Jaya Baloo is a cybersecurity expert with over two decades of experience. Currently, she is working as the chief information security officer (CISO) at Avast Antivirus. Baloo was named among the top 100 CISOs in 2017 and one of Forbes 100 Women Founders in Europe To Follow in 2018.
Analytics India Magazine caught up with Jaya Baloo to understand the cybersecurity space and more specifically, the role of a CISO in enterprise security.
“We work together with global international Computer Emergency Response Teams and organizations like the Cyber Threat Alliance to collaborate on threat intelligence sharing and improve our ability to take down bad actors. We are now working on an exciting collaboration that I hope to be able to make public in a few weeks, so watch this space,” she said.
AIM: Tell us about your professional journey.
Jaya Baloo: I have been interested in computer science and programming since I was nine. However, since I didn’t know any other girl as interested in technology, let alone actively pursuing it at that time, I studied political science in Boston. My interest in tech surfaced again while I was doing part-time jobs while in college. After working in the computer science lab, I got a job at a Cybersmith, a unique early internet experience shop, showing people how to use virtual reality stations and training them on how the internet worked and what you can do with it.
During that time, a customer from New York noticed my skills and offered me a job at a major bank, Bankers Trust. And rest, as they say, is history. Since then, I have worked in companies like Verizon, France Telecom, KPN and Avast. Over the years, I have had the opportunity to know the ecosystem from the bottom up, especially the field of information security, focusing on secure network architecture.
AIM: What does it take to be a good CISO? Has the pandemic redefined the role?
Jaya Baloo: As a CISO, you have to constantly educate yourself to understand both new threat actors and methods as well as new technologies and opportunities for defence. A good CISO knows that security is a team effort and makes sure they have the right people with the necessary expertise around them so that they can enable them with the right resources and trust that the job gets done. Every good CISO comes equipped with a healthy dose of professional paranoia and is always thinking about how to prevent complacency or a false sense of security.
The pandemic indeed has created new challenges for CISOs as employees now connect to their corporate networks from their homes, and in some firms have to use personal devices for work. Finding solutions to maintain security beyond the traditional castle and moat security architecture still used by many companies has brought on a wave of positive innovation from the pandemic for companies to embrace the cloud, adopt zero-trust networking philosophy and improve data governance.
AIM: How has the cyber world changed since the pandemic?
Jaya Baloo: The world has become ever more digital, and the global pandemic only accelerated this development. Unfortunately, the digital divide, between those that have good security and IT and those that do not, has also increased. Cybercriminals use this to their advantage, spreading scams and phishing attacks to exploit people’s weaknesses and it’s our mission at Avast to provide robust cybersecurity and data privacy.
AIM: What is the most challenging part of your job? How do you tackle it?
Jaya Baloo: The attacker only needs one attack to be successful. A defender needs to make sure every single defensible area has prevention, detection and response capabilities. It’s not a fair fight to start with, and today’s volume and diversity of attacks make the enormity of the job sometimes daunting. My approach to this is to plan with rigour the things I know enough to worry about and for all the known unknowns, I depend on the great team I have around me to be creative, flexible, and available for the next challenge.
AIM: How can companies leverage AI and machine learning in cybersecurity?
Jaya Baloo: Artificial intelligence and machine learning (ML) has the potential to remodel the way that cybercrime is fought completely, thanks to their ability to detect threats in real-time and accurately predict emerging threats as attacks evolve. This helps security researchers in learning from the database of known threats. Malware files classified previously can be used to model attack behaviours for better protection against new threats.
While AI has a major role to play in cybersecurity moving forward, it cannot work independently from cybersecurity professionals. Machines can rapidly classify malware at scale, but humans will beat it in deep malware analysis thanks to our ability to see a wider context. What currently creates the most secure and efficient system is the man-machine collaboration. And this is Avast’s approach to AI integration – one we consider really important as malware variants grow in volume and sophistication. AI can be responsible for bulk detecting and blocking malware, while researchers can allocate more time to the study of more complex and evasive threats which can then be fed into the AI machine.
AIM: What are the biggest trends in enterprise cybersecurity right now?
Jaya Baloo: Even after a full year of pandemic, businesses are facing increased cybersecurity risks, because they moved their workforce from offices to home. Many employees still can’t rely on enterprise-grade security measures at home or VPN server access as their employers didn’t implement additional security measures believing the pandemic would end shortly and everything would eventually return back on track.
We have seen an increase in certain types of attacks. For example, ransomware attacks have globally grown by 20% during the first months of the pandemic. Attackers continue to develop new, sophisticated variants supported by standard marketing and social engineering techniques to infect as many devices as possible. Besides ransomware, spyware is sitting silently on the user’s PC while collecting personal data, banking information or online activities, and crypto-mining malware, also belonging to the most prevalent threats.
Businesses are also facing threats targeting their employees’ smartphones, which include adware, spyware, ransomware, downloaders and crypto-mining malware.
AIM: Tell us about Avast’s tech stack.
AIM: How will quantum computing impact the future of cybersecurity?
Jaya Baloo: Quantum computing will be an exciting leap forward for answering fundamental scientific questions. However, it also poses an initial challenge to how we protect our data today as quantum computers of sufficient scale can break our currently used cryptography. This means we need to redefine how we protect our data in terms of encryption. Post Quantum cryptography will essentially provide new algorithms so that we can transfer data securely after we have a quantum computer, and quantum key distribution can assist in preventing unauthorised eavesdropping of communications. Avast is always looking at ways of innovating in new spaces, and our post-quantum future brings about a wave of new opportunities.
AIM: What is your advice to people starting off their career in cybersecurity?
Jaya Baloo: I’m always telling people to be fearless and jump in at the deep end. Specifically, when you start your career, there are many moments where you have to dare to do things for the first time, but only if you dare to jump will you learn from it, and next time those moments won’t be so scary anymore. Make sure you get comfortable stretching your capabilities and dealing with uncertainty, it’s the best recipe for future success in the field of information security.