EMBRACING THE FUTURE

Page 1

EMBRACING THE FUTURE

HOW IFS IS PAVING THE WAY FOR TRANSFORMATION JOURNEYS OF ITS CUSTOMERS

ISSUE 55 \ AUGUST 2023

18 NAVIGATING COMPLEXITY

24 GUARDIANS OF THE DIGITAL REALM

44 PRODUCTS

CISCO TRANSFORMS CRISIS TO CONTROL WITH NEW AUTOMATED RANSOMWARE RECOVERY

SALAM COLLABORATES WITH ORACLE TO ACCELERATE DIGITAL TRANSFORMATION

DUBAI’S BEDU ANNOUNCES AMBITIOUS AI VISION

SOPHOS UNCOVERS NEW CONNECTIONS BETWEEN HIVE, ROYAL, AND BLACK BASTA RANSOMWARE

CONTENTS 6 NEWS
FEATURES 12 FOSTERING AN EVERYDAY AI CULTURE 30 UNRAVELLING CHALLENGES IN CYBER INSURANCE 32 THE ARRIVAL OF AI 34 SUPERCHARGING DEVOPS 35 STAYING SAFE 38 REVOLUTIONISING EDUCATION 42 CONVERGING FORCES 22 LEADING THE WAY TO DIGITAL SUCCESS 36 CONNECTED FUTURE 28 UNLEASHING THE POWER OF MESSAGING 40 TRANSFORMING HEALTHCARE
PUBLISHED BY INSIGHT MEDIA & PUBLISHING LLC 14 EMBRACING
FUTURE
THE
VIEWPOINTS INTERVIEWS CASE STUDY 3 CXO INSIGHT ME AUGUST 2023

AI IS A BALANCING ACT

Artificial intelligence is being touted as the silver bullet for our security woes. Given the woeful skills shortage and increasing cyber-attack sophistication, many enterprises now see AI as a formidable arsenal in the fight against cybercrime. Undoubtedly, AI and ML can detect and react to threats much faster and will play a pivotal role in cybersecurity in the coming years. Very soon, we will see AI-powered autonomous security systems that can identify, mitigate, and even prevent attacks without human intervention.

However, on the flip side, there are also some potential risks involved in adopting AI in the realm of cybersecurity. The rapid strides made by AI in cybersecurity may lead to a false sense of security, and it is important to remember AI systems are not infallible. Threat actors can easily manipulate AI algorithms and deceive AI systems into misclassifying threats or making incorrect decisions. Another bugbear is data bias – AI systems

typically learn from historical data, and if that data is based, the AI-based security model may inherit those biases, leading to exploitable vulnerabilities. It is important to remember that no matter how advanced, AI systems lack the true understanding and reasons we humans possess. This handicap might result in AI systems making incorrect judgments or misinterpreting context, leading to false positives or negatives in threat detection. In this issue, you’ll also delve into a trending subject within the industry: full stack observability. In intricate IT environments, conventional monitoring tools often fall short in uncovering the root causes of performance challenges. Full stack observability is now taking the spotlight as a vital solution, providing profound insights across all layers of your IT ecosystem. We’ve spoken to industry experts to find out why FSO is crucial in navigating the complexities of modern IT landscapes with confidence and empowers your enterprise to embrace new technologies and architectures.

EDITORIAL
Published by Publication licensed by Sharjah Media City @Copyright 2023 Insight Media and Publishing Managing Editor Jeevan Thankappan jeevant@insightmediame.com +97156 - 4156425 Sales Director Merle Carrasco merlec@insightmediame.com +97155 - 1181730 Operations Director Rajeesh Nair rajeeshm@insightmediame.com +97155 - 9383094
Production Head James Tharian jamest@insightmediame.com +97156 - 4945966 Administration Manager Fahida Afaf Bangod fahidaa@insightmediame.com +97156 - 5741456 Designer Anup Sathyan 5 CXO INSIGHT ME AUGUST 2023
While the publisher has made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors

CISCO TRANSFORMS CRISIS TO CONTROL WITH NEW AUTOMATED RANSOMWARE RECOVERY

Cisco is dramatically enhancing its Extended Detection and Response (XDR) solution. By adding recovery to the response process, Cisco XDR is redefining what customers should expect from security products. Today’s announcement brings near real-time recovery for business operations after a ransomware attack.

Cisco continues to drive momentum towards its vision of the Cisco Security Cloud—a unified, AI-driven, crossdomain security platform. With the launch of Cisco XDR at the RSA Conference this year, Cisco delivered deep telemetry and unmatched visibility across the network and endpoints. Now, by reducing the crucial time between the beginnings of a ransomware outbreak and capturing a snapshot of business-critical information to nearzero, Cisco XDR will further support that vision, while enabling new levels of business continuity.

“Cybercrime remains a present risk that cannot be ignored for individuals and organisations across our region. In the last quarter, we have seen ransomware continuing to be one of the most-observed threats. To drive fightback against these cyber-attacks, a platform approach has become crucial. That is why we are consistently striving to build a resilient and open cybersecurity platform that can withstand ransomware attacks,” said Fady Younes, Cybersecurity Director, EMEA Service Providers and MEA.

“Our innovations with automated ransomware recovery are a significant step towards achieving truly unified detection and response data, turning security insights into action.”

During the second quarter of 2023, the Cisco Talos Incident Response (IR) team responded to the highest number of ransomware engagements in more than a year. With the new capabilities in Cisco XDR, Security Operations Centre (SOC) teams will be able to automatically detect, snapshot, and restore the business-critical data at the

very first signs of a ransomware attack, often before it moves laterally through the network to reach high-value assets.

“Cisco is quickly disrupting the security landscape across their entire portfolio and their XDR solution could become the de facto reference architecture organisations turn to,” said Chris Konrad, Area Vice President, Global Cyber, World Wide Technology. “Not only does it provide broad visibility by integrating data across endpoints, network, cloud, and other sources –this extensive attack surface insight allows for superior threat detection using advanced analytics. Organisations should strongly consider the implementation of Cisco XDR to bolster their security posture and safeguard assets effectively. Cisco undoubtedly is contributing to the overall resilience of any organisation.”

Cisco is expanding its initially released, extensive set of third-party XDR integrations to include leading infrastructure and enterprise data backup and recovery vendors. Today, Cisco is excited to announce the first integration of this kind with Cohesity’s DataProtect and DataHawk solutions.

“Cybersecurity is a board-level concern, and every CIO and CISO is under pressure to reduce risks posed by threat actors. To this end, Cisco and Cohesity have partnered to help

enterprises around the world strengthen their cyber resilience,” said Sanjay Poonen, CEO and President, Cohesity. “Our first-of-its-kind proactive response is a key piece of our data security and management vision, and we’re excited to bring these capabilities to market first with Cisco.”

Cohesity has a proven track record of innovation in data backup and recovery capabilities. Cohesity’s products provide configurable recovery points and mass recovery for systems assigned to a protection plan. The new features take this core functionality to the next level by preserving potentially infected virtual machines for future forensic investigation, while simultaneously protecting data and workloads in the rest of the environment. Cohesity’s engineers worked alongside Cisco technical teams to dynamically adapt data protection policies to offer organisations a stronger security posture. This complements Cisco XDR’s robust detection, correlation, and integrated response capabilities and will enable customers to benefit from accelerated response for data protection and automated recovery.

Cisco XDR is now available globally to simplify security operations in today’s hybrid, multi-vendor, multi-threat landscape. To learn more, visit cisco. com/go/xdr.

NEWS
6 CXO INSIGHT ME AUGUST 2023
Fady Younes, Cisco

SALAM COLLABORATES WITH ORACLE TO ACCELERATE DIGITAL TRANSFORMATION

Salam (previously known as Integrated Telecom Company) has selected Oracle to drive 5G innovation across the Middle East.

Recently recognised as Saudi Arabia’s fastest growing and most innovative telecom brand, and part of the Mawarid Media & Communications Group (MMCG) and Mawarid Holding Company, Salam will utilise Oracle Communications’ monetisation and unified operations solutions to help quickly deliver differentiated services to its consumer and enterprise customers.

“Salam aims to provide customercentric offers that help create a digital society in line with the Kingdom’s Vision 2030 digital transformation plans,” said Ahmed Al-Anqari, CEO, Salam. “With Oracle, we have a futureready digital strategy to accelerate our time to market for 5G and other digital services. With a modular pre-integrated stack, we avoid the costly and time-consuming process of complex integrations and high level of customisations. This means

we can launch, orchestrate, and monetise new offerings as the market demands while delivering an excellent experience for our customers in the process.”

Founded in 2005, Salam has quickly become a homegrown telecom company at the heart of the Kingdom’s communications modernisation efforts. Oracle’s technologies will provide the modern technology architecture to help support and extend Salam’s digital abilities and help expedite the launch of wide-ranging services.

Clearly aligned technology strategy, business vision

By implementing Oracle Cloud Scale Monetisation and Oracle Unified Operations solutions—combined with Oracle CRM Sales—Salam will replace its legacy systems with a modern, end-to-end stack. These solutions will enable Salam to offer unique promotion bundles across various customer segments. And through automated orchestration, Salam will be able to accelerate time to revenue for existing and new digital services,

such as 5G-enabled streaming, AR/VR gaming, and IoT-connected devices.

Salam chose Oracle based on its in-depth industry knowledge, its extensive portfolio of communications applications, and its proven success with complex telecoms transformation projects.

“As Salam continues on its impressive transformation journey, it’s critical to have powerful, nextgeneration applications that enable business efficiency and empower growth opportunities,” said Jason Rutherford, senior vice president and general manager, Oracle Communications, Applications. “Salam has built its company reputation around innovation, elevating traditional telco offerings with a unique, experience-led presence in the market. We’re honoured to be the trusted technology partner in enabling their vision to create a more digital society in the Kingdom.”

To learn more about Oracle Communications industry solutions visit LinkedIn.

7 CXO INSIGHT ME AUGUST 2023
Salman Faqeeh, Cisco

DUBAI’S BEDU ANNOUNCES AMBITIOUS AI VISION

BEDU announced a bold strategy set to change how individuals and enterprises engage with the digital realm. The announcement comes at a time when the company is targeting substantial growth and regional industry leadership through a pre-seed investment round.

Over the past 18 months, BEDU has achieved significant milestones in its continued investment in innovation. The company showcased its leadership in emerging technology by launching the Virtual Mars Experience 2117 in partnership with the Mohammed bin Rashid Space Centre. BEDU’s community-building efforts include leveraging blockchain for societal engagement – a reflection of its tradition of identifying and capitalising on emerging trends, through bringing digital collections such as ‘From Desert to Mars’ and ‘Colonies on Mars’. Leading to BEDU making an impact at Art Dubai 2023, as it showcased the role that technology and Web3.0 are playing in the Art space.

The global AI investments projected to reach $110 billion by 2024 and by 2030, the market impact of AI is expected to be even more significant, with estimates indicating that AI could contribute up to $15.7 trillion to the global economy. With that BEDU’s long-term vision, announced today, represents fertile ground for investment. The company will bring AI and blockchain into industries to redefine them, harnessing the farthest outskirts of tech to bring new user experiences that connect, engage, and entertain.

“We’re at an exciting juncture,” said Amin Al Zarouni, CEO, BEDU. “Our vision, coupled with this investment opportunity, represents a unique chance for investors to be part of a transformative journey. With our portfolio of innovations and a pre-seed round, we’re poised to forge a future that will shape the very essence of the digital realm.”

The main pillar of the company’s vision and its flagship is the AI Builder Tool, an agnostic platform that can be used by all types of people, organisations and enterprises to build their digital and virtual experiences which will contribute heavily to the future of the internet.

In addition to that, the company announced BEDU AI, a portfolio of impactful products and services that include, a market-ready platform that uses AI to streamline media management in recognition of the rapidly growing need for effective asset management in a content-driven world. This includes advanced natural language processing (NLP) and machine learning that redefines document processing across industries from finance to legal, automating tedious tasks that prevent professionals from focusing on highervalue activities. And an advanced AI solution to process voice and visual data and enable real-time insights which are frontier capabilities with use cases in arenas from security to healthcare.

“Today, we’re setting the stage for a paradigm shift in the digital landscape,” said Khaled Al Huraimel, Co-Founder and Chairman, BEDU. “Our vision that encompasses the convergence of Web3.0 and AI, is at the helm of reshaping industries and human experiences. As we embark on this transformation, we invite likeminded visionaries to join us in this journey where innovation knows no bounds and technology drives endless possibilities.”

BEDU’s pre-seed round is aimed at opening the door to regional growth. The funding will allow BEDU to enhance its delivery speed, extend its reach, and reinforce its position as an industry leader as it turbocharges its prolific R&D function and its flagship platform development.

SAP CONCUR SOLUTIONS ANNOUNCES PARTNERSHIP AGREEMENT WITH DNATA TRAVEL MANAGEMENT

SAP Concur Solutions announced its partnership with dnata Travel Management, part of the Emirates Group, now a certified reseller of its full range of travel solutions.

Savio Vaz, Vice President of Government and Corporate Travel at the dnata Travel Group, said, “This collaboration will enable dnata to empower its valued customers through streamlined and automated travel processes, leveraging SAP Concur’s

innovative technology and state-of-theart products. These solutions automate spend management, allowing us to provide customers with enhanced value, convenience, and flexibility.”

He added, “This strategic alliance exemplifies our dedication to constantly enhancing the corporate travel landscape. Our collective commitment remains resolute – to provide our clients with nothing short of the finest travel experiences, today and in the future.”

NEWS
8 CXO INSIGHT ME AUGUST 2023

SENTINELONE STREAMLINES VULNERABILITY MANAGEMENT

Vulnerabilities are on the rise, and the pressure is on for companies to manage them with greater speed and transparency. To help them do it, SentinelOne announced the launch of Singularity Ranger Insights. Building on the company’s top-ranked asset discovery and protection capabilities, the innovative solution removes the complexity from vulnerability management, enabling companies to continuously discover unmanaged assets, evaluate and prioritise threats and mitigate risk using a single console and agent. The news came during Black Hat 2023, the premier cyber security event being held in Las Vegas this week.

“Today’s work-from-anywhere world has opened the door to an increasing number of vulnerabilities, and when it comes to managing them, the stakes have never been higher,” said Lana Knop, Vice President of Product Management, Endpoint and Identity Products, SentinelOne. “More than 25 percent of all breaches are the result of vulnerability exploitation, and the average cost of remediating them can top $4.5 million. With Singularity Ranger Insights, security teams have a powerful tool they can use to reduce the time, cost and complexity of vulnerability management and significantly improve their security posture.”

Simplified Management

Built on the Singularity platform, Singularity Ranger Insights leverages SentinelOne’s industry-leading agent to deliver streamlined endpoint detection response (EDR), network discovery, vulnerability management and compliance requirements.

Reduced Complexity and Costs

Real-time insights from the agent minimise dependency on network connectivity and point-in-time scan configurations used by legacy approaches, reducing cost, complexity and bandwidth challenges, while increasing visibility.

How it Works

Singularity Ranger Insights continuously monitors security posture changes on workstations, and when potentially risky devices and applications are identified, the SentinelOne agent can be deployed to isolate them. Using the solution, security teams can:

• Get context for exploitation, based on live updates of a vulnerability’s maturity, remediation, and reported confidence levels.

• Gain visibility into vulnerabilities associated with applications and operating systems across Microsoft, Linux, and macOS – whether they are

physical, virtual, or cloud.

• Prioritise vulnerabilities based on environmental evidence such as exploitation in the wild, patch/ workaround availability and business criticality and remediate the most impactful.

• Deploy the SentinelOne agent on unmanaged endpoints and automatically bring them into compliance, or isolate if evaluated as risky.

• Automate workflows and eliminate the need to pivot between tools, saving time and better- utilising limited security and IT resources.

• Run EDR queries on affected endpoints to pull in more information on network connectivity and determine whether a vulnerability has been exploited.

• Consolidate tools and leverage existing endpoint footprint to lower operational costs.

Availability

Singularity Ranger Insights is available today. To learn more about the solution,

Managing Director for EMEA South Region at SAP Concur, commented that the business travel market is returning to its former volumes, but requirements have now changed. “Cost control and compliance measures must be delivered while improving employee experiences –and this is where digital transformation can play a key role,” she said.

The partnership between dnata Travel Management and SAP Concur Solutions marks a significant advancement in the corporate travel sector. By combining their unique strengths and resources,

both entities are well positioned to respond to changing market demands, streamline travel processes, and enhance customer experiences.

“This partnership with dnata is a key element in delivering exceptional endto-end services for our customers. By integrating their sector-leading travel services to support our customers’ digital transformation agendas, this collaboration enables us to deliver the best-in-class technologies,” Indrieri added.

Gabriele Indrieri, Vice President and 9 CXO INSIGHT ME AUGUST 2023

SOPHOS UNCOVERS NEW CONNECTIONS BETWEEN HIVE, ROYAL, AND BLACK BASTA RANSOMWARE

Sophos released new findings into the connections between the most prominent ransomware groups this past year, including Royal, in its report, “Clustering Attacker Behavior Reveals Hidden Patterns.” Over the course of three months beginning in January 2023, Sophos X-Ops investigated four different ransomware attacks, one involving Hive, two by Royal, and one by Black Basta, and noticed distinct similarities between the attacks. Despite Royal being a notoriously closed off group that doesn’t openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities. Sophos is tracking and monitoring the attacks as a “cluster of threat activity” that defenders can use to speed up detection and response times.

“Because the ransomware-asa-service model requires outside affiliates to carry out attacks, it’s not uncommon for there to be crossover in the tactics, techniques, and procedures (TTPs) between these different ransomware groups. However,

in these cases, the similarities we’re talking about are at a very granular level. These highly specific, unique behaviors suggest that the Royal ransomware group is much more reliant on affiliates than previously thought. The new insights we’ve gained about Royal’s work with affiliates and possible ties to other groups speak to the value of Sophos’ in-depth, forensic investigations,” said Andrew Brandt, principal researcher, Sophos.

The unique similarities include using the same specific usernames and passwords when the attackers took over systems on the targets, delivering the final payload in .7z archive named after the victim organisation, and executing commands on the infected systems with the same batch scripts and files.

Sophos X-Ops succeeded in uncovering these connections following a three-month long investigation into four ransomware attacks. The first attack involved Hive ransomware in January 2023. This was followed by Royals’ attacks in February and March 2023 and, later, in March, Black Basta’s. Near the end of January this year, a large portion of Hive’s operation was disbanded following a sting

operation by the FBI. This operation could have led Hive affiliates to seek new employment—perhaps with Royal and Black Basta—which would explain the similarities in the ensuing ransomware attacks.

Because of the similarities between these attacks, Sophos X-Ops began tracking all four ransomware incidents as a cluster of threat activity.

“While threat activity clusters can be a steppingstone to attribution, when researchers focus too much on the ‘who’ of an attack, then they can miss critical opportunities for strengthening defenses. Knowing highly specific attacker behavior helps managed detection and response teams react faster to active attacks. It also helps security providers create stronger protections for customers. When protections are based on behaviors, it doesn’t matter who is attacking—Royal, Black Basta, or otherwise—potential victims will have the necessary security measures in place to block subsequent attacks that display some of the same distinct characteristics,” said Brandt.

More information about these ransomware attacks is available in the article “Clustering Attacker Behavior Reveals Hidden Patterns.”

NEWS 10 CXO INSIGHT ME AUGUST 2023

FRESHWORKS UNVEILS AI-POWERED CUSTOMER SERVICE SUITE WITH FREDDY GENERATIVE AI INTEGRATION

Freshworks announced the launch of its AI-powered Customer Service Suite which brings together selfservice bots, agent-led conversational messaging, and automated ticketing management in an all-in-one solution. Uniting Freshchat, Freshdesk, and the company’s generative artificial intelligence technology, Freddy AI, the Freshworks Customer Service Suite enables a modern customer support experience accessible to any company, with pricing that scales from small business to global enterprise.

Ninety four percent of business leaders surveyed in Deloitte’s State of AI in the Enterprise, 5th Edition, agree that AI is critical to success over the next five years. However, many (42%) see implementing AI technologies a barrier to doing that. Freshworks Customer Service Suite is easy-to-implement, easy-to-use, and easy-to-scale solution for companies looking to leverage AI to retain and delight their customers.

“At Freshworks, we’ve always been committed to delivering innovative solutions that anticipate the needs of our customers. The new Freshworks Customer Service Suite is firmly rooted in generative AI technology and empowers businesses to automate customer resolutions, supercharge agent productivity and make smart decisions quickly at a price point that every company wants,” said Freshworks’ Chief Product Officer Prakash Ramamurthy.

The Freshworks Customer Service Suite follows the June launch of Freddy Self Service, Copilot, and Insights, which brought generative AI enhancements to a wide range of Freshworks products and builds upon Freshworks’ generative AI enhancements released in March, which are already reducing agent time required on certain tasks by more than 80%.

Using Freshworks’ Freddy AI capabilities with the Customer Service Suite, companies of all sizes can:

• Automate and personalised selfservice across channels. Freddy

Self Service AI-powered bots work across channels to help customers find answers fast. Ticket deflection happens faster, and customers receive an overall better experience with personalised resolutions.

• Supercharge agent productivity and collaboration. Freddy Copilot equips agents with next-best-action suggestions, streamline workflows and enable them to deliver accurate and personalised service. Integration with an advanced ticketing system promotes seamless teamwork among departments.

• Leverage actionable Insights to make smarter decisions. Freddy Insights continuously analyses data to surface key issues and generate reports using conversational prompts.

The all-in-one Suite offers value for businesses seeking to elevate their customer support capabilities with more engaging customer experiences and improved agent productivity.

Freshdesk customer, David Yabubik, Director of Customer Support at Restaurant 365, said, “We have big aspirations for the future and if we are ever going to hit the kind of revenue, service margins, and scale of support, we’re going to need to get more efficient and automate our work. AI promises to do just that, with a potential game changer in the Freshworks Customer Service Suite.”

Frank Servidio, Director of Service Operations at Ryan Specialty, said, “Our existing Freshdesk knowledge base automations combined with the new Freddy AI Self-Service capabilities will play very nicely with the Freshchat bots we are implementing. We’re expecting bots and automations will decrease tickets by at least 10 percent, probably more.”

Companies can experience a free trial and sign up for the Freshworks Customer Service Suite on our website here: https://freshworks.com/ customer-experience-suite/signup.

NEWS
11 CXO INSIGHT ME AUGUST 2023
Prakash Ramamurthy, Freshworks

FOSTERING AN EVERYDAY AI CULTURE

TO DELIVER A CULTURE OF EVERYDAY AI, REGIONAL BUSINESSES MUST INVOLVE FRONTLINE EMPLOYEES, WRITES GREGORY HERBERT, SVP & GM – EMEA AT DATAIKU

There is hardly a business in the region that is not at least considering how to integrate artificial intelligence (AI) into its technology mix. But two main stumbling blocks present themselves — a talent shortage and the identification of use cases. In the United Arab Emirates (UAE) an entrylevel data scientist can expect to earn around AED12,000 a month, and salaries can reach up to AED30,000 for a senior data scientist and more than AED 50,000 for a lead data scientist. These are rare — and hence, expensive — skills. The top salaries are going to people who have both the technical know-how and business knowledge to overcome both stumbling blocks. I need hardly tell you how rare these professionals are.

Rather than go on a unicorn hunt, many enterprises are choosing to upskill the talent they have, training AI experts in business matters and introducing business users to the world of AI. A recent Dataiku study revealed that among businesses that have implemented AI at scale (delivery of what we call “Everyday AI”), 85% had cross-trained their teams. But their success was only made possible by ensuring business users got the same access to data and AI as technical teams did. Other recent Dataiku

VIEWPOINT
12 CXO INSIGHT ME AUGUST 2023

research found that while almost all (94%) data science and technology specialists in the UAE have this access, only 42% of business users reported the same.

The solution to this gap lies in how organisations start their AI journeys. They commonly find that they operate a series of information silos, which must be eliminated before the real work can begin. Part of this process may involve developing a shared infrastructure designed for reducing costs and time to value. An AI Center of Excellence (CoE), composed of varied and complementary talents will work towards building a team of unicorns. They will develop AI products, stay current on technology changes, and nurture AI champions across business units. If the CoE demonstrates value, wider programs may emerge, and AI may be adopted and used more widely and for more critical tasks.

Hub and spoke

At this stage, silos will irrevocably break down and cultural challenges may emerge but with data and AI skills on the rise along with value, the bulk of concerns should erode to make way for a sharing environment where value can be added everywhere. What is created in place of legacy silos is a hub-and-spoke super-team with AI experts in the center and business units all around. The old request-anddelivery working model is replaced with collaboration between hub and spokes on every project, the ownership of which is retained by the spokes.

To ramp up AI adoption, the CoE is supported by a Center for Acceleration, which is responsible for getting frontline business users involved in product development. The goal is to build unicorn teams in every spoke so that subject matter experts can bring their knowledge to the program and innovate without having to file a request with the IT and AI teams and wait for a visit from a requirements analyst. Business users as AI

developers can add value quickly and become pivotal in introducing flexibility and rapid ROI across the enterprise. When democratising access to data and AI, an embedded structure (where rules such as responsible AI are simplified and centralised and data science is integral to every business function) works best. This is easier for companies that started as digital businesses, but for legacy organisations, it is a process. No matter which category applies, a common AI platform makes life considerably easier. From data collection through to experimentation, training, analysis, and development, the platform will facilitate the building of unicorn teams and the interdisciplinary working approach that follows.

Experiment and learn

Low- and no-code development platforms not only make AI more accessible to business users; they help companies to align with programs such as the UAE’s National Program for Coders. Self-sufficiency emerges from a talent crisis and ensures that

progress is not hindered, either within a company or in the wider economy. The platform must entice users of all skill levels to experiment and learn. If it can do this, the CoE will show the value of AI quickly and clearly and embed it in the DNA of the business. It is the central platform and the dedication of the CoE that will turn adoption into longevity. At the end of this road is Everyday AI — the culture where every employee uses AI in much the same way as they use email.

Another detracting argument may arise — that upskilling employees only means they will leave and take those skills with them. But in today’s “employee experience” labor market, what we often see is polls suggesting workers will leave to find an employer that will invest in their professional development. This means that not investing in people is a greater risk than investing. Even if untrained employees stayed, what value would they add to a company’s struggle to stay relevant in a digital economy?

A common AI platform can play a central role in upskilling, either through training groups of staff with the same skills from different departments, or training differently skilled employees from the same department. The central AI platform should inspire adoption and facilitate upskilling, however it is handled. This is how an enterprise can build its organisation-wide AI dream team of unicorns.

A December 2021 McKinsey global study on general business transformation showed that among change projects where frontline employees felt “a sense of ownership” and took “the initiative to drive change”, 79% were successful. As democratisation of access to data and AI increases, so does upskilling. And as upskilling proceeds, so the awareness in the value of AI increases. This calls for more upskilling. And the cycle repeats to deliver a range of benefits across the business — a sustainable culture of Everyday AI.

13 CXO INSIGHT ME AUGUST 2023
THE SOLUTION TO THIS GAP LIES IN HOW ORGANISATIONS START THEIR AI JOURNEYS. THEY COMMONLY FIND THAT THEY OPERATE A SERIES OF INFORMATION SILOS, WHICH MUST BE ELIMINATED BEFORE THE REAL WORK CAN BEGIN.

EMBRACING THE FUTURE

IFS RECENTLY ORGANISED IFS CONNECT MIDDLE EAST 2023 FOR ITS CUSTOMERS AND PARTNERS IN THE REGION, SHOWCASING THE LATEST ADVANCEMENTS IN CLOUD TECHNOLOGY, AS WELL AS CUTTING-EDGE INNOVATIONS IN ERP, EAM, AND FSM. THE EVENT’S THEME, "EMBRACE YOUR FUTURE," AIMED TO ILLUSTRATE HOW BUSINESSES COULD LEVERAGE MODERN TECHNOLOGY TO SHAPE THEIR FUTURE, FOSTERING INNOVATION, ENHANCING PEOPLE'S PRODUCTIVITY, AND CULTIVATING THE AGILITY NEEDED TO NAVIGATE MACROECONOMIC SHIFTS EFFECTIVELY. WE CAUGHT UP WITH MICHAEL OUISSI, IFS'S GROUP COO, TO TALK ABOUT HOW THE ENTERPRISE SOFTWARE COMPANY IS MAKING IT POSSIBLE FOR CUSTOMERS TO BUY AND CONSUME TECHNOLOGY IN THE WAY THAT CREATES THE MOST VALUE FOR THEM.

IFS achieved a robust financial performance in the year’s first half. Could you please provide an overview of the key highlights?

Similar to previous quarters, we have significantly outpaced our competitors with a remarkable 38% year-over-year revenue growth. The driving force behind our sales and growth is not solely our AI capabilities but also our unique approach to integration. Rather than treating AI as a stand-alone piece, we seamlessly incorporate it into our products. For instance, our incorporation of AI into manufacturing, such as Scheduling Optimisation introduced in the 23 R1 release, showcases how we practically apply AI to enhance processes.

Our cloud revenue has surged by 55 percent annually, accompanied by a corresponding 55 percent increase in recurring revenue year over year. Notably, software revenue reached an impressive $400 million in the first half of the year. We are confident we will achieve a billion or more in annual recurring revenue this year. These substantial figures are accompanied by robust growth rates, with software revenue climbing by 44 percent. We continue to outperform the market despite prevailing macroeconomic challenges, such as tightening monetary policies and high inflation. Customers are responding by recognising the value of optimising their operations and bolstering their resilience against external uncertainties. This has

translated into increased willingness to invest in automation, prediction, optimisation, and similar solutions that empower them to navigate tumultuous conditions effectively.

How does this favourable financial standing impact IFS?

We are in an advantageous position on multiple fronts. Operationally, we are generating a robust profitability model and substantial cash flow. Concurrently, our growth is bolstered by strategic investors, such as EQT, Hg and TA Associates, who possess significant financial resources. This dual advantage allows us to reinvest funds from our organic business into expanding our R&D and AI capabilities.

COVER STORY
14 CXO INSIGHT ME AUGUST 2023

Simultaneously, we possess ample resources to leverage opportunities in the market. Our recent M&A activities demonstrate our capacity to capitalise on favorable prospects that align with our strategic business objectives.

While we anticipate engaging in more acquisitions, we remain steadfast in adhering to our core principles. Our focus will persist on our existing solution sets, and any acquisitions will either be closely related to our current offerings, serving our customer base, or complementing our existing capabilities. Our acquisition strategy is driven by the desire to impact the industry segments that we serve and the required capabilities.

An excellent example of this approach is the acquisition of Poka, which

boasts valuable connected worker capabilities and a strong presence in the manufacturing industry.

You mentioned a growing demand for AI capabilities. Is this demand primarily from new customers or existing ones?

The demand for AI is equally originating from both new and existing clientele. Those who are already engaged with our platform are actively delving into the incorporation of AI functionalities. Over the years, we have continually developed our AI capabilities, with our PSO product serving as a testament to this evolution. Presently, we have seamlessly integrated AI capabilities throughout the entirety of our platform, strategically deploying them where applicable.

This dynamic is resonating across all customers. With AI becoming an inherent component of our platform, transcending its previous role as an external feature, clients are empowered to seamlessly activate it within their operations. The discernible advantages and evident business cases render AI integration a topic of keen interest for every customer. They are actively engaged with us in charting out the optimal AI integration path for their operations. We are genuinely driving meaningful transformations in their operations.

Over the past five years, you’ve undertaken several acquisitions, including the recent addition of Poka. Have you successfully integrated all

15 CXO INSIGHT ME AUGUST 2023

these acquisitions into your portfolio, or is there ongoing work in terms of integration?

Certainly, take products like Clevest, for instance. When it comes to integration, we’ve opted to introduce capabilities onto the IFS Cloud Platform in a gradual manner. However, we are committed to not imposing change on our customers by phasing out products or platforms that they find effective. Our approach is centered on treating existing customers of the acquired platforms with due responsibility. We are actively transitioning these capabilities to our IFS Cloud Platform, offering customers a smooth and viable pathway to embrace these advancements.

Our commitment is to responsibly manage this transition, unlike some of our competitors who have taken a different route by deprecating products and urging users to migrate to platforms with diminished functionality. We have witnessed instances where this approach has led to various challenges. We are dedicated to avoiding such pitfalls and ensuring that our customers benefit from our thoughtful and customercentric strategy.

Your business model has transitioned to a complete subscription-based model. For customers who are currently on-premises, is there a clear migration path available?

It’s important to clarify the distinction between subscription and cloud deployment. With subscription, the concept extends to both on-premises and cloud options. We extend the availability of our software to all customers, ensuring that they have the flexibility to select either on-premises or cloud deployment. Regardless of the chosen route, the core product remains consistent. There’s no bias toward either option; our strategy is to offer customers the freedom to make their preferred choice.

Also, I must emphasise that the licensing model centers around subscription to software. Whether customers decide to handle the deployment themselves, engage a third party to manage the deployment and

WHEN CONSIDERING CAPABILITIES BEYOND AI, THE HORIZONS ARE WIDE-RANGING. FIRSTLY, WE CONTINUALLY DELVE INTO DEEPENING OUR FUNCTIONALITY, PARTICULARLY WITHIN SPECIFIC INDUSTRIES. CONCURRENTLY, WE FOCUS ON OPTIMISING OUR PLATFORM, AIMING FOR HEIGHTENED EFFICIENCY AND SPEED. THIS INVOLVES EXPLORING THE POTENTIAL OF GPUS AS ALTERNATIVES TO CPUS.

operation or select our cloud services, where we take on the responsibility of deployment and operation, this subscription-based approach remains constant. To reiterate, the option to choose between cloud and on-premises deployment will remain available to customers, as this flexibility remains a key tenet of our approach.

Are you looking to build new capabilities?

Every day. The realm of AI is vast, and it can mean anything. Take, for example, our ESM product, which spans a range of applications from automating customer ticketing to leveraging knowledge bases for streamlined support. This breadth extends to both elevating our product offerings and honing our internal operations. Our current emphasis revolves around a key goal: the seamless integration of AI throughout our organisation and across our suite of products. The pivotal question is how to deploy AI on a broader scale.

When considering capabilities beyond AI, the horizons are wide-ranging. Firstly, we continually delve into deepening our functionality, particularly within specific industries. Concurrently, we focus on optimising our platform, aiming for heightened efficiency and speed. This involves exploring the potential of GPUs as alternatives to CPUs. On a daily basis, we manage countless initiatives that span various forms, including industry-specific

enhancements and horizontal platform optimisations to bolster efficiency, speed, and responsiveness.

Moreover, we are actively embedding technology capabilities like AI across our platform, integrating them into processes. The vast and dynamic landscape demands that we engage with many advancements shaping the industry. Our driving force remains anchored in considering what resonates with our customers and how we can effectively apply the available technology and features to enhance their operations and processes.

Given that customers in various regions have diverse needs and preferences, how does your company effectively address and comprehend these distinct requirements?

Our guiding principle has always been to develop what our customers truly need. To facilitate this, we have established the CTO organisation, comprising field CTOs, field pre-sales, and field technologists. This team maintains a close connection with customers, engaging in business value assessments as part of a methodology we’ve adopted. These interactions allow us to delve into customers’ unique needs and comprehend their driving factors. The insights gathered are recorded in a database, highlighting the key business drivers that our customers emphasise. This valuable information informs our roadmap planning and guides future feature development. It serves as a checklist to ensure that the features we’re developing align with actual relevance.

Moreover, our CTOs are seamlessly integrated with our broader product organisation and product management. This integration fosters ongoing feedback loops, where they assess upcoming releases and contribute proactive input to address evolving requirements. Another integral facet of our approach involves customer advisory boards. These boards consist of industry-specific customers who provide direct insights to our R&D teams. Their feedback informs us about industry-specific needs, enabling us to refine our offerings continuously.

COVER STORY
16 CXO INSIGHT ME AUGUST 2023

NAVIGATING COMPLEXITY

HOW TO UNVEIL INSIGHTS INTO YOUR COMPLEX IT ENVIRONMENTS WITH FULL STACK OBSERVABILITY

In today’s complex and dynamic IT landscapes, achieving optimal system performance, ensuring seamless user experiences, and swiftly resolving issues are paramount. This is where full stack IT observability steps in as a crucial tool for businesses. Full stack IT observability refers to the comprehensive monitoring and analysis of all components and layers within an IT environment, spanning applications, infrastructure, networks, and more.

Full stack observability provides a holistic view of your entire IT ecosystem. It allows you to monitor and analyse every layer of your technology stack, from front-end user interfaces to back-end databases and everything in between. This comprehensive visibility enables you to detect issues, identify bottlenecks, and track performance across the entire system.

By fostering collaboration, enabling data-driven decisions, and enhancing user experiences, full stack observability has become a cornerstone of modern IT operations, enabling businesses to navigate the complexities of today’s digital landscape with confidence.

What challenges do organisations face

in terms of monitoring and managing their complex IT infrastructure?

“Besides the huge volume of data to handle, the major issue for organisations is that they don’t have unified visibility into availability, performance and security, up and down the IT stack, because they’re still relying on siloed monitoring tools across different domains and environments,” says Carlos Pereira, Chief Architect, Strategy, Incubation and Applications, Cisco.

IT teams do have a variety of tools, but it’s very challenging to derive relevant insights to cut through data noise; quickly identify and troubleshoot issues; and prioritise the ones that could do most damage to end user experience or bring impact to the business. The result is delayed threat detection and issue resolution, which in turn can lead to poor end user experiences and, ultimately, loss of customers, reputation, and revenue, he says.

Sascha Giese, Head Geek at SolarWinds, says business requirements for technology and IT teams are ever-changing, and ongoing digital transformation, shrinking budgets, and turbulences in global markets contribute

to these daily challenges. Organisations of all sizes need help to keep control across multiple layers and locations, and bigger businesses need more visibility of legacy infrastructure and modern hyperscalers. There are too many moving parts, and it takes too long to solve problems.

Proving another perspective, Walid Gomaa, CEO of Omnix International, highlights, “With the adoption of cloud computing, virtualisation, and distributed systems, IT infrastructure is more dynamic and decentralised. This results in reduced visibility into the entire infrastructure, making it difficult to identify and resolve issues quickly.”

He further notes monitoring and managing complex IT infrastructures require specialised skills and expertise. Organisations often face challenges in finding and retaining qualified professionals capable of handling the complexities of modern infrastructure. Additionally, as technology evolves rapidly, there is a constant need for skill development and knowledge acquisition. Making sense of massive amounts of data generated by modern IT infrastructures is also a challenge, he says.

According to Ramzi Bsaibes, Regional

FEATURE
18 CXO INSIGHT ME AUGUST 2023

Sales Director, Gulf Region, at Riverbed,while digital channels have simplified engagements for customers and employees, they have saddled IT teams with new levels of complexity. Today’s environments are exponentially more complex, dynamic, distributed, and hybrid. As a result, despite their best efforts, IT teams find they have an insufficient understanding of how the network and applications are performing.

“This is not for the lack of data either. In fact, it is precisely the tremendous volume of data, generated by tools designed to help IT that actually makes their jobs more difficult. Without the ability to derive actionable insights from this deluge of data, which are located across operational and tools silos, IT teams find their effectiveness inhibited

when asked to innovate, or address issues that arise,” he adds.

New use cases

Complete observability across the spectrum provides thorough and extensive insights into an organisation’s application, infrastructure, and network performance. This empowers organisations to proficiently oversee

and dissect their entire operational stack. Delving into each layer allows IT experts to detect irregularities, establish connections between observations, and implement necessary remedies.

Bharani Kumar Kulasekaran, product manager at ManageEngine, highlights an example of the value of full stack observability is seen in its ability to manage dynamic environments like microservice architectures. Microservices typically comprise multiple nodes and clusters, and observability tools provide visibility into each individual node or cluster, a capability that is primitive in traditional monitoring solutions.

“Full stack observability is also a

Bharani Kumar Kulasekaran ManageEngine Ramzi Bsaibes Riverbed Technology Carlos Pereira Cisco Sascha Giese SolarWinds Walid Gomaa Omnix International

valuable asset for an organisation’s CI/CD pipeline. It provides a detailed understanding of how applications interact with various elements, such as data stores, containers, servers, and clusters. By leveraging practices like logging and tracing, observability solutions enable developers to maintain pipeline efficiency and reliability by quickly identifying and resolving any issues that may arise,” he adds.

One great use case is cloud native application observability which allows CloudOps, DevSecOps and other IT teams to generate full visibility into microservices-based, distributed applications — and its external dependencies and pipelines — which are leveraging cloud technologies hosted on public or private clouds.

Pereira says many organisations have ramped up their use of cloud native technologies to accelerate release velocity, but technologists now find themselves struggling to cope with the overwhelming volumes of metrics, events, logs, and traces (MELT) data being spawned by microservices and Kubernetes environments.

“Cloud native application observability enables organisations to simplify the complexity of cloud native applications, landscapes, and architectures. It also helps with Application Security requirements, especially for applications leveraging microservices or event driven architectures. It brings together dispersed application performance and security data, providing technologists with deeper insight to detect issues, understand dependencies and remediate incidents far more quickly.”

Giese says an infamous situation in IT is the responsibility of ping-pong. Users report an application is slow or unresponsive, and different teams start working to find the root cause. But in reality, the teams are trying to prove it’s not “their” problem instead of working together as one big team. This is, among other things, caused by tool sprawl, meaning each group uses its own set of tools. A full stack observability solution can bring teams together. The solution can show if the problem comes from the

network layer or a problem with a VM or cloud instance, and from there, the responsible team can use the same tool to investigate deeper.

What key metrics and insights can you now capture and analyse through full stack observability that was not possible before?

Full stack observability tools use data such as logs, metrics, and traces to gain useful insights into the health and performance of an organisation’s IT infrastructure components.

While this may sound similar to monitoring, the key difference is that while monitoring deals with “known unknowns,” observability handles “unknown unknowns,” says Kulasekaran. This means that observability goes beyond identifying and recognising issues with your infrastructure and provides useful insights on how to resolve and prevent them.

For example, if an issue is suspected to be caused by a particular faulty application, a full stack observability solution can identify the real root cause of the issue, which at times can be seemingly unrelated, such as a faulty

configuration change. Observability solutions can analyse multi-dimensional data and help identify the exact root cause of a problem without being restricted to one domain, he says.

Gomaa says Full stack observability expands the range of metrics and insights that organisations can capture and analyse, providing a more comprehensive understanding of their IT systems. It can include analysing business-specific metrics related to user engagement, conversion rates, revenue and customer satisfaction that provide insights into the impact of IT systems on KPIs. The integration of business metrics with technical metrics allows organisations to understand the relationship between system performance and business outcomes.

The future of full stack observability Pereira from Cisco says without doubt, AI and automation will play an ever more critical role within full stack observability. AI-driven root cause analysis, experience optimisation, and incident management — tied to business context — is now being used to identify, prioritise, resolve, and predict issues before they impact end users, without the need for human intervention. And AI is also being used to identify and resolve security vulnerabilities, at every stage of the application lifecycle.

Automation is becoming essential in areas such as user experience, security response, cost optimisation and workload optimisation, to handle the vast volumes of data and complexity that IT teams are now encountering across their hybrid environments.

Bsaibes from Riverbed shares a similar opinion: “Companies will increasingly favour collecting full-fidelity over sampling of telemetry data which results in blind spots. Full stack observability will increasingly require AI and ML to curate and make sense of the growing volumes of telemetry data. AI and ML unlock significant opportunities to automate more of the mundane operational tasks and free up time from the experienced engineers to bring more innovation to the business.”

FEATURE
20 CXO INSIGHT ME AUGUST 2023
AUTOMATION IS BECOMING ESSENTIAL IN AREAS SUCH AS USER EXPERIENCE, SECURITY RESPONSE, COST OPTIMISATION AND WORKLOAD OPTIMISATION, TO HANDLE THE VAST VOLUMES OF DATA AND COMPLEXITY THAT IT TEAMS ARE NOW ENCOUNTERING ACROSS THEIR HYBRID ENVIRONMENTS.

LEADING THE WAY TO DIGITAL SUCCESS

MDSap IS PAVING THE WAY FOR BUSINESSES TO EMBRACE THE FUTURE. TONY ACHKAR, GROUP MANAGING DIRECTOR

SHARES INSIGHTS ON DELIVERING VALUE AND DRIVING GROWTH.

Can you tell us about your journey as a digital transformation partner and how MDSap has evolved over the years?

Our journey as a digital transformation partner has been an incredible and continuous transformation. MDSap has been in the business for almost 30 years, starting with our association with Sybase Inc. in Dubai and Abu Dhabi. Over time, we expanded our reach across Gulf countries and ventured into Turkey, Central & East Europe, and beyond. In 2010, when Sybase became an SAP company, we embraced the opportunity to become an SAP partner. This strategic shift enabled us to adopt new practices and solidify our expertise in various domains. Today, MDSap is a trusted SAP Gold partner with a highly skilled consultant team, serving over 400 accumulated customers across 12 countries. Our transformation journey continues as we adapt to the evolving needs of our clients and the dynamic digital landscape.

What are some of the key benefits your clients can expect by leveraging MDSap’s solutions for digital transformation?

When clients choose MDSap for their digital transformation journey, they gain a multitude of distinct advantages that set us apart from our competitors.

Firstly, our extensive industry-specific expertise empowers us to comprehend the unique challenges and requirements faced by diverse sectors, including banking, public sector, healthcare, private sector conglomerates, manufacturing, and more. This profound understanding allows us to deliver customised solutions that generate maximum value for our clients within their respective industries. Secondly, our holistic approach encompasses a wide array of services, such as enterprise architecture consulting, ERP implementation, data management, advanced analytics, data visualisation, Data Science, Big Data & AI, and more. Additionally, we offer comprehensive post-live business support and service packages to ensure that our clients establish a robust foundation for their digital initiatives. Our commitment to personalised services ensures that we deeply understand our clients’ unique challenges and goals, providing adapted solutions that unlock their full potential. With a strong geographical footprint across the United Arab Emirates, Kingdom of Saudi Arabia, Kuwait, Oman, Bahrain, Lebanon, Turkey, CEE, and beyond, we offer tailored solutions that are not only relevant but also adaptable to local market conditions in these industries.

Our track record of successful implementations and highly satisfied clients further demonstrates our ability to deliver value and drive digital transformation in diverse industry sectors.

What sets MDSap apart from other partners in terms of delivering value?

MDSap stands out from other partners in delivering value through several distinct qualities. Firstly, our deep industry expertise allows us to understand different sectors’ specific challenges and requirements, providing tailored solutions that drive maximum value for our clients. Our comprehensive approach to digital transformation goes beyond individual solutions, including the change management processes, taking a holistic view of our clients’ entire business ecosystem. This integrated strategy optimises processes and drives tangible business outcomes.

Being a reputable SAP Gold partner, we harness cutting-edge technologies and industry best practices to enhance our services.

Our approach revolves around personalised solutions, as we take the time to fully comprehend our clients’ distinct challenges and objectives. To meet their specific needs, we offer customised solutions and provide unwavering support through our

22 CXO INSIGHT ME AUGUST 2023 INTERVIEW

comprehensive post-live support and extended service packages. Our success in implementing solutions and satisfying clients has established us as a trusted and strategic partner for organisations embarking on their digital transformation journey.

How do you ensure your customers receive the most innovative solutions for their digital transformation journeys?

Delivering the most value-driven innovative solutions to our customers is our priority. Our continuous investment in research and development keeps us at the forefront of emerging trends and technologies. Through strategic partnerships, we collaborate closely with technology leaders and industry experts, staying informed about the latest advancements. This enables us to incorporate cutting-edge solutions into our portfolio.

Our culture of innovation encourages creative thinking and exploration within our organisation. By fostering an environment that embraces creativity

and new possibilities, we empower our team members to deliver innovative and forward-thinking solutions to our clients. Our close collaboration with SAP and leveraging their extensive ecosystem of cutting-edge technologies allows us to stay ahead of the curve and deliver the latest innovations to our clients, helping them transform their businesses in a rapidly evolving digital landscape.

Can you tell us about the geographical footprint of MDSap?

MDSap has established a strong geographical footprint to remain close to its clients and serving them not only in local markets but also expanding into other regions. Besides our presence in Abu Dhabi, Dubai, Kingdom of Saudi Arabia, Bahrain & Kuwait, we have successfully assisted businesses in Turkey (Istanbul & Ankara), Central & East Europe through offices in PragueCzech Republic, Warsaw - Poland. Our local expertise combined with a global outlook positions MDSap as a trusted global partner for businesses seeking innovative solutions in multiple regions and industries.

How do you envision the future of MDSap?

MDSap has a bold vision for the future, positioning itself as a prominent solution provider and system integrator with vast growth opportunities ahead. We are dedicated to nurturing our workforce through ongoing investments, fostering a culture of excellence, and forging strategic partnerships. By venturing into new markets, we aim to bring our transformative, value-driven solutions to empower businesses.

At the heart of our mission lies a strong commitment to innovation and customer satisfaction. Our primary goal is to unlock the full potential of our clients, enabling them to thrive and achieve remarkable growth in this digital era. With a focus on continuous improvement and customer-centricity, MDSap is determined to shape a dynamic and prosperous future for businesses worldwide.

23 CXO INSIGHT ME AUGUST 2023
MDSap HAS ESTABLISHED A STRONG GEOGRAPHICAL FOOTPRINT TO REMAIN CLOSE TO ITS CLIENTS AND SERVING THEM NOT ONLY IN LOCAL MARKETS BUT ALSO EXPANDING INTO OTHER REGIONS.

GUARDIANS OF THE DIGITAL REALM

HOW TO HARNESS THE POWER OF AI IN CYBERSECURITY

In today’s data-driven world, the rapid evolution of technology has revolutionised the way we live and work. However, along with these advancements come an escalating array of cyber threats and vulnerabilities. This is where Artificial Intelligence steps in as a game-changing force in bolstering cybersecurity measures.

In the realm of cybersecurity, AI leverages its capability to analyse vast amounts of data, identify patterns, detect anomalies, and predict potential threats. AI algorithms can rapidly analyse network traffic and behavior to detect unusual activities that might indicate a breach. By learning from historical data, AI systems become adept at identifying known and unknown threats, enhancing the overall effectiveness of intrusion detection and prevention systems.

“Broadly speaking, AI can either assist in performing tasks that humans fundamentally cannot do, or it can help perform the tasks that humans

can do but do so at speed and scale. For example, humans cannot detect malicious Command & Control activity over encrypted traffic by analysing the temporal flows of bytes and packets between machines. AI algorithms, on the other hand, can be trained to do precisely this. Subsequent tasks, like prioritising, analysing, investigating and reporting are tasks that humans are fully capable of doing, but can be aided by AI in order to perform tasks more quickly and robustly,” says Taj El-khayat, Area VP, EMEA South, Vectra AI.

Konstantin Berlin, Head of AI at Sophos, says AI helps to significantly increase the coverage of threats that are detected, as well as reduce the human labor involved in maintaining and generating new detections. By training on large diversity of data from various sources, AI can learn more complex rules than is feasible for a human to manually generate and maintain. By being able to classify many threats automatically,

the amount of human labor needed to maintain a good detector decreases and the overall system scales better as the number of threats increases, leaving room for humans to focus on threats that AI is currently not able to detect.

Vibin Shaju, VP Solutions Engineering EMEA at Trellix, says AI mimics the human brain in considering value judgements and outcomes to determine good or bad, right or wrong. These same processes can elevate cybersecurity by adding complexity to Deep Learning, appending reason, suggested actions, and problem solving.

Nonetheless, David Hoelzer, SANS Fellow and AI Expert, SANS Institute, clarifies that AI by itself cannot identify or counter threats, although it is feasible to engineer systems for effective threat detection and response. It’s crucial to establish from the outset that the term “Artificial Intelligence” encompasses a vast spectrum that does not necessarily equate to “Machine Learning.”

FEATURE
24 CXO INSIGHT ME AUGUST 2023

“For example, if I have a defensive system that evaluates user activity or network activity against a known set of indicators using absolutely no machine learning, I have created a system that exhibits artificial intelligence. This effectively allows vendors to honestly label traditional defensive tools as containing “artificial intelligence” with no modifications,” he says.

According to Hoelzer, while these techniques are reasonably effective, they are unable to find zero-day or other novel attacks that do not have known indicators of compromise. This is where machine learning because very useful. Machine learning, particularly using deep neural networks, allows for the creation of tools that can detect previously unknown attacks with a reasonable degree of accuracy.

What key AI techniques are used in cybersecurity?

In cybersecurity, several key AI techniques are employed to enhance threat detection, prevention, and response, says Ezzeldin Hussein, Regional Director, Sales Engineering, at SentinelOne . Machine learning algorithms analyse data to identify patterns and anomalies related to cyber threats, while natural language processing is used to parse and understand textual content, aiding

in phishing detection. Deep learning enables the recognition of malware through code analysis, and behavioral analytics establishes baselines for normal behavior, detecting deviations indicative of potential attacks. Predictive analytics forecasts cyber threats and vulnerabilities, facilitating proactive mitigation.

“Genetic algorithms optimise security parameters, and adversarial machine learning defends against attacks on AI systems. Reinforcement learning trains autonomous cybersecurity systems, and clustering and anomaly detection aid in identifying patterns and unusual events. By integrating

these AI techniques, organisations can strengthen their cybersecurity defenses and adapt to evolving threats,” he says.

According to Berlin from Sophos, while the focus is usually on the models, the main thing that makes a good AI model is the data. Thus, most of our focus is on collecting and aggregating the right type of data, and making sure our labels are the best they can be. In terms of modeling, all sorts of models are used, like random forest, boosted trees, and neural networks, including large language models. The use depends on what works best for a particular task, where multiple factors

Konstantin Berlin Sophos David Hoelzer SANS Fellow and AI Expert Ezzeldin Hussein SentinelOne Vibin Shaju Trellix
25 CXO INSIGHT ME AUGUST 2023
Taj El-khayat Vectra AI

must be balanced during production, like inference speed, model size, compute costs, and ability to maintain and retrain the model in the future.

James Maude, Lead Security Researcher at BeyondTrust, says generative AI such as ChatGPT is proving useful in a number of ways. Being able to analyse and summarise large amounts of data in a concise and human readable manner could be very helpful in increasing productivity and security. There is also the potential to help script and automate responses and generate code, however a word of caution here as the use of AI assistants has been shown to reduce code quality and security among developers.

What are the potential challenges or limitations of implementing AI in cybersecurity?

El-khayat from Vectra AI says there are several unique challenges in

WHAT THE EXPERTS SAY

implementing AI for cybersecurity, that don’t quite exist in other domains. On the technical side, one of the most pressing issues is the lack of labelled data. Whereas domains like speech recognition and computer vision greatly benefited from massive labelled data sets, it has been difficult to reproduce in the domain of cybersecurity. Creating labelled datasets in cybersecurity requires large amounts of domain expertise, and complicating factors like the fact that real world data often contain PII and IP, all make it difficult for practitioners to come by.

Walid Gomaa, CEO of Omnix Internaitonal, says AI models rely on highquality and unbiased data for training. If the training data is incomplete, outdated, or biased, it can lead to inaccurate results and potentially reinforce existing biases, making the system less effective and reliable. Some AI algorithms, particularly deep learning models, require significant computational resources and memory, making them impractical to deploy on resource-constrained devices or networks.

Some AI techniques, especially in behavioural analysis, may require monitoring and collecting extensive user data. Balancing security needs with individual privacy rights can be

USING AI IN DEALING WITH CYBER THREATS WILL HELP ACCELERATE DETECTION AND PREVENTION CONSIDERABLY. WITH THE EXPONENTIAL RISE IN CYBER-ATTACKS, THE BY-PRODUCT FOR SECURITY TEAMS IS AN INCREASE IN SECURITY EVENTS WHICH WILL LEAD TO TEAM BURNOUT OR MISSED INCIDENTS UNLESS WE START TO EMBRACE TECHNOLOGIES LIKE AI AND AUTOMATION.

ONE OF AI’S STRONGEST CAPABILITIES IS PATTERN DETECTION. TO THE HUMAN EYE, MUNDANE EVENTS COULD BE IGNORED; USING AI IT WILL BE ABLE TO SEE PATTERNS AND ANOMALIES THAT, WHEN PUT TOGETHER, CAN FORM A BIGGER PICTURE OF AN ATTACK OR BREACH. AI’S ABILITY TO LEARN AND ADAPT TO EVOLVING THREATS MAKES IT INVALUABLE IN THE CYBER SECURITY TOOLBOX.

challenging. The use of AI in cybersecurity may raise regulatory and compliance concerns, particularly in industries with strict data protection requirements.

Shibu from Trellix says AI techniques such as generative AI should consider risks across people, processes, and technology. There are already concerns around AI when it comes to advisories, privacy, confidentiality, data integrity and reputational risk along with legal and regulatory risks. Enterprises should implement AI only with right safeguards in place.

In summary, Hoelzer from SANS Institute highlights that even though we find that deep networks tend to allow us to do and teach others how to identify zero-day threats, there is a computational performance constraint. For example, there are other network designs that may outperform the deep neural networks or deep convolutional networks for some tasks, but their high computational cost equates to an inability to keep up with real-time detection in even a mediumsized organisation without a very significant investment. That investment can be so high that we will usually opt for the faster, somewhat less accurate, and capable networks so that the system is operationally useful.

AI SYSTEMS LEARN AND ADAPT TO EVOLVING CYBERTHREATS BY CONTINUOUSLY ANALYSING NEW DATA (WHICH INCLUDES RECENT THREATS AND ATTACKS) AND ADAPTING THEIR PREDICTIVE MODELS BASED ON THIS NEW INFORMATION. FOR INSTANCE, THROUGH A PROCESS CALLED ONLINE LEARNING, AN AI SYSTEM CAN UPDATE ITS MODEL IN REAL TIME AS IT RECEIVES NEW DATA.

FURTHERMORE, AI SYSTEMS CAN ALSO EMPLOY TECHNIQUES LIKE REINFORCEMENT LEARNING TO ADAPT TO NEW SITUATIONS. HERE, THE SYSTEM LEARNS FROM ITS ACTIONS’ CONSEQUENCES IN A DYNAMIC ENVIRONMENT, PROGRESSIVELY IMPROVING ITS BEHAVIOR.

Ramprakash Rammoorthy, director of AI research, ManageEngine

FEATURE
26 CXO INSIGHT ME AUGUST 2023

16 - 17 OCT 2023

MUSEUM OF THE FUTURE

CONNECTING THE WORLD’S NEW LEADERS

The SuperBridge Summit ignites, connects, and unites futureminded, action-oriented leaders from the world’s fastest growing economies to explore the rise of new markets , fast track partnerships and collaborations on transformative opportunities in the Middle East, Asia, Africa, Latin America and the rest of the world.

500+

influential executives from the world’s top organisations.

70+

25+ visionary leaders from GCC, Asia, Africa & South America.

insightful multi-disciplinary sessions from 20+ countries.

KEY SPEAKERS

China

CEO, KARGOBOT CTO, DIDI AUTONOMOUS DRIVING China

SOUTHBRIDGE INVESTMENTS

Tanzania

and many more...

LIONEL ZINSOU Former Prime Minister Republic of Benin DR. FRANNIE LÉAUTIER Senior Partner and CEO DR. JUN MA Founder and President INSTITUTE OF FINANCE AND SUSTAINABILITY Former Chief Economist PBOC
DUBAI In partnership with
DR. JUNQING WEI
superbridgedubai@dwtc.com | superbridgedubai.com GET INVOVED

UNLEASHING THE POWER OF MESSAGING

SAUDI-BASED ONLINE RETAILER REEFI ENHANCES CUSTOMER ENGAGEMENT AND OPERATIONAL EFFICIENCY WITH UNIFONIC’S CX PLATFORM.

Reefi, one of Saudi Arabia’s leading online retailers, has experienced remarkable success since its inception in 2018. Having originally started sales through social media, the company is now a top destination for customers seeking highquality homewear products, such as towels and robes made from unique microfiber.

With a loyal base of 700,000 customers and 12 multi-product concept stores across the Kingdom, Reefi has adopted innovative solutions to cater to its expanding customer base. Recognising gaps and opportunities in the market, the company diversified its product offerings from a single item to a comprehensive range of homewear products. Reefi also introduced a new line of mattresses called Awa under its own brand. However, managing the exponential growth of customers presented a significant challenge, particularly in terms of marketing and customer service.

“We always aim to enhance the engagement and interactivity of our customer communication. However, the high volumes of requests from telephone systems and web chats were very challenging for us. Our customer service agents simply could not handle all these requests promptly and efficiently,” says Dr. Tamim Alganam, CEO of Reefi.

To tackle this challenge, Reefi engaged Unifonic. The conversational solutions of the Unifonic platform put WhatsApp and chatbots at the core of Reefi’s engagement strategy and helped them dramatically improve their customer experiences. Customers can now receive real-time support through WhatsApp, allowing them to ask questions, seek assistance, or gather product information, all with the assurance of prompt replies. The integration of selfservice chatbots with WhatsApp automates

responses to frequently asked questions, ensuring instant and efficient customer support around the clock, 24/7

“Given the popularity of WhatsApp in Saudi, we also leverage it as a marketing campaign tool to convert customers. One of the things that many online stores in Saudi are not great at is customer retention. Brands spend a lot of money to acquire new customers but don’t make much of an effort to retain them. When, in fact, it is easier to re-target the same customer through different channels, and we saw a good return on investment on the retention part using WhatsApp,” says Dr.Tamim.

So instead of relying only on traditional customer support channels like phone or email, which can be time-consuming and expensive, Reefi is leveraging automated chatbots to handle a significant volume of customer queries simultaneously.

“Chatbots now handle 85 percent of our customer support function, which helped us reduce the need for extensive human support teams, resulting in cost savings

of 25 percent and improved operational efficiency,” says Dr.Tamim.

Furthermore, Reefi can seamlessly transfer conversations to customer support agents using the Unifonic Agent console when a human touch is required.

Another advantage the Unifonic platform provides Reefi is a deeper understanding of their target audience, which, in turn, helps them make data-driven decisions for future growth and optimisation.

Dr.Tamim adds: “We are now in the process of integrating the Unifonic platform within our SALESmanago customer engagement platform, which will give us valuable data and insights. One of the important advantages of working with the Unifonic platform is its versatility in integrating with any technology, both now and in the future. This flexibility ensures that we can leverage Unifonic’s capabilities seamlessly, aligning with our evolving technological needs.”

According to the CEO, Reefi thoroughly evaluated various similar offerings in the market and ultimately chose Unifonic’s CX platform. The decision was primarily based on Unifonic’s exceptional support and commitment to customer satisfaction.

Dr. Tamim emphasises that being heard and having a responsive support team is a top priority for Reefi. Additionally, Unifonic’s dedication to incorporating customer feedback played a significant role in the evaluation process.

As Reefi embarks on major expansion plans, including increasing the number of physical stores to 30 by the end of 2023 and venturing into other GCC countries such as Kuwait, Qatar, and Oman, the online retailer aims to triple its sales. Dr. Tamim affirms that the scalability of Unifonic’s platform is vital for achieving the company’s growth objectives. As it is designed to cater to diverse businesses, it aligns perfectly with Reefi’s expanding operations.

In conclusion, Reefi’s selection of the Unifonic’s platform was driven by the exceptional support of the Unifonic team, their responsiveness to customer feedback, and the ability to seamlessly integrate the Unifonic platform with their existing systems. Reefi has full confidence in Unifonic to support their ambitious expansion plans and facilitate their goal of tripling sales.

CASE STUDY
28 CXO INSIGHT ME AUGUST 2023
Dr. Tamim Alganam, Reefi

Unlock next-level travel experiences and rewards for your customers.

Today’s banking customers want loyalty experiences that elevate every journey. That’s why the original and leading global lounge programme—LoungeKeyTM, brought to you by Collinson—ranks highest in customer enjoyment.

With LoungeKey you can unlock market-leading access to 1,300 airport lounges and premium experiences at more than 650 airports, across 148 countries.

Check out our LoungeKey Banking Hub to learn how the global leading lounge experiences programme can:

keep your card top of wallet for travellers with unique Access on Payment Card and Co-Brand features delight your customers with luxury experiences, ranging from spas and sleeping pods to restaurants and gaming lounges

give your customers seamless airport experiences, no matter where they travel to increase customer value and acquisition.

Visit our LoungeKey Banking Hub to unlock the benefits of the world’s favourite digital travel companion for your customers.

from
• •

UNRAVELLING CHALLENGES IN CYBER INSURANCE

implementing preventative cybersecurity measures should be a priority for organisations. With state-backed attacks from Russia and China jumping from 20% to 40%, as stated by Microsoft research, western infrastructure is particularly under threat.

However, the lack of effective underwriting models means that insurers tend to focus on how many security tools a company has rather than the effectiveness of their people, processes and technology. Without validating whether their tools are effective against AI-enabled attacks, or all kinds of sever attacks in general, insurers will not know how prepared an organisation is to face their worst day in cybersecurity.

Impact of AI on cyber insurance premium

In 2023, hacking is a business model whereby bad actors are actively seeking out companies housing sensitive and high-value data to extort the most amount of money they can, using the least number of resources.

The director of CISA earlier this year stated that AI cyber threats were “the biggest issue we’re going to deal with this century”. The threat of AI-enabled cyber-attacks has added a new dimension to the threat landscape which is now evolving faster than many organisations are adapting to.

AI developed tools are now allowing bad actors to create faster and more novel attacks at an unprecedented rate. Hackers can also utilise AI to expedite the process of finding flaws and vulnerabilities in digital infrastructure. With hackers’ ability to generate code in seconds or minutes rather than hours, getting ahead of attacks and

US cyber insurance premiums surged by 50% in 2022 and have tripled in the past three years. As AI increases the efficiency of these attacks, cyber insurers need to shift their underwriting model to look at how effectively an organisation is able to withstand the impacts of the newest, most sophisticated attack types.

Insurance premiums will steadily rise with increased demand, making it imperative for companies to ensure

VIEWPOINT
JAMES GERBER, CHIEF FINANCIAL OFFICER AT SIMSPACE, WRITES ABOUT THE PROLIFERATION OF ARTIFICIAL INTELLIGENCE AMONG THREAT ACTORS LEADING TO CHALLENGES WITHIN THE REALM OF CYBER INSURANCE.
30 CXO INSIGHT ME AUGUST 2023

preventative cybersecurity measures, proving their effectiveness to insurers – not only just of their tools, but also of how well their teams and processes are able to utilise them, from initial attack all the way through remediation.

Art of War exclusion

The term “act of war exclusion” has been around for a while. It’s been a useful provision when it’s been used for property coverage. But it hasn’t been as effective in the cyber world. First, cyber is inherently difficult to attribute. Second, it’s highly autonomous. And third, adversaries often choose cyber because it operates below the threshold of war, as we typically define it. Given these critical distinctions, this traditional formulation won’t likely partition off cyber-related risks in a meaningful way for underwriters. Merck, for example, was fighting a legal battle over its coverage for a cyberattack NotPetya claim.

The fundamental point here is that we’re still in a world where too many companies are looking to insurance companies to outsource the known and undetected shortcomings of their own defensive systems. They must focus on finding and proving an absence of weaknesses., not perfection against them.

Without focusing on a more meaningful shift in underwriting models to prove effectiveness against highvolume, high-severity attacks that have a significant impact on insurers, insureds in turn focused on cyber to be more about building systems and processes that deliver lack of material vulnerability. cyber-attack payouts will continue to grow, premiums will continue to rise, and there will be no end in sight to the problem.

Simply put, insurance should be the last line of defense not the first. In other words, companies should move from complacency with an abundance of coverage to adequacy in order to prevent damaging cyber incidents like NotPetya from happening. Once a company’s security posture is built on the absence of material

vulnerabilities against serious attacks, proven in practice and not just in table top exercises, its audit committees, its boards of directors, its investors, its regulators and yes, especially its insurers, will have the assurance they need to make the right decisions and properly underwrite.

When pilots perform emergency procedure testing every six months, they do not complete it with passengers on board, they train in a simulator. For the same reason, the only way global companies today are able to show the effectiveness of their security tools, people and processes working together is through simulated training environments like high fidelity cyber ranges, matched to their production information technology networks. Insurers may need to shift to an outcomes-based approach to their underwriting where instead of measuring the quantity and quality of tools, they will need these kinds of evidence of their effectiveness.

Emerging AI trends in the next few years

Many have highlighted the risk of inadvertent company publication as an emerging issue for large organisations. The rapid development of AI applications such as ChatGPT certainly raises this issue.

The deeper problem with this new breed of AI in cyber attackers’ hands is that their speed and ability to leverage AI-optimised attack profiles means that serious attacks can now occur more quickly and in more difficult-to-detect forms. Attacks that are so fast and stealthy that there’s a chance that this could disrupt the traditional people plus technology paradigm that’s been the norm in the cyber defence industry for the past decade. Attacker speed means we may need new, AI-powered defense tools that can respond and remediate at a similar rate – and soon.

This may be the larger emerging threat to watch out for with the advent of these new AI tools.

Training people to become better cyber attackers, of which we know there are far too few, may fall by the wayside as the tools they have access to must become better, faster and more agile – again, so that effectiveness is a combination of people, processes and tech.

The new frontiers will be tested not only against existing attacks that can cause significant damage to businesses, but also in the near future against this new generation of faster-acting attack types that could potentially cause more damage to insurers than ever before.

Insurers must push companies to demonstrate performance against all of these types of cyber events that can have a significant impact in order to earn premium rates – or even to be insured in the first place.

While the relationship between insurance companies and policyholders is still being interpreted, the legal ramifications of the act of war exclusion and the opaque nature of AI threat are presenting complex challenges for large businesses, and the need for comprehensive security testing to avoid damaging cyber incidents has never been higher.

31 CXO INSIGHT ME AUGUST 2023
INSURERS MUST PUSH COMPANIES TO DEMONSTRATE PERFORMANCE AGAINST ALL OF THESE TYPES OF CYBER EVENTS THAT CAN HAVE A SIGNIFICANT IMPACT IN ORDER TO EARN PREMIUM RATES – OR EVEN TO BE INSURED IN THE FIRST PLACE.

THE ARRIVAL OF AI

AND

ON HOW SHOULD CISOs NAVIGATE THE RISE OF AI.

quickly understand new and complex subjects by summarising large amounts of information, answering questions, and explaining complicated concepts in simple language.

* Coding Support: Tools like GitHub Copilot and OpenAI’s API Service can help devs write code more efficiently and identify errors for queries.

* Product and Operations Support: Tools can be used to more efficiently prepare common reports and notices, such as bug resolutions.

Issues and challenges

However, there are challenges to overcome, such as whether using AI at all will run afoul of laws and regulations in international markets.

Earlier this year OpenAI temporarily blocked the use of ChatGPT in Italy after the Italian Data Protection Authority accused it of unlawfully collecting user data. Meanwhile, German regulators are looking at whether ChatGPT adheres to the European General Data Protection Regulation (GDPR). In May, the European Parliament took a step closer to issuing the first rules on use of Artificial Intelligence.

With artificial intelligence (AI) use growing, Chief Information Security Officers (CISOs) play a critical role in its implementation and adoption. They need to prepare for the risks associated with AI content creation as well as AI-assisted security threats from attackers. By following some key best practices, we’ll be better prepared to safely welcome our new robot overlords into the enterprise!

AI is growing fast!

The popularity of ChatGPT has sparked

massive interest in the potential of generative AI and many businesses are deploying it across the enterprise. AI technology is now in the wild—and it’s moving faster than any other technology I’ve seen.

There are several compelling use cases for generative AI in the enterprise:

* Content Creation: Tools such as ChatGPT can assist content creators in generating ideas, outlines, and drafts—potentially saving individuals and teams significant time and effort.

* Learning and Education: Properly trained AI tools can be used to

Another challenge are the issues around data collection and the accidental disclosure of personal or proprietary information. Companies need to secure their confidential information against and ensure they aren’t plagiarising from other companies and individuals who are using the same tools they are. We’ve already seen reports of intellectual property being entered into public generative AI systems, which could impact a company’s ability to defend its patents. One AI-powered transcription and note-taking service makes copies of any materials that are presented in Zoom calls that it monitors.

VIEWPOINT
GAIL COURY, SVP CISO, F5,
32 CXO INSIGHT ME AUGUST 2023

The third major challenge is that AIpowered cyberattack software could try many possible approaches, learn from how we respond to each, and quickly adjust its tactics to devise an optimal strategy—all at a speed much faster than any human attacker. We have seen new sophisticated phishing attacks that are utilising AI, including impersonating individuals both in writing and in speech. For example, an AI tool called PassGAN, short for Password Generative Adversarial Network, has been found to crack passwords faster and more efficiently than traditional methods.

CISOs and AI

As CISOs, we help leaders create an organisational strategy that provides guidelines for use and takes into account legal, ethical, and operational considerations.

When used responsibly and with proper governance frameworks in place, generative AI can provide businesses with advantages ranging from automated processes to optimisation solutions.

Creating a comprehensive AI strategy

With new technologies such as generative AI, come opportunities. But they also come with risks. A comprehensive AI strategy ensures privacy, security, and compliance, and needs to consider:

• The use cases where AI can provide the most benefit.

• The necessary resources to implement AI successfully.

• A governance framework to manage the safety of customer data and ensure compliance with regulations and copyright laws in every country where you do business.

• Evaluating the impact of AI implementation on employees and customers.

Once your organisation has assessed and prioritised use cases for generative AI, a governance framework needs to be established for AI services such as ChatGPT.

Components of this framework will include setting up rules for data collection and retention and policies must be created to mitigate the risk of bias, anticipate ways the systems can be abused, and mitigate the harm they can do if used improperly.

A company’s AI strategy should also cover how changes brought about by AI automation will affect employees and customers. Employee training initiatives can help ensure that everyone understands how these new technologies are changing day-to-day processes and how threat actors may already be using them to further increase the efficacy of their social engineering attacks. Customer experience teams should assess how changes resulting from AI implementation might impact customer service delivery so that they can adjust accordingly.

AI and security

A process for establishing and

maintaining strong AI security standards is vital. What you need is guardrails that are specific to how AI functions—for example, which AI service it pulls content from and what it does with whatever information you feed into it.

AI tools need to be designed with adversarial robustness in mind. We currently see this happening in the lab to improve training, but doing this in the ‘real’ world, against an unknown enemy, must be top-ofmind—especially in military and critical infrastructure scenarios.

With attackers looking closely at AI, your organisation needs to plan and prepare their defense right now. Here are a few practices to consider:

Ensure you analyse your software code for bugs, malware, and behavioral anomalies. Signature ‘scans’ only look for what is known, and these new attacks will leverage unknown techniques and tools.

When monitoring your logs, use AI to fight AI. Machine Learning security log analysis is a great way to search for patterns and anomalies. It can incorporate endless variables to search for and produce predictive intelligence, which in turn provides predictive actions.

Update your cybersecurity training to reflect new threats such as AI-powered phishing, and your cybersecurity policies to counter the new AI password cracking tools.

Continue to monitor new uses of AI, including generative AI, to stay ahead of emerging risks.

These steps are critical to building trust with your employees, partners, and customers about whether you’re properly safeguarding their data.

Preparing for the Future

To stay competitive, it’s essential for organisations to adopt AI technology while safeguarding against potential risks. By taking these steps now, companies can ensure they’re able to reap the full benefits of AI while minimising exposure.

33 CXO INSIGHT ME AUGUST 2023
EMPLOYEE TRAINING INITIATIVES CAN HELP ENSURE THAT EVERYONE UNDERSTANDS HOW THESE NEW TECHNOLOGIES ARE CHANGING DAY-TODAY PROCESSES AND HOW THREAT ACTORS MAY ALREADY BE USING THEM TO FURTHER INCREASE THE EFFICACY OF THEIR SOCIAL ENGINEERING ATTACKS.

SUPERCHARGING DEVOPS

ACCORDING TO MARKUS EISELE, GLOBAL DEVELOPER TOOLS MARKETING LEAD AT RED HAT, LARGE LANGUAGE MODELS ARE NOT AI, BUT THEY CAN TURBOCHARGE DEVOPS

and review code, autocomplete scripts and playbooks, and test and debug programs. In the realm of software development, particularly within DevOps, LLMs will be a game-changer. They offer a unique opportunity to optimise performance and productivity, speeding up the development process and reducing the likelihood of errors. With LLMs, developers can be freed to focus on more complex and creative aspects of their work.

of its merits and its compatibility with existing software, while questions of training data provenance and data sovereignty must also be navigated. Making the right choice is becoming increasingly difficult and requires the experience of developers who have ‘been there, done that’.

The narrative surrounding AI often paints a picture of a future where we all become superhuman, effortlessly mastering any profession with its help. Part of the issue with this portrayal is what we understand by AI. What we have come to know as AI - tools such as ChatGPT, DALL-E, and Descriptare not the self-thinking intelligence systems they have been characterised as. They are Large Language Models (LLMs), vast data sets equipped with analytical and algorithmic capabilities. They are not magic wands; but they can be powerful tools that augment human capabilities, especially in the realm of software development.

In the developer community, we understand the value these tools can bring to the enterprise. They can suggest

Take IBM’s WatsonX, with its advanced LLM capabilities. It can analyse vast amounts of data to provide insights that help in decision-making, risk assessment, and problem-solving. It can even learn from past incidents to predict and prevent future issues, thereby enhancing the efficiency and reliability of DevOps operations. In turn, developers can learn from past incidents, code reviews, and system logs, creating spirals of continuous improvement and better outcomes.

LLMs can also help translate technical jargon into plain language for non-technical stakeholders; prioritise communications, such as alerts and notifications, based on their understanding of the language and context; and assist in creating, maintaining, and searching through documentation, making knowledge sharing more efficient and effective. This enhanced collaboration and communication is a cornerstone of DevOps, and LLMs have a key part to play in enabling it.

However, the rapid proliferation of these tools can be daunting. Choosing the right tool requires careful evaluation

In the past decade, we’ve seen major changes in the developer world, with the introduction of concepts like containers, microservices, continuous deployment, and infrastructure as code (IaC). Now, we’re seeing another shift with the rise of AI and LLMs. But unlike the media portrayal, developers know that this isn’t a radical change. Rather, it’s just another step forward; one that needs careful oversight and management to get right.

AI, and more specifically LLMs, are tools best optimised in the hands of those experienced in the tasks they are employed to perform. The potential benefits are enormous. They can free DevOps teams from mundane tasks, allowing them to focus on gamechanging initiatives.

The real risk of AI is not the sensationalised fear of machines replacing humans. Instead, it’s the misunderstanding of what AI and LLMs can and cannot do. Believing that AI (or a tool parading as AI) can replace a seasoned DevOps professional is as misguided as thinking a child can use ChatGPT to win the Pulitzer. DevOps is a complex endeavour that requires a blend of AI, IQ, and EQ. The most effective strategy is not replacement but coexistence, leveraging the strengths of both humans and AI to achieve optimal results.

VIEWPOINT
34 CXO INSIGHT ME AUGUST 2023

STAYING SAFE

NICOLAI SOLLING, CTO OF HELP AG, PROVIDES EXPERT ADVICE FOR NAVIGATING THE CHANGING THREAT LANDSCAPE SAFELY.

phishing. Among UAE organisations that experienced an attempted phishing attack in 2022, 86% of these were successful, according to data from Proofpoint.

and password, but also with a multi-factor authentication service such as an SMS sent to your phone.

Cyberthreats are constantly increasing in volume and sophistication as attackers become increasingly skilled and organised. A successful breach can cause business disruption, financial loss, and reputational damage, making it vital for individuals and organisations to be informed regarding the biggest threats and security best practices.

According to Help AG’s State of the Market Report 2023, social engineering attacks remain the most prominent threat in the region. In a social engineering attack, an attacker manipulates the victim into willingly giving up sensitive information or money, often by pretending to be a trusted person or entity. One common type of attack within this umbrella is business email compromise, wherein the attacker sends an email pretending to come from a trusted source. Specifically, we have observed a trend of executive impersonation in the GCC, especially on social media networks. The impersonation of a company executive – for example, C-level or senior management – is used to solicit sensitive information and documents from staff.

Business email compromise is part of a broader attack category called

Another major threat is ransomware attacks, whereby the attacker uses malware to lock and encrypt the user’s data, then demands money to unlock the data. Ransomware attacks have been on the rise, and we predict this trend will continue, largely thanks to their high rates of success, which can be attributed to their relative simplicity and their significant, immediate impact on an affected business. Alarmingly, statistics show that 30-40% of UAE-based small organisations do not survive a ransomware attack.

For organisations Distributed Denial-ofService (DDoS) attacks pose a significant threat. It is when an attacker floods a server with internet traffic in order to disrupt operations. In 2020-2021, we observed a 37% year-on-year increase in DDoS attacks, and while it appears the volume of attacks has currently peaked, the numbers for 2022 remain high, as we have detected over 150,000 DDoS attacks in the UAE alone. This type of attack is a relatively cost-effective method that remains as one of cybercriminals’ favorite ways to create huge disruptions and financial ramifications for the targeted organisations.

This all may seem intimidating, but there are steps you can take as an individual to safeguard yourself and your data. Keep your passwords unique and strong; have different passwords for all your accounts so that if an attacker is able to hack into one account, they cannot easily penetrate the rest. Since it is impossible to remember that many passwords by heart, you can opt to use a password manager. Moreover, if the app or service allows it, make sure you always enable two-factor authentication, which ensures you are identified not just by a username

It is also crucial to protect your email. This is one of the most important ways we all communicate and identify ourselves in our professional and private lives, and most people tend to use email to transfer sensitive information and documents. Never open links or attachments from an unknown sender as they could potentially download malware on your device or direct you to a phishing website. Additionally, make sure you know how to check the actual email address of the sender, to ensure they are who they say they are. An attacker may make it seem like the email is coming from a trusted brand, but a look at the sender’s email address may reveal it is inauthentic.

If you do end up clicking a link, make sure you do not provide any sensitive or financial information. For example, no financial institution will ever ask you to provide account details, passwords or credit card information via email. To protect yourself from malicious attachments, make sure to regularly update your software to the latest version, download antivirus software, and install patches.

The last, and maybe most important piece of advice is to stay vigilant and skeptical. Malicious online actors do not discriminate. They cast their nets far and wide, looking for vulnerabilities in both behavior and technology to exploit. And once they’ve breached your defenses, they can take over your digital footprint with ruthless efficiency.

That’s why vigilance is key. Human error is behind most cyber breaches, so education and awareness are vital to protecting you and your family in this digital era. Security always starts with you, so it’s important to be cybersmart, and take control of your digital journey!

VIEWPOINT 35 CXO INSIGHT ME AUGUST 2023

CONNECTED FUTURE

SUDHIR CHADAGA, THE CHIEF STRATEGY OFFICER AT MOTOROLA MOBILITY, SHARES INSIGHTS INTO THE COMPANY’S STRATEGIC APPROACH TO SEIZE OPPORTUNITIES IN THE FLOURISHING B2B MARKET.

Can you give us a quick update about your business growth?

We have experienced tremendous growth in the past few years. However, despite significant top-line growth, Motorola was not profitable. We were losing money despite high volumes of sales. So, we made a concerted effort to turn the business around.

As a result, we have been running the business profitably globally for the last 12 quarters. While we did experience a contraction in some markets during the turnaround phase, we are now back on a growth trajectory with increased profitability. This favorable financial position has allowed us to invest strategically in various parts of the business. One of our main focuses is the premium segment, where we have invested in our Edge portfolio.

Furthermore, we continue to prioritise key innovations in our ecosystem and software experiences for users, which form another vital component of our investment and growth strategy.

Additionally, we are committed to supporting growth in our strategic regions. We are a powerhouse in the Latin America market and have become the number two player. In Europe, we are experiencing double-digit growth. Currently, our presence extends to numerous Western European markets and a select few in Eastern Europe. Our focus is on Europe and the Middle East,

a core region for our overall growth and brand recognition.

With its long-standing heritage of more than 90 years, Motorola has a respected position in the market. However, our key challenge is continuously differentiating the brand to ensure that users and consumers recognise its unique value.

Are you now eyeing opportunities in the B2B market?

As we explore new growth areas, we have ventured into the B2B space. This journey began a few years ago when we identified multiple opportunities within Lenovo Group, a powerhouse in enterprise and B2B sectors. Recognising the potential for synergies, we embarked on a systematic approach to drive growth in the B2B domain.

As per IDC, the global B2B market consists of approximately 300,000,000 units. The market is largely dominated by two major players, Apple and Samsung, making it highly competitive. However, we are determined and ambitious to make our mark in this space. Our vision is to establish ourselves as a reliable provider of devices and solutions for customers in the enterprise space, including enterprises, SMBs, and public sector entities. Our primary focus is to offer a diverse range of trustworthy devices that cater to our customers ‘ specific needs, regardless of their price point.

Whether it is small and mediumsized businesses seeking value-tier

products or larger companies in need of premium devices, our portfolio offers a compelling selection. We have carefully crafted a suite of end-to-end solutions, realising that enterprise customers, including businesses and government entities, require comprehensive solutions tailored to their unique requirements. Instead of building everything from scratch, our customers can focus on their core business operations.

Moreover, being part of the Lenovo family provides us with unparalleled access to Lenovo’s extensive network. This advantage reinforces our ability to cater to a broader customer base and expand our presence in the market.

By leveraging Lenovo’s expertise in serving enterprise customers, we gain valuable insights that enable us to address the needs of B2B customers. Also, we know that we cannot do it all alone – to meet the diverse needs of our customers, we partner with industry players. These strategic alliances allow us to combine our strengths with other industry leaders, providing our customers with an even more comprehensive and powerful set of solutions.

We have established extensive partnerships, collaborating with various security solutions providers and prominent technology giants like Microsoft and Google. These alliances enable us to offer solutions addressing our customers’ pain points.

INTERVIEW
36 CXO INSIGHT ME AUGUST 2023
AND DRIVING THE SOFTWARE 2.0 TRANSFORMATION CODING FOR CHANGE SCAN ME 16 - 20 OCT 2023 DUBAI WORLD TRADE CENTRE SUPPORTED BY FEATURING CO-LOCATED WITH Enquire about Exhibiting, Sponsorship & Speaking Opportunities +971 (04) 308 6797 Globaldevslam@dwtc.com A 3-DIMENSIONAL EVENT CONNECTING TECHNOLOGY, TECH TRANSFORMATION BUYERS AND ELITE DEVELOPER COMMUNITY www.globaldevslam.com | #GlobalDevSlam

REVOLUTIONISING EDUCATION

In the dynamic world of education, Artificial Intelligence (AI) and Machine Learning (ML) are not just revolutionising, but truly redefining the way we understand and cater to students’ unique learning needs. These ground-breaking technologies are transforming the educational landscape to the advantage of all stakeholders, including parents and teachers. AI and ML offer unparalleled insights into the learning process, empowering students and educators to track progress, develop personalised student learning pathways, and gain invaluable insights through continuous assessment. This remarkable progress in education technology is a testament to the immense potential of AI and ML in shaping the future of education for the betterment of all involved.

From AI-powered assessment tools to adaptive learning management systems (LMS), educational institutions now possess the remarkable capability to customise educational experiences to each student’s learning style and level, supporting their learning journey. The true potential of AI and ML, however, goes beyond customisation; it lies in the technology’s capacity to identify students who require additional support at an early stage. This breakthrough in educational technology is a boon for all stakeholders in the education system, including parents and teachers, as it ensures that every student receives the necessary attention and assistance to excel in their academic journey.

Data-Driven Insights for Educators and Administrators: Empowering Decision-Making

The exponential growth in data

processing and interpretation capabilities offered by AI and ML empowers educators and administrators to make data-driven decisions and optimise educational practices. These technologies provide comprehensive insights into student performance, allowing educators to identify areas that require improvement and create tailored interventions.

For instance, teachers can leverage AI-powered platforms to communicate with parents, providing them with realtime updates on their child’s progress. This facilitates early intervention in case of absences or suboptimal scores.

Early Intervention for Struggling Students: A Game-Changer

Traditional methods of identifying students at risk of failure or dropping out relied on prior performance warning systems, which often fell short in providing a comprehensive understanding of students’ knowledge improvement areas. Many EdTechs are pioneering in AI and ML to offer earlier interventions to students in need.

UAE-based Alef Education’s intelligent learning platform alerts educators about students who need support using a hybrid assessment and intervention mechanism consisting of adaptive diagnostic tests and a final exam prediction model. The diagnostic test questions begin at randomised difficulty levels and adjust in real-time to reveal students’ knowledge across multiple expertise areas and grade levels, setting aside assumptions about a student’s skill, grade, and language levels.

More insights can be gleaned from student feedback about the questions themselves: the platform designed a user feedback mechanism using item response theory (IRT) where ratings about question difficulty can reveal patterns. Alef Education’s AI-powered prediction model tracks data, including user activity, completed courses, and feedback to identify students at risk of failing so that educators can intervene early and help them get back on track.

Balancing Innovation and Empathy

It is crucial, however, to recognise that these technologies are not meant to replace human interaction, empathy, and support. Instead, they serve as invaluable tools that enable educators to deliver timely and targeted interventions, paving the way for a more equitable and inclusive educational system. As we continue investing in and innovating with AI and ML, the possibilities for their application in education are boundless. We can eagerly anticipate a future where every student, parent, and teacher reaps the benefits of these technologies, ensuring that each student receives the support they need to flourish.

VIEWPOINT
WOJCIECH BAJDA, MANAGING DIRECTOR – PUBLIC SECTOR MIDDLE EAST AND AFRICA AT AWS, ON HARNESSING THE POWER OF AI AND ML TO TRANSFORM EDUCATION AND EMPOWER STUDENTS
38 CXO INSIGHT ME AUGUST 2023

TRANSFORMING HEALTHCARE

MEDICLINIC MIDDLE EAST DRIVES DOWN RECOVERY POINT OBJECT DRAMATICALLY WITH VEEAM

Mediclinic Group brings its unique approach to healthcare to Switzerland, South Africa, Namibia and the United Arab Emirates (UAE). Its UAE branch, Mediclinic Middle East, was founded in 2007 and is now one of the largest private healthcare providers in the country. Mediclinic Middle East runs seven hospitals and 26 health clinics with more than 1000 inpatient beds and 7,200 employees.

Mediclinic Middle East is experiencing rapid expansion, both in geographical reach and in the scope of advanced healthcare services it provides to its patients. The continuous drive for

innovation hinges upon the seamless availability of data and robust IT systems. As Mediclinic Middle East makes inroads into the realm of home healthcare, the timing was opportune to align its data protection strategies with the technological sophistication of its broader landscape. In line with its ambitious growth trajectory and the imperative of uninterrupted healthcare provision, Mediclinic Middle East set its sights on swift recovery and minimal data loss in the face of significant incidents.

The stand-out healthcare providers of today work hand-in-hand with the latest technology. From artificial intelligence and big data analytics to wearable IoT devices,

cutting-edge solutions are stepping out of sci-fi movies and into hospitals, clinics and home medical settings.

Mediclinic Middle East is on a mission to bring the very latest developments in healthcare to its patients. To lay the groundwork for its transformation into a technology-driven healthcare provider, the group is introducing automation, AI and other technologies, and has centralised its Electronic Health Record (EHR) systems for all the clinics and hospitals in its network. At the same time, Mediclinic Middle East is pursuing opportunities for growth via acquisition, most recently adding an at-home healthcare provider to the family.

CASETUDY
40 CXO INSIGHT ME AUGUST 2023

“Mediclinic Middle East is always evolving,” said Raziel Peña, ICT Operations Manager at Mediclinic Middle East. “From our most recent facility, Mediclinic Parkview Hospital in Dubai to our latest in-home healthcare acquisition, we’re extending our reach to help more people live happy and healthy lives across the continuum of care. In the ICT team, our challenge is to ensure we can maintain the exceptional standard of care we’re known for, while making the most of limited resources. After all, hospitals never sleep.”

As data volumes exploded, Peña and his team felt the pressure. They embarked on a business-wide review of IT, aiming to identify opportunities for optimisation. Disaster recovery (DR) emerged as one area that Mediclinic Middle East could do better.

“Acquisitions have a way of shining a light on your established ways of doing things,” said Peña. “When you’re blending another company’s operations into your own, it’s a great time to stop, take stock and decide whether your approach is as good as it could be.”

He continued: “We discovered that our growth was outstripping our data protection measures. We had more than one data backup tool in use in the group and didn’t know how long it would take us to recover if we were hit by a cyberattack or natural disaster, for example. At Mediclinic Middle East, we don’t shy away from change, so it was time for a fresh new approach.”

The Veeam Solution

To retain its position at the forefront of healthcare innovation, Mediclinic Middle East chose Veeam to support always-on data availability across its diverse and growing operations. Using Veeam, the group established a one-stop solution for all backup and DR.

“Veeam was one of the tools used by parts of Mediclinic for a while, but we soon realised it should be our data protection solution of choice,” said Peña. “When we compared Veeam to the other options, its extensive feature set stood out. Add to that how scalable and flexible

Veeam is, and it’s the ideal solution for our fast-expanding organisation.”

Today, Mediclinic employs Veeam to back up more than 620 virtual servers, which host critical applications such as Mediclinic Middle East’s EHR, medical imaging, Research and Development (R&D) applications and more. For added resilience, Mediclinic Middle East uses Veeam to create a full backup of its main datacenter in a co-located environment as well as a copy of the file servers installed in each clinic and hospital.

“We really like the hardened repository feature in Veeam, since it allows us to create immutable backups of our most critical systems and data,” said Peña. “With hardened repositories,

we can be confident that all recovered data will be intact and ready to use if we ever need to restore it. Thanks to Veeam, we feel a lot more prepared should the unexpected happen.”

Using the Continuous Data Protection (CDP) feature built into Veeam, Mediclinic Middle East is driving down its Recovery Point Objective (RPO) for its VMware virtual machines dramatically. Later in the year, the group is planning to do a lift-and-shift migration of its core systems to a colocated environment and will use CDP to keep key IT services available as it carries out the move.

“Working in healthcare means data loss could potentially impact a life and death scenario,” said Peña. “Features like CDP are why Veeam is so critical to the central mission of Mediclinic Middle East. Veeam makes short work of complex data management tasks, so that our relatively small IT team can serve a dynamic and growing business.”

With so many successes with Veeam under its belt, it’s no surprise that Mediclinic Middle East also chose Veeam to protect its Microsoft 365 applications.

“While Microsoft offers perfectly good native backup capabilities, we feel much more confident using Veeam to back up the sensitive files and confidential emails we share via Microsoft 365 apps,” said Peña. That’s because the built-in tools permanently delete files in the recycle bin after a time period set by Microsoft, but with Veeam we get to decide when they’re gone forever.”

By seizing control of data with Veeam, Mediclinic Middle East is ready for the next phase of its growth strategy. And when the group encounters bumps in the road, it knows that Veeam will always be on hand to help.

“Veeam provides excellent, responsive support,” said Peña. “They even developed new security patches for us in less than two weeks when we needed them. By helping us run smoothly with minimal maintenance, Veeam frees us up to focus on what’s next for Mediclinic Middle East. Whether that’s introducing exciting innovations at our existing locations or a brand-new opening.”

VEEAM WAS ONE OF THE TOOLS USED BY PARTS OF MEDICLINIC FOR A WHILE, BUT WE SOON REALISED IT SHOULD BE OUR DATA PROTECTION SOLUTION OF CHOICE.
41 CXO INSIGHT ME AUGUST 2023
Raziel Peña, Mediclinic Middle East

CONVERGING FORCES

The United Arab Emirates (UAE) has long exhibited a go-getter attitude regarding job creation, economic growth, and technological progress. In pursuit of a sustainable economic future, the government has led by example in key areas such as carbon emissions and digital transformation. It has issued decrees, regulated diligently, and advised shrewdly. As historic externalities such as the 2008 financial crisis and the recent COVID pandemic have come to its shores, the nation — government, businesses, and private individuals — has begun to think more about risk.

The UAE government, once again, is leading by example. The Ministry of Economy (MoE) has implemented a comprehensive risk management policy based on ISO 31001, incorporating elements of other recognised global standards for areas such as asset management (ISO 55001), business continuity (ISO 22301), and effective governance (BS 13500).

Risks lurk

There is one pressing issue that should inspire private enterprises to follow the MoE. While recent economic and health crises still cast shadows, the cyberthreat landscape now represents the greatest risk. Cybersecurity needs a modern rethink at the board level to protect investments made in digital transformation. Boards will need to

appoint a dedicated risk manager and recognise them as a key stakeholder. This risk manager must think and talk in terms of “cyber risk” to break the mindset of doing more with less. Feeble security budgets will do little to guard against modern attack vectors. Boards consider a range of factors — financial, economic, industrial, and geopolitical — in calculating risk. While some, such as seasonal revenue fluctuations, can be predicted, many more, such as the emergence of new vulnerabilities and threats, cannot. Some risks carry absorbable impacts, like the waning of cash flow. Others can

bring the business to its knees. While even the predictable moments present challenges for leaders, it is the black swans that bring true resilience tests.

The risk manager’s job description is deceptively straightforward. They must evaluate the various parts of a business, from people and processes to assets and responsibilities, and determine a level of risk with which they are comfortable. Having done this, they formulate policy and initiate programs to minimise impact over time. Easily stated; less easily delivered. Especially when it comes to cybersecurity and vulnerability management. IT security teams, working with the risk manager, must figure out where risks from the technology stack sit within the broader array of risks the business faces.

Appetites vary

It is worth pointing out that different boards will have different appetites for risk and that even these attitudes will vary for each part of the business. Each risk manager will have to navigate these preferences and outlooks. Is this a board willing to invest in a foray into an untested market in search of potential new revenue? Or is it a board that would rather leverage capital in established markets for more reliable but less exciting returns? Even the riskaverse board could negatively impact cybersecurity investment if they see it as a sinkhole for cash that returns no measurable value. The risk manager

VIEWPOINT
NEITHER RISK MANAGEMENT NOR CYBERSECURITY CAN BE TRULY EFFECTIVE UNTIL THEY MERGE, WRITES HADI JAAFARAWI, MANAGING DIRECTOR – MIDDLE EAST, QUALYS
42 CXO INSIGHT ME AUGUST 2023
CYBERSECURITY NEEDS A MODERN RETHINK AT THE BOARD LEVEL TO PROTECT INVESTMENTS MADE IN DIGITAL TRANSFORMATION. BOARDS WILL NEED TO APPOINT A DEDICATED RISK MANAGER AND RECOGNISE THEM AS A KEY STAKEHOLDER.

must convince them otherwise. Together with the security team, they must formulate a narrative that puts cyber-risk into context within the overall risk-management strategy.

Once they have the board’s attention, risk managers could start with quick wins like vulnerability management. “Patching prevents attacks” is an easy message to convey. But security teams face an additional risk that also must be communicated. When a vulnerability is discovered, it takes time to issue a patch. The 2023 Qualys TruRisk Research Report, puts the average lag time at more than 30 days, while it takes just 19 days for threat actors to exploit the vulnerability. This lag time represents a risk, but risk managers can put it in context.

Today’s vulnerability management systems can triage and automate patching, flagging exposed, higher-risk

assets where exploitation has already occurred. Qualys research has already observed that widely used products like Microsoft Windows and Google Chrome are patched twice as fast and twice as often as other applications. Further context that the risk manager can provide is that of the more than 25,000 software defects uncovered in 2022, only 159 were weaponised, and only 23 were exploited by malware. This ability to contextualise risk, prioritise action, and prevent resource wastage will endear the risk manager to the board.

Risky business

Risk managers will also be tuned in to UAE, regional, and global compliance standards, including the requirement to issue regular reports on risk. Effective reporting is tailored to the readership. Security teams consume information differently from board members. The

former may appreciate a summary of the number of vulnerabilities and pending fixes, but the latter may prefer a broad overview of the potential for business disruption. Ideally, boards should have access to information on how the enterprise’s current risk profile stacks up against corporate risk appetite. Risk professionals and security leaders must work closely with the board to come up with a way of translating technical terms into business metrics.

All businesses face varying degrees of risk. Digital transformation carries risk because the presence of more digital assets is, by definition, an expanded attack surface. IT security teams and risk managers must learn what they can from the board and educate the board in return. With the right investment focus and practices, innovation can proceed in a clear-eyed fashion.

43 CXO INSIGHT ME AUGUST 2023

Eaton 5E Gen2

Intelligent power management company Eaton has announced the Gen2 version of its essential line interactive uninterruptible power supply (UPS) 5E. It provides power protection for the most essential applications in residential and professional settings and an excellent priceperformance ratio.

5E Gen2 is a compact and reliable UPS that now covers a wider range of ratings (550 – 2200 VA) and operates even more silently for a better customer experience. 5E Gen2 is also a champion of global compatibility, coupled with high quality standards, ensuring reliable connectivity even at the most critical moments.

Thanks to valued feedback from customers, the 5E Gen2 range is now enlarged (10 to 22 P/Ns) and supplied with local outlet models (FR/ DIN-IT/BS) in addition to current IEC models. It also offers higher VA ratings, lower noise, silent audible alarm and an enhanced aesthetic.

The 5E Gen2 is part of a wide product range that covers the power requirements of many IT devices providing protection for computers, workstations and peripherals; internet routers, network-attached storage devices (NASs), televisions, games consoles, plus the type of power-hungry devices used for applications such as home security, point of sale operations and ticketing machines. The 5E Gen 2 comes with a two-year warranty which can be extended.

CommScope Constellation

CommScope announced the launch of its SYSTIMAX Constellation edge-based platform for connecting and powering tomorrow’s hyper-connected enterprise. The system combines fault-managed power, hybrid power/ data fiber and ceiling-based “Constellation Points” in a

star topology to connect a vast number of network devices

Compared to traditional structured cabling networks, the Constellation platform utilizes a radically simplified architecture that is both modular and technology agnostic. This allows it to use fewer components while supporting both converged and segmented networks, AC and DC power applications and a variety of connectivity standards. As a result, the Constellation platform delivers greater power and faster speeds to more devices, requiring less space and lowering the overall carbon footprint of the network. It is an unparalleled solution for quickly and efficiently deploying the next generation of enterprise

The system leverages

fault-managed

power, which safely transmits more power over less copper than traditional powering technologies. That approach, deployed in a star network topology, extends service distances from equipment rooms and delivers 10G speeds and 1kW power to a growing number of connected devices in increasingly dense urban environments.

The Constellation platform uses a distributed star topology to extend services from equipment rooms to a service area or zone to support proximate devices. Its simplified architecture can significantly reduce the copper and plastic in the network, in some cases by nearly 60%, and the typical installation can reduce labour hours by over 50% over traditional systems.

PRODUCTS
44 CXO INSIGHT ME AUGUST 2023

Ring indoor camera

Ring has launched the second generation of Indoor Cam, bringing an additional layer of privacy and security for homeowners. Indoor Camera (2nd Gen) is Ring’s first-ever security camera with a new, manual, removable privacy cover, that turns off audio and video recording when it’s placed over the camera lens, giving customers even more control and peace of mind when it comes to customising their privacy and security at home.

Indoor Camera (2nd Gen) is a compact, indoor-only camera that brings customers all the benefits of the first generation Indoor Cam, such as Two-Way Talk, 1080p HD video, Live View, Customisable Motion and Privacy Zones, now with enhanced features like Colour Night Vision and an upgraded design. With the new privacy cover, customers can have greater control over

Kingston IronKey Keypad 200C

Kingston Digital Europe Co LLP, a flash memory affiliate of Kingston Technology Company, has launched the Kingston IronKey Keypad 200C, a hardware-encrypted USB Type-C drive that ensures both security and convenience at your fingertips. Now, users can achieve seamless data protection and effortless compatibility without the use of adapters when using USB-C equipped devices.

KP200C offers FIPS 140-3 Level 3 (Pending) certified military-grade security in an OS-independent alphanumeric

what their device captures. When the privacy cover is moved in front of the camera lens, Indoor Camera’s microphone and camera will turn off. Customers can reactivate video and audio capture by moving the Privacy Cover to the side and, if in doubt, they can check the status of their camera in the Ring app. A blue LED indicator light will glow when Indoor Camera (2nd Gen) is capturing video or when night vision has been activated. Automatic Light Sensing allows Indoor Camera (2nd Gen) to know when the lighting has dimmed enough to automatically activate the night vision feature.

Additionally, the adjustable mount design and plug-in AC power enables customers to position Indoor Camera (2nd Gen) almost anywhere at home by plugging it into any available power outlet.

keypad for easy-to-use PIN access. It incorporates XTS-AES 256-bit hardware-based encryption with Brute Force password attack protection and BadUSB protection with digitally signed firmware ensuring an unparalleled level of safeguarding for your valuable data. With the Multi-PIN option (Admin/User), the keypad can be used to set up an easy-to-remember alphanumeric PIN for the Admin or User accounts. Admin can restore a User PIN to provide access to the drive if the User PIN is forgotten.

45 CXO INSIGHT ME AUGUST 2023

MANAGING THE CYBER MENACE

SUNIL PAUL, MD OF FINESSE, ON THE ROLE OF MANAGED SECURITY SERVICE PROVIDERS IN SAFEGUARDING BUSINESSES

said the growing sophistication of cyberattacks would be one of their organisations’ biggest security challenges in 2023 — the second highest percentage globally behind the UK (73 percent). The rate of UAE respondents whose company was impacted by ransomware rose from 60 percent in the SOES 2022 report to 72 percent in the SOES 2023 report.

and security equipment/software upgrades; security assessments and audits; performance of vulnerability assessments and threat scans, operational threat intelligence and compliance assistance.

The Middle East had the second-highest average total cost of a data breach after the United States, according to the latest ‘Cost of a Data Breach Report 2023’, produced jointly by IBM Security and Ponemon Institute. According to the report, the cost of a data breach in the Middle East increased by 8.2 percent to $8.07 million in 2023 compared to last year’s $7.46 million.

The has been shaken by substantial breaches in the past, evident in sectors such as banking, oil and gas, and various other industries. Dr Mohamed Al Kuwaiti, Head of Cyber Security, Government of the UAE, told online news portal Zawya in May 2023 that, on average, the UAE is forced to deter 50,000 cyber-attacks daily, ranging from ransomware to cyber terrorism. The persistent menace of cyberattacks, the ever-expanding proliferation of unstructured data and the widespread growth of the hybrid work model have made it imperative for organisations to ensure that infrastructure and resources essential for work remain available and secure.

According to Mimecast’s State of Email Security 2023 (SOES 2023) report, seven in 10 UAE respondents

Staying abreast of evolving and persistent threats, the dynamic advancements in security technology, and ongoing staffing difficulties pose significant challenges to businesses, large and small. As a result, increasingly more organisations are moving to managed security services models for security operations and mitigating risk.

According to Gartner, a Managed Security Service Provider (MSSP) provides outsourced monitoring and management of security devices and systems. They establish security operations centres (SOCs) for monitoring and protecting the security of their customer’s infrastructure.

MSSPs offer businesses the opportunity to access cutting-edge technologies and flexible expert support, all at a reasonable cost compared to the traditional onpremises approach.  Services typically offered by MSSPs include administration of firewalls, intrusion detection systems (IDS), VPNs; supervision of Security Incident and Event Management tools; ongoing monitoring of devices and systems; Managed Detection and Response (MDR) services, encompassing monitoring, detection, alerting, and response management for potential system attacks; supervision of patch management

A key advantage of using an MSSP is the cost savings compared to building and up-keeping an in-house security team. MSSPs enable businesses to leverage the same expertise and security tools without building their team. Teams with specialised knowledge and experience in diverse cybersecurity domains aid businesses in dealing with the latest security threats. Their high-availability security operations centres provide roundthe-clock monitoring and support and help companies enhance their overall security posture. These elements enable them to respond effectively during a security attack and mitigate its impact.

Interestingly, the Cost of a Data Breach Report 2023,’ report explored for the first time the impact that partnering with an MSSP had on the time to identify and contain a breach. Organisations that had an MSSP were able to identify and contain breaches in 80 percent of the time of those without. Organisations that worked with an MSSP identified breaches 16 days faster or an 8.2 percent shorter identification time than the 2023 reported global average of 204 days. Those that didn’t took 28 days longer or 12.8 percent longer, the report stated.

Acting quickly is essential when there’s a cyber-attack. An MSSP focuses on managing and watching over systems to stop a network breach from happening, and they also speed up their response if a problem does occur. An MSSP is the best defense for your business.

BLOG 46 CXO INSIGHT ME AUGUST 2023

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.