Kaspersky, recently, successfully concluded APAC Cyber Security Weekend 2024, in Columbo, Sri Lanka, with a focus on AI’s impact and its vital role in shaping the future of a secure digital arena. Digital Terminal was on the ground in the neighbouring country, covering up the event and capturing the latest insights and developments. During the event, Rajeev Ranjan, Editor of Digital Terminal, had an exclusive conversation with Adrian Hia, MD-APAC Kaspersky, who discussed the current cybersecurity landscape, the Indian market, and Kaspersky's plans. Find out the excerpts:
Rajeev: What is your take on the recently passed Data Protection Bill by the Indian government? How is Kaspersky collaborating with the government fir data security within India?
Adrian: We maintain strong relationships with the Indian government and fully understand the importance of data sovereignty. Many cloud providers must comply with the Data Protection Bill, ensuring that data currently held outside the country is repatriated. This is a significant shift, particularly in light of similar practices by companies like Apple in China. At present, users are often unaware of whether their data is stored in India or abroad, but this will soon change with the introduction of stricter regulations.
I foresee a major shift in the cloud industry, which has dominated for the past decade. Increasingly, enterprises will look to build their own data centers or opt for colocation with Tier 1 carriers (T1Cs) to gain control over their assets. Current geopolitical conditions and emerging data regulations largely drive this trend. In India, for example, the government commanded that financial institutions must keep all banking data within the country; transferring it abroad will be illegal. As a result, many banks will be forced to establish their own data centers. The Indian government will likely ask companies like Apple to establish localized cloud infrastructure in India, much like they have done in China. While this shift will take time, it is inevitable. While there are valid concerns about data sovereignty, geopolitical tensions are making this kind of global cooperation increasingly difficult.
Rajeev: With the evolving cloud landscape, does Kaspersky plan to collaborate with major cloud providers like AWS, particularly in the Indian market?
Adrian: Our Kaspersky Hybrid Cloud (KHC) solution is already operational, protectng cloud workloads. Apart from focusing on a specific cloud platform, we view it as a compute farm or virtual machine, and take it as a responsibility to secure it at every endpoint. As core components, it’s still a processor, memory, SSD, and operating system. Our approach to protection treats all endpoints as equal. For us, the proliferation of devices is an expansion of the endpoint ecosystem, and our focus remains on securing each one effectively.
As operational technology (OT) transitions to the Internet of Things (IoT), it’s important to remember that the “I” stands for "Internet," and being online inherently makes you vulnerable. This creates a significant business opportunity in cybersecurity. But it all starts with the basics that convince everyone, to install antivirus software on mobile phones. That’s where the journey toward comprehensive cybersecurity begins.
Rajeev: How do you balance the growing enterprise and consumer segments in India?
Adrian: There are two distinct paths for growth—one in consumer and one in enterprise—and both are critical for success. For instance, in consumer, companies must compete on a global scale, just as they do in enterprise. Similarly, we prioritize both sectors and make strategic investments accordingly. A good example is our sponsorship of the Mumbai Indians, which benefits both sides of our business. We also work with common distributors who handle both consumer and enterprise segments. However, we encourage our distributors to have separate teams for each because both have significant growth potential.
Take our consumer business, for example, less than 25% of devices are currently protected, which presents a huge opportunity. On the enterprise side, we're just scratching the surface. We foster growth in both areas. Being a privately held company, rather than publicly listed allows us the agility to invest in the areas where we see the best ROI, and adjust the focus as per our need.
As for partners, we are 100% partner-driven. Partners help us collaborate with other cybersecurity companies and mitigate competition because they work across vendors. Our open platform approach, like our Kuma platform, integrates with various firewalls and third-party endpoints, helping clients on their transformation journey. We rely on partners from security assessments to the desired end state for customers.
Rajeev: Can you tell us about your channel strategy for 2024?
Adrian: Expanding our distribution network is crucial, especially in regions like East India and Central India, where we’ve barely scratched the surface. While we’ve established ourselves in major cities, there’s still untapped potential in other areas of the country. This same strategy applies to other large markets like South China. Two big countries required different strategies. Scaling through partners our operations require leveraging through partners. Our focus is on education, enablement, and training, ensuring that both partners and customers understand the basics of cybersecurity hygiene, like regularly changing passwords.
Rajeev: Do you engage third-party agencies for "red teaming" simulated attacks, and how does this enhance your cybersecurity strategy?
Adrian: Yes, we recently completed an interesting project in which a customer, confident in their security, insisted that their systems were impenetrable. To address this, I proposed a performance-based contract: if I could penetrate any layer of their defences, they would pay me a fee based on the number of layers breached. The system had ten layers of defines, and we managed to breach seven.
The effort from my team, which included engineers and testers, amounted to a significant investment of time and resources over six months. The goal was to demonstrate that vulnerabilities exist in every system. Through this red teaming approach, essentially ethical hacking, we were able to identify and help the customer patch up those vulnerabilities effectively. In this scenario, I played the role of the Red Team while they took on the Blue Team responsibilities.
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram
