Harish Kumar GS, Head, Enterprise & Government, Check Point Software Technologies, India & SAARC
GS, Head of Enterprise and Government at Check Point Software Technologies
India & SAARC, recently spoke with Siddharth Shankar from Times Now about the current state of cybersecurity
in India. As a leading provider of cybersecurity solutions
to corporate enterprises and governments worldwide, Check Point Software Technologies offers a range of solutions to protect against cyber threats. During the interview
, Kumar shared his outlook on the current cybersecurity landscape in India, state-sponsored threats, and Check Point’s plans for 2023. He also discussed the company’s focus on emerging technologies such as 5G, IoT, and Metaverse, and the need for continued skilling and re-skilling in cybersecurity in India.
Siddharth: There has been news of a lot of cyberattacks lately in the country. More companies are getting targeted, so what’s your outlook on the current cybersecurity landscape in India?
Harish:The cybersecurity market in India
is expected to reach the revenue milestone of US $ 2.37 Bn in 2023. The market’s largest segment is security services with a projected market volume of US$1.19bn in 2023. The revenue is expected to grow at a CAGR of 14.61%, resulting in a market volume of US$4.09bn by 2027. Factors like the adoption of a cloud-first strategy, business-led innovation, remote working circumstances, an expanding threat landscape, and data privacy are the main drivers of the Indian cybersecurity industry. According to Check Point’s Threat Intelligence report
, an organization in India is attacked on an average of 1787 times per week in the last 6 months, compared to 983 attacks per organization globally.
As per the recent
PwC survey, in India, over 82% of business executives foresee an increase in cybersecurity budgets in 2023. One of the broad trend for 2023 include phishing attempts to increase this year. While phishing attempts against business and personal email accounts are an everyday threat. In 2023, it is expected that criminals will widen their aim to target business collaboration tools such as Slack, Teams, OneDrive, and Google Drive with phishing exploits. As per The Cyberwire
, phishing attacks will increase its frequency in 2023, specifically via LinkedIn accounts. Companies will have no respite from ransomware. Check Point’s mid-year security report revealed that ransomware was the leading threat
for organizations in the first half of 2022. In 2023, it is expected that criminal groups will continue to evolve and grow with smaller agile groups to evade law enforcement. With the adoption of 5G services in India and the increase in IoT usage, the magnitude of cyber-attacks is set to rise. Hackers would also be seen carrying out Gen V and Gen VI sophisticated cyber-attacks. In 2023, it will be imperative for organizations to deploy IoT security solutions to protect these devices. Not just for organizations but individual scams will also be seen on the rise. Lastly, hackers will be using AI to fuel cybercrime. The AI tools like ChatGPT can significantly alter the cyber threat landscape as anyone with minimal resources and zero knowledge in coding can easily exploit the software to generate malicious emails. malware and code. These AI technologies represent another step forward toward the dangerous evolution of increasingly sophisticated and effective cyber-attacking capabilities.
Siddharth: Do you see state sponsored threats becoming a trend this year?
According to the Check Point 2023 Security report
, cyberattacks have risen by 38% in 2022 compared to the previous year, with an average of 1,168 weekly attacks per organization being recorded. The report also highlights the role played by smaller and more agile hackers and ransomware groups in exploiting legitimate collaboration tools used in the hybrid workplace.
One of the key findings from the 2023 Security Report included Hacktivism. The boundaries between state-sponsored cyber operations and hacktivism have become increasingly blurred, as nation-states act with anonymity and impunity. Non-state affiliated hacktivist groups have become more organized and effective than ever before. According to Check Point research, the second-most targeted industry in the world is the government sector. CPR believes the Russian-Ukrainian war has proliferated the new model of hacktivism significantly. This new model of hacktivism is better organized, structured and more sophisticated. In the third
quarter of this year, governments were on the receiving end of 1,564 weekly attacks on average, representing a 20% increase YoY. In India, in the last six months, government authorities/departments received close to 3,354 attacks weekly per organization. Major corporations and government authorities are being heavily targeted by this emerging type of hacktivism, and sometimes individuals as well. The trend is expected to further rise in 2023.
Siddharth: How is Checkpoint positioned? In what all areas is the company currently present in and how is the Indian market shaping for Check Point?
Harish: India is one of our very important markets in the world. We’ve invested significantly in the country. If you look at it, we operate the network protection, which is where we invented the state full inspection firewall concept. We were one of the early proponents of protection as a mechanism in the world. As we complete 30 years of existence, we are proud to share that we are one of the oldest cybersecurity companies in the world, which has survived and flourished.
Apart from the network, Cloud is another big focus area for us and our product is called Cloud Guard. Nowadays, if a customer or an organization wants to move into the cloud, security must be a priority right from the start. We are one of the first prevention based CNAPP architecture and we cater to the four Cs of the cloud. Gone are the days when servers and storage were installed in a data center and one could physically view them, now even infrastructure is on a code and Check Point protects the code, the Kubernetes clusters, containers, and the cloud hosting war.
We also manage access and access points. Post-pandemic, with the remote workforce endpoint and access protection has grown big. We provide secure access to corporate networks and applications. Hence, SSE or SASE is a very fast-growing area for us. Another big area is EDR- XDR which is to protect your devices in the network, whether it is remote or on the premise, and drawing out the intelligence from what’s happening in each of these devices. That host of products is called as Harmony, and we are doing well in that segment.
Overall, the key differentiator for us is the single pane view we offer to our customers. If you take any organization, there’s the network, workload on the cloud, and a mobile workforce. In such a scenario, having a single pane of view across these three aspects of your organization becomes crucial and we provide that to our customers. We refer to this architecture as Infinity and we are seeing a lot of positivity in the market around such an offering.
Siddharth: You have a lot of solutions and products for the industry what do you think is the current awareness levels and requirement and demand for cybersecurity in India?
Harish: The awareness is quite high, even small and medium organizations are aware of threats online. However, one of the barriers to cybersecurity adoption has been the high cost. For instance- For an organization of 1000 – 2000 employees that has a turnover of around 200 crores. If you have to protect yourself and invest in all the technologies which are available. In such a scenario, two issues arise. Firstly, cybersecurity is a very fractured market, and there are multiple products for accomplishing multiple things which makes it a big challenge. Secondly, if a company is setting up a basic SOC for an organization, it’s going to cost you anything upwards of one and a half million dollars a year and a team of four to five people. There are additional products and licenses that will have to be bought, investments in SIEM, endpoints, and so on and so forth. All these pose the biggest barrier in the path of widespread cybersecurity adoption.
To cater to this issue, Checkpoint offers managed direction and response service for such organizations. Companies don’t have to invest in separate products, we monitor and track all the fields. This service has seen a great demand amongst mid-sized corporates in India.
Siddharth: With newer emerging technologies like 5G, IoT, and Metaverse coming in, the threat landscape has widened. How is Check Point addressing this emerging landscape?
Harish: With the introduction of advanced technology like 5G, Web 3.0, metaverse, AI generative software and IoT adoption, we can expect that this is going to make the industry more prone to sophisticated Gen V and Gen VI attacks. These advanced technologies are going to decentralize the data, shift the physical infrastructure to cloud-based platforms and operate on edge computing. Therefore, the cyber security posture for companies is going to be more pronounced than ever with the expansion of multiple attack vectors for organisations.
From a technology perspective, Web 3.0 and metaverse technologies are still in the nascent stage. Web 3.0 is a refined version of Web 2.0 that poses challenges regarding existing user data and its ownership. The metaverse is all about the virtual world, therefore, there is no specific way to identify cybercriminals who use the advantage of remaining anonymous to strike. The biggest hurdle to the metaverse being a secure environment is in its foundations. Built on blockchain technology, we have already seen serious security gaps in NFT marketplaces and blockchain platforms such as OpenSea
, making initial attacks in the metaverse a reality soon, based on authorization, and user accounts. Most importantly, there is no legal and regulatory framework to govern both the technologies therefore neither the user nor the company can be given any protection against the cybercrimes organized through these technologies.
In India, the stage is set for the launch of 5G technology. Consumers and companies are at high risk as the dynamic software-based systems of 5G include many more access points for traffic routing than the current centralized hub-and-spoke structures of 4G. Apart from this, security for IoT devices is intrinsically weak and simple to hack. Therefore, companies need to deploy a prevention-based response system rather than an incident-driven response system.
Siddharth: India is up there in software development but how is it in terms of skilling and re-skilling people for cybersecurity?
The Indian enterprises are severely struggling with a massive shortage of cybersecurity professionals. There are various reports that revealed that 60% of firms in India are having unfilled cybersecurity positions
. Globally, the cybersecurity workforce is short by 2.7 million workers according to a study by the Information System Security Certification Consortium (ISC). This clearly signifies the need to give young people the tools to enter the industry, regardless of their situation.
To that effect, to prepare students with the vital technology skills they need to secure the future, Check Point Secure Academy
was created to provide cybersecurity education worldwide via partnerships with third-party institutions through Check Point’s cybersecurity training umbrella called Check Point MIND, offering educators and students vital cybersecurity skills, learning resources and certifications through a “revenue-free” education programme.
There is already a talent mismatch of 25.5% in security between August 2019 to August 2022
. With the rapid digitalisation driven by pandemic outbreak and commercial 5G rollouts in India, it is evident that the demand for cybersecurity is set to increase and take the centre stage. For instance, as per global job site Indeed
, job postings for “cybersecurity” have grown 81% between August 2019 to August 2022.
For hiring talent, recruiters are using a variety of hiring channels and their professional networks to find the best-suited candidates. As a result of the severe shortage, companies are willing to pay a premium salary. Nevertheless, the gap still exits especially here in India, where there are an estimated 96,000 security professionals
. To best handle this situation, businesses must focus on skilling and reskilling the new and lateral hires, by offering comprehensive training and certification programs.
Siddharth: What are Check Point’s plans for 2023?
Harish: We have launched a host of products including the next Generation Management or Titan which gives you a single pane of view across network, cloud and endpoint. We also launched a new set of branch devices called as Spark Pro, which gives better bandwidth and comes with 5G and Wi-Fi. We launched our own SD-WAN portfolio which will run on top of the quantum devices which we already have. We also launched the MDR services and repackaged them as Horizon. Horizon is a service that can be used for threat hunting and to look at what’s happening inside company’s network packet by packet.
Overall, it’s quite an exciting time for us. We promised the four Cs of cloud to be covered, the no prevention based CNAPP to be launched, it’s already being adopted by clients. Similarly, our newer products will be immediately adopted by clients in the next couple of months.