At Appknox, we try and make it a point to converse with individual cybersecurity experts from time to time. This is highly essential for our vision which is to create a safe and secure environment for the entire mobile ecosystem. Previously, we wrote about Charlie Miller, Kevin Mitnick, Rob Fuller and more and one thing we found in common with all of them was their proactiveness towards security. One of the key traits that make a cybersecurity expert good at what he does is his ability to be proactive towards security.
[bctt tweet="Trust will become the most important factor in the future! @Raj_Samani @Appknox #Cybersecurity http://blog.appknox.com/raj-samani-cto-intel-security-cybersecurity-expert-speaks-to-appknox " via="no"]
Just like that, we had an opportunity to have a word with Raj Samani. Raj is a cybersecurity expert and is the Chief Technical Officer of Intel Security in the EMEA region. Previously, Raj has worked with Capgemini and Deloitte as Chief Information Security Officer and Security Consultant respectively before working with Intel. Along with that, he is also the Member of the Advisory Group for Internet Security for EUROPOL CrimeCrime Center.
Appknox helps businesses detect and resolve security issues using a human plus system approach that ensures we go through all the necessary layers in a mobile app – network, file, memory, etc. We help CIOs and CTOs realize the worth of security, and so does Raj Samani. Here's what he had to say when we spoke to him:
Q: You have worked in different kinds of companies – small-mid size, enterprises (CapGemini and Deloitte) and also the government (EUROPOL CyberCrime Centre). Have you observed any difference in their attitude towards security?
In particular, the role of security has evolved. I remember early on in my career, and the security function was a subset of the IT department. Rarely ever getting any exposure at the senior level. In fact, there was a time my boss would refuse even to meet with me since any report of a major risk would have meant that action was needed. Today, security teams are starting to drive innovation. It is, of course, early days, but I am hopeful that this trend continues. As a consumer, I want to know that the security and privacy risks have been managed.
Q: How important do you think, is the role of the government to enforce security practices among corporations?
If you look at the European Cybercrime Centre, it acts as a shining example of how the public and private sector can work together. It is imperative that both sectors find ways to collaborate. Their track record of successes points to what can happen when both sectors collaborate well.
Q: Television shows like Mr. Robot talks a lot about security in mobile, applications, website and enterprises. How influencing, to the enterprises, do you think the news of breaches and heists are when the consumers talk about it on the social media?
Consumers are becoming more aware. A recent breach for example against a major telco resulted in the loss of 95,000 customers. The concept of abnormal churn rate whereby customers leave a company when a breach occurs is becoming more telling. We have to see trust as a major factor in keeping and attracting customers both existing and new. It is changing, and companies seen as untrustworthy will continue to experience lost revenue.
Q: Gartner and our own research say that 75% of the apps are vulnerable to attack. With the increasing awareness of apps and its uses, what advice would you like to give to enterprises, companies, and developers to keep their mobile applications more secure?
Know your risk. The level of transparency afforded to us today is very poor. For example while you can identify the permissions an app may require, we are rarely informed of what happens to the data; for instance, where is it stored, how is it transmitted, who is it shared with, etc.
Before installing any app, ask yourself these fundamental questions, and any doubt should be met with a serious question whether you really need the app.
Q: According to you, $100bn would be invested in cybersecurity in next five year to fight crime. Do you think the companies in their early stage in years to come should actively invest in security?
Trust will become the most important factor in the future. I mean consider what's coming, self-driving cars, full lights out factory operations, connected healthcare devices, etc. Any doubt regarding the safety/privacy of such devices will impact deployment.
Q: People might want to reach out, follow you and interact with you. What is the best medium to get in touch with you (email, Twitter, Facebook, LinkedIn, etc.)
Disclaimer : The above answers reflect cybersecurity expert Raj Samani’s personal views and opinions and not necessarily align with the views and opinions of any other Cybersecurity expert or Raj Samani’s colleague(s).