Keep IT Infrastructure Simple & Software Updated, Suggests this Cybersecurity Startup
Existing threat intelligence efforts don't seem to deter attackers, as they are mostly focused on state-sponsored attack groups.
Acronis believes the data, applications, systems and productivity of every organization should be protected against loss, theft, and downtime – whether it’s caused by cyberattacks, hardware failure, natural disaster, or human error. From MSPs supporting clients to enterprises serving global users to organizations handling sensitive data, Acronis lower risks, improve productivity, and ensure your organization is #CyberFit. They have created the only all-in-one cyber protection solution for environments of any size – and solved the safety, accessibility, privacy, authenticity, and security (SAPAS) challenges of the modern world. The company presents unique combination of automation and integration, where you gain all of the prevention, detection, response, recovery, and forensics capabilities needed to safeguard all of your workloads while streamlining your protection efforts. During an interaction with Nitisha; Rustom Hiramaneck, General Manager – South Asia, Acronis highlights the cyber security issues and how it can be resolved within the organization by using smart techniques and software.
Kindly talk about Acronis and its special offerings.
The key differentiator about Acronis and what we do – what we were the first ones in the world to do successfully – is the integration of data protection and cybersecurity into complete cyber protection. That integration is at the core of our every solution, business, and consumer alike – from our flagship Acronis Cyber Protect business solution to Acronis Cyber Protect Home Office, designed specifically for modern prosumers.
Why do companies suffer downtime and data breaches? What can be done to prevent such data breaches?
One of the main reasons for the companies’ persisting vulnerability is the growing complexity of IT and society’s dependency on it. Organizations build layers and layers on top of the existing systems and struggle with updating them because critical business processes depend on them and any change would be costly. This leads to legacy systems, being outdated and vulnerable, and an easy target for attackers.
Keeping your IT infrastructure simple and your software updated, running regular tests on the system and people managing it – that’s how you stay ahead of those data breaches.
Why are these hacks and ransomware attacks happening at such an alarming frequency?
In physical conflicts, an attack is far more costly than staying on defence – in cyber conflicts the situation is reversed. Defenders have to make no mistakes and the attackers need to just find the one. On top of that, in many situations a failed attack carries no consequence for the attacker. A phishing email gets blocked or deleted, but companies rarely investigate – nor do they have the resources to do it – the origin of the attack, so they continue to stay exposed.
Aren’t companies well-equipped to fend off these bad actors?
First of all, not all businesses can afford to allocate necessary resources to building up their IT infrastructure to modern standards. SMEs are a particularly vulnerable and juicy target for bad actors – storing impressive amount of data, they lack the in-house security resources that large enterprises have. Secondly, even the most sophisticated cyber protection tools are of no help if there’s no one there to use them. Humans have always been and remain the weakest link and the key element to bad actors’ successful attacks.
How are the policymakers trying to catch up with these attacks?
Existing threat intelligence efforts don’t seem to deter attackers, as they are mostly focused on state-sponsored attack groups. This could be a fair approach because those APT groups may be far more dangerous, but it also leaves the small and medium businesses without protection from their law enforcement. In some countries, like USA and Singapore, the government put more effort into prosecuting cyber criminals, but India is behind in these efforts.
Kindly talk about the cybersecurity talent gap – globally, in India.
Education plays an important role. Currently, India has no universities in the world’s top-100 ranking – its highest ranked university is the Indian Institute of Technology Bombay, ranking 177. It doesn’t necessarily mean that India can’t produce talented and educated security engineers, but there is a correlation between the education’s quality and availability and people entering the engineering workforce. In comparison, China has 6 universities in top 100, and even Singapore, despite its size, has 2 on the list.
Another issue is the “brain drain”. With global competition for talent many businesses – and countries – struggle to attract and retain top talent. Short and mid-term this competition could be won by making work in India more attractive, but the long-term strategy should be around improving the education system and supplying more entry-level security engineers.
Data protection regulation – local & global, future of data protection. Share your thought on it.
Data protection has come into focus for enterprises globally, with more and more companies building their fortune off data processing, one way or another. Even with known legislative attempts, protecting consumer data is a worldwide concern, especially in countries growing faster than the government can keep up, such as here in India. Much like in the United States, we don’t have a mature enough framework in place to accurately protect data and the rights of the citizens in terms of data privacy.
As an example of India’s immaturity in this area, companies are given complete control over user data, lowering their margins, and forcing them to store data. This led to several companies profiteering from analyzing collected data. Recently, VPN providers were forced by the government to store connection logs, diminishing their purpose. India will now give VPN providers and cloud service operators an additional 3 months to comply with new rules requiring these organizations to maintain the name, address, and IP address of their customers.
However, India is already on the path to following the Western approach, which will take some control over data away from the government and give it to the people. New regulations will appear soon enough, and local companies will become more transparent about what data they’re keeping, and how they’re using it, but the initiative and the final decision must come from the users, the rightful data owners. The change is coming – taking control over your own data is becoming a trend, and local business owners with the clearest vision can already prepare for it, instead of refusing the change and delaying the inevitable.
