Country Manager, CheckPoint, Mr. Rommy Okonkwo, spoke with Emma Okonji on the need for organisations and government agencies to address advanced security threats with advanced security solutions. Excerpts:
As a security company, do you think organisations are interested in investing in security, based on the high cost of available security solutions?
Security is the key to any business, and I think companies are interested in investing in security, not minding the high cost of deploying security solutions. Companies are conscious of the effect of data attacks and they are willing to invest in security, just to save and protect their businesses. So recession or no recession, companies should see security as key to their business growth and invest wisely in security.
Looking at security risks to businesses, what impact can your organisation create, using technology solutions?
We have security solutions that can make great impact in all sectors of businesses, be it in telecommunications, banking, oil and gas, insurance, aviation, real estate, among others. For the telecommunications companies for instance, we provide technology solution to protect their networks. If their base stations are compromised, it means total downtime on their operations, but we have security solutions that telecoms operators can bundle together for their use, and still sell to their clients and make money out of it. So subscribers can buy services and at the same time, buy security solutions from the same telecoms operators to protect their mobile devices. So with this arrangement, telecoms companies could actually be selling security as a service to telecoms subscribers.
For the banks, CheckPoint has security solutions that they could also bundle and sell to their bank customers to protect every financial transaction that they carry out on the bank’s platform.
Security threats enter into organisations in various ways. What is your advice for organisations that want to guide against any form of security threats?
This is where the CheckPoint Mobile Threat Prevention (MTP) comes into play. The idea behind the MTP security is for customers to move with the security solution wherever they go, be it on their mobile devices or desktop devices.
The global trend today is that organisations allow their employees to bring in their devices to the work place and organisations could face serious security risks through this method. So organisations must ensure that the devices of employees are put under checks with security solutions like MTP that prevents organisations from getting infected through employee’s mobile devices. So we strongly advise organisations to get the MTP solution since it has been established that most organisations face security threats through links to employee mobile devices.
So if organisations do not have full control and protection of employee’s devices, and such mobile devices are exposed to malware, then the organisation could be infected with the malware.
At what point could an organisation declare downtime in its operations, based on security threats?
Ransomware attack is a security threat that could be very dangerous and could shutdown the entire operations of an organisation, and when this happens, the organisation is said to have total downtime, which means that the entire operations of the organisation are affected and nothing practically works. It means loss of revenue for the organisation. If such downtime lasts for few hours, it will mean huge loss of revenue. We have seen national attacks on government data and once any government data is compromised, it affects its operations. So the best thing is to prevent the attacks and CheckPoint has advanced security solution to address all of that.
What exactly are the motives of those pushing out malware to organisations?
Malware attacks are launched for different purposes. Some do it in order to demand for ransom, because to them, it is business of making money, while others push out malware as malicious attacks to settle scores.
So our advice is for organisations not to wait until the hackers strike before looking for solutions. They should be proactive and deploy protective solutions before the hackers strike.
The hackers must be technology savvy to be able to create malware and ransomware that are malicious. But some schools of thought are of the view that government should assemble such people, pay them and put them into effective use. What is your take on this?
The idea of assembling them to pay them and put them into more effective use may not be the solution. The reason being that there are available software online with which people create malware, and the software are relatively cheap. So how many people can government assemble and be paying salaries. Organisations and government agencies should learn to be proactive and go a step ahead of the hackers to deploy advanced security solutions that could block all loopholes through which they could gain access into organisation’s data.
In 2015, Nigeria signed the cybercrime bill into law, but some experts have criticised it, arguing that it does not address the real issues of cybercrime, which include pushing out of malware to organisations. What is your take?
At the moment, the law is not addressing key cybersecurity issues, but I believe that in the future, it could address some of these concerns. Before 2015, Nigeria had no cybercrime law and people commit all manners of cybercrime and go scot-free, but now that we have the law, the situation is no longer the same as it used to be in the past where people commit online crime with impunity. Today they are being prosecuted and people are mindful of what they do online.
There are lots financial losses to cyber attacks in the financial sector and they usually conceal it for fear of loosing customers. What is your advice for banks?
Well, there is no where you can find 100 per cent perfect protection from cyber attacks. My advice for the financial institutions is to have security policies that allow them have strong collaborations with security bodies and other financial institutions, where they can share their experiences and learn from one another. CheckPoint has collaboration agreement with over 85 per cent of the money deposit banks and we have fresh plans on how to engage them better to mitigate the attacks because we have the right tools and solutions to address the challenges posed by online hackers.
What is the latest security threat that could cause downtime to organisations and how can you mitigate it?
For me, there are few security threats that are currently trending and ransomware is one of them. It does not target an individual, but the entire network of an organisation, which could be government organisation, and its implication is huge, because the ransom that hackers demand, runs into billions of dollar, which is far above security budget of an organisation for even a period of 10 years. Again, Distributed Denial of Service (DDoS) attack is also trending.
What are the specific solutions to address these latest attacks?
CheckPoint has advanced security solutions that address these attacks and one of them is the CheckPoint Sandblast technology, which is an advance security threat prevention solution that emulates emails as soon as the user clicks to open an email. Once an email is clicked, the solution quickly scan through the email to find out if it is malicious. We also have the extraction solution that extracts the readable content of the email and push it to the user, without the user knowing, and the process does not affect the work of the user. So the technology scans the files and ensure they are free from malicious contents. So what our solution does is to block any malicious attack from the central processing unit (CPU) level without allowing the virus to get access to the entire network.
How affordable are the CheckPoint security solutions, especially to small businesses?
The truth is that when we design technology solution, the idea is to make it available to every organisation, be it small or big organisation. So they actually buy security as a service and consume the specific areas they need, instead of spending so much to buy an entire security package that they may not be able to utilize all its security features because they do not need all them to operate successfully.
Malware attacks are on the increase and it doubled in 2016. Could it be that security experts are not doing enough, or that organisations are not investing enough in security solutions?
You are right in your observation that malware attacks doubled last year, and some organisations are even trying to accuse security solution providers for the increased attacks, just to make more money from themselves, but this is not true. The truth is that organisations must be a step ahead of the hackers who are exploring new ways to launch malicious attacks. Todays’s attacks are so sophisticated that the old firewalls and antivirus can no longer prevent the attacks, once they are launched, because the attacks are highly advanced, and this is the reason we have advanced security solutions that address all of that. Today, we look at security from a virtual perspective.
How secured is the cloud, in respect to virtual technology?
I cannot say how secured the cloud is for other cloud vendors, when it comes to virtual data storage in the cloud because most cloud vendors are not security solution vendors. For CheckPoint, we also play in the cloud space and because we are security solution company, organisations will be rest assured that their data kept in our virtual cloud is safe to a great extent.
Apart from having the CheckPoint Cloud, we also collaborate with global virtual cloud operators like Microsoft, Cisco, VMware among others. What we do with such collaborations, is to provide the CheckPoint advanced security solution on the cloud platform of the organisation.
How do you address the issue of interoperability, during collaboration with other organisations to provide service for the customer?
Our solutions have no issues with interoperability with other networks and that is the reason we can collaborate with Microsoft and Cisco in providing customer service.
CheckPoint recently move its office space to a new location in Lekki. What informed the change in location. Could it be that the business is doing fine in spite of recession ?
Well it is true that the business is making good progress and we needed to expand the business and the business space. We felt the need for a bigger space and we relocated to Lekki in January this year. We have operations in West Africa, East Africa, Southern Africa and the Central Africa, and our businesses in these regions are doing quite well and we see more potential of the business.
