Despite warnings against fake emails being perpetrated through social engineering techniques, employees around the world continue to be fooled by these scams. Why do these things persist in the workplace?
According to cloud-based security firm Qualys, it is nearly impossible to stop the human component – that is, employees committing the same mistake over and over again.
“You cannot solve the human problem because even if you train the employees in cyber exercise to not click on a link that they don’t recognize, they would still do it if they get an email from a [fake] boss with a link. There is nothing that can train you not to do that,” Debashish “DJ” Jyotiprakash, vice president for Asia at Qualys, said in an interview.
Technology, however, can mitigate the effects of human frailty even if technology was used to commit the scam in the first place. This is where companies like Qualys, with its sophisticated methods in addressing such kind of breaches, can come in, said Jyotiprakash.
“It’s really easy for us to see what is happening when end-users have been compromised. They usually end up downloading a malware or something that looks like a software update. These malware seeks the weakness of system to exploit the machine or the network,” Jyotiprakash said.
As one of the pioneers in the cloud, California-based Qualys started delivering security-as-a-service (SaaS) in 1999.
“With Qualys, we have an integrated platform where we find the fix to a certain problem. Because the platform is SaaS, you don’t even have to buy a server since you can just buy a subscription to get started,” the executive said.
“We were never an enterprise software that migrated to cloud. We were always on the cloud, so scale came naturally to us,” he pointed out.
As a company born and bred in the cloud, Jyotiprakash said Qualys has a purpose-built sensor for every kind of device, including the ubiquitous mobile phones running on Android or iOS.
“The biggest edge that we have over any other security services provider or security software company is the fact that the phone is our platform. Our differentiator is that all functionality and features that we bring are all in one single platform,” he said.
“But, we have sensors purpose-built for IoT (Internet-of-Things). If you have a wireless coffee machine, we have a sensor for that. We have sensors for all kinds of technology,” he added.
Now that IoT has become widespread, Jyotiprakash said every new technology has been transformed as an attack surface. He said it’s important for companies to recognize vulnerabilities before the hackers discover them.
“What can potentially happen if you don’t fix it? You have all this information and you just need to act with the response framework right into the platform,” he said, adding that SMEs that are moving to the cloud cannot do the same mistakes that they did when they were on-premise.
Jyotiprakash stressed that Qualys has embedded security in the fabric of the cloud, making its solutions efficient, scalable, and efficient. “It’s far easier and faster to deploy security when you’re in the cloud,” he said. “For people moving to the cloud, Qualys is the simplest and the fastest way to deploy security.”
So far, Jyotiprakash said Qualys has trained and certified 200,000 people across Asia on the Qualys platform in the last 10 years. Thus, it’s not difficult to look for talent who are proficient on the Qualys platform, he said.
“We do not charge them for training or tech support. We help them save a lot of money for training and certifications. We’re helping our customers by not asking them to pay for training on our own product that we make,” he said.
Unlike other security cloud providers, Jyotiprakash said Qualys owns its data centers. “We manage our own intellectual properties as they are hosted and managed by Qualys. The good thing is that as we grew, we also started bringing in regional data centers,” he said.
He said the company currently operates data centers in Canada, Middle East, India, Australia, Europe, and the US where one of its facilities is dedicated solely for the federal government.
In the Philippines, Jyotiprakash said Qualys has around 150 customers – which include BPOs and some of the biggest casino operators in the country — who can directly approach the company’s local office for their needs and not through channels or partners.
“We don’t like to recommend going to a channel unless they are really asking us for recommendation. This because the channels continue to be in different levels of maturity themselves,” he said.