Nilesh Jain, Country Manager - India & SAARC, Trend Micro in a conversation with Sachin Nandkishor Mhashilkar
What have been the most important changes in a CISO’s role in the last five years?
Over the years, CISOs have become part of the board of directors’ discussion for any role, for example, compliance, security, etc. Security has become the pillar for any new technology adoption today and hence CISOs are getting involved with board of directors in the technology adoption and decision-making process which was earlier seen as the biggest change for CISOs.
Secondly, CISOs are defining the role for technologies and they have become more proactive when deciding any new strategic technology adoption unlike before.
The CISOs are now growing to become CIOs. This was different earlier as most of the time, people from application or infrastructure background used to get promoted to CIOs but now we are seeing the change. CISOs are now being considered to take the position of CIOs.
How can enterprise deal with Ransomware while designing digital enterprise strategy?
We have been tracking Ransomware for the last three years. Earlier, Ransomware used to attack only the individual users and then it slowly expanded into media enterprises. Today, most of the large enterprises are attacked by Ransomware.
In order to be ahead of Ransomware, organisations can:
First of all, make sure that enough awareness has been created in the organization, particularly, the higher individuals who are susceptible to Ransomware attacks. We also work with lot of enterprises, creating awareness, conducting training programs, creating customized video material, that are sent out to employees enabling them to understand the things they need to look after during Ransomware attacks.
Secondly, they need to make sure that there are good technology tools in place to detect and take action against Ransomware. Today, 95% of Ransomware come from mails. Unfortunately, most of the organizations are not prepared or deployed with solutions to deal with advance spamming, which contain executable file, Ransomware in it, etc. They are designed to handle the conventional spam engine, which does not work anymore. So they have to make sure that they look after the security architecture, consider the advance and complex threats and have additional layers of security in place.
Thirdly, there is a need to make sure that you have 360 degree visibility of what is happening in your environment. Take it for granted that some of the attack will come through the gateway; some of the attack is irrespective of the deployment you have done; some of the attack zips through the entire organization. So what you need to do is, make sure you have early detection and prevention and this can only happen when you have 360 degree visibility within the organization right from your mail gateway to your network.
Also, you need to take regular back-up of most of the critical data that the laptop users are holding, the servers are holding, etc.
In highly regulated industries like BFSI, Teleco and e-commerce that runs on information, the CISO by default becomes the person with a lot of compliance responsibilities as well. How do you ensure that you have enough updates to them about latest threats?
When we face lot of threats, we do collaboration with local enforcement agencies which on a periodical basis keeps sending such information updates to large enterprises, such as BFSI. However, we do have a close working relationship with the BFSI CISOs; we keep on sending mailers to them. In few cases, we ran campaigns against various vulnerabilities found on different application operating systems and made CISOs aware of them and the actions they need to take to fight them.
These days, we are also running lot of Ransomware awareness campaigns- newsletters, seminars, workshops etc. CISOs can subscribe the newsletter from research team whose job is to identify various cyber attacks and keep feeding the information to the CISOs. We also have ‘Ransomware Readiness Awareness Program’, where CISOs share various precautionary measures that they have taken in an online test platform. This gives us the sense in terms of their preparedness for Ransomware protection.
How do you see the digital journey of government and government enterprises in India?
These days we are talking about Digital India, the different aspects to it, e-governance, citizen-centric applications, etc. They are struggling to put up the basic infrastructure in place like- connectivity, especially in rural areas. Once that is in place, you start running your e-governance application online and you have to look at how your security architecture looks like. We work with organizations in that space, particularly with those who creates consumer-centric applications. We make sure we work very closely with the application vendor itself, likes- Infosys, TCS etc. who design such applications for customers. We help to provide security solutions even before they are deployed in the live environment.
Security and compliance play a major role in turning companies digital. What is Trend Micro’s positioning on that?
We see ourselves not only as a security company but also as a company which enables organizations to adopt new technologies. That is the role that we look at from our perspective. For example, the new guideline that came from the RBI enforcing lot of security parameters for banking sectors to look after. The first thing that we did was to understand what exactly are the guidelines talking about and how we can help in filling those gaps with the customers. So we try to map it up against the solutions that we have. We try to create customized solutions which are more prevalent to the BFSI customer stat.
Now, from the compliance point of view, look at various compliance solutions and certain security solutions which work very well for us. Our security solutions have been designed for customers who are having a physical, virtual cloud infrastructure in place, have online payments in place, critical data in place, etc. They have to make sure those vulnerabilities which might exist at application level or operating system levels are protected. In the practical environment level, it becomes next to impossible to address those vulnerabilities immediately. So our security solutions provide virtual patching which not only protects the vulnerabilities against those attacks but also help customers to retain compliance. Compliance needs them to protect the vulnerabilities. Be it RBI or any other compliance, it helps customers to achieve the required compliance levels.
What is your roadmap in India?
It has been an interesting journey and Trend Micro in India has seen exponential growth. This growth has been primarily for two reasons:
First is that the adoption of virtualization and private and public cloud usage is increasing and we are the leaders in cloud security. We also have some of the largest verticals in IT, IT-SEZ and BFSI and government firms who are using our services. We are going to focus heavily on verticals/companies which are moving forward to public cloud or private cloud. We need to work very closely with them and help them migrate to that path as fast and safe as possible. We already work closely with Vmware, AWS and Azure, both globally and locally.
Secondly, we are a leading brand providing the necessary technology, which have been able to protect customers from Ransomware and targeted attacks. We have done lot of large-scale deployment in that space. We have seen that the concerns of customers have been increasing day-by-day and that is where we see our role is going to enhance in terms of working very closely with enterprises and their customers to protect them against those attacks.
We have also recently acquired a company from HP, which is also getting integrated as part of our customer-defense strategy and offers protection against targeted attacks; that will enhance our capabilities. We are not only who can provide security but also help gain confidence from customer-side when it comes to protecting them from targeted attacks.
These solutions are going to play a vital role for us to go in India.