Saurabh Gupta | 20 May, 2016
Cyberattacks are increasing both in terms of the number of attacks and sophistication such as the targeted attacks, ransomwares and advanced persistent threats. While the attacks and data breaches at large enterprises such as Sony or Target are highly publicised and get media attention, it does not mean that SMEs are not vulnerable to cyber attacks. Several surveys have shown that Small and Medium Enterprises (SMEs) are the target of cyber attacks as much as the large enterprises, EVP & Regional CEO – SEA AND CLOUD MANAGED SECURITY of Paladion Networks, Rohit Kumar told SME Times in an interview.
He said, "SMEs should explore the option of engaging the services of a managed security services provider to help them secure against multiple cyber risks and cyber threats that they face, so that they can embrace modern technologies without being hindered by cyber risks and focus on their business."
Excerpts of the interview...
Please tell our readers more about Paladion Networks.
Rohit Kumar: Paladion is a specialized partner for information risk management providing end-to-end services and solutions in Asia, the U.S. and the Middle East. Paladion is rated as the largest pure-play Information Risk Management partner in Asia, and has been recognized and awarded by Gartner, Asian Banker and Red Herring, amongst others. For over 15 years, Paladion has been actively managing information risks for over 700 customers. It provides a complete spectrum of information risk management comprising of security assurance, compliance, governance, monitoring, security analytics and security management services to large and medium-sized organizations. Paladion is also actively involved in several information risk management research forums and has authored many books on the same. Please visit www.paladion.net for more information.
You have recently launched a new product - Paladion on Demand. What is it?
Rohit Kumar: The dynamic nature of cyber security risks in today’s fast-changing, modern IT environment and constantly evolving threats needs a new model for information security management. Leveraging our 15+ years of experience of managing information security for over 700 customers, Paladion brings innovation to the market with its Paladion OnDemand Cybersecurity-as-a-Service that integrates protection across endpoints, network, applications, users, mobile and cloud environment to provide on-demand security outcomes in a highly affordable pay-as-you-go consumption model.
Customers benefit with:
- Enterprise-grade security to protect against all cyber risks without having to invest in additional security software, hardware or skills.
- Always-on, everywhere protection for their always-on business that enables their employees, partners and customers to access data from anywhere, on any device, at any time.
- Unified security to protect against exposures from hidden risks that fall through because of disparate security technologies working in silos.
What is the USP of Paladion on Demand?
Rohit Kumar: Paladion OnDemand delivers Industry-1st Active Cyber Protection against cyber risks and threats, as against the passive protection that is offered by others in the traditional model. Modern threats such as Ransomware have clearly demonstrated that security technologies alone are not enough to provide active protection against such threats. Organizations must go beyond just deploying technologies to actively hunt for suspicious activities and risk in their environment and take proactive corrective actions rather than passively wait for risks to show up and then react to an incident after it has already happened.
Paladion OnDemand is designed to deliver Active Cyber Protection with our Cybersecurity Platform that integrates best-of-breed security and analytics technologies packaged with 24x7 fully managed services by a large pool of 450+ security experts from our ISO 27001 certified Security Operations Centers (SOCs).
Customers not only are assured of active protection from advanced technology platform and always-on service from security experts, they get this protection with Zero Overheads – no security software or hardware procurement and installation, no provisioning of users and functionalities, no product administration and monitoring, no technology refresh, no ongoing security policies and process management and no security skills challenges. All of these services, on 24x7 basis, are included as a part of our packaged offering in pay-per-use consumption model.
What SMEs (Small and Medium enterprises) need to know about cyber security?
Rohit Kumar: Cyberattacks are increasing both in terms of the number of attacks and sophistication such as the targeted attacks, ransomwares and advanced persistent threats. While the attacks and data breaches at large enterprises such as Sony or Target are highly publicised and get media attention, it does not mean that SMEs are not vulnerable to cyber attacks. Several surveys have shown that SMEs are the target of cyber attacks as much as the large enterprises. In essence, any organization, large or small, that has sensitive data is vulnerable to cyber attack. It’s not the size but the value associated with the data that an organization has that makes an organization susceptible to cyber attacks.
Further, the barriers to launch cyber attacks has dramatically decreased with automation and crimeware-as-a-service that makes it easy to execute attacks without requiring high skills or money. With automation, it’s easy to launch mass attacks against enterprises and SMEs are often looked upon by cyberattackers as easier targets compared to large enterprises.
And in this highly networked and interconnected business environment, cyber criminals also lead with attacks on SMBs that are the suppliers or business partners of large enterprises to eventually perpetrate attacks on the large enterprises.
So, it’s equally important for SMEs to take protective measures against cyber security risks seriously.
In your views what are the SME cyber security challenges at present?
Rohit Kumar: SMEs are worried by the risks they face from cyber threats and face 2 primary challenges in investing on security:
- High costs from the need to deploy multiple and, often complex, security technologies that work in silos, to protect against so many risks that they face. It’s simply too costly for them to afford the security technologies portfolio that a large enterprise would have.
- IT/Security Team that is thin and already overstretched which prevents them from getting the desired benefits from the installed technologies. SMEs do not have budgets for dedicated security team or department unlike the large enterprises.
Why OnDemand security? And how SMEs can be benefited from this?
Rohit Kumar: Paladion OnDemand Cybersecurity-as-a-service model cuts away all the complexity associated with the traditional model of deploying security hardware and software, staffing security skills and having the costly overheads of continuous security management. All enterprises, large or SMEs, get better security outcomes at lower cost with Paladion OnDemand.
Progressive organizations are moving away from the traditional model and just as they are embracing IT-as-a-Service, they are also adopting “Cybersecurity as a service”.
SMEs some how very much concerned about cost. How can you justify the cost of your services?
Rohit Kumar: As you have rightly pointed out, SMEs are very conscious of the costs. With Paladion OnDemand, we have brought a model that SMEs can leverage to get enterprise-grade security with zero overheads in a highly affordable pay-as-you-go consumption pricing.
- They do not need to invest in security software, hardware or skills.
- They do not need to worry about making new investments when products that they have procured go out-of-life; they remain protected with the latest versions and features of the technologies at no extra cost to them.
- They pay only for what they use now, and can easily scale for future growth. They do not need to build and pay for excess capacity now to meet their future requirements.
What government need to do in direction to cyber security in India?
Rohit Kumar: Considering the technological advancements in the country and the growing popularity of apps and mobile devices, India is the cynosure in the global scenario in terms of cyber threat. With the Digital India initiative including e-governance, m-governance and Smart Cities and rapidly growing eCommerce, security becomes a very critical component that needs to be in-built in these initiatives. Government needs to define and enforce a strong regulatory framework for Critical Infrastructure Security and Data Security & Privacy.
As you must have expertise in cyber security, so would you like to guide some thing to SMEs on the issue of cyber security?
Rohit Kumar: Cybersecurity is becoming critical as well as complex and costly to manage with the rising adoption of modern technologies such as mobility, cloud, workplace automation and productivity tools. SMEs should explore the option of engaging the services of a managed security services provider to help them secure against multiple cyber risks and cyber threats that they face, so that they can embrace modern technologies without being hindered by cyber risks and focus on their business.