30 Nov Interview With Anuj Jain – Safety Detective
Anuj Jain, Founder and CEO of CyberSec Consulting, met with Aviva Zacks of Safety Detective to discuss how his company stays ahead of the competition.
Safety Detective: What motivated you to start your company?
Anuj Jain: I worked as the director of services for a distribution company as well as a system integrator in the Middle East for more than 10 years before I started the company.
During that time, I realized that there is a gap in terms of cybersecurity services and consulting specifically in the Middle East and Africa. I knew it was time for me to open my own company and work on that gap, and that’s what motivated me to open a company called CyberSec Consulting. It does cybersecurity services, consulting, training, and outsourcing of skilled resources.
SD: Can you go into more about what your company does?
AJ: We are typically in cybersecurity services which covers multiple lines of businesses like professional services, tech support center (T-SaaS), strategic consulting, certified training, resource outsourcing (R-aaS), and assessment & assurance services.
Some of the strong practices that we have built are Data Protection and Privacy, Identity and Access Management, and Security Operations Center.
So, concisely, the company is specialized in the niche cybersecurity domain and experience in handling medium to sophisticated service and consulting delivery engagements.
SD: How do you stay ahead of the competition?
AJ: In the last few years, I have realized that people have bought a lot of technology and solutions and they have been investing very heavily into cybersecurity and that’s a need of the hour. But what I also realized is that when people are buying technologies and solutions, they don’t have the right sort of skills to either consult on it or implement it correctly which can give them ROI. This is where I see a gap, and from a competition perspective, I don’t see any competition for us in the Middle East. I don’t think there is another company that has been offering service-only and helping customers to ensure that they utilize those technologies in a better way, which can help them ensure that they are being protected from the cyberthreats.
Our team of consultants has been specialized and skilled in multiple technologies that come from experience in a different technology space. We have been helping customers and ensuring that they understand what they want and how we can help them in terms of implementing and managing those technologies for them.
SD: What are the verticals that you work with?
AJ: We have been working very closely with all types of customers across the market. Our customers are in governments, ministries, oil and gas, utilities, and the banking sector.
SD: What do you think are the worst cyberthreats today?
AJ: People have been working remotely from home, which is not the way things were designed. People were used to working in offices, and that’s how the security controls were put into place.
When people started working remotely, it opened a whole Pandora’s box in terms of cyberthreats. Your data is a bigger challenge where data lies both in the offices and in the cloud. This is one of the biggest threats because data is important but not protected properly. There is a need for the controls, the policies, the procedures, as well as the technologies, to be put in place to ensure that our data is protected.
Now we are realizing that cybersecurity is not about technologies and processes. It’s all about people. If your people are not smart enough to understand what is good and bad, it opens a different set of problem areas into cybersecurity. I have always thought that people are the weakest link when it comes to cybersecurity. If your people are not trained enough, if they don’t have enough awareness, it becomes a different set of challenges for the organization.
If the data has not been protected or managed properly while people are working from home, when they are using their own laptops and internet which doesn’t have any control, that can be a challenge for a customer and their confidential data.
Apart from the normal challenges like viruses, malware, and phishing attacks, these are the different challenges that I see when it comes to the current pandemic situation. This is where I think each organization must spend enough to ensure that their people are trained. They need to have the right set of technologies to ensure that people who are working from home can be protected.
Considering the ongoing grave threat posed by online frauds, it will become our collective responsibility to be vigilant about online security. Cybersecurity is no longer the sole responsibility of the technical department but requires a vigilant and aware force of individuals to combat the online threat.
SD: How do you see cybersecurity developing in the next five years or so?
AJ: It is going to change a lot. The pandemic has given a different perspective on how people are going to work. At least in the Middle East, I can tell you we were not used to working from home, and organizations were very skeptical about allowing anybody to work from home. But after the pandemic, they realized that work from home is doable, and this is where the shift is going to happen. More work from home culture will be available to the people, which also require us to have a lot of things available on the cloud rather than in on-prem. Your data must be on the cloud, your technologies will be on the cloud, which means a lot of security controls which is on-prem has to move to the cloud.
Another area will be DevSecOps where we will see data security become an integral part of that development life cycle for any organization. I think cybersecurity will become a part of the game anyway.
As we all are moving towards a strong cybersecurity framework and processes, I feel that this will no longer be the role of a cybersecurity team or an IT team. I think this will become a responsibility of the boardroom comprised of CXOs where they will become more focused in terms of ensuring that they have the right set of investments to protect their critical data and assets within the organization, to ensure confidentiality, integrity, and availability.