Satya Machiraju, VP of Information Security, Whatfix

Whatfix has an ongoing cybersecurity and privacy awareness program that runs all year. The program provides targeted awareness for resources with higher privileges or access to sensitive data, as well as training that addresses common threats that affect the entire organisation. Secure coding and security hackathons for developers are two examples of this type of training. Satya Machiraju, VP of Information Security, Whatfix spoke to Nidhi Shail Kujur of Elets News Network(ENN), about the strategy for putting strong cybersecurity in place to help prevent an incident at the workplace.

1. As an individual or user, what are the necessary measures to safeguard your online information and privacy?

With the advent of social media, people are using the internet more than ever. But a majority of internet users are unaware of the perils of having their personal details and multimedia on the internet. Some of the measures to safeguard individual’s online information and privacy are:

a. Discover ungoverned data, classify and assess vulnerabilities, along with continuous monitoring of sensitive data and access, risk identification & incident reporting
b. Eliminate low-risk alerts for faster response
c. Employ a Data Loss Prevention solution to prevent data theft, data loss or accidental deletion
d. Deploy modern storage equipment with built-in data protection
Create data backups in the form of copies in storage units, or ongoing data replication, to e. retrieve the same in case of data loss or file corruption or damage.
f. Put up security solutions to filter and monitor network traffic and prevent unauthorized access and transfer of data, along with data encryption to prevent misuse.

2. What has been your strategy for putting strong cybersecurity in place to help prevent an incident at the workplace?

With evolving technologies and advanced security measures, cyber-criminals also deploy sophisticated tools. So, in addition to implementing strict cybersecurity policies, companies need to adopt proactive measures to reduce their cybersecurity risks. Whatfix has a cybersecurity and privacy awareness program that is operational across the year. The program provides targeted awareness for resources that have higher privileges or access to sensitive data and training that addresses common threats that are applicable to the entire organization. These specific pieces of training include secure coding and security hackathons for developers. Teams that handle customer data are provided with specific training around privacy and compliance along with cybersecurity. Whatfix also designates the month of November as Cybersecurity and Privacy awareness month. Every year during the month, various events/competitions covering the aforesaid topics are conducted.

3. How does Whatfix play a major part in ensuring cybersecurity for the larger tech ecosystem?

Whatfix has a Customer-first approach in place which ensures unrivalled commitment towards ensuring cybersecurity for the larger tech ecosystems. Over the last few years, organizations have adopted the “cloud first model” moving beyond the boundaries of the “traditional network of an organization”. Cloud technology is here to stay and organizations should, if not already, modify their controls and user training to address the risks associated with cloud technologies. Prior to the adoption of cloud technology, organizations need to carry out a thorough risk assessment and ensure that all risks are documented and reviewed adequately, along with the implementation of necessary preventative measures. The application of a “Zero Trust” model is one such measure. Zero Trust enforces controls that are risk-based and adaptive which guards against unauthorized access to online resources. But security must not come at the cost of customer experience, it must happen efficiently behind the scenes. Beyond enforcing cybersecurity, Whatfix believes in cultivating a culture of security which empowers every individual to act on matters related to cybersecurity.

Also Read | The value of an adversary-focused approach to cybersecurity

4. How are CISOs preparing to meet the global demand for skilled, diverse workers with technical skills to meet the cyber challenges?

The cybersecurity industry faces an acute shortage of skilled workforce across multiple domains such as cloud security, data science and analytics, OT security, security architecture and engineering, and attack simulation. With the help of strategies such as automation in the cyber workplace along with rewarding skilled employees, CISOs are adopting the following measures to meet the global demand for a skilled, diverse workforce with the technological expertise needed to tackle the cyber challenges:

  • Reskilling: Retraining existing workforce in the cybersecurity domain to meet the challenges arising due to the shift from on-premises and access protection to cloud, mobile, IoT, and big data.
  • Consider outside workforce: CISOs can bring in people equipped in data analytics, risk management, and cloud core disciplines and can be further trained to be well-rounded cyber professionals. This can further provide different perspectives and help overcome the lack of diversity in the cybersecurity industry.
  • Collaborating with institutions: Organizations can also pool young talent from colleges and universities and foster loyalty. They can offer apprenticeship schemes and university places in regions with high unemployment and an underprivileged population.
  • Outsourcing talent: CISOs also look at lower-cost locations with the rising popularity of remote working and the gig economy, wherein cyber security professionals seek greater flexibility over their working conditions.

Related Interviews