Change in regulatory frameworks for ATM encryption, BFSI and insurance sector have lately been causing significant uptick in the security encryption adoption in the country. Due to this, Rahul Kumar, Country Manager & Director, WinMagic India, says that customers have started seeing them as very serious specialist players who can solve the pain areas in encryption business. Rahul Kumar, in conversation with Sarabjeet Kaur. Excerpts:

BW CIO: 2017 was a year of ransomware attacks. What is WinMagic’s take on battling such threats with perfection if faced similar this year?

Rahul: 2017 showed us where we are heading to. Ransomware attacks are not going to stop as the threat vectors are the reality today. I think that the best solution to combat any kind of ransomware attack, whatever form they may be in, is by relying on protective technologies rather than detective technologies. As hackers are always a step ahead of everyone, the best option is to encrypt and backup. If you encrypt the data then you know that hackers will never be able to access it even if they steal the data. Simultaneously, if you secure it by backing it up then you will always have access to it. That is a solution for any kind of ransomware attack. Other than that, the hackers will always be two steps ahead.

Hacking is now a serious thing. It is not just ethical hacking or something people do out of fun anymore. People are making money out of it. If you take these two approaches well then you are sorted.

BW CIO: What challenges did you face last year which you would want to prevent this year?

Rahul: From the product side, our biggest challenge today is the fact that we are not really in front of as many opportunities in the market as we want it to be. Being in front of 100 percent market opportunities is too much aspirational but we still need to be there in majority. As India is a vast country, our partner ecosystem has increased significantly from previous years. But from product side, we are very stable and need a lot of robust improvement to reach out more to customers and help them understand that there is a better world in encryption.

Encryption is tricky and we bring in the better side of encryption as it has been the most difficult endpoint technology. Also, we make it easier for our customers even with the most difficult cloud technology that is available today. Encryption technology secures but is very difficult to run. So we bring simplicity to the entire deployment of encryption technology.

BW CIO: What is current security landscape in India, particularly in the light of demonetization, GST, and Digital India.

Rahul: Digitalization is the most important piece in all this. As whatever new you do in life, it opens up new avenues; similarly, every new avenue has some holes to plug. In digitalization, the biggest hole is security. A business card, for instance, can be circulated a few times only. A digitalized business card, on the other hand, can be forged or misused countless times once it enters the World Wide Web. This is where the magnitude of the problem starts to get exploded. It means much larger roadmaps and scope of your data getting exposed. The threat vector starts increasing.

In today’s world, there is malware which can infect your smartphone and be there for years without acting. They only act when they deem necessary and can benefit from a specific type of data. That is why it is said that hackers are very smart people. The general perception is that we will adapt to digitalization and then think about the security it requires. But the fact remains that it always has to be the other way around. If you digitalize something, you have to think through the process such as how much are you moving forward and what is the threat landscape that needs to be covered.

BW CIO: Do Indian customers understand the value of data security and threats?

Rahul: The understanding is there and it is ever increasing. But the problem is between the IT teams and the businesses. The IT teams understand this very well but are they willing to go to businesses and ask them for implementation of security technologies as it costs money and resources? The answer, unfortunately, is not many. Not many IT persons are confident to even pitch their ideas to get a certain budget for security purpose only. Even if they do, security does not always get a focused bigger chunk as it should considering its importance.

The key problem in India is admitting to the fact that IT is not positioning security’s importance within the management as much as it should.

BW CIO: What is your take on the numerous ransomware attacks that have happened in the past?

Rahul: A lot of customers came to us asking for help last year amidst all the ransomware attacks. Their data was encrypted but they were attacked by hackers and were worried about how to recover that data. The answer to their question was that once the data is gone then you cannot do much. The only thing you can do is to secure it by encrypting it beforehand so even if the data gets attacked, the hackers will not be able to access it. Also, the customers can have a backup of the data so they do not need to worry about the recovery process.

Ransomware technologies have the ability to encrypt an already encrypted file. This means that encrypting does not really protect you from losing your data. A customer can lose his data if the hacker encrypts it again; unless the customer keeps a backup of it. That is the only foolproof way to secure data. Every other measure can and will fail in one way or another.

BW CIO: What security solutions should enterprises take as a top priority?

Rahul: The top priority of enterprises has to be understanding the risks. The team should define the risks that have to be dealt with on priority. This helps in further taking a look at the relevant technologies and designing a very comprehensive process of adopting those technologies. Post this, the users have to be made aware of it and get educated about the same. The process of understanding the risk, defining what risks can be covered first versus later, and keeping the others in the risk appetite is the correct order and process to prioritize security solutions.