The emergence of remote and hybrid work in the last two years has given rise to new and complicated cyber security threats. The multi-cloud environment in which organizations operate currently has also changed the security landscape. In an interview, Terence Gomes, country head—security, Microsoft India, spoke about the threat landscape in India and the need for skilling to build an efficient cyber security workforce. Edited excerpts:
What are the recent trends in the cyber security threat landscape you are seeing in India?
There are two clear trends we see. First, the shift to remote and eventually hybrid work has accelerated a rise in cyberattacks. Over the past two years, cyberattacks have increased not just in size and scale but also in sophistication. Previously, cybercriminals focused their efforts on malware attacks, but they have shifted their focus to ransomware, as well as phishing with the goal of harvesting user credentials. Remote and hybrid work realities have resulted in people moving fluidly between work and personal lives and across multiple devices and networks. As a result, the entry points for attacks, identities, devices, apps, networks, infrastructure, and data live outside traditional perimeters’ protection. The second aspect is organizations have increasingly started understanding how business-critical cyber security is for them. They are acknowledging the enormous reputational, operational, legal, and compliance implications if cyber security risks are neglected. According to industry estimates, cybercrime costed economies more than $6 trillion globally in 2021 and this is expected to increase to $10 trillion by 2025. Given this context, there is a strong need for an end-to-end cyber security approach to protect organizations which leaders are embracing at a more rapid pace than ever before.
Which areas should organizations prioritize and invest in for threat prevention?
A multi-cloud world means the number of platforms, devices, users, services, and locations multiplies exponentially—and organizations often face the challenge of securing this. A recent survey by Microsoft shows that 83% of business leaders see managing multi-cloud complexity as their biggest pain point in 2022. Cyber risks are inevitable and ever evolving, but the more we build comprehensive, integrated, and cloud-powered defences using automation to prevent, detect and mitigate risk, the more we can empower organizations of all sizes to be fearless in their digital transformation journey and continue to innovate. Over the past two years, organizations have seen a massive increase in their digital footprint. Cybercriminals move quickly to discover new threat vectors, use new exploits, and respond to new defences. An overlap between information governance, records management, and data collection is driving the need for a comprehensive solution for managing data risk. The market has responded with dozens of products that force security, data governance, compliance, and legal teams to stitch together a patchwork of solutions. This approach not only strains resources, but it’s also ineffective. Providing secure remote access to resources, apps and data became the top challenge for business leaders in the past year.
What gaps must be plugged in from a skilling perspective to create a strong cyber security talent ecosystem?
Investing in cyber security skilling and preparing the next generation of security leaders is a key area of focus for the industry and organizations alike. According to industry estimates, India is expected to have over 1.5 million vacancies in cyber security by 2025, the second-highest in APAC after China. This has created a strong industry need to build programmes that bridge the skills gap in cyber security. In addition, closing the gender gap in cyber security and enabling more diversity is also a key focus area. Currently, women represent only 24% of the cyber security workforce, which means there lies a huge opportunity to create more pathways for women.