Avast CISO for strengthening foundation of tech stack to ward off cyber threats

The Chief Information Security Officer of Avast, Jaya Baloo believes cyber attacks are only to increase and businesses need to comprehensively secure their networks.

The explosion of digital data with an increased shift towards online interaction has also led to the rise of cybersecurity threats and this would require a multi-pronged approach to tackle this menace with experts leading the way.

During a fireside chat at TechSparks 2021, Jaya Baloo, Chief Information Security Officer (CISO) of Avast, made keen observations on how one deals with these threats.

“We keep building new stuff on old stack,” said Jaya, who has decades of experience in the area of information security.

She elaborated on how many of the foundational layer technologies whether it was for the internet or mobile that are still being used were built in their 70s and what is built on top of it every day does not have the interactivity.

“The newer security or privacy challenges are arising due to eroding of this foundational tech stack over time,” she said and called for fixing the basics first.

These new challenges were also accentuated by the rise of work from home due to the ongoing COVID-19 pandemic where companies do not have much control over the security protocols as almost everybody is accessing the internet on an independent basis.

According to Jaya, there has been an increase in ransomware attacks in 2020, which has also affected the supply chain networks of the global economy.

To tackle this challenge of cybersecurity threats, the CISO of Avast believes that given the ever-expanding digital footprint of any enterprise or business, it becomes very important for them to know where all are their resources. It may seem the core networks are well guarded but it has been generally noticed that attacks generally happen from a remote location or outsourced services.

“Most of the vulnerabilities can be solved through by applying simple security patches which does not require much capital or resources,” she said.

Jaya added the focus should not be on trying to do everything but focus on 20 percent of the things that get 80 percent of the results. Though, one must follow the basic hygiene factors such as strong password, two-factor authentication, using VPN etc.

The CISO of Avast believes that the quantum of ransomware attacks is unlikely to reduce anytime soon, which is largely due to the “victimless crime”. What she meant was that many companies that are attacked by ransomware do not actually pay the money as it is the insurance companies that cough up the ransom.

“We have to make it mandatory for companies to make disclosure on cyber attacks and this will help reduce the potential threats,” added Jaya.

On the advice for those who are keen to get onto the career path of cybersecurity, she said one needs to have the ability to communicate which goes beyond technology and make it simple.

Besides, the CISOs always face challenges from within and outside as they are seen as departments which is more of a cost centre rather than as an operation that contributes to the bottom line.

As the CISO of Avast, Jaya is looking to rebuild its network architecture and look at meaningful technologies which would have relevance for the future.

She said the tech culture at Avast is one of “punk” where it means that people just get things done. The focus is always on trying to get things corrected at the start rather than trying to fix them at the end.

Jaya said her entry into information security was accidental and it is something she loves doing even at a young age where she is also learning every day.

She is also a big proponent of gender diversity and inclusivity but she is very categorical on one point.

“I should not be hired because of my gender or colour but because of merit and capability,” emphasised Jaya.

She added that there are many barriers to be broken which can create an environment where hiring or entry into an organisation should only be based on merit.

To log in to our virtual events platform and experience TechSparks 2021 with thousands of other startup-tech enthusiasts from around the world, join here. Don't forget to tag #TechSparks2021 when you share your experience, learnings and favourite moments from TechSparks 2021.

For a line-up of all the action-packed sessions at YourStory's flagship startup-tech conference, check out TechSparks 2021 website.


Updates from around the world