Interview: Adam Gordon, Varonis

In our annual Leaders in Technology series, we ask the experts what the year ahead holds. Today we talk cybersecurity with Varonis’s Adam Gordon.

How have Australian workplaces coped with COVID? Will things go back to normal?

The recent pandemic has forced companies to transition their staff to work from home, resulting in an unprecedented increase in VPN services to secure home internet connections. There has also been a huge surge in the use of cloud services such as Microsoft Office 365 and Microsoft Teams.

Maintaining business continuity became the number-one priority for IT departments. Unfortunately, this resulted in security taking a back seat, giving attackers an opportunity to take advantage of security gaps in systems.

Employees will likely be returning to their offices in 2021; however, for many organisations, remote working will continue at well above pre-pandemic levels. So we don’t expect a significant decrease in the risks associated with remote work environments.

What more can governments do to counter cyber attacks?

The Australian Government is taking the increase in cyber attacks very seriously, as evidenced by the release of the latest National Cyber Security Strategy in early August. It has committed to investing $1.67 billion over the next 10 years, which is another step in the right direction.

We’re also seeing increased privacy regulation, which is driving customers to focus on securing their data. In Australia, a key contributor is APRA’s CPS 234, which is a step towards an Australian version of GDPR. CPS 234 aims to ensure that APRA-regulated entities take measures to be resilient against cyber attacks by maintaining an information security capability commensurate with vulnerabilities and threats, putting the responsibility back on the company board.

How will IT improve operational efficiency in 2021, and who should lead the charge?

Cybersecurity is no longer the responsibility of the CISO or Security Manager alone: it’s crucial that boards take responsibility for reducing cyber risks.

Every organisation needs a clear strategy, set by the CEO, limiting employee access to sensitive data to minimise risk. A clear cybersecurity strategy increases the efficiency with which an organisation can deal with a cyber attack, ensuring it can block threat actors before they have a chance to cause serious damage. In successfully countering attacks, organisations are saving themselves precious time, resources and, of course, their reputation.

A prerequisite for limiting data access is visibility: seeing who has access to what data and under what circumstances. A Varonis Data Risk Assessment provides this visibility, along with a custom security assessment based on an organisation’s needs, regulations and configurations. With this insight, companies can move forward with a plan to identify, secure and restrict access to their most sensitive data.

Which new technologies will reach critical mass in 2021?

I don’t believe there is one cybersecurity technology that will dominate. Cybersecurity is a holistic approach that embraces multiple technologies that work together to limit risk across the organisation.

That said, any technology that secures remote access will continue to be in high demand as organisations mitigate the risks of remote working. In 2021, organisations will need to review how these systems could be increasing the risk of data breaches by exposing their data to new threats, such as attacks on employees’ Wi-Fi networks.

Also, expect to see increased uptake of technologies that support data classification. It’s a mammoth task for a CISO in a large organisation to implement cast-iron security for every file. Data classification identifies the most sensitive data, enabling companies to prioritise them for protection.

Adam Gordon has more than 20 years’ IT experience in Australia and New Zealand working for global IT leaders such as Dell EMC, McAfee and Palo Alto Networks. Adam took on the role of Country Manager ANZ for Varonis in May 2020 to deliver data security and analytics solutions to sectors including financial services, health care, manufacturing, education and government.