With companies adopting a lot of SaaS technologies, downloading apps, and software, they are becoming aware of the privacy implications of all of the technologies they’re using. In 2022, companies will be making decisions about which products they use based on whether or not the data compliance is sufficient for their customers shares James Forbes-May, VP Sales APAC, Barracuda Networks in an exclusive interview to CRN India
What are some of the key measures adopted by Barracuda to help companies secure business amid remote working?
Businesses have accelerated digital transformation and cloud adoption amid the pandemic, which has provided increased attack surfaces for attacks with the disappearance of traditional corporate perimeter. As there are increasing security concerns, Barracuda has been committed to safeguarding businesses and customers during the pandemic.
We continue to deliver innovative security products that are easy to buy, deploy and use. For instance, with the acquisition of Fyde, we added a Zero Trust solution in our product profile to secure applications and provide distributed businesses a new way to modernize remote access, enforce global security and access policies without compromising productivity. As the workforce becomes increasingly dispersed and cloud-based apps adoption like Microsoft Teams is increasing, protecting Microsoft Office 365 data requires a modern cloud-native approach. We rearchitected Barracuda Cloud-to-Cloud Backup to deliver fast and resilient backup platform to Office 365 data.
As a partner-dedicated company, we at Barracuda are committed to helping our partners to find new business, address customers’ needs and succeed together. Education is critical across our Premier and Preferred Partners as we rolled out Barracuda Academy, which is designed to give our partners the right tools, training, and resources to successfully sell Barracuda solutions. Our self-paced Barracuda Campus and monthly webinar are also available for customers and partners to help brush up on skills, keep up on the current threat landscape and learn new security products. With the right education, Partners and Customers can make the right decisions on selecting products that are going to solve the day-to-day security concerns of any business small or large.
According to you, what are the vulnerabilities that you came across in 2021?
As the world is thrown into a remote workforce, we continue to see a proliferation of distributed denial of service (DDOS) attacks, ransomware, business email compromise, and malware-based attacks. These attacks exploited a series of events that have changed the attack surface. While email is still the number one threat vector, we saw attackers launch phishing campaigns using current events, such as COVID-19 vaccination as a hook to steal money and personal information. Our researchers observed that the number of vaccine-related spear-phishing attacks increased by 12% between October 2020 and January 2021.
Clearly, ransomware attacks surged in 2021. Our researchers saw a 64% increase in ransomware attacks year over year. Cybercriminals were still heavily targeting critical infrastructures such as healthcare, and education, but attacks on other businesses were also surging. Many of these attacks were led by a handful of high-profile ransomware gangs such as REvil and DarkSide. At the same time, cybercriminals were searching for application vulnerabilities with automated attacks. Fuzzing attacks, injection attacks, fake bots, application DDoS and blocked bots were the top five attacks performed using automated tools. Into 2022, ransomware will continue to evolve and dominate the news because that’s the most lucrative way for the bad guys to make money right now. Businesses should remain vigilant to secure their email and prevent credential loss, protect their applications and access and back up critical data assets.
There has been a lot of development in terms of security solutions this year, do you feel there were any shortcomings in the process? How are you planning to unearth those?
Technology and security solutions, in general, are constantly evolving and adapting to the market. There is never going to be a single solution that does everything for everyone. Building security solutions that have focus and solve real-world problems is key, these must be able to integrate with other services via API and provide real value and time savings when it comes to overall management. This is a philosophy we have at Barracuda allowing for centralized management across a suite of security solutions giving customers quick ROI in terms of deployment, ongoing management time savings, and the overall efficacy of security. The challenge will be integrating with third-party vendor solutions that make up all enterprise environments and finding a common means in which to communicate be it log collection, threat intelligence, security event correlation, API calls, and most important remediation across platforms. Last year Barracuda entered this space with the acquisition of SKOUT which provides a Cyber-as-a-Service including a fully managed XDR solution for MSPs to ensure our partners can support their customer complex environment and manage all of their security solutions.
What are the new trends and skills that you expect from your partners to develop in 2022?
We are still seeing huge growth in the terms of Microsoft 365 adoption, migrations of workloads into public cloud, and the dissolving of the traditional network perimeter to a flexible SASE model. We have seen our partners assist their customers’ digital transformations over the last few years and adapt their own business practices and skillsets to suit their customer’s needs. While companies are leveraging SaaS solutions like OneDrive, SharePoint, and Teams, they need to ensure they have tools to secure the data and meet compliance requirements. Protecting customer’s digital assets and data stored within web applications should remain a focus for our partners. We believe there is good opportunity and consultancy services around web application security allowing partners to strengthen their relationship with their customers and become trusted security advisors for the years to come.
What are your key priorities this year?
Delivering innovative security products that are easy to buy, deploy and use is one of our core values. We will continue to expand our portfolio of cloud-enabled security solutions and enhance them with new features and functionality leveraging more machine learning and AI technology to drive efficacy across products whilst ensuring ease of use for customers and partners.
Furthermore, our relationship with Microsoft from a global perspective has never been stronger. As we are seeing companies are migrating faster to Office 365 and new applications are delivered as SaaS, we will continue to invest in the India market releasing SaaS solutions driven by public cloud locally within the region allowing for faster performance, the resiliency of services, reducing latency and ensuring that customers data resides in the country.
Which sector is poised to face greater security threats in the forthcoming year? Do you have any plans/solutions to help them secure their data?
In 2022, critical infrastructure will continue to face significant security challenges. This also includes everything from energy and financial services to education and healthcare. All customers need to remain vigilant in terms of protecting themselves from security threats. At the same time, email has always been a number one threat vector for attackers to exploit, and now with remote working being the new norm for businesses, companies will need to leverage advanced AI and API-driven technologies to ensure their employees remain protected on and off-network. Remote working now brings new challenges for secured remote access and personal device conformance with zero trust solutions replacing traditional VPN clients to the site.
At Barracuda we are well poised to help customers protect their Email, Networks, Applications, and their Data wherever it may reside which offerings and experience in all sectors.
What do you think will be the most important factor(s) driving security decisions in 2022?
With security is now being prioritised, organisations will have to focus on their reporting structure such as if there is a CISO involved. However, skill shortage will turn security challenges into a tough situation. Small and mid-sized companies were already short-staffed and having trouble hiring the staff they need to protect themselves from security risks. The “Great Resignation” will make those challenges even more acute. As a result, in 2022 businesses will rely more on their vendors to provide not only automated tools but also services, like XDR and MDR.
In addition, privacy requirements will drive security decisions in 2022. Almost 75% of countries have some type of privacy regulation now, so all businesses will need to protect and enrich any data they collect from customers in a way that respects the privacy requirement. These conversations about privacy policy also come up in the context of digital transformation. Companies are adopting a lot of SaaS technologies, downloading apps, and software, but as a business have to be aware of the privacy implications of all of the technologies they’re using. In 2022, companies will be making decisions about which products they use based on whether or not the data compliance is sufficient for their customers.