Sunil Sharma, Managing Director- Sales at Sophos, discusses the necessity of AI-driven cybersecurity, the sophistication of social engineering attacks, and the adoption of Zero-Trust architecture in combating these threats.
In the rapidly evolving world of cybersecurity, organizations are continually challenged to adapt and innovate to protect their digital assets and data. The landscape in 2024 presents unique challenges and opportunities shaped by advanced technological trends and the ever-changing nature of cyber threats. This analysis explores the key trends in cybersecurity, the implications for organizations, and the strategies necessary to navigate these challenges effectively.
As AI becomes increasingly integral to cybersecurity defenses and cyber-attack methods, organizations must adopt AI-driven solutions to stay ahead. The sophistication of phishing and social engineering attacks, particularly in the corporate sector, demands more innovative and vigilant defense mechanisms. The rise of Zero-Trust architecture and the proliferation of IoT devices introduce new vulnerabilities, requiring a reevaluation of trust and security protocols. Amidst these technological advancements, the human element remains critical, underscoring the need for continuous education and adaptability in security practices.
Managing Director- Sales
Sophos
In conversation with Nisha Sharma, Principal Correspondent at CIO&Leader, Sunil Sharma, Managing Director- Sales at Sophos, talks about Sophos’s proactive approach in ensuring compliance with regulations like GDPR and DPDPR, along with its innovative managed detection and response services, underscores the importance of outsourcing cybersecurity to specialists.
CIO&Leader: What are the key trends shaping the cybersecurity landscape in 2024? How do you anticipate these trends will impact organizations, and what strategies would you suggest for them to adopt these challenges?
Sunil Sharma: In today’s digital era, our approach to cybersecurity must be dynamic and forward-thinking. We face a landscape where AI-driven cybersecurity is not just an advantage but a necessity to counteract AI-empowered attackers. The evolution of phishing into sophisticated social engineering attacks, especially in the corporate sector, demands heightened vigilance and more innovative defenses.
The advent of Zero-Trust architecture emerges as a cornerstone strategy, challenging us to trust no entity by default in a world riddled with deepfake threats. The burgeoning realm of IoT presents new vulnerabilities, turning every connected device into a potential gateway for cyber threats. And amidst all this, the human element remains the most unpredictable – a reminder that our security is only as strong as our most uninformed user. As we navigate these complex waters, our focus must be unerring: to continuously adapt, secure, and educate, ensuring a resilient and robust defense against the ever-evolving cyber threats.
CIO&Leader: Given the growing emphasis on data-driven decision-making, what specific features or capabilities will your solutions offer to help organizations derive maximum value for their data?
Sunil Sharma: Sophos offers a central management console designed to assist in managing cybersecurity across various digital infrastructures. This console is designed for organizations with extensive networks, providing a single dashboard that displays the security status of the entire network. It is equipped to handle large numbers of nodes and servers, streamlining the monitoring and management process.
The Sophos Central platform includes endpoint protection, email security, encrypted hard drives, secure switches, and access points. It provides a real-time view of the network, showing the security status of each node, device health, and analytics on email threats, among other details.
A notable feature of the Sophos platform is its compatibility with third-party vendor solutions. This lets customers view their network’s security status on one dashboard, facilitating quicker and more efficient decision-making for CISOs and CIOs. The platform aims to provide a comprehensive approach to security management within a single dashboard interface.
CIO&Leader: Can you elaborate on any partnerships or educational initiatives your company undertakes to bridge the skill gaps, and how can CIOs and IT professionals benefit from these efforts?
Sunil Sharma: At Sophos, training is a key focus. We have a network of over 3,000 partners across the country. For these partners, we provide a range of training sessions, including selling skills, technology training, and deployment. Each year, thousands of engineers are trained and certified in various categories, such as architect and technician levels.
We also offer training programs for customers, which are currently available on a paid basis. Additionally, we collaborate with colleges and educational institutions, offering training programs to students before graduation. This program combines practical industry knowledge with academic learning, and Sophos later recruits many participants.
The importance of cybersecurity training is recognized, yet there is room for growth in this area. Customer preferences lean towards free training, but increased investment in training budgets could benefit the wider cybersecurity industry.
CIO&Leader: How is your company helping CIOs ensure their IT environment, compliance, and regulatory requirements in 2024, like DPDPR and GDPR, if we talk about it? So, what innovative approaches or technologies are you implementing in this space?
Sunil Sharma: First, we emphasize proactive technology strategies, ensuring compliance with GDPR, IT Act, and other relevant regulations. Our solutions include endpoint protection, email protection, network protection, firewalls, switches, access points, and encryption. This is crucial for companies to protect data, even in cases of physical hardware loss like laptops.
We offer solutions such as zero trust networks and advanced endpoint protection. Our strategy for 2024 focuses on addressing the cybersecurity skill gap, resource allocation, and enabling organizations to concentrate on their core business. For instance, hospitals should focus on healthcare and hospitality businesses on customer experiences rather than investing in and maintaining security operation centers.
Established in 1985, Sophos has been a leader in Managed Detection Response (MDR) solutions, currently serving over 17,000 customers. Globally, Sophos solutions are used by more than 550,000 customers, a significant number compared to other companies in the industry.
We provide comprehensive compliance solutions, including HIPAA and various others. Our products, like Cloud Optics, support customers in adhering to cloud compliance standards. Overall, our products and solutions assist CSOs and CIOs in achieving and maintaining required compliance standards.
CIO&Leader: What key milestones or innovations do you expect in your company’s journey throughout the following year? And how will these innovations benefit the decision makers, IT decision makers, in the evolving challenges and opportunities for the enterprises’ IT landscapes?
Sunil Sharma: The key message for corporate audiences is that companies should focus on their core business rather than developing costly and complex competencies in areas outside their expertise, like cybersecurity. As we enter 2024, there’s growing awareness among CISOs and CIOs about the importance of managed detection and response (MDR). However, at the board and CFO level, there needs to be more clarity about investing in such technologies, questioning the necessity of such expenditures to protect against cyber threats.
There are two approaches to this challenge. First, a company could establish its security operation center (SOC), which is expensive and requires sustained maintenance and expertise. Since cybersecurity is not most companies’ core business, the second approach is outsourcing to a reliable cybersecurity company.
For instance, deploying MDR requires specialists like threat analysts, researchers, and data scientists. A company like Sophos, with six global security operations centers, offers immediate access to these specialists and their expertise. This level of resource and knowledge is challenging for a company whose primary focus isn’t cybersecurity to develop and maintain.
The trend is moving towards cybersecurity as a service, where companies like Sophos handle cybersecurity, allowing clients to concentrate on their primary business. The service model is based on charging only for the services delivered, ensuring clients don’t pay for what they don’t need. This approach is expected to dominate in 2024, with innovations and integrations focusing on relieving companies of cybersecurity burdens and letting them focus on their core operations.
Image Source: Freepik