In the run up to Cyber Security Asia 2017, Verghese V Joseph caught up with a key influencer and speaker Shahmeer Amir. Incidentally, Shahmeer is a Bug Bounty Hunter and the CEO of Veiliux. Veiliux is a cyber security startup, one of its kind aiming to provide adequate cyber security services to online businesses that are cost affective, resource reductive, time reductive and of quality. He also remained the top top hacker on Hackerone platform for almost eight months. Excerpts of the interview:
To begin with, your thoughts on cyber security as your primary focus area?
I have a Bachelors degree in Electrical Engineering so Cyber security was never something that I planned, but I was always fascinated about the fact that computers can be hacked. I did not have a clue as how to actually do it back then, but had a keen interest to discover it. So I started learning from online resources and the rest was history. Cyber security is my area of focus because I believe that at a certain point of time in the future, the world will need people like me to save it from the bad guys as wars will not be fought with guns and tanks but keyboards and computers. In the coming years, the demand for security experts and work for research in this field will increase exponentially, I look forward to contribute in any way I can.
What are your thoughts on businesses and governments in the Asia Pacific with regard to both the regional and international cyber threat landscape?
The best way to keep up in the prevention of latest threats in cyber security is to adopt security as a culture; it is the best way to move forward. Security is as strong as its weakest link, the weakest link is always the human factor, it should be a prime focus for all governments and organizations to train its individuals.
Building in house CERTs and teams to proactively counter attacks is the best way to prevent threats. In this era the best way to prevent an attack is to be quicker than the attacker, so keeping up to date with the latest attack vectors helps out a lot in overall infrastructural security.
In your opinion, what is best way to identify, evaluate and measure cyber risk, and put in place mechanisms to manage and minimise the risk for organisations?
Organizations need to put the right skill-set in their security teams who have technical expertise as they have managerial expertise. The biggest problem with organizations is that they focus on managerial aspects of security and somewhat neglect the technical aspect due to which there is no clarity on the risk. The best way to cater to cyber risks is to act proactively towards them, this includes recursive cyber drills, proper risk mitigation strategies and management.
Please let us know the three top security controls that would you recommend businesses need to put in place to manage cyber threats?
The top three on my list are
- Intrusion prevention systems
- Recursive drills and trainings
How can businesses keep abreast of the threats to their national interests and supply chains?
Train its people to adopt security as a culture, no matter how secure your technology is, it can at any point in time be breached using the human element, therefore the best way to for a business to country cyber threats to stay up to date and educate its team about security.