In a recent interview with The Cyber Express, Kanesan Pandi shared insights into his 25-year journey in the field of information security. Starting his career in the UAE, Pandi has witnessed significant advancements in IT and security, adapting and excelling through each evolution. Currently, Pandi serves as the Head of Information Security at Galadaribrothers, drawing on his vast experience in retail and finance to lead and innovate.
Reflecting on his journey into information security, Pandi attributed his initial interest to a fascination with technology and problem-solving. His exposure to IT and security incidents deepened his curiosity, leading him to specialize in cybersecurity. Over time, Pandi developed a passion for staying ahead of emerging threats and enhancing security measures, driving his successful career in this critical industry.
When asked about the challenges he has faced in securing digital assets, Pandi outlined several key obstacles, including adapting to evolving cyber threats, balancing security and usability, securing outdated systems, navigating diverse regulations, addressing human error through employee training, and managing resource constraints. These challenges necessitate ongoing vigilance, adaptability, and strategic planning to effectively safeguard digital assets.
Operating across diverse industries, Pandi highlighted the importance of tailoring cybersecurity strategies to meet the unique requirements of each sector. This customization involves industry-specific risk assessments, customized security controls, flexible security frameworks, specialized training, and collaboration with industry experts to stay informed on sector-specific threats and best practices.
Discussing the components of an effective threat intelligence program, Pandi emphasized the importance of real-time data collection, analysis, correlation, integration with security operations, collaboration, and continuous update and adaptation. To ensure relevance, the program must be dynamic, incorporating feedback and lessons learned from ongoing threats and emerging trends.
Pandi also shared details of a complex security incident he managed, involving a ransomware attack that impacted multiple departments. Through swift isolation, thorough assessment, engagement with forensic experts, identification of the root cause, system restoration, and security strengthening post-incident, Pandi and his team effectively controlled the attack with minimal long-term impact.
Regarding the impact of AI and machine learning in cybersecurity, Pandi highlighted the significant enhancements these technologies provide in threat detection and response. Specific use cases include malware detection, phishing prevention, network security monitoring, and user behavior analytics. While beneficial, AI and machine learning require ongoing training and management to ensure effectiveness and reduce false positives.
Incorporating threat intelligence and dark web monitoring into their security posture, Pandi underscored the importance of proactive threat hunting, enhanced incident response, continuous monitoring, and collaboration with industry peers to detect and respond to emerging threats swiftly.
To protect cloud-based assets, Pandi outlined critical security measures including zero trust architecture, strong identity and access management, data encryption, continuous monitoring, regular security audits, secure configuration management, backup and disaster recovery, vendor risk management, and security awareness training.
In addressing compliance with local and international standards in Dubai, Pandi emphasized the importance of staying updated with regulations, conducting compliance audits, and engaging with legal and regulatory experts. Challenges include evolving regulations, diverse compliance requirements, and consistent policy application across the organization.
Looking ahead, Pandi identified evolving threats such as ransomware, AI-driven attacks, supply chain vulnerabilities, and compliance maintenance as major cybersecurity challenges. To address these challenges, Pandi emphasized investing in advanced threat detection technologies, enhancing incident response capabilities, adopting zero trust architecture, continuously training staff, improving threat intelligence, and collaborating with industry peers.
Pandi also shared his recent focus on Zero Trust, emphasizing its budgetary benefits over traditional VPNs. Through a comprehensive evaluation, Pandi identified three primary types of zero-trust technologies, selecting the best-in-class solutions to optimize security and cost-effectiveness in his organization.
Overall, Kanesan Pandi’s expertise and strategic approach to cybersecurity highlight the importance of adaptability, collaboration, and continuous innovation in effectively securing digital assets in a rapidly evolving threat landscape.