comprises of so many systems the vulnerability can be everywhere hence, strongly advocate that such mechanisms should be there to share such notifications and knowledge as it will help people at large.