Enrique Salem, President and Chief Executive Officer of Symantec, the largest security solution firm globally, took over its reins when there was a global economic crisis and individuals were becoming more vulnerable to cyber threats. He spoke with Shivani Shinde on the increasing threat scenarios, India’s important role for the company, and how Symantec is trying to keep a step ahead of hackers. Edited excerpts:
The nature of cyber threats have changed over a period of time.
Yes, things have changed a lot. When I started in security, kids wanted to show-off, so a site being defaced was a matter of pride. Now, the shift is towards making money. The Google attack is a bit unique, as it’s a kind of reconnaissance, wherein the attacker is trying to find future vulnerabilities for bigger attacks. It was more about going after Gmail as a massive email system which has this massive information and gives access to data of individuals.
What’s different is, you see a shift from mass attacks, to attack on targeting devices and now attacks being specific to companies. Attackers are able to do this, as information is available on the net. Attacks are becoming incredibly handcrafted. It’s about finding something about a specific company and try and break in. But, there is another aspect to this and that involves the malicious insider. The person inside the company who has the access to data.
Hw do you keep up with these attacks?
Symantec has a world global intelligence network. Through this, we have access to 30 per cent of the world’s emails, which allows us to see all the trends. We realised that since the attacks were getting targeted, we can’t just keep writing signatures.
For instance, in 2008 there were 1.6 million signatures, more than the previous seven years’ combined. So, we needed a new technology that tells us what programmes one needs. We invented something called Reputation-based security. It automatically tells you the programme that needs to run on a system.
So, if you are on the Internet and download something that has never been seen before, this system then treats it as low-reputation and not let it run. This is protecting the Zero-day attacks.
More From This Section
Mobiles, too, are being attacked by hackers.
Mobility is real and it is increasing, but the market is fragmented, with different handset manufacturers and operating systems. We say the device is irrelevant; it is how you secure the data. The first step to tackle this is for organisations to identify the information or data that cannot be lost. We are working with firms on this.
How serious are Indian organisations about security measures?
I met the top 10 banks in India in the past 48 hours, and we had the executive staff, not just the IT team of the banks, present. They wanted us to talk about what are the risks. That, for me, means organisation are not looking at security as an IT issue but as a business issue. So, India might have small incidents of targeting but it will increase. We are also sensitising firms on what they think needs to be protected.
How important is the Indian market for Symantec?
Our priority is to employ the best technical talent in the world. So, at Pune we have 25 per cent (excluding contract partners) of Symantec’s total engineering. On an overall basis, over 30 per cent of our engineering force is in India now. And, we expect this number as a percentage to increase. I say this not because it is about cost arbitrage, but it is availability of talent. If you look at the STEAM (science, technology, engineering and maths) graduates, we do not have that talent base in the US. So, my expectation is that we will continue to increase our presence here in India.
From a market perspective, India’s GDP is expected to be in high single-digits. That is meaningful, as there is opportunity.