In an insightful email interview with Times Tech, Maheswaran Shamugasundaram, the Country Head of Varonis, sheds light on the evolving landscape of cyber attacks and the proactive measures essential for safeguarding sensitive data. He discusses the transformative role of technologies such as AI, machine learning, and automation in countering cyber threats. The interview unveils recent cyber attack trends, Varonis’ innovative approaches, and the growing demand for cybersecurity professionals in a digitally connected world.
Read the full interview here:
TimesTech: What are some of the key trends that you have observed with respect to cyber attacks globally?
Mr. Maheswaran: Cybersecurity is an area that is always changing and evolving as cybercriminals continue to refine and develop their tactics.
New risks from emerging AI. Attackers are already leveraging AI algorithms for more sophisticated attacks. Virtual assistants hold the promise of making work easier, however, any AI that plugs into an organisation’s sensitive data and instantly produces new documents and reports with that data is emerging risk. AI can deliver information – and data of a highly sensitive nature — that workers did not even know they could access. And because most employees have far too much access to sensitive data than they need to do their jobs, generative AI poses unique security risks.
Ransomware Attacks have turned into extortion attacks. Once attackers successfully land on a victim’s network, they take their time and try to avoid detection in order to locate and steal as much sensitive data as possible without getting caught. By the time the attackers encrypt the victim’s files and announce their presence with a ransom note, the attackers have likely already copied all of the sensitive data they could find. This places additional pressure on the victim organization to pay the ransom with the understanding that the sensitive data will not be leaked. However, it is quite common for attackers to leak the stolen data anyway. The idea is to force victims to pay the ransom, even if they have current backups of all of their files and systems to avoid information from being shared on the dark web or posted to a public website.
These trends are constantly evolving as cybercriminals adapt their tactics. To stay ahead, organisations must invest in robust cybersecurity strategies, including regular employee training, implementing multi-factor authentication, and leveraging advanced threat detection and response solutions. Most importantly, organisations must limit access to their most sensitive data. Employees have far too much access to information than they need to do their jobs, and any criminal that compromises just one user account will be able to access any and all information an employee could touch.
TimesTech: Please share some recent use cases of cyber-attacks and how we can avoid them?
Mr. Maheswaran: While organisations cannot fully prepare for every cyber security scenario, it is advisable to start by protecting your data. Attackers are almost always after data. They may want to steal valuable intellectual property to gain a competitive advantage. They may seek data on customers and credit cards from a large retail outlet, or private patient data from a hospital. Data can often be monetized, and organisations that have fallen victim to a ransomware attack will be pressured to pay to get their data back with the promise that it will not be made public – however, in many cases, once the victim receives the ransomware note, the information has already been copied and may not be kept secret after all.
Insider threats continue to be a major risk. Employees and contractors often know where a company’s most valuable information is kept, and often, these workers have far too much access to data. Famous cases of insiders have shown that attackers may steal data for months and even years, and remain undetected because no one is watching what data employees are accessing and what they do with that data. Trust your employees, but ensure you have gained visibility to understand what data they can access, what they do indeed access, and what they are doing with it.
Beyond that, staying informed is crucial in protecting an organisation from evolving cyber threats. Regular employee training, strong authentication methods, robust security policies, and up-to-date technology defenses are essential components of a comprehensive cybersecurity strategy.
TimesTech: What are some of the emerging technologies like AI/ML, RPA, Automation helping to combat cyber threats?
Mr. Maheswaran: Automation is playing a pivotal role in keeping organisations safer from cybercriminals. Due to the worldwide cyber talent shortage, there simply are not enough cyber security professionals to meet demand. On top of that, it would be impossible for humans to stay on top of every threat facing an organization. Some organizations see hundreds or even thousands of threats per day. Automation works in the background, around the clock, and can work to identify threats requiring security teams to act on.
As an emerging technology, AI is enhancing the efficiency of cybersecurity operations and enabling organisations to respond to threats more effectively. Combining human expertise, advanced technologies, and well-defined processes is essential for a robust defense against ever-evolving cyber threats.
TimesTech: How can you ensure data is protected and what is the role of cyber security in this?
Mr. Maheswaran: Organisations can help ensure their data is protected by gaining visibility into where their data resides, who has access to it, and what those users do with it. Cybersecurity experts should put their data first, not last. Start by limiting data access to only the information employees and contractors need to do their jobs properly. Let us say someone in, for example, the marketing department suddenly begins accessing information in a finance folder when they have never done so before – that could be considered suspicious activity that is worth further investigation.
All sensitive data must be locked down to least privilege access. In the event of an attack, a cybercriminal will be able to access everything the compromised employee or account can reach. Locking down sensitive data will also ensure any potential turncoats – nefarious insiders – can do minimal or no damage.
Sharing links must be limited – it is all too easy for employees to create links to sensitive files. These links can be set to work for all employees or even anyone on the internet! Companies must set policies and watch for excessive and external sharing – especially when it comes to sensitive data.
TimesTech: What are the innovations by Varonis to cater to the customised needs of customers?
Mr. Maheswaran: Varonis helps companies solve the nearly impossible and ever-changing feat of keeping data safe. In today’s cyber landscape where there are always new ways to break in and new zero days the best way to stay ahead is to start with the target – the data. At Varonis, we believe automated data security is the future, and we’re here to help companies realize that vision.
Varonis knows where an organization’s sensitive data lives – even buried inside documents or deep inside SaaS applications—and analyzes who can access that data. We monitor data to catch threats proactively and to limit the damage of incidents – even from ones that come from the inside.
Varonis goes beyond other security solutions because instead of only finding issues for security teams to fix, we leverage our expertise and automation to solve them. We are the only data security solution that can intelligently eliminate unnecessary access at scale, helping security teams keep up with the ever-growing risk of data exposure as more data is created and shared.
More than 7,000 enterprises worldwide trust Varonis to secure their most critical data and improve their data security posture across SaaS, IaaS, third-party apps, NAS, and even on-prem. By offering innovative solutions to today’s biggest cyber threats, Varonis empowers organisations to take a proactive and holistic approach to cybersecurity, effectively protecting their sensitive data and mitigating the risks posed by cyber threats.
TimesTech: Is there a growing demand for cyber security professionals? If yes, how can we meet this growing demand?
Mr. Maheswaran: There is a large – and ever-growing — demand for cybersecurity professionals globally. As the frequency and sophistication of cyber attacks increase, organisations across industries recognize the importance of having skilled cybersecurity experts to protect their digital assets, sensitive data, and IT infrastructure. This demand is driven by several factors, including the evolving threat landscape, increasing reliance on technology, and the need to comply with data protection regulations.
Meeting the growing demand for cybersecurity professionals will require collaboration between educational institutions, industry, governments, and individuals. Organisations and educational institutions must work towards promoting cybersecurity as a career, forging partnerships with industry, and fostering internship and apprenticeship programs.
Government initiatives, cybersecurity competitions, and many other such programs will help encourage students to become security defenders. By providing accessible education, training opportunities, and promoting cybersecurity as an attractive career option, we can develop a skilled workforce that effectively addresses the challenges posed by cyber threats.
TimesTech: What best practices can the cybersecurity experts follow in order to avoid data breach and ensure cyber security?
Mr. Maheswaran: Varonis continues to protect data where it resides, whether that is in the cloud or on-premises. We have rebuilt our industry-leading Data Security Platform in the cloud as a SaaS. We tasked our world-class R&D team with architecting our SaaS Data Security Platform from the ground up without any legacy constraints. Our reimagined cloud-based platform taps into the intellectual property that has helped Varonis lead the data security market for nearly two decades. Varonis has years of experience securing 7,000+ organizations, including some of the largest IT environments from governments, multinational corporations, and healthcare organizations. With expertise in nearly three dozen regulatory and compliance frameworks, we understand how to handle complex security at scale.
The Varonis Data Security Platform comes with the unique ability to monitor dozens of different data sources, including SaaS applications, cloud infrastructure, network devices, email, and other systems that store and process sensitive data.
By providing an organization-wide view, companies can prioritize and focus on risks that matter to them, improving their security posture. Using the same policies and consistent analytical user interface, customers can apply data security management policies across all data sources without the need to implement specialized solutions for each data source separately. Varonis provides customers with autonomous and continuous data risk reduction alongside the world’s most sophisticated threat detection. Varonis captures more metadata about enterprise data and file systems than any other solution –– no other company can capture and integrate this breadth and depth of information.
