Driven by the mounting urgency of securing their hybrid workforces and data, most enterprises are expected to ramp up investments in staff awareness training, data protection, threat vulnerability detection, and response measures, says Vishak Raman, Director, Security Business, Cisco India & SAARC. Excerpts:
Are enterprises able to increase their visibility to overall vulnerability and threat horizon?
The key to making a security architecture effective and capable of detecting and preventing attacks is to look at the layers holistically with a single pane of glass. This creates a proactive security framework that enables different layers to talk to each other and co-relate contextual insights in real-time to prevent attacks. Secondly, identity is the new perimeter in the hybrid world – the first line of defence for any organisation. Therefore, IT teams must look at scaling VPNs and multi-factor authentication (MFA) to verify each user’s identity before allowing them access to the network or sensitive data. Also, securing the newly distributed enterprise must be grounded in zero trust, an approach that assumes that all environments are compromised and works to identify and respond to threats proactively and in real-time. Ultimately, to ensure safety in the digital world, security must be built-in, not bolted on. It must be deployed everywhere and in everything we do, from the network to data to devices to users.
The transition to work from anywhere and erosion of the traditional network perimeters have combined to create an unprecedented threat level to endpoint devices, users, and applications. Today, global enterprises need visibility across these applications as well as secure critical control points. It is not feasible to manage this volume of information with only a team of people. Therefore, enterprises must look at the automation of security tasks and processes that will help them strengthen their overall security posture.
How much are enterprises investing in data protection and network security now?
As the range of threats broadens and new vulnerabilities develop, cybersecurity will remain a high priority for corporates this year. Driven by the mounting urgency of securing their hybrid workforces and data, we expect firms to ramp up their investments in staff awareness training, data protection, threat vulnerability detection, and response mechanism.
According to Gartner, worldwide spending on information security and risk management technology and services is forecast to grow 12.4% to reach $150.4 billion in 2021. Global and Indian enterprises need to continue investing in cloud-native security, data protection, and network security solutions to steer away from the rising cyberattacks in the digital era.
What has been the growth of the cybersecurity business globally in 2021 compared with 2020? Is Cisco witnessing quantum growth in this space this year?
2020 was a record-breaking year in terms of data lost in breaches and sheer numbers of cyberattacks on companies, governments, and individuals. According to industry reports, H1 of 2021 has already surpassed the previous year’s record-breaking $7.8 billion raised by cybersecurity start-ups. We saw a 13% growth YoY in our security segment in Q3 FY21. We, at Cisco, in addition to our security offerings, are witnessing high traction for our collaboration, cloud, and other offerings as more and more organisations adopt hybrid work and business models.
What are the key cybersecurity innovations and technologies underway now?
While the adoption of tech looks different for each organisation, we see the most significant transformations taking place across four key customer priority areas. Firstly, with applications becoming the lifeblood of businesses, it’s a great opportunity to reimagine how applications are designed, deployed, and optimised. Secondly, today work is not a place, but something you do from anywhere. Therefore, as the hybrid work model takes precedence, the need for secure and productive tools will become necessary. Thirdly, to power a secure and seamless hybrid work model, it’s critical to transform infrastructure with the network at its core. Lastly and most importantly, for these transitions to be successful, they must be anchored in security.
At Cisco, to help our customers manage their dynamic and growing security needs, we have mobilised significant innovations across our security portfolio. Moving forward, we will strengthen our leadership in cybersecurity through SASE (secure access service edge), XDR (extended detection and response), and zero trust integration into our networking and security unified platforms by securing the essential control points, i.e., the user, device, network, application, and data security. By delivering a platform that continuously detects threats and verifies trust, our aim is to enable our customers to secure their networks for a multi-cloud world.
How challenging is it for Chief Information Security Officers (CISOs) to balance risk and innovation in a digital-first economy?
CISOs are now donning the hat of a decision-maker along with other C-suite leaders as cyberattacks continuously evolve and increase in sophistication. While this spells tremendous opportunities for them, it also poses the challenge of balancing risks and innovations in the digital-first world. Some of the top challenges are training and managing staff remotely, vendor audits, keeping at par with the evolving threat landscape, rising identity theft, managing cybersecurity regulations, and the lack of skilled cybersecurity professionals.
CISOs are no longer just security risk managers but are expected to be business enablers of organisations. Constant innovation and execution of strategies are already part of the CISOs day-to-day job. Now it is more than just the threats in front of you, they should be able to foresee the threats to come and stay ahead of them while keeping the business’s goals at the forefront. CISOs who can mitigate risks while facilitating their businesses’ growth and technology innovations are the future.