Manikandan Thangaraj - vice president - ManageEngine - Cloud-based malware - Techxmedia

Cloud-based malware: A new threat for businesses?

Tech Leaders

Manikandan Thangaraj, Vice President at ManageEngine, was interviewed by Rabab Zehra, Executive Editor at TECHx, about emerging cybersecurity threats, cloud-based security, and other areas. Look at what the expert has to say about it.

TECHx: What is the cybersecurity landscape like in the Middle East and Africa region in 2022?

Manikandan: The Middle East is expected to witness advanced forms of cyberattacks this year motivated by geopolitical issues. Advanced persistent threats will become more prolific and will target critical infrastructure like shipping, communications, and power. With more digital transformation happening in manufacturing, we’ll see growth in attack surfaces. With these developments, it’s easy to see why cybersecurity expenditure is expected to reach USD 2.8 billion in 2022.

This expenditure will primarily focus on securing cloud environments as a result of the Middle East and North Africa prioritising public cloud growth to stimulate a data-fueled economy instead of the oil-fueled one in place previously. Experts also say that technologies such as endpoint protection, secure web gateways, and web application firewalls will witness short-term demand until at least 2022.

TECHx: What kinds of threats are organisations today facing as a result of their adoption of cloud solutions in a hybrid work environment?

Manikandan: Cloud-based malware is an emerging problem for organisations that adopted a hybrid work model. In the second quarter of 2021 cloud storage apps accounted for more than 66% of cloud malware delivery. Hybrid employees pose a unique threat: Since their devices connect to different networks, they may bring malware from outside and infect the organisation’s network. Employees look for simple and quick ways of doing things. This means they store company information in personal clouds and unsanctioned storage devices, and transfer data over insecure wireless networks. The hybrid work model also introduces more attack vectors—VPN and RDP sessions—through which adversaries can hijack the network. The old email phishing route for initial access will take a backseat as more attackers leverage VPN connections to gain entry into the network.  

TECHx: The last two years have undoubtedly changed work environments; do you believe IT has to redefine its role? If so, how so?

Manikandan: Yes. With the emergence of new threats and even advanced variants of existing threats, IT teams needs to scale up their monitoring activities and invest in advanced security solutions. IT teams need to priortise their cybersecurity budgets. This includes determining the economic impact that a cyberattack can have on the company and allocating an appropriate budget to mitigate this impact.

It’s time for companies to do away with the castle-and-moat approach that only secures the perimeter of the network. Organisations have to start implementing Zero Trust models and network segmentation to defend themselves better.

The whole approach to security changes with hybrid work and BYOD models. This means existing security policies have to be evaluated and configured so they’re doing what they’re meant to do.

TECHx: Given the rise in security risks, why should organizations choose Cloud Access Security Broker (CASB) to protect their data and networks?

Manikandan: A CASB offers some key features that are crucial to current organisational security requirements. Since data is no longer stored just on-premises, CASBs can be used to monitor data being uploaded to personal clouds so organisations are aware of users breaching data policies. A CASB is an effective guard that ascertains the identity of a user attempting to access data in the cloud, and can enforce policies for accessing and authorising data. CASBs are effective at monitoring shadow IT applications and deciding whether to sanction them or outright ban them. CASBs can also perform deep packet inspections so that files being transferred across both HTTP and HTTPS connections can be inspected while being sent across the network.

TECHx: Can you tell us more about ManageEngine’s 20th anniversary campaign, “celebrating the pillars of support – customers”?

Manikandan:  What started off as an idea 20 years ago to simplify IT management with innovative and easy-to-use alternatives to complex and expensive solutions is now a well-established brand trusted by over 280,000 global organisations. We owe this milestone to our pillars of support: our customers. We’re humbled by their continued support and reaffirm our commitment by investing in technology and R&D, and by offering dedicated support throughout their IT journies. This campaign is intended to take a moment and look back at our journey and thank not only our customers but also our partners and colleagues who made it memorable.


Leave a Reply

Your email address will not be published. Required fields are marked *