[Interview] Cybersecurity is a resilience and business-risk problem, says Rohit Ghai, President, RSA Security

0
167

AUGUST 30, 2020

ROHIT GHAI, President, RSA Security.

The pandemic is accelerating digital as more of our work, play and learning moves online, which in turn, leads to more cyber and digital risk. According to Rohit Ghai, president, RSA Security, the next phase of the pandemic will be a critical period as companies prepare for the “next normal” in cybersecurity. “The adoption of staggered shifts and a more open policy towards flexible work arrangement as the economy re-opens will lead to a more complex threat landscape for many companies,” he tells Sudhir Chowdhary in a recent interview. Excerpts:

Give us a sense of the adoption levels of cybersecurity solutions during the Covid-19 period. Which verticals were most vulnerable and which ones were the fastest to adopt cybersecurity solutions?

When the pandemic first took hold, the trust of our customers powered a 30% year -on- year growth in Q1. We delivered more than 5 million authenticators/tokens to enable front line responders and have more than 2,000 customers on our cloud. We have seen an uptick in various types of cybercriminal activity and threats, and witnessed certain sectors being impacted more than others-healthcare, banking, e-commerce. We have seen more attempted credit card fraud, phishing and stolen credentials occur worldwide as cybercriminals took advantage of the disruption to business and the resultant pivot to remote work.

Many organisations have ignored some risks in the short-term to ensure business continuity; how does this change as we come out of the pandemic?

While office workers will continue working from home, the next phase of the pandemic will be a critical period as organisations prepare for the “next normal” in cybersecurity. The adoption of staggered shifts and a more open policy towards flexible work arrangement as the economy re-opens will lead to a more complex threat landscape for many organisations.

In addition to continuing to protect the remote workforce and myriad of cloud applications, networks and devices that they use, security teams must also be aware of the compromised digital assets workers may accumulate and bring back into the company’s network and systems when they return to their offices. With the increasing volume of threats and a shortage of cybersecurity talent, vendors will need to help their customers re-evaluate their cybersecurity framework and build a centralised threat detection and response system that can scale, automate, and extend visibility to the workforce in order to build a more resilient business that is fit for the future.

How should data governance practices evolve to accommodate the new normal?

If we have learned anything in the last few months from the sudden work-from-home orders, the surge in distributed workforces, and the accelerated digital transformation of every sector, it’s clear that cybersecurity is a resilience and business risk problem. We must apply the insights we have learned to maintain business continuity, adapt our supply and distribution chains, and build resiliency.

With the increase in organisations adopting remote working, how will this situation reshape the cybersecurity needs?

Organisations need to reassess what data and credentials are required to perform these new tasks. They need to ensure that the access employees have via VPN is secured through strong authentication. They also need network visibility to close gaps as a result of an influx of new threats, which is common when there is business disruption.

The biggest innovation from this is a change in mindset in our industry. Over the past few years, the industry has finally moved away from thinking of cybersecurity and managing risk in purely technical terms and has embraced the need to take a multifaceted approach that includes business needs, psychological factors, project management and effective communications. This mindset shift also reinforces the need to tap into a diverse set of skills. The definition of success is not eradicating virus but bending the curve; not cybersecurity but cyber resilience.

Considering your recent agreement with Symphony Technology Group, what does it mean for RSA to be independent again?

RSA will reemerge as a privately-owned, independent company dedicated to helping customers manage risk in the digital era. The pandemic is accelerating digital as more of our work, play and learning moves online, which in turn, leads to more cyber and digital risk. As one of the largest pureplay cybersecurity startups, RSA will be able to operate with greater speed, reacting to customers’ needs much faster than before.

What is the current skills gap in cybersecurity and how is RSA bridging the gap?

Organisations are adopting new technology, and fine tuning their infrastructure and processes to support remote working. At RSA, while we value face-to-face interaction, we foresee that remote working will only continue to become more popular. It also empowers us to recruit and retain the very best talent, regardless of where they are in the world.

That said, in order to reap the full benefits of work-from-anywhere, we have adopted a strong digital risk management strategy that fully considers the use of personal devices accessing our company systems and data from different locations. Our policies also help establish the identities of our employees and partners to minimise the endpoints against cyber attacks.


Courtesy/Source: The Financial Express