The biggest challenge in the security industry is not knowing that you have been hacked – Ajay Dubey, Websense

The security landscape is getting complex by the day primarily because cyber criminals continue to devise advanced attack mechanisms. Dataquest spoke to Ajay Dubey, National Manager, Partners & Alliances, Websense to get more insights on the security issues companies are facing these days. Excerpts

Which security solutions being deployed in India currently?
Largely, India uses Firewall, Anti-virus at the top end and Unified Threat Management (UTM) market in the low end. In the past few quarters, it is successfully moving towards adopting high-end technologies which address the current day problems.

Which departments do you see most security inconsistencies exist in enterprises?
It cuts across all departments. But largely, in Research and Development and Finance you will find frequent data leaks and attacks.
The two reasons: The education level of people on phishing attacks or malware or latest viruses is on the lower side.
The hackers and bad actors try to steal either intellectual property from Research and Development centers or financial data from finance departments. All departments are critical. Amongst them, Finance and Research and Development are the most critical.

What are the suggested security practices for enterprises?
Security practices is a 3 dimensional approach. It rests on three pillars. All the three are extremely critical.
Technology: Using latest technology that is patched regularly.
People: The people have to be educated. There is no use of using the latest technology if users click on spam and phishing emails that lead to attacks that eventually infect networks. Hence, People is the most important element.
Process: Each company needs to have a process which can combat cyber security.
In short it is People, Process and Technology

What kind of security trends have you witnessed among your customers? Can you name a few customers in India?
We have some very large customers—TCS, Cognizant, Bharti Airtel, Escorts. These are few of our customers across four different verticals who are large players in their respective industry. These companies have used Websense extensively. If you look at cyber security and how hackers are working today, it is not about viruses anymore as viruses have signatures that can be detected. These days, hackers use viruses that have no signatures. They use zero day attacks which is unstoppable. Websense specializes in stopping ‘Zero Day’ attacks. The large customers and other customers as well use Websense extensively to manage zero day problems.

What challenges do you face?
The biggest challenge is customer education. Most of the cyber attacks such as Sony, etc, were revealed only after the attacker went ahead and announced it, either or Twitter, social media network or other forum, that they have stolen data from a particular company, then the victim got to know about it. The criticality is that only when the attacker goes ahead and announces it, only then the victim gets to know about it. This is becoming a key factor as many customers believe they have not lost anything as most of the cases the attackers don’t go ahead in announcing to the world that have hacked a particular company. Most of incidents are kept under wraps. The biggest challenge in the security industry is not knowing that you have been hacked.

In your opinion, what is the role of Chief Information Security Officer (CISO)?
Chief Information Security Officer’s (CISO) biggest role is managing the people, process and acquiring the latest technology. Amongst the biggest parameters, a CISO’s job is educating their users, customers, and internal people about what to do when such an activity happens, how do train people. The biggest role is to train internal people and internal stakeholders or internal users. And of course to design security policies and acquire latest technologies so that the three pronged approach of people, process and technology is complete and they are able to deliver and be safe in today’s dynamic cyber security world.

Leave a Reply

Your email address will not be published. Required fields are marked *