There is need for greater focus on the ‘people’ aspect of cybersecurity

Gihan Kovacs, Regional Sales Manager, Forcepoint, speaks to Anita Joseph about the need for a people-oriented approach to cybersecurity and investing in a more proactive roadmap with real-time monitoring.

 How much has cybersecurity grown in relevance and importance in recent years?

Cybersecurity has grown exponentially in recent years, more, in fact, than any other kinds of security. Interestingly, over USD 1 trillion has been spent globally in the last seven years on cybersecurity, yet 95 per cent of organizations have been compromised. This just goes to show that although the spending is there, the focus isn’t, and that the more the spend, the more sophisticated the attacks. Then again, earlier, cybersecurity used to be a management issue, now it has become an issue of concern the employee level, particularly in the UAE, with the many smart city projects that are being constructed. So yes, there is a definite shift in the way people look at security, and people take it much more seriously now.

What do you think is the one major aspect of cybersecurity, both regionally and globally, that is often overlooked?

I’d say it is the ‘people’ aspect. Earlier, cybersecurity was all about protecting outsiders from getting in and causing damage. Now, it has become all about protection from insiders who can cause untold damage, intentionally or unintentionally. For instance, a user/employee can unwittingly click on a malicious link and cause heavy damage. People therefore, play a large part in the whole story and a lot of mistakes and compromises happen because of their carelessness or lack of awareness.

You spoke of people. Is there a change in the way organizations are taking the people angle seriously? Has there been more awareness in this regard?

Today, I can say that at the global level, a lot of organizations are carrying out internal education campaigns for creating awareness among every employee, at every level. The pace is slow, but is definitely being implemented.

How, in your opinion, can organizations stay abreast of all the sophisticated and complicated attacks that are happening?

The two most important areas for organizations to focus on are training and implementing a comprehensive security strategy. The training aspect we’ve covered. As far as a security strategy goes, there is an urgent need, especially for organizations in the Middle East, to prepare a cybersecurity roadmap that is proactive, not reactive, with real-time monitoring and a multilayered approach. There should also be an integrated system that can collect, analyse and suggest-an intelligent, responsive system.

Forcepoint recently carried out a survey on cybersecurity. Can you share some of its key findings?

Forcepoint carried out the survey to get into the minds of organizations and to understand how they think. For this purpose, we surveyed as many as 122 IT professionals in the region, over a period of 5-6 months. We found that as many as 85 per cent of those surveyed believed that behavior based analysis was a critical component of security, yet 54 per cent of them did not have any such solution in place. 40 per cent of survey respondents fear the journey of digital transformation and 48 per cent fear evolving threats. As many as 44 per cent were concerned about moving to the cloud-all this just goes to show how digital transformation makes security a crying need.

Interestingly, the survey also revealed that there is high level of ‘trust’ in the region, with as many as 69 per cent of those surveyed trusting their employees. Then again, half of these organizations also believe that human behavior is most damaging to trust and that malicious attacks can also cause serious damage.  15 per cent of those surveyed talked about General Data Protection Regulation (GDPR), which is up and coming in the region.

As a result of the survey, I’d say that the level of regional maturity as far as a cybersecurity framework is growing in the region.

How has Forcepoint helped deepen the cybersecurity footprint in the region?

Forcepoint has a huge global presence, especially in the MENA region. We provide an integrated platform for cybersecurity, especially since most organizations are moving to cloud and need to secure their data.  We provide a comprehensive data platform with a wide range of solutions that help organizations understand and respond to threats effectively. We help companies get a context, create a story, so that they make key business decisions more effectively and proactively. Then again, our technology is risk-adaptive and helps organizations filter out all the grey areas so that it gives them more decision making powers and helps them create a clear cybersecurity roadmap.