Cybersecurity at a Crossroads: An Interview with Mark Lukie from Barracuda

After embroiling in an extended battle with the SARs-COV 2, we realised one thing: The world that we once knew has completely altered, perhaps forever. Prior to the pandemic, nobody imagined the inconceivable digital transformation that happened around the globe, with the cloud being its driving force and cybersecurity its backbone.

Healthcare, financial services, commerce, entertainment, you name it! Companies from all sectors queued up to accelerate their move to the cloud and embrace it more. However, soon- as the saying goes- “Look before you leap,” the business community concluded that cloud is not an easy feat either. Among the numerous concerns prominent in the cloud, what stood out the most is perhaps data security and privacy. 

The ingenuity of contemporary cybercriminals and their highly innovative and deceptive tactics can be visualised with a single fact: A mere email can bring an entire organisation to its knees. Malware, ransomware, spyware, phishing, SQL injection, Man-in-the-middle (MitM), DNS tunnelling, DDoS, account takeover (ATO), domain fraud, and the list can go on and on, cyber attackers, somehow or other, never run short of ways to bleed the business community. And that is precisely the impression I got from my recent virtual conversation with Mark Lukie, Director of Solution Architects (APAC) at Barracuda Networks, when he said, “we will constantly see the evolution of cybercriminals leveraging new technologies, Artificial Intelligence, and machine-learning.” On the other hand, the human-vulnerability factor prevalent in emails and personal devices continues to be an ideal bait for bad actors to mould their malicious intentions.

Using his unique and extensive interaction with the Southeast Asian industries, Mark outlined some key insights and various deep-rooted issues pertaining to cybersecurity, as well as offering a few long-term solutions. Southeast Asia, like many other regions, is also on the hitlist of cyber attackers. In other words, though different countries are vulnerable to different categories of threats, the survival of all the regions is, and perhaps will always be, at stake if appropriate measures are not guaranteed.

“It’s not easy to extract the precise severity of cyber attacks against the Southeast Asian markets but considering the data we have analysed so far and the number of complaints we receive about compromised computers, it is quite clear that organisations operating in this part of the world are undoubtedly at risk,” Mark further asserted. Exemplifying Malaysia, Indonesia, and Vietnam, Mark noted that these countries are particularly susceptible to phishing and malware attacks. While some are politically motivated, most attacks are executed for financial gains, and that too, irrespective of the magnitude of the business. Even the small-scale business entities around the globe, including those in Southeast Asia, are neither immune nor outside the radar of threats. 

When it comes to tackling cybersecurity challenges, the role of business leadership is fundamental. How concerned is senior leadership about the cybersecurity of its organisation? Have CTOs or CIOs formulated their cloud strategy? If so, are there any complementary security solutions that can further solidify organisational operations? Are they providing robust training and education to the users and employees? In other words, as Mark emphasised, organisations must go through a rigorous self-assessment process to understand where they stand in their cybersecurity journey.

Barracuda Networks has played a focal role in supporting businesses globally to amplify and fortify their cloud-based organisational operations. A well-known entity in the world of cybersecurity, Barracuda has been serving businesses exceptionally regardless of their size and sector for almost 20 years. From email to network security and further to web protection, Barracuda networks is regarded as an industry-leading player helping giants like Mitsubishi, Qatar Airways, Samsung, and a lot more, on various platforms, including but not limited to Microsoft Azure, AWS, and Google. 

Not only that but Barracuda also emphasises driving the education and awareness campaigns since minor negligence at the hands of an employee can bring the entire organisation into the line of fire. “We encourage organisations not to penalise but to educate their staff, which is only possible if work on security maturity, or to be more precise, persuading employees to be watchful when handling the day-to-day business operations.” 

Highlighting the deceitful nature of modern cybercriminals, Mark added that not only emails but SMS phishing (Smishing), voicemail phishing, and physical media, like flash drives, are also used as an entry point to manipulate the security systems, stretching the workforce training further. Hackers even exploit platforms like Facebook and TikTok to target the different demographics of society to materialise their malicious intentions. However, Barracuda’s wide-size training, cybersecurity-oriented interactive gamification, and relevant awareness-building content, such as posters asking employees to avoid doing certain things, have tremendously helped many organisations to ensure the element of robustness in their cybersecurity wall.  

If a predominant number of IT professionals – 60% as per Ponemon Institute’s research – consider that vulnerabilities can wreak havoc, why are businesses not doing enough to fortify their cybersecurity landscape? According to Mark, the reasons are threefold: First, there is a scarcity of security practitioners solely trained to combat cybercriminals around the globe, particularly in Southeast Asia; secondly, business leadership does not take cybersecurity seriously unless it is compromised; and lastly, only a handful of organisations are willing to allocate a large chunk of its budget on cybersecurity. In addition, acquiring cybersecurity technologies often act, as Mark said, as “a double-edged sword,” meaning either an organisation must secure a highly skilled workforce or an automated solution that could ensure a considerable return on investment.  

As far as the future of cybersecurity is concerned, it is an evolutionary and never-ending expedition. One day you hear about a zero-day vulnerability successfully exploited by an advanced cyber invasion, and the next day you learn about the highly robust modern technologies, like Extended Detection and Response (XDR), purely designed to quickly detect and respond to cyber threats. Mark summarised this suspenseful chase in perhaps the most accurate way possible when he stated, “It will always be a cat and mouse game.”