They’ve got their head in the Clouds!

By Aiden Jewelle Gonzales

“Cybersecurity is a world mega-trend,” Dr. Varin Khera, the Chief Strategy Officer (CSO) of Cloudsec Asia tells me when I meet him at their relaxed, light-flooded office that seems so quintessential to tech companies – replete with pool table, mini-bar and a smorgasbord of snacks ready for the taking. “While a trend is something that will be with you for a while, a mega-trend is something that will reside with you forever. It’s like a hockey stick – we’re just at the beginning of the uptrend, but it’ll keep going up. At this rate, I’ll have more work than I’ll know what to do with!” he tells me with a laugh. “It’s only going to get more advanced, and it won’t go away. It’s like travel insurance. You don’t think you’re at risk, until something happens and you have to use it.”

Leading Cloudsec Asia with the CEO, Chris Puranasamriddhi, Dr. Varin founded the company as a part-time job nine years ago, before taking it up full time in 2019. “I was working with Nokia and heading their cybersecurity there, and that gave me the opportunity to travel round the world and get exposure to technology that you wouldn’t have access to if you didn’t have the corporate branding to back you up,” Dr. Varin recalls. “Back then, I was basically the lead architect – I’d look at all the tech around the world and figure out what could be commercialised. I started Cloudsec, which stands for Cloud Security, after I went to work in Silicon Valley at a pilot project that was dealing with nano-satellites. While there, I realised that the trend in technology was moving to the Cloud, as the only way you could orchestrate such a thing was to have Cloud-based architecture. I knew the Cloud trend would have to explode one day, and that people would need data on demand, that is, with infrastructure that is dynamic, that you can scale up or down. Since then, Cloudsec was born.”

A leading provider of information security services, solutions, and technology, Cloudsec Asia consistently ranks as one of Thailand’s top leading cybersecurity solution providers specialising in Cloud and innovative security solutions, and has successfully delivered projects to customers across key industries, including financial services, the telecommunication industry, and the government sector. Both Dr. Varin and Chris spoke more to Masala about what exactly cybersecurity is, its importance in the lives of both individuals and corporations, and what we can do to protect ourselves further.

What drew you both to the field of cybersecurity, what do you love best about this industry, and what are your respective roles?

Chris: I’m a senior executive that provides funding for leading retail business, and I deal in marketing and capital management. While I’ve always had interest in, and fondness for, technology, until I got to know Dr. Varin, whom I consider the world’s leading expert in cybersecurity, I never realised that cybersecurity is comparable to a security company in the digital world.

Today, if you want to steal crucial corporate information, no one will walk up to you with guns to rob you of that information anymore, because only a computer or smartphone can steal important information. Most importantly, it is impossible to verify who is carrying these devices maliciously into the organisation.

The emerging picture shows that cybersecurity is essential for every organisation in today’s digital age, and it will only become more critical. Even looking at my family, I can see that they all use online platform services – social media, online shopping, etc. This means that the threat can reach our family and us without breaking into the house, and it can happen at any time, but we don’t know when. Therefore, we must prevent these dangers from entering our homes as family leaders.

Varin: I’ve been interested in Cybersecurity since 1990 while studying in Australia. I don’t stop learning about it. I’m very technical; I write, I read, I’m always at the forefront of cybersecurity, and I’m always publishing. I decided to move to Cloudsec Asia full time because the Cloud is now starting to take off in Asia. If you look at companies like Google and AWS, their biggest business is Cloud technology. For a while, people were investing in data centres, but those will only scale so much. With the Cloud, it’s very on-demand. In 2019, when I was convinced to do this full time, what I was really lacking was the business aspect, and so I brought Chris in. I’m very technical, I focus on R&D, and I was always missing the key component of getting the word out to top management. Chris came in and said, why don’t we make this a full-time thing? The rest is history.

I call myself the CSO – the Chief Strategy Officer, and that’s because I feel the CTO deals with existing technology. What I do, is I’m the technical strategy for the company. My job is to collaborate with new technology, some could even be moonshot projects, and bring this into reality. My role is to feed new technology to the team, and tell them, hey, you need to take this in to be cutting edge, to be ahead of the market.

In layman’s terms, what exactly is cybersecurity? Most people think it just involves not getting your credit cards hacked when online shopping but it involves so many other elements. Can you elaborate?

Varin: Cybersecurity encompasses three areas. Firstly, people: how they handle and access their data. Secondly, process: the standards your organisation has to access certain data. Finally, technology: the investment in cybersecurity.

Nowadays, many senior executives and business owners still overlook the importance of their information. Someone even once told me, “Our business has nothing to hack!” Therefore, we assess the impact on asset risk and how it affects their business, because it is all about assets and their image, and the organisation not having credibility towards their core customer group will lead to distrust of their services. So, we ask them to look at cybersecurity as the new world. And the question is, what is gold in the new world? Data indeed, that’s why Google, YouTube, etc. make billions. If your data is gold, and someone hacks your data and has access to it, what does it mean?

When it comes to cybersecurity, what are some common concepts and terms that people should have a basic understanding of?

In general cyber-awareness is important. These days if you work for a large corporation, it is now mandatory to attend cyber-awareness sessions where you can learn the common trends of what can attack you, etc. But this is important for individuals as well. Things that you need to know about include:

Phishing: It’s when someone tries to trick you and access your data by sending an email or calling you, but it’s come so far. Five years back, they’d send an email saying that you won the lottery. But today it’s all very targeted. For example, if they wanted to attack me, they’d read my profile and pretend that they’re very close to me or someone who wants to understand what I do, and ask for my information that way. Targeted phishing, in particular, is one concept that people need to understand.

Another is ransomware. It’s basically where you get threatened for ransom – what viruses do is they infect your computer and make your computers inaccessible. Today, they’ll threaten you with ransom using cryptocurrency, so you pay with crypto and you get a key to unlock your phones or your laptops. This is very common. For example, you’ll have heard on the news about Colonial Pipeline, where the whole gas pipe was hacked and the price of petrol went up because the delivery pipeline was threatened for ransom.

Risk management is also very important. You need to know yourself and your assets. If you do get attacked, what’s the risk impact of that?

The last one is what’s called password-less technology. Everyone uses passwords, and they’re usually the problem – most people get hacked through their passwords. We need to move into a world where passwords become redundant – that is, using two-factor authentication or biometrics. People need to invest in that.

What cyber security solutions does Cloudsec Asia provide, and what makes it unique?

These days, most organisations have begun to migrate their data to the Cloud, and what follows is the Cloud security system – enter Cloudsec Asia. The solutions we provide can be divided into three main parts:

Cloud Security Solutions: As you journey towards the Cloud, and every organisation is doing that because they need on-demand infrastructure, security becomes a totally different dynamic. We look after that journey for you. That means focusing on what we call Cloud Security Posture Management. We look at terms like posture, Cloud compliance, and risks associated with the Cloud.

MDR Manage Detect and Respond: It’s essential in assisting the company with incident visibility and response. We’re basically like a security guard who looks after your condo or your house. The guard runs after the thief, takes them away, etc. We do that for technology. Instead of companies having to spend money on cybersecurity, they don’t need to do that anymore, as we do that for them.

Cyber Security Services: We do things like Penetration Tests, where we test your application and mimic what hackers can do, and then corporations can plug those gaps. We also offer services like Vulnerability Assessment; Governance, where we help corporations get into cybersecurity; and Risk Management and Compliance.

What makes us unique is that we are the only company that brings together all three dimensions of cybersecurity, from end to end, rather than just one function, and everything can be customised according to customers’ needs, making the service very versatile. We have clients in all industries, from finance, insurance, and real estate, to SMEs, and small businesses. We’ve also positioned ourselves as a Cloud security company nine years back, before anyone else did, so it’s clear that we’re a forward-thinking company. We’re an organisation that’s always willing to learn, and we are one of the first, if not the first, that has coined the term ‘Cloud security’ and is taking the term seriously. Our solution encompasses the whole Cloud security sphere.

What are the risks for us as individuals that we should protect ourselves, and how can we protect ourselves?

1. Passwords: If you can, move away from passwords, if you can’t, you really need to check the strength of your password. A lot of the time, there are tools that automatically guess it.

2. Look out for data breaches. You can go to websites that can check if your password has been leaked. If it has been leaked, change that password.

3. Beware of phishing. The likelihood of you getting a real lottery ticket is very low. Make sure to verify when someone calls to ask you for information, as targeted phishing is become the trend more and more.

4. Your phone knows everything about you. When you go to websites, be very careful what you download. If possible, have extra security on these devices – don’t just trust that because you’re using a particular phone you’re more secure. In reality, your phone doesn’t listen to you, because it doesn’t need to. Now we have algorithms that are so precise that through your behaviour online, they can get data points on anybody.

5. Read up on cybersecurity and its trends, and understand what’s happening in cybersecurity because it’s very close to you.

What about the risks or cybersecurity trends for businesses, especially with technological developments in recent years? How can they protect themselves?

Varin: I coined these cybersecurity trends that organisations need to be aware of:

1. Password-less authentication. I encourage them to move to two-factor authentication and move to biometrics if possible. You need to embrace this mindset, because in a lot of work that we do, most of the time the password is the entry point.

2. Ransomware – 2021 was the year where we had one of the highest instances of ransomware, with an increase of 148 percent from 2020. The trend is just going to amplify. Some of these attacks today are so smart. In cyber espionage, we now have zero-click attacks – they’ll send you an SMS and the minute the SMS registers on your phone, you’re now under attack. You don’t even have to click on it.

3. Phishing attacks will amplify.

4. IOT – the internet of things. You’re gonna see the rollout of 5G will result in more IoT, your fridge will come online, your microwave, your lights, your cars, etc. You’ll have to ask, what happens when someone hacks into that?

5. Cyber warfare will increase – countries will be stealing information from each other. Why fight when you can cyberwar, and this has happened before. In the past, someone already wrote malware that targeted the Iran nuclear facility, and things like this will keep happening.

6. Increasing risks with mobile devices – you’ll see more malware attacks targeting phones.

7. Risks with supply chains – I have worked with companies that are pretty much secure, but they work with companies that aren’t secure, and they’ll inherit the risk.

8. There will be a shift towards corporate cybersecurity governance, and more organisations wiling to adopt cybersecurity policies.

In recent years we’ve heard of a lot of data leaks that have hit the news, especially from spyware companies like Pegasus. Can you weigh in on this, and the ways that we can make ourselves feel more secure?

From people’s perspectives, there’s nothing much you can really do. Aside from the steps I mentioned above, when you go to public places, be very careful of free WiFi, as you don’t know who’s tapping the infrastructure. I don’t use open WiFi at all, I use my own data and I tether to the phone connection. When you go places that have free charging, a lot of the time there are tools that you can fake it, and once you charge, it will install tools in your laptop and phone. We call these USB ninjas. Update your phone or laptop – a lot of the time when hackers attack you, they reverse-engineer exploits. They’ll develop malware exploits that they use to attack, all you have to do is update and that will keep you from these common attacks. Overall, however, just apply a common sense approach.

How do you cope with the ever- changing technological landscape?

Varin: Firstly, find your passion – if you work for something, it’s just work. If you have a passion, it’s very different. You wake up, and that’s what you consume. You’re always looking for how to change the world in those small ways. People say that you’re born with that passion, and I don’t agree. I believe you go through life and you discover what it is for you.

Secondly, read a lot. Yes, I do wish you can go back to days where we didn’t have the internet, but the world is going to keep moving forward, so you need to make sure you don’t fall behind. I read a lot, I write a lot, and if you Google my name, you’ll see that I publish here and there all the time, just for fun, just for sharing what I do. At the end of the day, everyone can contribute to a field, you just have to find your passion.