Nat Kausik is CEO and Founder of Bitglass. Prior to Bitglass, Nat was CEO of Asterpix, Trubates, FineGround and Arcot Systems, and also held positions in research and academia. Nat earned a B.Tech from IIT, Madras, an M.S. from Princeton University, and a Ph.D. in computer science from Cornell University.
What are the biggest cybersecurity threats to businesses in 2021?
With the COVID-19 pandemic fundamentally changing the way we work for the foreseeable future – possibly forever - businesses have had to adapt accordingly or risk losing ground on competitors. For many, this has meant implementing more appropriate business and security models that empower employees to work efficiently from everywhere while keeping sensitive data secure, wherever it goes. The process doesn’t need to be painful if done appropriately and those who have achieved it are more quickly reaping the benefits of a more flexible, secure and productive working environment.
What's the number one solution requirement you are seeing currently from your customers?
The continued migration to the cloud, the rapid rollout of BYOD initiatives and the unprecedented rise of the remote workforce has accelerated the adoption of Secure Access Service Edge (SASE) and Zero Trust Digital Transformation Initiatives. For most companies, the conventional perimeter their security teams once managed has now been gone for 18 months - and there won’t be any going back. By uniting SASE and Zero Trust, organisations can establish and maintain an environment that reliably enforces security procedures for any interaction - on or off premises - through one unified platform.
What cyber security technology has impressed you this year?
In its latest “Hype Cycle for Network Security, 2021” Gartner introduced Security Service Edge (SSE). Security Service Edge is an integrated, cloud-centric offering that facilitates safe access to websites, SaaS, and private applications. It will typically also combine access control, threat protection, data security, security monitoring, and acceptable use control.
This has raised questions around the difference between Security Service Edge (SSE) and Secure Access Service Edge (SASE). The answer is they’re not mutually exclusive.
Often SSE is the adopted approach by the security team while SD-WAN services are separately adopted by the infrastructure team. But they can work together to complete the SASE journey.
Single vendor security infrastructure or diversified tech stack?
The extent of the sophisticated intrusion which led to the now-infamous SolarWinds breach was breathtaking. The hackers leveraged SolarWinds’ commercial software to infiltrate major firms and top government agencies, exposing sensitive data. Cybercriminals were able to jump from a single compromised laptop to the company’s Active Directory to the Azure Active Directory and Office 365 for complete control. Since then, the big cybersecurity question has been whether the attack set a precedent for hackers to target companies that rely heavily on a single vendor security infrastructure, such as Microsoft.
Having everything via one vendor has been favoured due to lower complexity. But the clear lesson from the recent attacks shows that relying on a single vendor for both infrastructure and security lays down the equivalent of a red carpet for a hacker.
Diversifying your tech stack and deploying SASE and the safeguards it offers, lets you chart the best course - enabling security teams to develop a more resilient IT infrastructure, that can shore up business stability and minimise the spread of any cyber attack.
What trends have you seen in the industry this year?
Security landscapes are ever-changing, and companies need to stay on top of the latest trends. Cloud-based data access and protection should remain a number one priority for every company around the world. But with a new hybrid workforce, how has it changed?
Particularly with new hybrid working models, IT and security leaders need to understand new and evolving security challenges. For example, traditional security solutions built for well-defined enterprise perimeters are not capable of securing hybrid workforces - because today there are no perimeters! The shift away from traditional perimeter-based security and tools will alleviate the shortcomings of VPNs while enabling mobility and access to cloud services.
What sectors are seeing the greatest threats this year?
Healthcare is one of the fastest-growing sectors for cybercrime, something which the COVID-19 pandemic has only exacerbated. This is because hospitals and healthcare facilities have a wealth of sensitive data stored on their networks that need to be accessible around-the-clock, to maintain a high quality of patient care. Put simply, they can’t afford to be locked out of their data. When combined with the chaos and resource strain caused by the pandemic, it has made them the perfect victims for cybercriminals looking to make profits - despite how despicable and unscrupulous it may seem to the rest of us.
While it can be difficult to put exact numbers on individual attacks, a recent report estimates that the total cost of healthcare breaches has risen by almost 200 percent over the last three years, from around £3.4 billion in 2018 to more than £9.5 billion in 2020. Additionally, the cost per breached record has grown from roughly £295 to over £360. When you consider that a typical breach involves hundreds of thousands of records, the cost of an attack can quickly reach astronomical levels.