Early-stage security integration can help firms reduce risks: Sudip Banerjee Zscaler CTO for APJ

Cybersecurity attacks are increasingly becoming sophisticated and widespread and are having a devastating impact on an organisation's reputation, financial stability, and day-to-day operations. In an interaction with TechCircle, Sudip Banerjee, field chief technology officer (CTO) for APJ, Zscaler, explains why businesses should have a comprehensive strategy to provide real-time threat detection, automated response, and proactive risk mitigation. He also spoke about the importance to consider security at every product stage, and also Zscaler’s plans for the Indian market. Edited excerpt:

What according to you are some of the most concerning threats in cyber space today that CISO/CTOs should watch out?

The overall cyber security landscape has become so complex, in the last 2-3 years - whether these cyber-attacks are state-sponsored, or carried out by individuals or groups. Almost every CISO/CTO should be watchful of the new generation of ransomware attacks, supply chain attacks, and phishing attacks. One worrisome trend is ransomware- as-a-service (RaaS) that allows anyone, regardless of programming background or coding skills, to infect computers and extract money from victims. Besides, emerging technologies and significant geopolitical events continue to affect the cybersecurity landscape, giving rise to new threats that can disrupt your business.

With ransomware attacks increasing, they’re also becoming more costly than the average data breach. What should companies do to cope with this crisis?

The fact that breaches are now becoming even costlier means being prepared is more important than ever. Also, the true cost of ransomware goes way beyond the ransom itself and recovering from an attack is an incredibly difficult and costly process. The true recovery cost involves many factors, like, downtime costs, reputational damage, and so on. Figuring out the extent of the damage from a ransomware attack requires taking a holistic view of an organisation. The first step would be to report the ransomware to the proper authorities. Not only will you be protecting others from a breach like yours, but you'll also be protecting yourself from future breaches. Besides, it is vital to have a robust backup and disaster recovery plan in place to ensure business continuity. This enables quick restoration of data in the event of a system compromise. Further, educating staff on risks, ensuring operating systems and software are up to date, and securing and monitoring network connections are other ongoing measures.

With more companies moving to the cloud today, what key factors should CTO/CIOs consider when they're looking to secure their data in the cloud?

Digitisation will lead to more cloud adoption and subsequently more cyber-attacks — what we call as the ‘attack surface’. It is mandatory for CIOs and CTOs to understand the company’s security policies and security standards, possible challenges and best practices, for better reliability in business with measurable results. For example, data is the most important asset in an organisation and housing it in a local data centre under vigilant eyes of your data security staff can offer greater visibility, control and hence minimise attack surface. It is also necessary to bake in security in every product, such as encryption. Often times, IT developers think about decreasing costs and speeding time to market when they are building applications on the cloud. But integrating the security functionality in the cloud product in the early stages can help reduce security risks.

How are you leveraging the India R&D centre for growth and innovation?

India today is about 40% of overall Zscaler’s employee strength. Most of it is in terms of R&D, which comprises engineering, product development and management, customer support, technical account management, etc. We are seeing the post implementation support needs for all kinds of global enterprises mostly from India. We have, about four offices in India, Bangalore was the first one that was set up even before our San Jose office, and has its own engineering team. We are also setting up operations in Mumbai, Pune, and Hyderabad soon. Same goes with our data centre because we are running our own cloud, and not riding on Amazon Web Services or Google cloud. Zscaler’s own proprietary cloud runs across 150 plus data centres globally.

What are your hiring plans — in terms of tech roles — at the India centre in the next one year?

As I mentioned, we have established a strong presence in India, serving a number of prominent companies, banks, and system integrators as valued customers. We have successfully set up all functions within India, with nearly 40% of our employees based there. As of June 2023, we have 5,800 employees globally. We are hiring a lot of engineering talent in areas like network engineering, who understand traffic on TCP/IP, cybersecurity analysts, cloud architects and more. We further plan to onboard one lakh interns from colleges and universities to impart education around Zero Trust Security. We are also in talks with the Ministry of Information Technology to take these initiatives to the grass root level.