Security expert Raj Samani is the man standing between you and a cyber-attack. He believes digital security is becoming a key differentiator for businesses.
As the threat of cyber-attacks become more widespread and strikes are increasingly devastating, cybersecurity professionals have their work cut out. On the frontline of that battle is Raj Samani, Vice-President, Chief Technical Officer for McAfee EMEA, and a special adviser for the European CyberCrime Centre.
“I love what I do,” says Samani. “But the biggest frustration for me is that people see this whole thing as a computer issue. The reality is that it isn’t. They need to understand that this affects their everyday lives. Take the WannaCry ransomware attack in May, for example. That impacted people’s ability to get medical care and to have their operations done. Getting people to recognise that is where the real challenge is”.
Samani’s career in cybersecurity began 20 years ago, at a time when networking was the IT career of choice, and people were doing certifications in Cisco and CompTIA.
“I wanted to do security,” says Samani. “I loved it. I’d studied computing in my master’s degree and was fascinated by it. At that time there wasn’t any formal cybersecurity education, you just had to learn it yourself. When I finished my degree I took around 35 professional exams in technology to learn as much as I could.”
His career has been a story of continuous learning, and given the pace at which technology changes and evolves, it has never stopped. “I am still learning,” he says. “I call it passion, and you need that to do this job. During the most recent major outbreak, for example, I’d gone to bed at around 1am, got a call from a colleague in Amsterdam at 2am, I took over from him till 4am, then he carried on from there. You wouldn’t do that unless you loved what you do and unless there was that sense of purpose.”
In the fight against what Samani describes as the “evolution of crime”, the cybersecurity and legal communities are facing some huge challenges. “In effect we are trying to fight a 21st-century problem with 19th-century tools,” he says. “If someone wants to launch an attack in the UK they can make that attack appear to have come from anywhere in the world. There are international jurisdictions to deal with. How can law enforcement investigate that, particularly if they don’t have a working relationship with that country?”
Of course, the aim is always to put the perpetrators behind bars, and individuals such as Ross Ulbricht, for example – who was behind the Silk Road online black market – and many others certainly have been caught. But Samani insists there are other effective ways of tackling the challenge.
“Look at the work we did with other law enforcement and security organisations to develop No More Ransom,” he says. “Not only did it help to educate the public about ransomware, but it also offers decryption tools to enable people to recover files that have been locked by ransomware. That to me is incredibly positive.”
Operating within the law is never going to be clear-cut in the digital world. Criminals have no need to respect geographical boundaries, or international jurisdiction, so if someone decides to target an organisation they can do so with impunity. Here new legislation around data security, such as GDPR (general data protection regulation) and the NIS Directive, with legal measures aimed at boosting the overall level of cybersecurity in the EU, can make a difference, says Samani.
“Any laws that help to promote better safety of a country’s citizens have to be applauded,” he says. “We know that GDPR is being seen as the ‘big bogeyman’ that’s going to come and get you. However, the reality is, done correctly and appropriately, and transparently, with better protection of your customers’ data, I think it is a business enabler. Companies need to see it as a positive thing not a negative thing, and I would urge them to look at how they can leverage and utilise new legislation in order to create better relationships with their customers”.
A change in some fairly basic human behaviour might also go some way to improving the protection of personal data and reducing the risk of an attack.
“I can recall visiting a shopping centre in London where a chocolate manufacturer was giving away free products in exchange for people’s personal data. The queue was massive. I see this type of behaviour all the time. On holiday one year, I saw a company signing people up for a raffle and using the last four digits of their credit card to identify them in the draw. I think that people find it hard to visualise the impact of losing an intangible asset like their ID. They don’t see it in the same way as losing a physical asset, for example if their car was stolen”.
For youngsters contemplating a career in the field of digital law or cybersecurity, Samani has some sound advice. “I recently gave a talk at a school, and I asked the kids what they wanted to do when they left school,” he says. “One of them said he wanted to be a sports scientist. I asked him if he used Twitter. He said he did. I asked him if he knew and followed the head physio for English rugby. He didn’t. My point is that youngsters have this opportunity – that I didn’t have – to connect and follow and understand the lives and careers of the people they want to emulate. Technology enables access and visibility that wasn’t there before, so my advice is to look at the tools around you and use them.”
Despite being exposed to the worst of the internet on a daily basis, Samani remains upbeat.
“This is the place to be. Technology is the future and safety will be the number one driver for businesses in attracting and retaining new business. This is the most exciting career there is, and I challenge anybody to disagree!”