Are Sri Lanka and the SAARC region capable of tackling any cyber threat?

~ In conversation with Sunil Sharma, Managing Director – Sales (India & SAARC) of Sophos Technologies Pvt. Ltd. Q: Sophos is one of the key leaders in the cyber security space. Can you briefly describe what the company is about? A: Sophos Technologies was established in 1985 in the UK. For the last 32 years, the company has been built on pure technical solidity. We started to acquire companies since the early 2000s in order to complete the product portfolio. Globally Sophos is one of the oldest in the security space. We also see continued YOY growth, which solidifies our business. At present, Sophos has primary research and development centers in 5 locations globally, and India is one of them. With 22% – 25% of our workforce based out of India, we have great focus on India and the SAARC region as part of our long term vision and plan. The business model of Sophos constitutes of 16 branches in India, Regional Heads for the rest of the countries, and a model based purely on distributors in smaller markets such as Nepal and Bhutan. Sophos is handled by Avian Technologies in Sri Lanka and the Maldives, a relationship counting almost a decade. Q: How important is the partner eco system for Sophos? A: Sophos worldwide does 100% business through channels only. One of our mission statements is a Channel-first commitment. Therefore the only eco system that mattes to us is the channel eco system. Q: When Sophos was looking at the Sri Lankan market, what made you choose Avian Technologies as a partner? A: For us loyalty with partners is paramount. At Sophos we believe that a partnership is a give and take relationship. This is what has prompted us to work with Avian, as they have been in the industry for a considerable time, and have repeatedly proven their capability in building our business. Q: With the increasing cyber threats at present, what would Sophos perceive as the greatest challenge in cyber security? A: I would not prefer to name one definite threat as ‘the greatest challenge’. For me, the only thing companies such as Sophos need to do is think and work faster than the cyber criminals. In considering cyber threats, there are three different kinds;

1. Global cyber warfare
2. State sponsored hacking
3. Attacks to the corporate business; Ransomware, Malware, Advance Persistence Threats (APTs)

In view of these, Sophos is very much prepared. We advocate a system which is called ‘synchronized security’; it’s a very coordinated defense mechanism, which looks into both the end point as well as the network security. Cyber threat can enter at any point. A network security firewall alone will not make one safe. At one point cyber security concentrated only on IPS or Network security firewall email gateway or web security gateway, but we have evolved beyond that. A complete security system should cover all potential threat points, and each point should be linked with one another. In this way, even the minutest breach will indicate that something has been compromised and the complete defense mechanism kicks off. We have proactive systems put in place by which the affected system is being quarantined, treated and put back as a clean system. It is with this simple philosophy that Sophos works worldwide. Sophos also has Cloud based solutions. This is a cost effective system where our clients have access to Sophos Central, a management console on the cloud, which gives access to a dashboard to CIO s and IT Managers. Our MSP – Managed Security Provider – caters to SME customers who are cost conscious and work with limited resources. This flexible option has been launched in India and we are looking at expanding the concept in the rest of the region. The MSP is integrated with Sophos Central and is compatible with local network software. Network security is a 24×7 process. We process about 400,000 malware daily at our Sophos threat lab. We upgrade our products at an on-going basis. This involves a huge back-end operation; research and development in addition to maintenance to ensure that our customers are protected. I regularly come across the question, “Does this mean the customer does not get attacked?” Customers are bound to be attacked. Will it increase? Yes. The solution to it is a vendor who takes care of you by deploying the right solution and a coordinated defense mechanism. The other main aspect which Sophos is involved in is Education. Phishing attacks are very common, but in spite of knowing an email could be a phishing email, people still click it. Our product called Phish Threat, which has been selling like hot cakes in India, is a product for the internal system to educate users about Phishing. The product can also simulate attacks. As part of social responsibility, Sophos has also initiated Sophos Home, which is provided free of cost. It’s a commercial grade phenomenal product, an anti-virus which has the latest capabilities, which can be downloaded free to your device. Q: What is your opinion on the cyber security landscape in Sri Lanka and the region? A: My personal opinion is that Sri Lanka has great potential. It is on par with India, with only the size and volume making the difference. People are equally internet savvy and the threats we face are the same. Along with Avian Technologies, Sophos continues to achieve milestones every year and yet it is a matter of ‘miles to go before we sleep’. South Asia is a developing economy resulting in differences in terms of use of technology and purchasing habits in comparison to the West. Worldwide, I see huge potential in cyber security. The cyber security market is 39 billion USD worldwide. By 2020 with the expected growth it will grow to 48 billion USD. Therefore as a company we have a lot of work to be done, whether in terms of creating awareness with our customers and resellers, or in giving a complete end-to-end solution to our customers so that they can be protected and at the same time reducing the complexity in solutions and providing simplicity. This is a job for the entire security industry. Q: What does the Sri Lankan market mean to Sophos? A: We consider Sri Lanka as a very important market and that is why we invested here 8 years back in the form of a distributor. We foresaw that Sri Lanka was going to develop and has huge potential and scope. We have invested to the length of having our own resource in addition to the distributor, so that our customer has direct access when they face issues. Along with Avian Technologies we are able to provide pre-sales support for resellers as well as post –sales support proactively. Sophos has separate training programmes for partners on both pre and post sales. There is online and on-site training as well, which happen every quarter. Sophos is a product which has a lot of involvement and that is what makes it very strong. Photo caption: (From left) Ranil Francisco, Director – Avian Technologies (Pvt.) Ltd., Sunil Sharma, Managing Director – Sales (India & SAARC) of Sophos Technologies Pvt. Ltd. and Buddhika Liyanage, Director – Avian Technologies (Pvt.) Ltd.