Q1. A brief description of yourself and your career journey
I have more than 29 years of experience in IT sales. My career journey can be considered parallel to the technology journey in India and SAARC. After my B. Tech, I chose a career in sales as it was an interaction of my personality and technology. I became fascinated by the channel community and their power to help their customer organisations with technology enablement. In my initial days of selling telecom products, I started developing the channel community and I can proudly say that I was one of the few people in the business community to work on developing organised channels for IT products and solutions. The channel community in these regions have seen exponential growth from being product providers of electronic items to be the solution providers. Being a channel-oriented company, Sophos has had a role to play in growing channel partners from product providers to being the security advisor to customer organisations.
For more than ten years, I have been leading Sophos’ business in India and SAARC. We have more than 2500 partners across India, Bangladesh, Nepal, Sri Lanka and the Maldives and protect thousands of customers from cybercrimes in these regions. It is a different level of fulfilment to provide organisations with a protected environment so that they can work to their full potential and achieve their organisational goals.
Q2. Cybersecurity has become one of the important aspects for all kinds of organisations. What according to you should be the approach that organisations should take to design their cybersecurity strategy?
Cybersecurity, in the simplest terms, means an approach through which organisations defend themselves against cybercriminals. Hence, it is logical to understand attacker behaviours to best develop a concrete cybersecurity strategy, in which everyone across an entire organisation needs to participate.
Attackers are known to go after three areas of weakness to gain entry into an organisation: people, technology and processes. This is why defence-in-depth is important, and while IT can “own” a cybersecurity strategy, the master plan must reach all facets of the business, from phishing awareness to regularly patching and applying updates to secure software vulnerabilities.
Q3. How can companies improve their cybersecurity and what do you offer to help them do this?
While there’s no ‘silver bullet’ in security, a good place to start is to build a solid security foundation. This includes having the right people, processes and tools in place to give you a fighting chance. A robust security culture ensures everyone is ‘on duty’ when it comes to protecting the enterprise. Clear, easy-to-follow, and conservative processes, such as phishing awareness, will prevent simple mistakes from harming your business. Plus, by using the very latest prevention and protection technologies you can then defend your organisation against attackers.
Sophos helps companies fight cybercrime in several ways. First, we provide companies with products that prevent threats and unwanted software from infecting your devices and networks. Next, we provide a managed service, called Sophos Managed Threat Response (MTR), that continuously monitors customer environments when they don’t have an in-house security team or need additional staffing. Sophos also has a Rapid Response service to help companies that are under an active attack. Lastly, Sophos provides insight into current threats and changing adversary tactics, and advice on the best ways to defend against them through online resources such as SophosLabs Uncut.
Q4. In addressing CEOs from all sectors, what is your final message?
I want CEOs to think about security as a lifestyle and develop it as a culture because it’s the right thing to do. Due to the exponential increase in cybercrime, which will continue to increase, CEOs should start thinking about how every action they take will affect cybersecurity. For example, even the products or services their organisation design should have a cybersecurity aspect right from the planning stage. Leaders who oversee organisations should set this tone to ensure that a security culture lasts. We need to raise the bar for cybercriminals. The higher we raise that bar, the harder it will be for them to attack.