ISSUE 20 \ MAY 2020
HOW TO GET THE PERFECT START
CONTENTS
44
12
PRODUCTS
ARTIFICIAL INTELLIGENCE
FOR BUSINESS HOW TO GET THE PERFECT START
10
28
IMPORTANCE OF HOW CYBER ATTACKERS 10 THE 28 NETWORK TRANSFORMATION EVADE THREAT SIGNATURES 30 INVASION OF PRIVACY 16 SECURING YOUR REMOTE WORKFORCE
17
WHY CYBER THREAT INTELLIGENCE MATTERS
BANKING’S 32 OPEN OPEN SECRET
BUILD OR 18 TO NOT TO BUILD?
CHECKLIST 36 AFORSECURITY REMOTE TEAMS
TO ADOPT AI 26 HOW IN YOUR BUSINESS
THE PATH TO 40 LOYAL CUSTOMERS
PUBLISHED BY INSIGHT MEDIA & PUBLISHING LLC
6
NEWS
TOP US DATA RESIDENCY PLATFORM SELECTS HUB71 FOR MIDDLE EAST HQ MICROSOFT’S REPORT REVEALS NEW REMOTE WORKING AND LEARNING INSIGHTS REMOTE WORKING INCREASES RISK OF CYBER BREACHES
MAY 2020
CXO INSIGHT ME
3
SANS FLEXI-PASS Our mission is to empower current and future cybersecurity practitioners with training, education, certifications, and resources to create a safer global community. In challenging and uncertain times like these, we want to do our best to help and support. That is why SANS is introducing the Flexi-Pass. This Pass offers full flexibility and a SANS training guarantee by offering “Full-access” to our different training formats PLUS a GIAC certification attempt and NetWars Continuous access.
What does the SANS Flexi-Pass offer?
It allows you to study one selected course across all three SANS training modalities:
OnDemand
SANS OnDemand (8 months)
+
Live Online
+
SANS Live Online
Training Event
SANS Live In-Person Training
+
+ Includes one complimentary GIAC Certification attempt
Includes complimentary NetWars Continuous access (8 months)
The Complete SANS training experience The SANS Flexi-Pass provides you with the ability to take your SANS course whenever and wherever you want. At the same time, the pass ensures you get the most well rounded training experience by including the GIAC certification attempt and the challenging, hands-on learning experience of NetWars Continuous.
The SANS Flexi-Pass is only available until May 31st, so don’t miss this unique opportunity and secure your training today. If you would like to know more or speak to a SANS representative, please reach out to us: mea@sans.org
+971 4 431 0761
sans.org/flexi-pass-2020
EDITORIAL
THE SHOW MUST GO ON
A
s COVID-19 continues to rattle businesses around the world, forcing millions to work from home, CIOs have no option but to change their game plans. With remote work here to stay, IT decisions makers are starting to rethink their priorities, especially around capacity planning and security. The analyst firm McKinsey says the time is now for the CIO to work with the CEO and C-suite to “unlock savings that ensure business continuity and be redirected into investments to fit new business priorities.” The ongoing crisis has exposed the holes in the business continuity plans of many businesses in the region, which is often confused with disaster recovery. Business continuity simply implies an organisation’s ability to continue its core business functions in the event of a major disruption. For CIOs, it is imperative to create detailed business continuity plans and stress test from time to time. As Churchill famously remarked once, ‘never let a serious crisis go to
waste’, and this is an opportunity for the CIO to rethink what is essential to the business, and start preparing for a post-pandemic world. On a different note, our cover story for this edition is about the business impact of artificial intelligence, which has come under the spotlight with the pandemic. AI technologies and tools are playing a key role in the fight to combat COVID-19. Right from creating genome sequences to drug discovery to forecasting the virus path, AI is proving to be instrumental in the battle against the pandemic. The transformative impact of AI on daily lives is still being shaped, and we do not fully understand how it will affect the way we work or do business in this decade. There have been some spectacular advancements in this field, and companies in every industry are deploying these tools and services to solve pressing business problems and create a competitive advantage. Is AI the panacea for the world’s ills or a dangerous delusion? Only time will tell.
Published by
Managing Editor Jeevan Thankappan jeevant@insightmediame.com +97156 - 4156425
Sales Director Merle Carrasco merlec@insightmediame.com +97155 - 1181730
Operations Director Rajeesh Nair rajeeshm@insightmediame.com +97155 - 9383094
Publication licensed by Sharjah Media City @Copyright 2020 Insight Media and Publishing
Production Head James Tharian jamest@insightmediame.com +97156 - 4945966
Administration Manager Fahida Afaf Bangod fahidaa@insightmediame.com +97156 - 5741456
Designer Anup Sathyan
While the publisher has made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors
MAY 2020
CXO INSIGHT ME
5
NEWS
TOP US DATA RESIDENCY PLATFORM SELECTS HUB71 FOR MIDDLE EAST HQ
T
op US data residency hosting platform InCountry has selected Abu Dhabi’s Hub71, the tech ecosystem powered by Mubadala, to be the home of its Middle East headquarters. InCountry, active in over 70 countries, boasts a long list of strategic international investors including Mubadala Capital – Ventures. This new development marks a strategic move to capitalise on the UAE’s growing cloud market, which Gartner predicts is set to increase by 21 percent year on year. Ibrahim Ajami, Head of Ventures, Mubadala Investment Company and Interim CEO of Hub71, said, “Our investment in InCountry provides us with access to a dynamic cloud player which provides a unique data residency service, with massive global potential. A key pillar of Mubadala Capital’s ventures’ strategy is to leverage its international network and bring innovative portfolio companies to Abu
Dhabi. The fact that InCountry has taken the decision to join Abu Dhabi’s Hub71 – is testament of resilient tech Peter Yared, InCountry ecosystems that are able to weather the storm during major macroeconomic upheaval. We look forward to supporting InCountry as they expand their presence across the MENA region.” The San Francisco-based data residency-as-a-service platform has recently experienced rapid growth due to the growing data-sovereignty needs of multi-national organisations all over the world. With new data protection regulations expected to be introduced in the UAE in the near future, InCountry is well placed to offer innovative and scalable solutions for the local and regional market. Peter Yared, CEO and founder of
MICROSOFT’S REPORT REVEALS NEW REMOTE WORKING AND LEARNING INSIGHTS Microsoft has released its first Work Trend Index report. The research gains insights from Microsoft Graph that analyses productivity trends across trillions of signals and observe how remote working scenarios are changing the way people connect with each other. The company’s aim to share these insights on remote working, while safeguarding personal and organisational data, is to empower its customers to learn from the bright spots and plan for the future. The research found a new daily record of 2.7 billion meeting minutes in one day. That’s an increase of 200% from 900 million in mid-March, showcasing the increase in demand for technology that both connects and fuels secure productivity. And as students and teachers turn to Teams for distance learning, there are 183,000 tenants in 175 6
CXO INSIGHT ME
MAY 2020
countries using Teams for Education. “We are glad to see that our technology is helping these organisations continue their important work,” said Jared Spataro, Corporate Vice President for Microsoft 365. “At Microsoft, our mission is to empower every individual and every organisation on the planet to achieve more. And at a moment like this, when we are all adjusting to a new normal, it’s never felt more important to help connect more
InCountry, said, “Our philosophy of respecting each country’s data residency regulations and sovereignty, while enabling companies to adopt the latest cloud software, has really resonated in the Middle East. I’m pleased to establish our regional headquarters in Abu Dhabi’s Hub71 to take advantage of its holistic tech ecosystem – providing us with greater market access, world-class talent and flexible regulatory frameworks enabling us to better serve our customers.” InCountry already runs hosting facilities in the UAE, Egypt, and other countries in the region, and is deepening its hosting arrangements in the Kingdom of Saudi Arabia by developing a co-location agreement with the Saudi Telecom Company (STC), the largest telecommunications provider in the Kingdom of Saudi Arabia. InCountry will be established as a regional subsidiary in Abu Dhabi General Market (ADGM) and located within the vibrant WeWork x Hub71 community with over 36 global tech startups, corporates, accelerators, tech companies and venture capital firms.
people and keep more organisations up and running with secure tools. Although the way we work has changed, our customers show us every day that our drive to connect to one another is so often stronger than the circumstances that keep us apart.” The report also finds a 1000% growth in total number of video calls during March with people turning on video in Teams Meeting 2x times. And the number of Stream videos in Teams per week has increased over five times in the last month with hundreds of hours of video uploaded per minute. As organisations aim to continue operations, Microsoft has also seen a considerable increase in Teams usage on mobile devices such as a phone or tablet. The number of weekly Teams mobile users grew more than 300 percent from early February to March 31 Microsoft also added two new features to Team. And end meeting option for meeting organisers and the ability to download participant reports.
REMOTE WORKING INCREASES RISK OF CYBER BREACHES
Andy Heather, Centrify
N
early three quarters of business decision makers (71 per cent) believe that the shift to 100 per cent remote working during the Covid-19 crisis has increased the likelihood of a cyber breach, according to new data released by cyber security company Centrify, a global provider of IdentityCentric privileged access management solutions.
The data, obtained via a poll of 200 senior business decision-makers in large- and medium-sized UK companies conducted by independent polling company Censuswide on behalf of Centrify, also revealed that 46 per cent have already noted an increase in phishing attacks since implementing a policy of widespread remote working. The polling took place on 26th – 27th March, as the UK government announced much stricter lockdown policies to tackle the Coronavirus, including urging all employees to work from home where possible. The research also found that 79 per cent of business decision makers have increased their cyber security procedures to manage high volumes of remote access over the next three months. Similarly, 73 per cent of businesses have given staff extra training on how to remain cyber-safe when working remotely, with specific training around verifying passwords and log-in credentials. The survey also noted additional fears that IT systems are at risk, with
over half (53 per cent) saying they believe that privileged IT admin remote access is at risk of security breach. Andy Heather, VP, Centrify said, “Cyber criminals will no doubt attempt to seize the opportunity presented by the all-out expansion of remote workers, many of whom have not been proficiently trained in even the most basic of cyber security measures. Therefore, it is essential that businesses and employees remain vigilant during these challenging times. “Organisations of all sizes must prioritise security protocols when transitioning employees from an office to a remote working environment. This includes introducing professional training for all employees on how to operate IT and online infrastructure safely, and how to spot unusual or potentially malicious activity. Furthermore, businesses should take an identity-centric approach to secure remote privileged access, to ensure that any hackers and cybercriminals cannot gain access to sensitive systems or data.”
barcode or entering its number or name through the application. According to the company, the number of Montaji users has increased tremendously in one month as more than 20,000 users have downloaded the smart app. The total number of products registered in the antibacterial and sterilising category has reached
2500, a 30 percent increase over the last three months. The number of companies registered in the system has also been increased. During March, 216 companies specialised in sterilising products registered in the Montaji system and the Municipality evaluated 735 antibacterial products for professional and personal use within a month. The Montaji App is easy to use and browse, and allows users to learn many information about various products, such as the product’s brand name, its components, specifications, country of origin, and other information for many products.
DUBAI MUNICIPALITY SEES SURGE IN DEMAND FOR MONTAJI APP Montaji, the smart app from Dubai Municipality has seen an increased demand by users and specialised companies, according to a press release issued by the organisation. A platform for consumer products registered and approved by the Municipality, the application allows customers, both individuals and companies, to verify the product’s health and safety standards as per the Municipality’s requirements. Various types of products such as cosmetics, personal care products, perfumes, health supplements, detergents, antibacterial products, food contact materials and many more can be verified by scanning the product
MAY 2020
CXO INSIGHT ME
7
NEWS
ETISALAT EMPOWERS 1 MILLION UAE STUDENTS TO SUPPORT ONLINE LEARNING
E
tisalat has announced that it enabled at least one million students in the UAE to access distance learning websites and platforms using its advanced network, with more than 10 million mobile subscribers enjoying free browsing to over 800 websites related to education, health, and safety. To support and enable distance learning, free mobile data was made available – in coordination with the Ministry of Education and Telecommunications Regulatory Authority (TRA) – to over 12,000 students whose families do not have Internet at home. Etisalat also provided access to 9 apps and platforms, allowing visual and audio communications: Google Hangouts, Microsoft Teams, Blackboard, Zoom,
Skype for Business, Cisco Webex, Avaya Spaces, BlueJeans and Slack on Its fixed and mobile network in collaboration with the TRA. These are part of a bundle of Initiatives to support the education sector,
MORO HUB STRENGTHENS COMMITMENT AS SECURE CLOUD SERVICE PROVIDER
Mohammad Bin Sulaiman, Moro Hub
Moro Hub (Data Hub Integrated Solutions LLC), a wholly-owned subsidiary of Dubai Electricity and Water Authority (DEWA), has announced that it is now a Dubai Electronic Security Center (DESC) certified Cloud Service Provider (CSP) in the UAE. DESC has developed a CSP Security Standard, which outlines requirements and guidelines for CSPs and those organisations consuming any cloud services. The CSP Security Standard mandates CSPs to comply with international best practices for cloud 8
CXO INSIGHT ME
MAY 2020
services. It is based on global information security standards such as ISO/IEC 27001:2013; ISO/IEC 27002:2013; ISO/ IEC 27017:2015; ISR:2017 v.02 and CSA Cloud Control Matrix 3.0.1. As part of the extensive DESC certification process, Moro Hub has implemented the Information Security Management System, complying with all international standards for CSPs. These controls were then verified through a comprehensive auditing process by an external certification body appointed by DESC. Ensuring compliance with the CSP Security Standard is a mandatory requirement for CSPs looking to offer cloud services for government and semigovernment entities in Dubai. Mohammad Bin Sulaiman, CEO of Moro Hub, said, “The certification demonstrates Moro Hub’s commitment to providing secure cloud computing platform and services to our customers. As a DESC certified CSP, our customers know that we have gone through a detailed process to ensure all their cloud
ensuring smooth functioning of remote learning processes. These initiatives stem from Etisalat’s corporate social responsibility strategy to utilise its resources and capabilities, empower the educational sector with state-of-the-art technology, and ensu re seamless and effective connectivity across all learning platforms. Keeping in line with its strategy ‘Driving the digital future to empower societies’, Etisalat said it is committed to supporting distance learning initiatives in the UAE following the ministry’s decision to extend distance learning until the end of the current academic year. Etisalat said it will continue to offer all the connectivity tools and services students and teachers need, including the fastest fixed broadband and mobile network In the region, to ensure seamless continuity of the country’s education curriculum.
service requirements are being met as per superior global standards and best practices. The certification further strengthens Moro Hub’s position as customers’ preferred partner for their end-to-end cloud service demands.” While concerns around trust, security and data residency may have decelerated the adoption rate of cloud services in the region, there is no question about the segment’s potential for growth. According to a recent report by research firm Gartner, public cloud services revenue in the Middle East and North Africa (MENA) is predicted to amount to nearly $3 billion in 2020, an increase of 21% year over year. Moro Hub’s cloud operations and data storage infrastructures are fully operational within the UAE. The company’s cloud platform is designed to meet the complete privacy and data protection requirements of its customers. “The CSP Security Standard and compliance requirements defined by DESC helps customers to partner with credible and proven service providers such as Moro Hub to house their critical workloads in the cloud-hosted data centre,” Sulaiman concluded.
DEWA REDUCES PAPER USAGE BY 82%
and build an integrated, paperless government framework. This is part of the Dubai Paperless Strategy, launched by His Highness to stop using paper in all internal and external transactions and with customers by December 2021,” said Saeed Mohammed Al Tayer, MD & CEO of DEWA. “We are proud of DEWA’s second consecutive achievement in this area. We have cut paper usage by 82% and are working to reach 100%. DEWA was one of the first government organisations to complete its digital transformation in 2014.” This was less than one year after His Highness Sheikh Mohammed bin Rashid Al Maktoum had launched the Smart Dubai initiative to make Dubai the
smartest and happiest city in the world. “Today, 95% of DEWA’s customers use its smart services, and we expect this to reach 100%. All of DEWA’s services are available through several smart channels. We have managed to change the culture of customers and staff to rely on smart and digital services, instead of paper,” he added. Key factors that contributed to DEWA achieving the highest percentage in cutting paper transactions across the Government of Dubai is its smart app, which provides all DEWA services and is compatible with most platforms. Another factor is DEWA’s website, which offers a seamless experience for users, enabling them to access all services and information, as well as help them complete all their transactions efficiently. DEWA’s services are also available through Rammas, its virtual employee, which uses Artificial Intelligence (AI) to respond to customers’ inquiries in English and Arabic. It is available on DEWA’s website and smart app, Facebook page, Amazon’s Alexa, Google Assistant and WhatsApp Business.
and services to achieve their strategic, operational and financial goals. He said, “The platform, which was developed to the highest global security standards, links various local and federal government entities, and ensures the sustainability of financial flow for federal revenue.” For his part, Waleed Al Sayegh, DirectorGeneral of the Finance Department of Sharjah, lauded the Ministry’s initiative, noting that it is a step that significantly and effectively contributes to strengthening joint financial work between federal and local entities in the UAE. Al-Sayegh said that the Finance Department of Sharjah uses the latest digital systems when providing its services, and adheres to the highest standards of technology, confidentiality, and information security. The link with the Ministry of Finance is in line with the tech infrastructure of the department, and is aligned with the approved financial systems and delivers the necessary efficiency, speed, and accuracy, he added.
On the new platform, the data of the federal services provided by the systems of the federal authorities and the entities in local governments will be extracted and collected from various sources. It will then be used to issue digital, automated reports on the revenue owed by the authorities in local and federal government entities. The platform will then settle the federal financial dues, through direct bank transfers, or by directly linking the local authorities’ systems, in addition to automatically implementing the processes of registering information on the federal financial system at the Ministry of Finance.
D
ubai Electricity and Water Authority (DEWA) achieved the top position across Dubai Government in implementing the Dubai Paperless Strategy, for the second consecutive time, according to a WAM report. This underlines DEWA’s commitment to the vision and directives of the wise leadership in the shift towards a smart government. DEWA has cut its paper usage by 82% in the large entities category, which uses more than 10 million sheets of paper annually. “We work in line with the vision of His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, that the smart government goes to the people and does not wait for them to come to it. We also follow the directives of H.H. Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum, Crown Prince of Dubai and Chairman of the Executive Council, to transform the Government of Dubai into a fully digital government
UAE MINISTRY OF FINANCE LAUNCHES UNIFIED DIGITAL PLATFORM The Ministry of Finance, MoF, has announced the launch of the unified digital platform to settle fees for common federal and local government services and to provide shared government services without manual procedures. According to a WAM report, the new platform will manage financial settlements and accounting operations, thus aligning data accuracy and ensuring speed, efficiency, and effectiveness. The aim is to achieve sustainability of financial flows for federal and local revenue, using modern systems and technologies. Younis Haji Al Khoori, Undersecretary of MoF, stressed that this platform is in line with the ministry’s endeavor to enhance cooperation with other government entities by bolstering FinTech platforms
MAY 2020
CXO INSIGHT ME
9
VIEWPOINT
THE IMPORTANCE OF NETWORK TRANSFORMATION THE NETWORK HAS BECOME VITAL IN DRIVING INTRINSIC SECURITY AND MODERN APPLICATION DELIVERY, BUT BUSINESSES NEED TO MAKE IT SIMPLE, WRITES IHAB FARHOUD, DIRECTOR, SYSTEMS ENGINEERING, VMWARE MIDDLE EAST, TURKEY AND NORTH AFRICA
S
ecurity has become incredibly complex. With thousands of products available, from end-point security to device security, application security and network security, there is a lot of security to consider. With the network emerging as one of the most powerful tools in an organisation’s cybersecurity kitbag, whether that’s as a vehicle to deliver security, or powering the delivery and availability of the applications businesses are using to stay competitive, it would seem fair to acknowledge network security as critical. But who is ultimately responsible for it?
10
CXO INSIGHT ME
MAY 2020
The network has become the critical pipeline, creating the expansive connectivity, that carries data from source right into the hands of end-users. It’s what connects the data center, multiple clouds, IoT sensors at the edge – everything that makes up a business today. It would not be wrong to argue that the network has become central to a modern redefinition of IT security. And yet, it’s only through the emergence of software-defined networking that this has become truly possible. Given this, it’s perhaps alarming that in a new survey by IDC, almost two thirds (59%) of European IT heads believe
it’s really challenging to gain end-toend visibility of their network. At least they seem to acknowledge that this is a problem, with almost half saying this lack of visibility is a major concern. Meanwhile, more than a third (37%) feel the challenges associated with this lack of visibility has resulted in misalignment between security and IT teams – and a quarter (29%) have no plans to implement a consolidated IT and security strategy, according to new global research covering EMEA by VMware in partnership with Forrester. While organisations are clearly starting to wrestle with this issue, there is a recognition that network transformation is becoming essential to the delivery of the levels of resilience and security required by modern businesses, with 43% of European organisations (according to IDC research) saying this is a key priority for them between 2019 to 2021. In today’s pressure-cooker environment, businesses have to adapt to changing market conditions faster than ever before, and they’re relying on their applications to do so – building, running and managing new applications that span the entire network, from the data center, across any cloud, all the way to each and every end-point device. Harnessing the power of these applications is vital, but the challenge of protecting each and every one of them, their associated data and ultimately their users, is becoming more complex than ever before. So, when failure isn’t an option, how can organisations tap into the power of the network to protect data across the entire organisation, from origin to end-user?
The challenges with putting the network first Firstly, if there’s to be any chance of a cohesive strategy and approach, collaboration between relevant teams is vital – although this alignment and coordination in itself are proving to be one of the greatest challenges facing businesses. As it stands today, only a third of EMEA networking teams are involved in the development of security strategies, despite 61% being involved in their execution, signalling that network teams are not seen as having an equal role with the other IT or security stakeholders when it comes to cybersecurity. Actively breaking down these silos and eliminating the friction between stakeholder teams should be seen as a critical priority: modern security must be seen as a team sport, as it is only by working together and taking a holistic approach that the sophistication of the modern threat landscape can be addressed. An intrinsic approach to fighting increasingly sophisticated challenges Secondly, we need to make security simple again. Traditional approaches to security, designed for a different world, but applied to one of an almost infinitely worse threat landscape, are resulting in an unmanageable and dysfunctional complexity, relying on too many point products. Typically focusing on blocking threats at the network perimeter, these so-called solutions tend to be reactive and rely on being able to recognise malware – a futile task with over three hundred thousand new zero-day threats appearing every day. They are entirely unsuited to today’s digitally transforming world, where the flow of information is ubiquitous, and infrastructure has to have the ability to be agile and continuously morph and scale. We believe it’s possible to simplify security by aligning it to applications and data, delivering it via the network, and by making it intrinsic to all elements of the infrastructure (rather than only at the network perimeter). In today’s software-defined world, it is possible
to seamlessly weave security into every layer of a business’s digital foundation, significantly reducing the attack surface exposed to malware. It’s a more proactive approach to threat management as it’s no longer necessary to be able to recognize what a threat looks like. Rather than adding complexity, it’s making things simpler; using the organisation’s existing software infrastructure and end-points, and enabling them to design security into apps and data at source. This is helping businesses shift from a legacy security model, where they reactively try to block or chase the bad, to a stronger approach to security, where the ‘known good’ is rigorously enforced. Built with modern applications in mind In pursuit of delivering an everimproving customer experience, the pace of application development and deployment has accelerated rapidly: in this brave new world, enterprise IT can no longer afford to be a world in which operational silos and inconsistent networking and security tooling dominate in private, public, and edge/ branch clouds. Business success today demands better automation, consistent infrastructure, and the ability to efficiently connect and secure modern application frameworks across data center and cloud deployments. Enterprises large and small are undergoing application transformation
to realise this and stay ahead of the competition. Modernising applications using containers and microservices has emerged as the dominant software development approach, and Kubernetes has become the de facto container orchestration platform. This is why a software-first approach via a Virtual Cloud Network (VCN) is becoming the table stake for organisations truly looking to move forward at speed. Forget bolted-on, siloed networking and security products. Instead, imagine having a seamless, secure, software-defined networking layer from data center to cloud to edge. A VCN is a software layer across the entire data center infrastructure, and beyond, from physical servers, to public and private cloud and edge. It gives the network automated agility, flexibility, and simplicity, allowing the network to become an enabler of business outcomes, rather than a siloed cost centre. By delivering secure, pervasive connectivity with the speed and automatability of software, a VCN can hold the promise of helping to banish siloes, lost opportunities and greatly improve the manageability of security issues for the business. Network security becomes a positive contributor to business competitiveness, and no just longer an increasingly ineffective cost centre . You may think it’s counter-intuitive, especially to existing security general practice – but essentially, with intrinsic security, less is more. By using fewer security point solutions across the entire IT environment—public and private clouds, devices and apps—companies can gain more visibility, efficiencies and cost savings. The network is the universal fabric that drives connectivity, intrinsic security and application delivery. It provides consistent, pervasive connectivity and security for apps and data, wherever they live. Businesses can ill-afford to wait to recognise that the network is the DNA of any modern security, cloud and app strategy. It should be seen as a strategic weapon, and not merely the plumbing.
MAY 2020
CXO INSIGHT ME
11
COVER STORY
DECODING ARTIFICIAL INTELLIGENCE HOW TO HARNESS THE POWER OF AI FOR YOUR BUSINESS FUTURE
A
rtificial intelligence is nothing new as it has been around for the last sixty years. So, why do business care so much about it all of a sudden now? The reasons are simple – there are more machines and data than ever before. Computing power is readily available and machine learning algorithms have advanced by leaps and bounds. The definition of AI is still fluid, and it encompasses many methodologies, algorithms, and technologies. But, the
12
CXO INSIGHT ME
MAY 2020
avowed goal of AI is simple – program computers and machines to be intelligent so they can learn, think, and act like humans. What is AI, really, and what does it mean to your business? “From a data management point of view, Artificial Intelligence is the overarching terminology for the science that will allow us to derive value from data through what is called machine learning and/or deep learning. In the case of machine learning, it is a process that permits a machine to provide us
with answers and decisions based on a set of parameters that have been programmed upfront. Just think of the chatbot for telephone banking, for instance,” says Fadi Kanafani, General Manager & Managing Director Middle East – NetApp. As for deep learning, it is a bit more complex. In this case, the machine will actually think and render intelligent value and insight based on learning algorithms that take into consideration all available private and public data. Some good examples
related to medical research are genomic analysis or medical diagnosis of a disease, he adds. Vivek Pai, Managing Partner, Middle East & Pakistan, IBM Global Business Services, defines AI as the ability of a computer program or a machine to think and learn like humans. “At IBM, we use the word “augmented intelligence” because we believe that AI helps humans carry out their jobs better, not replace their jobs. With the exponential growth of data, humans are challenged with making sense of that data and this is where AI can help in unlocking the value of this data to the organisation. The business potential for AI is immense as we believe it has the potential to impact more than 80 percent of an organisation’s processes especially in conjunction with other exponential technologies like IOT, 5G etc.” Dr. Neamat Elgayar, Associate Director of Research, School of Mathematical and Computer Sciences at Heriot-Watt University Dubai, says AI is a set of techniques that allow machines to mimic human-like thinking and perception. Among these technologies are predictive analytics, robotics, speech, image and natural language processing. “Machine Learning is a subfield of AI that is concerned with the development of techniques that allow computers to “learn”. Learning usually involves the use of example data or past experience. Machine learning models are at the backend of the stunning AI advancements we are witnessing today from robots, to the digital assistant and even self-driving cars,” she says. Refat Al Karmi, Mist Consulting Engineer, META, Juniper Networks, simplifies it further: “In essence, Artificial Intelligence (AI) is human intelligence exhibited by machines. This science of intelligent machines teaches them to do things that previously only humans could do with the aim of machines performing the tasks even better.” Roadblocks and pitfalls A recent Mckinsey survey reports that
Fadi Kanafani
WITH TODAY’S TECHNOLOGICAL ADVANCEMENTS, COST IS NO BARRIER ANYMORE. NOW, CIOs CAN EASILY CONSIDER ARTIFICIAL INTELLIGENCE TO DRIVE AND CONTROL THEIR BUSINESSES THROUGH LOCAL ON-PREM CAPEX INVESTMENTS AND ALTERNATIVELY CONSIDER CLOUD-BASED ENVIRONMENTS ON AN OPEX MODEL, OR A COMBINATION OF BOTH. the business world is just beginning to harness these technologies, and only a few companies have the foundational blocks in place to capitalise on AI. The survey points out that many organisations still have not mapped out where their AI opportunities lie and have clear strategies for sourcing the data that AI requires. Patrick Smith, Field CTO, EMEA, Pure Storage, believes we are still several years away from realising the full potential of AI and even then, that is only Narrow AI. Intelligent machines able to learn, create and adapt to any
Vivek Pai
situation, essentially being capable of all the cognitive functions of a human brain, are many years away. “But even today’s Narrow AI is capable of delivering significant value to enterprises in many different areas. For most organisations, this will mean integrating AI into day-to-day operational tasks ripe for automation. AI and machine learning can be applied to teach computers to recognise patterns in unstructured data and turn it into structured data in a manner that allows for automatic response to be applied,” he says. Kanafani says the adoption of AI in the past was challenging from a cost perspective. With today’s technological advancements, cost is no barrier anymore. Now, CIOs can easily consider Artificial Intelligence to drive and control their businesses through local on-prem CAPEX investments and alternatively consider cloud-based environments on an OPEX model, or a combination of both. “In terms of maturity, we find AI becoming viable across many sectors, but will be immensely beneficial in retail, healthcare, automotive, government intelligence, and finance with applications in those related industries,” he adds. CIOs and other IT executives will need to lay the groundwork for successful short-term and long-term AI programmes within an organisation, according to Elgayar.
MAY 2020
CXO INSIGHT ME
13
COVER STORY
However, Karmi from Juniper says, with the move to the cloud, organisations are finding various ways to fully integrate and use existing data to streamline business operations. “Because of the massive amounts of data required to drive these AI models, next-generation management frameworks based on AI models and modern microservices-based architectures must reside in the cloud.”
Dr. Neamat Elgayar
She says despite the relative maturity of several AI tools, companies find it challenging to choose and deploy the correct technologies and meet business objectives. To successfully adopt AI within an organisation, the first step is to understand what the different technologies provide, including their limitations. The next step is to identify specific business opportunities that need improvement. This encompasses formulating a set of use cases for deployment and selecting the appropriate AI tools for these particular use cases. It is always good to start with pilot projects and then scale them up across the organisation and to other use cases. Adopting AI in your business can be tricky when there are legacy systems to overcome, especially in the case of large enterprises. This is because the data management and workflows of legacy systems are not in tune with the requirements of modern AI platforms. “AI is dependent on the availability and access to data. If legacy systems provide access to this data (for example, through APIs), AI can be integrated with legacy systems. When integration is not possible, there is a strong case of cognitive automation, which combines both AI and RPA to integrate with legacy systems, and even devices with IoT,” says Pai from IBM. Elgayar says due to the fact that many large enterprises are based on legacy systems, integrating new 14
CXO INSIGHT ME
MAY 2020
Patrick Smith
ADOPTING AI IN YOUR BUSINESS CAN BE TRICKY WHEN THERE ARE LEGACY SYSTEMS TO OVERCOME, ESPECIALLY IN THE CASE OF LARGE ENTERPRISES. THIS IS BECAUSE THE DATA MANAGEMENT AND WORKFLOWS OF LEGACY SYSTEMS ARE NOT IN TUNE WITH THE REQUIREMENTS OF MODERN AI PLATFORMS. emerging technology would require significant contingency planning. “Many organisations face the challenge of working out how automation fits within its existing systems and processes. However, the burden of legacy systems can create a setback as well as costincreasing pressures in the long term. It is imperative for enterprises to bridge the gap between expectations and the growing demand for advanced technology.”
AI predictions for 2020 and beyond The global pandemic COVID-19 has brought AI to the fore with many government entities and healthcare firms using AI to create intelligent data to curb the outbreak and aid decision making. For instance, IBM partnered with the White House to help researchers working to fight the spread of the pandemic. Similarly, Group 42, an Abu Dhabi-based AI and cloud computing company, is offering its supercomputer, Artemis, to scientific researchers in any field that contributes solutions to the challenge of the current virus outbreak. “We will start witnessing the wide deployment of AI, with the technology out of the experimental cycle in 2018–19, and becoming adopted in all types of businesses, processes, products, and services. As the AI technologies become more valuable and less expensive, canceling off human routine work and freeing workers for high-level intellectual tasks, businesses will harvest the impact of using AI,” says Elgayar. Kanafani from NetApp summarises: “The world and businesses have gone digital and embraced a remote working model over the past few months to cope with the new environment. You will find retailers and consumer goods providers becoming more and more vested in technologies that will allow them to analyze buying trends, customer needs, time to market, target market, etc. Artifical Intelligence will be at the core of those digital transformation initiatives to ensure that these businesses remain relevant to the market, be able to overcome 2020 challenges, continue to be in business, and prepare for the long run.”
Trusted Intelligence. Stop account takeover Manage ransomware Avoid fraud losses Identify insider threats Expand your team Prioritize vulnerabilities Protect physical assets Reduce risk
www.cyberknight.tech
INTERVIEW
SECURING YOUR REMOTE WORKFORCE ALAIN PENEL, REGIONAL VICE PRESIDENT MIDDLE EAST, FORTINET, ON THE CYBERSECURITY CHALLENGES OF WORKING REMOTELY, AND HOW TO OVERCOME THEM.
advantage of a clientless experience or gain access to additional features through a thick client built into the FortiClient endpoint security solution. FortiGate NGFWs and FortiAP wireless access points include zero-touch deployment functionality. Appliances deployed at remote sites can be pre-configured before they ship, allowing for automatic set up onsite, which ensures business continuity and support for telework.
H
ow’s Fortinet tackling security concerns related to the remote workforce? The ability to securely support a remote workforce is an essential component of any organisation’s business continuity and disaster recovery plan. An organisation may be incapable of sustaining normal operations onsite, due to a power outage or similar event, or illness or flooding may make it unsafe for employees to travel onsite. In these scenarios, an organisation must be capable of supporting secure, remote connectivity to the corporate network. For over 400,000 Fortinet customers, their existing technology deployment already contains this functionality. FortiGate NGFWs have integrated support for IPsec VPNs, enabling secure connectivity for employees working from alternate work sites. The IPsec and SSL VPNs integrated into every FortiGate NGFW offer an extremely flexible deployment model. Remote workers can either take 16
CXO INSIGHT ME
MAY 2020
Can your customers transition to a secure teleworker strategy with incremental costs? We are helping our customers quickly transition to an effective and secure teleworker strategy without incremental costs. First of all, the Fortinet Security Fabric covers the remote worker scenario with three primary levels of connectivity and our FortiClient VPN solution is also available free of charge to ensure remote workers have fast and secure network access. Are you offering any free tools or training? During this time of transition, the need for cybersecurity awareness is more critical than ever, that’s why we have introduced a new, free of charge FortiGate Essentials Training Course designed to ensure that anyone looking to improve their cybersecurity skillsets has a way to advance their training from home. In this course, you will learn how to operate and administrate some fundamental FortiGate NGFW features in order to acquire a solid understanding of how to deploy and maintain a basic network security solution. Using self-paced guided recordings, the course covers how to enable users to remotely connect to
the network in a secure way, how to use firewall policies, user authentication, routing, and SSL VPN. You will also learn how to protect users using web filtering and application control. In addition, we have maintained a longstanding commitment to making everyone cyber aware through our cybersecurity awareness courses, NSE1 and NSE2, which are available free of charge to everyone online. These courses provide a basic understanding of today’s threat landscape, including common tricks and strategies used by cybercriminals, familiarity with essential cybersecurity concepts, and an introduction to critical security principles and technologies. The courses are also helpful in providing a baseline understanding of the threats we may face, especially now more than ever with more people accessing the internet from home. Through our FortiGate Essentials training course and our cybersecurity awareness training courses, Fortinet is hoping to raise the bar for security awareness and skills across the board. How’s Fortinet ensuring business continuity for itself and do you have a company-wide remote work policy? Fortinet took proactive measures to ensure the health and safety of its employees. These include implementing a company-wide remote worker policy, as well as many other cautionary steps. The company continues to closely monitor the situation and take additional actions to support updated best practices and guidance from the U.S. Centers for Disease Control (CDC), the World Health Organization (WHO), and international and local health authorities in countries where we operate.
INTERVIEW
WHY CYBER THREAT INTELLIGENCE MATTERS IAN SCHENKEL, VICE PRESIDENT, EUROPE, MIDDLE EAST & AFRICA AT FLASHPOINT, ON WHY THREAT INTELLIGENCE IS AN ESSENTIAL TOOL IN THE CISO’S ARSENAL.
H
ow can CISOs best assess risk factors of their businesses? The first thing they need to establish is what is known about them in illicit online communities or by individual threat actors. Hidden marketplaces that trade in compromised credentials, executive information, and stolen card data gives an insight into what serious risk factors CISO are faced with. Visibility into these types of sources will provide a unique understanding of what is out there and what a CISO will be facing. But there are so many sources of threat and risk to a business, it is important to clearly define your needs and objectives before seeking out vendors to help satisfy them. Get as granular as possible. If, for example, you’re in the market for a vendor that offers threat activity or online community coverage, don’t assume every vendor marketed as such will provide the depth and breadth of coverage you need. Only after you’ve determined your intelligence requirements and the depth of sources needed to fulfil those requirements should you even think about evaluating vendors. Once a CISO has this information that can then put effective, and long lasting security policies in place to prevent such breaches. However this is a constantly evolving strategy, and needs to be checked on a regular basis. As an organisation evolves its security policy, so too will the threat actors that try to breach it. Why do we need better threat intelligence sharing between the public and private sectors? Threat actors, nation states, and all illicit online communities will try to leverage vulnerabilities across all organisations -
they do not differentiate between private and public sectors. The more we are able to collaborate and unify against the common threats that every organisation faces, the more we are able to act against them in unison. Regardless of whether you’re new to threat intelligence, or if you already have a highly sophisticated programme in place, collaborating with your counterparts at peer organisations and other trusted experts can be highly beneficial. No intelligence programme is perfect, much less without challenges, and it’s important to remember that most of us in this industry are facing or have faced many of the same issues. By sharing what you’re dealing with—whether that might be difficulties establishing your intelligence requirements, getting the support you need from the C-suite, or choosing the right vendor, to name a few—you’re likely to encounter others who’ve been where you are and might even have insight into what you can do to end up where you want to be. Collaboration built into any threat intelligence platform is key to being able to share, and create a combined strategy. What are your tips for designing a new risk profiling system for enterprises? This all comes down to alerting. Flashpoint’s alerting comes in a few different variations, but ultimately is used to inform customers when relevant information is uncovered in threat actor discussions and compromised data is detected. In its simplest form,
this can be done by domain name, email address, or other public facing credentials monitoring. With more advanced monitoring and alerting, organisations should be able to create fully curated alerts on their industry, area of business, and geolocation. Do you provide a risk dashboard with near-real time visibility into vulnerabilities? Yes, at Flashpoint we do provide nearreal time visibility into vulnerabilities. This visibility is a pivotal part of our platform and means that security professionals can quickly get a pulse of what needs their attention day to day. Flashpoint’s dashboard provides Access to the latest CVEs within Flashpoint collection, including access to MITRE and NVD data, as well as CVEs discussed by threat actors as observed by Flashpoint Intelligence Analysts. With insights into threat actor mentions of such vulnerabilities, it makes it easier for users to prioritise vulnerabilities that threat actors are discussing and presumably utilising. What factors should security and risk professionals consider while evaluating threat intelligence vendors? They should be looking at vendors that can cover the five main aspects of threat intelligence and give them good scope on the following: First, cyber threat intelligence which includes insights into Distributed Denial of Service (DDoS), cybercrime, and emerging malware. Second, corporate & physical security which includes threats to critical assets, personnel, and infrastructure. Fraud is also a key area to consider when evaluating intelligence vendors. Can this organisation help you with identity theft, credit card fraud, personally identifiable information (PII) and/or personal healthcare information? Insider threats are also an area of concern for many organisations-no matter their industry. A vendor should be able to detect insider threats from their data sources, be able to investigate, mitigate and help respond to this particular type of threat. And lastly, compromised credentials monitoring is key. A stellar intelligence vendor will have access to unique collections for compromised credentials for your organisation and potentially your customers as well.
MAY 2020
CXO INSIGHT ME
17
FEATURE
TO BUILD OR NOT TO BUILD? THE INCREASING NEED FOR DETECTION AND RESPONSE IN A MENACING THREAT LANDSCAPE IS DRIVING THE DEMAND FOR SOC AS A SERVICE. HERE IS WHAT YOU NEED TO KNOW TO CHOOSE A SPECIALIST PROVIDER IF YOU CAN’T AFFORD TO BUILD ONE.
T
he growing complexity of cybersecurity often outpaces the capabilities of many organisations in the Middle East. This is especially true in the case of the Security Operations Centre (SOC), which comprises analysts and security pros working as a team to monitor and combat threats. The lack of skills has made it difficult for organisations to develop cyber capabilities in-house, and CISOs are now forced to look for third parties to plug these security gaps. To address this demand, many traditional managed security services providers have now 18
CXO INSIGHT ME
MAY 2020
started offering SOC as a service (SOCaaS) to monitor IT infrastructure and remediate threats proactively. According to Deloitte’s 2019 future of cyber survey, security operations top the list of cyber functions outsourced, followed by vulnerability management, physical security, and training and awareness. During these times, when remote work has introduced new security operational challenges, every company, regardless of its size, needs the advanced capabilities offered by SOCs, but most companies can’t afford to build it from scratch. This is where SOC as a service providers step in.
“In today’s constantly changing threat landscape scenario, security is not a one-time job. It is about taking care of the least probable and that is a constant journey. It needs 24x7 monitoring, proactive detection and on-time incident response to neutralise threats to avoid further damages. Security Operation Centres are responsible for 24x7 monitoring, detection and response so that security becomes an important DNA of an organisation,” says Ajay Nawani, Head Sales Engineering, MEA, Sophos. Ahmed Alketbi, Chief Information Security Officer, Moro Hub, adds: “SOCaaS is gaining traction owing to
WHILE LARGE ORGANISATIONS HAVE THE RESOURCES AND EXPERTISE INHOUSE TO BUILD DEDICATED SOCS, SMALL AND MEDIUM SIZED ENTERPRISE CAN’T AFFORD ONE, WHICH MAKES OUTSOURCING AN IDEAL OPTION TO FILL CYBERSECURITY VOIDS.
Ahmed Alketbi
the growing demand for outsourced security operation centre function. SOCaaS is a managed security service in which the service provider provides a fully managed and hosted security platform (SIEM), service of skilled security experts, round the clock threat detection and response service, and other managed security services. With SOCaaS, companies can cost-effectively develop effective data protection strategies, thus freeing the companies from the burden of acquiring, developing and retaining the essential skills.”
According to Marco Rottigni, Chief Technical Security Officer EMEA, Qualys, the biggest drivers are the lack of skilled professionals and the high TCO of an in-house SOC. “While having a robust cybersecurity technology stack is critical, the ability to centrally process the vast amounts of raw data from multiple sources, normalise and categorise the data, write correlation rules to make it consumable, and present this in a visually easy-to-understand manner, requires skills that are not readily and widely available in the market today.” Kalle Bjorn, Sr Director, Systems Engineering - Middle East, Fortinet, shares a similar opinion: “Running a SOC makes sense when there are dedicated SOC analysts inside organisations. For companies to get to a point where they can have these dedicated SOC employees and budget to build the platform and processes, it requires quite an investment.” Offering another perspective, Jonathan Couch, SVP, Strategy at ThreatQuotient, says initial technology investments for security can be daunting, especially for smaller companies that have little to no starting security infrastructure. “The time and cost to procure, install, and configure even a basic set of security capabilities can be significant. While SOC as a service can also be expensive, it is often the “easy” button for organisations and typically costs less than the initial investment into building your own. Personnel is the other key driver for outsourcing SOC services.” While large organisations have the resources and expertise in-house to build dedicated SOCs, small and medium sized enterprise can’t afford one, which makes outsourcing an ideal option to fill cybersecurity voids. Michael Madon, SVP & GM security awareness at Mimecast, says, “SMBs will greatly benefit from SOC as a service because of the skills shortages. SOCs require analysts for investigation and alert triage; security incident response management such as malware analysis, forensic analysis and root cause analysis; threat intelligence management; and general reporting duties that contribute to
Kalle Bjorn
Marco Rottigni
compliance. While a large enterprise may have the skills and technology for this and more, many smaller companies will be lucky to have a small security team.” In agreement, Matt Walmsley, EMEA Director, Vectra, says: “Small businesses are unlikely to have the security resources or expertise in-house to perform any security operations. So these organisations will look to outsource defensive controls and rely on the security provider to alert and advise them in the case of incidents. Medium-sized businesses have an increased security awareness and maturity and take a more active role in defining their security operations needs but look to outsource much, if not all, of their operations.” Haider Pasha, Senior Director and Chief Security Officer at Palo Alto Networks, Middle East and Africa (MEA), adds: “SOC as a service is suitable for
MAY 2020
CXO INSIGHT ME
19
FEATURE
Michael Madon
Haider Pasha
Ram Vaidyanthan
all types of companies, particularly small to midsized organisations, as they generally cannot spend the large sums that typical 24x7 SOC services demand. For small to midsized businesses, the major advantage of outsourcing the entire SOC function gives them the same advantages and levels of support as large organisations. For larger businesses that already have SOC teams in place, outsourcing certain subsets of services such as Threat Hunting can help share the load with their teams.
boundaries shall be the prime criteriaconsidering the increasing need for the same in specific sectors and countries,” says Alketbi from Moro Hub. Rottigni from Qualys says, first, organisations should verify the ability of the service provider to ingest data from all the relevant sources already deployed in the field. It is also crucial to evaluate the ability of the SOC-as-a-service provider to fill the gap and eliminate any blind corner or foggy area, in order to provide the best visibility across the entire IT estate. “Second — and this is particularly important for small and midsize companies — they need to validate the providers’ accuracy in enriching data to provide refined and consumable context. Data gathered accurately and pervasively across the digital landscape is likely to be useful for multiple teams — Security, Compliance, Incident Response — so the ability to leverage as much as possible from a single source of truth, for multiple purposes, with the right context could become a great competitive differentiator in choosing the service provide,” he adds. Ram Vaidyanthan, Product Manager, ManageEngine, says organisations should find out exactly what’s included in the service. They need to be clear about the number of endpoints, databases, and servers that comes under the purview of the SOCaaS vendor. “Does the vendor offer services such as network traffic monitoring and vulnerability
assessments in addition to security monitoring?” Pasha from Palo Alto Networks says if you outsource completely, it is imperative to research thoroughly to learn about the SOC services they can expand to and the type of Service Level Agreements (SLAs) offered. Additionally, it is also ideal to check on the transformation journey they can map with you. For example, can you initially outsource but built SOC capacity with them over time? This would allow you to outsource for the first two years or so, then co-source for another year, and finally build a complete on-prem, internal SOC. Israel Barak, Chief Information Security Officer, Cybereason, adds: “Ask yourself, can this provider help reduce my time to remediation when a cyber incident occurs? Are they looking at a sufficient amount of threat intelligence and do they have the proper escalation services available? Are they staffed with seasoned professionals? If the answer is no to any or all of these questions, you can bet they won’t provide the services your company will demand. If a SOC-as-a-Service provider can’t give you detailed KPIs and metrics, you need to look to other providers. “The bottom line is that it’s the job of the service provider to take the risk away. There is a misconception that managed services is a black box. But the reality is different as there are many highly reputed companies in the market that will help you greatly reduce risk to your business,” he sums up.
A checklist for providers If you are a CISO, evaluating SOCaaS providers can be a daunting task as they come in different flavours with a range of services. This can include basic patching and remediation to active threat hunting. What should companies keep in mind while evaluating SOC as a service providers? “A SOCaaS provider shall be evaluated based on the spectrum of services offered, adequacy of tool coverage required, compliance with standards, adequate legal and regulatory requirements, capability derived from the proven brand name in the market, and insurance coverage provided. The capability to provide support during investigations, including the provision of logs and forensics support, offer for business continuity support levels are also additional requirements to be considered. Besides, data residency and data exposure outside geographic 20
CXO INSIGHT ME
MAY 2020
VIEWPOINT
MANUFACTURING THE FUTURE MOHAMAD AWAD, REGIONAL VP FOR THE MIDDLE EAST, AVEVA, ON OVERCOMING THE AI AND ML ADOPTION BARRIERS IN MANUFACTURING
T
here has been a considerable amount of hype around Artificial Intelligence (AI) and Machine Learning (ML) technologies in the last five or so years. So much so that AI has become somewhat of a buzzword – full of ideas and promise, but something that is quite tricky to execute in practice. At present, this means that the challenge we run into with AI and ML is a healthy dose of scepticism. For example, we’ve seen several large companies adopt these capabilities, often announcing they intend to revolutionise operations and output with such technologies but then failing to deliver. In turn, the ongoing evolution and adoption of these technologies is consequently knocked back. With so many potential applications for AI and ML it can be daunting to identify opportunities for technology adoption that can demonstrate real and quantifiable return on investment. Many industries have effectively reached a sticking point in their adoption of AI and ML technologies. Typically, this has been driven by unproven start-up companies delivering some type of open source technology and placing a flashy exterior around it, and then relying on a customer to act as a development partner for it. However, this is the primary problem – customers are not looking for prototype and unproven software to run their
22
CXO INSIGHT ME
MAY 2020
industrial operations. Instead of offering a revolutionary digital experience, many companies are continuing to fuel their initial scepticism of AI and ML by providing poorly planned pilot projects that often land the company in a stalled position of pilot purgatory, continuous feature creep and a regular rollout of new beta versions of software. This practice of the never ending pilot project is driving a reluctance for customers to then engage further with innovative companies who are truly driving digital transformation in their sector with proven AI and ML technology. Innovation with direction A way to overcome these challenges is to demonstrate proof points to the customer. This means showing how AI and ML technologies are real and are exactly like we’d imagine them to be. Naturally, some companies have better adopted AI and ML than others, but since much of this technology is so new, many are still struggling to identify when and where to apply it. For example, many are keen to use AI to track customer interests and needs. In fact, even greater value can be discovered when applying AI in the form of predictive asset analytics on pieces of industrial process control and manufacturing equipment. AI and ML can provide detailed, real-time insights on machinery operations, exposing new insights that humans cannot necessarily spot. Insights that can drive huge impact on businesses bottom line. AI and ML is becoming incredibly popular in manufacturing industries, with advanced operations analysis often being driven by AI. Many are taking these technologies and applying it to their operating experiences to see where economic savings can be made. All organizations want to save money where they can and with AI making this possible. These same organisations are
usually keen to invest in further digital technologies. Successfully implementing an AI or ML technology can significantly reduce OPEX and further fuel the digital transformation of an overall enterprise. Industrial impact Understandably, we are seeing the value of AI and ML best demonstrated in the manufacturing sector in both process and batch automation. For example, using AI to figure out how to optimize the process to achieve higher production yields and improve production quality. For example, in the food and beverage sectors, AI is being used to monitor production line oven temperatures, flagging anomalies including moisture, stack height and color - in a continually optimised process to reach the coveted golden batch. The other side of this is to use predictive maintenance to monitor the behaviour of equipment and improve operational safety and asset reliability. A combination of both AI and ML is fused together to create predictive and prescriptive maintenance. Where AI is used to spot anomalies in the behavior of assets and recommended solution is prescribed to remediate potential equipment failure. Predictive and Prescriptive maintenance assist with reducing pressure on O&M costs, improving safety, and reducing unplanned shutdowns. Technological relations Both AI, machine learning and predictive maintenance technologies are enabling new connections to be made within the production line, offering new insights and suggestions for future operations. Now is the time for organisations to realize that this adoption and innovation is offering new clarity on the relationship between different elements of the production cycle - paving the way for new methods to create better products at both faster speeds and lower costs.
VIEWPOINT
HOW TO AVOID A DIGITAL DYSTOPIA ASSAAD EL SAADI, REGIONAL DIRECTOR – MIDDLE EAST, PURE STORAGE, ANALYSES THE MAIN ETHICAL ISSUES OF ARTIFICIAL INTELLIGENCE many well-meaning others may be planning today for such future regulation in detrimental ways. They may either opt for doing nothing for fear of falling foul of future laws; or they may rush headlong into ill-thought policy-shakeups so they can later cite such actions in their defence.
A
rtificial intelligence (AI) has become so mainstream, it is difficult to believe it was formerly the pipedream of backroom techies. Worldwide, it is helping to target cancer research, predict crop shortages and improve business productivity. Middle East governments and businesses are taking AI seriously. In the Gulf Cooperation Council (GCC), AI bots are being used to supercharge customer service in the utilities sector and FSI. And PwC expects AI to be a US$320 billion industry across the Middle East by 2030, with nations investing considerable chunks of GDP in the pursuit of smart societies. UAE-based organisations are projected to contribute 13.6% of national GDP to AI spend. In Saudi Arabia that figure is 12.4% and in Egypt it is 7.7%. But challenges remain. It is hard to see how an unwelcome AI invasion will bring universal benefits. Retrospective responsibility Where does AI accountability begin and end? Many within the regional technology industry are concerned that public outcries may be so intense that they lead to regulations that penalise companies for actions taken before the laws were in place. This retrospective responsibility could be costly. While we certainly want to curtail the activities of companies that are cavalier about civic responsibility,
Overpromising Many firms, eager to be global leaders in AI ethics, make unrealistic claims of ethics and innovation living in perfect harmony. While it is to be hoped that such utopian conditions may yet be possible, we need open, honest debates on important issues, rather than getting bogged down in brand preservation. Machines are ill-equipped to make ethical judgments and act on data alone. Many of the region’s governments, such as those in Abu Dhabi and Saudi Arabia, have already begun to introduce digital workflows into their judicial and litigation frameworks, but have thankfully learned from AI fiascos elsewhere and have avoided using more ‘advanced’ systems. Society before technology Smart Dubai, the Dubai government agency responsible for delivering the emirate’s “smart society” vision, went so far as to publish formal guidelines on AI ethics. The 35-page document codifies the goals – fair, accountable, transparent and understandable – that many publicspirited technology companies espouse. However, to deliver on these laudable pillars, organisations need to be aware that AI itself cannot and will not be any help to us. The number-crunching and patterndiscerning nature of machine learning will dredge up that which may offend, discourage or demoralise. We, as humans, are responsible for repairing these underlying problems. If data is prejudiced, then the problem is not with the AI that discovered it. We should not blame the messenger and instead, set to work on repairing the source of the message.
Human rights As we form frameworks on how we deal with intelligent machines as a society, we need to remember that, as yet, we are not one society. Each nation state and government will have to grapple with its own principles and establish its own ethics benchmarks. Governments must also consider how broader public policies will affect AI adoption. A perfect example is the area of job displacement by automation, particularly among older workers. In 2018, the organisation Oliver Wyman developed metrics to encapsulate the threat of automation to the senior portion of the workforce. It found that not only was automation a higher-thanaverage threat to older workers in GCC nations, but those nations’ workforces were aging faster than those of their global peers. This is a critical issue that only governments can address. Next steps There remains reason to be encouraged. With the right public policy frameworks, we can expect the Fourth Industrial Revolution to be a net creator of jobs, as its predecessors were. However, governments must take action on the important issues before these issues have been taken out of their hands. They should ensure that AI is part of all school curriculums. The technology sector should engage with the mainstream media, arming the general public with the knowledge required to safeguard themselves and their data. As well as the creation of an environment where businesses can fail fast without fear, we need to also make sure that any regulator that polices AI ethics is equally fearless and reflects the diversity of the community it protects. Get it right and the “smart society” will be a great place to live; get it wrong, and we will all be living in a digital dystopia.
MAY 2020
CXO INSIGHT ME
23
VIEWPOINT
ADDRESSING COVID-19 CYBERSECURITY CHALLENGES SOUHEIL MOUKADDEM, EXECUTIVE VICE PRESIDENT AT BOOZ ALLEN HAMILTON AND ZIAD NASRALLAH, PRINCIPAL AT BOOZ ALLEN HAMILTON ON ENHANCING GOVERNMENT, ENTERPRISE, AND INDIVIDUAL CYBERSECURITY DURING THE PANDEMIC
T
he COVID-19 pandemic has created an environment in which cyber threat actors can exploit information technology (IT) infrastructure, technology use, and human behavior. These adversaries target both fearful populations seeking information to remain safe and aware in addition to security gaps in the rapidly expanding domain of remote work across the spectrum of daily business and mission essential operations. As governments, enterprises, and individuals across the Middle East North Africa (MENA) region adapt to new ways of thinking, collaborating, and working, it is imperative to pay increased attention to the protection of critical information and infrastructure during this time. Heightened awareness of attack methods, potential vulnerabilities, threat actor tools, and social engineering tactics can help mitigate cyber risks as the threat landscape continues to rapidly evolve in response to COVID-19. There are four major attack types either already playing out or likely on the horizon that entities and individuals should prepare themselves for and harden their cybersecurity postures against: denial-of-service attacks, remote work exploitation, phishing and financial scams, and misinformation campaigns. Denial-of-Service Attacks Denial-of-service attacks are cyber attacks in which a threat actor seeks to make machines, networks, tools, or websites unavailable to users. With a greater portion of the population operating remotely than ever before, denial-of-service attacks are an increased risk as workers are physically cut off from others and depend entirely on network reliability. Additionally, threat
24
CXO INSIGHT ME
MAY 2020
Souheil Moukaddem
Ziad Nasrallah
actors are likely aware that governments and enterprises prioritise the availability and performance of critical applications and networks for their employees. This may lead to security lapses or cut corners – potentially providing additional vulnerability points in less secure areas of a network or via new routes created to facilitate remote work. Indeed, in a time of an evolving global health crisis, it is possible that more denialof-service attacks will occur. Worse yet is the possibility that attacks could hit critical healthcare institutions or government entities, hampering their crisis response capabilities and placing lives at risk. While no major incidents of this nature have yet been reported regionally, an attempted attack on the U.S. Department of Health and Human Services and hospital-focused ransomware attacks are telling indicators that threat actors are not sparing institutions involved in COVID-19 response. In addition, recent reports on emerging internet-ofthings (IoT) botnets, based on the Mirai botnet that temporarily crippled large portion of internet traffic in 2016, suggests major attacks are potentially on the horizon.
Remote Work Exploitation Similarly, cyber risks posed by exploitation of remote work – not only tools and technologies but also human behavior – are significant. In this environment, there are numerous potential vulnerabilities for threat actors to target including personal computing devices, home Wi-Fi networks, and free or low-cost telephone and video conferencing services (such as Zoom, which has already seen its usage grow exponentially worldwide, despite significant security lapses). These vulnerabilities create opportunities for threat actors and can result in data loss including both personally identifiable information (PII) or sensitive corporate data. On this front, companies and entities in the Middle East are acutely vulnerable. While, major foreign companies and multi-national corporations (MNCs) with globe-spanning operations are often wellpositioned for remote work, the same is not true of many local governments and enterprises – especially small and medium businesses. In mid-March, as COVID19-related lockdowns and government-
mandated remote work requirements entered into force, just 12 percent of companies in the Gulf had remote work arrangements in place based on a survey of 1,600+ Gulf-based business executives. In the ensuing weeks, even as many shifted to remote work, entities often lack robust corporate virtual private networks (VPNs), secure conferencing capabilities, two-factor authentication, and other measures necessary to provide security in a distributed work environment – creating a fertile environment for cyber threat actors. Phishing and Financial Scams The COVID-19 health crisis has likewise witnessed a significant uptick in phishing and financial scams by cyber criminals. This type of threat activity always surges in crises as threat actors exploit human behavior and a captive audience eager to receive guidance and information on COVID-19. Similarly, with many employees living in a state of fear as workplace policies rapidly change in response to the outbreak, there is a heightened risk of employee missteps or mistakes that could facilitate threat actor access to corporate networks. Since the outbreak started, threat actors have propagated malicious documents with COVID-19-themed names and phishing campaigns have been linked back to groups operating from Pakistan, Russia, China, North Korea, and others. Malicious files in these campaigns install malware, ransomware, or remote administration tools (RATs) after users are enticed to open emails or visit fake websites. Across the region, governments have warned their citizens and residents to be on guard – including an advisory from the Saudi Computer Emergency Response Team (Saudi CERT) on the heightened risk of phishing attacks. Similarly, banks and financial institutions have aggressively messaged on the risk posed by financial scams. Warnings from Bahrain, the Central Bank of the UAE (CBUAE), and the Dubai Financial Services Authority (DFSA) all note that – especially as many institutions have suspended or reduced in-person transactions and pushed operations online – individuals and entities face a greater risk of attack and exploitation. Attacks observed have even included phone calls and
WhatsApp messages, a communication mechanism not used for official bank communications. Most recently, a UAE consortium consisting of the UAE Banks Federation, CBUAE, and the Abu Dhabi and Dubai police forces launched a joint anti-fraud awareness campaign. Indeed, with Trend Micro reporting more than 3,000 COVID-19 cyber attacks across Gulf between January and March – including more than 600 cases of email phishing in the UAE alone – attacks of this type are highly likely to continue increasing throughout the crisis. Misinformation Campaigns Lastly, the threat of misinformation campaigns – first highlighted globally in the 2016 U.S. presidential election – is continuing to grow and evolve whether from nation-states, cyber criminals, or even well-meaning but misinformed individuals. Indeed, the current information environment is ripe for exploitation given the fear and uncertainty surrounding COVID-19 as individuals seek information or worse, latch onto unproven medical treatments or false government guidance. With governments – including first responders such as police and security personnel – preoccupied with response operations and public communications, available resources to counter or dispel emerging misinformation campaigns are low. Across the Gulf, countries including the UAE, Saudi Arabia, and Kuwait have all issued warnings – including the threat of fines, jail, and deportation – for those caught spreading or encouraging misinformation. Kuwait has likewise already acted against several individuals found in violation of the law; however, the threat will remain a persistent reality throughout the duration of the crisis. Recommendations Ultimately, making changes to the information security environment during a crisis is difficult. Fortunately, there are steps – especially focused on communications and awareness – that can be effectively leveraged to help. The following recommendations are provided to help reduce the increasing digital attack surface and prevent deeper,
more persistent exploitation of an organisation’s people and assets, during the current state of prolonged remote work deployment: Vulnerability management and security operations teams should address existing vulnerabilities that open the door for denialof-service attacks. Prioritize patching and security tool deployments (e.g., content delivery networks designed for website security and to address availability of services during times of increased user traffic). At the same time, VPN connections should be established with multi-factor authentication enabled to control and protect access to enterprise networks. Security teams should also be prepared to increase detection and monitoring capabilities and maintain heightened vigilance of susceptible assets and infrastructure, especially those with public exposure or mission-critical assets. Furthermore, information security policies, specifically for remote work arrangements, should be routinely communicated and validated with staff to establish awareness, vigilance, and cyber hygiene. Complex policies may overwhelm workers, while basic cyber hygiene guidance and virtual training sessions can quickly establish an effective baseline. It is imperative to warn employees about phishing emails with COVID-19-themed filenames and attachments designed to entice them to click and open. Training should reemphasize how to identify suspicious emails or URLs suggesting links to COVID-19 information. Companies should provide guidance and links to authoritative, trusted content to reduce employee impulses to seek alternative information sources. We recommend incident response plans should incorporate out-of-band communications channels to reach employees in the event of a cyber attack to help prevent added confusion and fear, especially in a dispersed work environment for a prolonged period. Finally, enterprise networks should ensure and reinforce blocking for downloads of unauthorized tools, applications, and software on enterprise networks or personal devices used for remote work purposes.
MAY 2020
CXO INSIGHT ME
25
VIEWPOINT
HOW TO ADOPT AI IN YOUR BUSINESS IS ARTIFICIAL INTELLIGENCE DELIVERING RESULTS OR TAKING OVER? ASKS ANAS A. ABDUL-HAIY, DIRECTOR AND DEPUTY CEO OF PROVEN CONSULT.
W
e have long had the perception that as artificial intelligence (AI) enters our life it will continue to take over until we are living in a world that is controlled by machines. Or so that’s what Hollywood would have us believe. This idea has continued to grow as robotics automation and artificial intelligence entered the workplace. Many people felt that their jobs were threatened and that their roles would be taken over by robots, leaving vast numbers of the population without employment. Others look forward to the additional quality time that selfdriving vehicles and automated home appliances will bring to their families. The truth is we are still far away from either scenario, even with the rapid implementation of new technologies. But what does that mean for us now? And how much is life going to change in the near future? Here we take a look at the key success elements when you are exploring AI and automation for your business. As you are reading this article, chances are that you already know the benefits that intelligent automation brings to a business: efficiency and process speed increases, freeing up of human employee time to focus on adding value to the business, boost employee productivity and support cost savings. The value added when implementation is done right is extensive. There are also the challenges that automation brings: employee roles needing to change or become obsolete, data management struggles, accessibility, training, down time and project accountability. It’s not until technology is implemented that people really begin to understand both its potential and its current
26
CXO INSIGHT ME
MAY 2020
limitations. Automation of manual repetitive processes we are there, selfdriving cars, we still are not. And whilst AI bots are great at managing processes within an organisation, they still can’t strategically add value to the business in the way that people can. Automation and intelligence do however, have the potential to change the way that people work together, allowing people to do their jobs better, easier, faster and improving how they handle their daily tasks. In order for your business to be ready for automation implementation, there needs to be a strategic method where you; identify areas for automation and what should be left for human management; align your teams with the improvement approach and handle any resistance to implementation; acknowledge the importance of people.
1
Not everything should be handled by a bot Automation adds value to many areas of the business; however, we are still a long way away from automated workforces handling all areas of the business. Before development teams build chatbots and automate processes for everything they can think of, there needs to be a clear vision of what the automation is going to handle and what it can bring value to. Each new role, both bot and human should be clearly defined. It is typical for bots to focus on repetitive, process-based tasks whilst for humans this is likely tasks that require analytical thinking, an agile approach or case by case judgement.
2
The culture of improvement Technology is usually implemented to make improvements to a
department or the wider business, they are rarely because a department had too much budget left at the end of the year. But technology is nothing without the people that make it a success. A cultural change from the top down to encourage the adoption of automation. Teaching teams how automation can benefit them and training them how to manage the automation bots supports change management throughout the implementation.
3
There is still value in people Multiple studies show that people perform better when they perceive themselves as valued and that their work is actively contributing to the organisation, in other words, when they feel that they are significant. AI and automation brings more opportunities for people to feel valued, it is only when processes are analysed do we realise how repetitive and unstimulating they often are. By shifting these to automation, it frees up teams for more engaging and meaningful work, improving the working lives of employees and allowing them to be more effective to the business. What next? There still needs to be a connection between people in order for organisational success, we are not in a place where businesses are powered by virtual workforces and as job roles evolve and soft skills are placed at a higher value, there is always a place for a human team alongside a robotic one. There is much success to be gained from AI and automation when it’s done with the right approach, giving a better look at the whole picture and creating new ways of working.
Category 8.1 Permanent Link
LAN and Data Center approved nents for LAN as well as Data Center needs in various environments.
Reichle & De- Massari Middle East, Turkey & Africa, JBC (Jumeirah Business center) 3, Cluster Y, are@rdm.com, + 61 87 236 4 971
VIEWPOINT
HOW CYBER ATTACKERS EVADE THREAT SIGNATURES MATT WALMSLEY, EMEA DIRECTOR, VECTRA, ARGUES THE CASE FOR BEHAVIOUR-BASED THREAT DETECTION
T
here’s an alarming cybersecurity gap between the time an attacker evades prevention security at the network perimeter and the time when an organisation discovers that key assets have been stolen or destroyed. This is the attacker dwell time gap, and is measured in weeks or months for most organisations who are breached. Attackers have a big advantage in this gap. Traditional, widely embraced approaches to detecting threats — including signatures, reputation lists and blacklists — are inherently 28
CXO INSIGHT ME
MAY 2020
reactive, ceding the first-mover advantage to cybercriminals. The inherent limitations Signatures have had a good run, especially at detecting large-scale commodity threats like command-andcontrol communications of botnets, automated crawlers and vulnerability scanners that scour the Internet. But the signature model is limited and leaves multiple blind spots for a barrage of perilous attacks. Attackers who value stealth, over the number of systems they control, are finding ways around signatures. And unfortunately, these
sophisticated attackers tend to think more strategically and pose a significant risk to organisations. Understanding the blind spots caused by signatures requires understanding the weaknesses. For one, signatures, reputation lists and blacklists only recognise threats that have been previously seen. This means someone needs to be the first victim, and everyone hopes it’s not them. Detecting threats usually depends on key security applications installed at endpoints and gateways. New threats are caught in virtual sandboxes and new signatures are generated on-the-fly. The process
takes time, and malware can gain a foothold as endpoints and networks are left vulnerable. Secondly, signatures have no response to attackers that have already penetrated your network, as they live off of the land using common protocols and services, and not the malware they used to find a way in. Signatures and other Indicators of Compromise won’t help you identify and stop a malicious insider with legitimate access and legitimate tools. Attack behaviours and deviations from normal activity can’t be detected with signatures. Custom malware also makes its way around signatures. Most malware is unique to the organisation under attack, which means it won’t be caught by signatures. According to the 2015 Verizon Data Breach Investigation Report, 70-90 percent of malware samples have traits that are exclusive to the targeted organisation, and this approach of customisation and bespoke tooling has only grown since then. Attackers don’t handcraft malware; they modify existing malware just enough to throw off signature-based defences. Malware signatures work by creating hashes of known bad files, so the smallest modification prevents a match. Attackers simply add a few bits to a malware file so the hash won’t recognise it as malware. These changes occur automatically with no human interaction. Vast volumes of seemingly custom malware are generated daily in this way. The key is that while the malware’s bit pattern may differ, its behaviour is the same. The changes, which are designed to avoid signaturebased detection, are superficial. Signatures also miss zero-day attacks that target vulnerabilities in software or operating systems, such as Heartbleed or Duqu 2.0. These vulnerabilities are virtually impossible to detect via signatures because they only stop known threats. Creating new signatures is a tried and tested solution. It’s the bedrock of everything from antivirus software to next-generation firewalls, intrusion
detection systems (IDS) and intrusion prevention systems (IPS). However, they are always several steps behind attackers and can create a false sense of security. Focus on attacker behaviour Attackers can change malware, search for unknown vulnerabilities and steal data from systems they have permission to access. But they can’t change their attack behaviours as they spy, spread and steal from a victim’s network. These behaviours can be observed, giving organisations real-time visibility into active threats inside their networks. Today, the savviest organisations complement their signature-based defences with automated threat management. They stay up-to-date on prevalent attacker Tactics, Techniques and Procedures (TTPs) from evidence-based sources like the Mitre ATT&CK framework, to hypothesise possible attacks, and put appropriate controls in place. Spotting the weak signals of an attack, hidden in the cacophony of communications, isn’t easy, and requires smart, adaptive software. By combining data science, machine learning and behavioural analysis, automated threat management detects malicious behaviours inside the network, regardless of the attacker’s attempt to evade signatures and whether it’s an insider or outsider threat.
By focusing on attack behaviours and actions, automated threat management can identify every phase of an active attack — command and control, botnet monetisation, internal reconnaissance, lateral movement and data exfiltration — without signatures or reputation lists. Behaviour-based threat detections also identify internal reconnaissance scans and port scans, Kerberos client activity, and the spread of malware inside a network. Data science models are effective at neutralising an attacker’s use of domain-generation algorithms to create an endless supply of URLs for their threats. Cybercriminals always look for new ways to conceal their attack communications, and one of the most effective — and fastest-growing — ways to do this is by hiding within another allowed protocol. For example, an attacker can use benign HTTP communication but embed coded messages in text fields, headers or other parameters in the session. By riding shotgun on an allowed protocol, the attacker can communicate without detection. However, the detection models inherent in automated threat management can reveal these hidden tunnels by learning and analysing the timing, volume and sequencing of traffic. Staying ahead of network threats Nimble attackers can easily create and hide their exploits in an infinite number of ways. Consequently, the limitations of signatures should be complemented with automated threat management models that continuously learn new attack behaviours and adapt to network changes. It’s time to jump off the signature hamster wheel, gain visibility and an understanding of the previously unknown inside your networks and cloud, and get ahead of attackers by automatically detecting and analysing the behaviours and actions that belie an attack and mitigate the threat before damage is done.
MAY 2020
CXO INSIGHT ME
29
VIEWPOINT
INVASION OF PRIVACY
DAVID GROUT, EMEA CTO AND RICHARD WEAVER, DATA PROTECTION OFFICER, FIREEYE, ON THE SECURITY AND PRIVACY IMPLICATIONS OF COVID-19 LOCATION DATA APPS.
R
esearchers around the world are rushing to create vaccines and medicines that can stop the COVID-19 pandemic or at least halt its spread. In the midst of these efforts, there has been plenty of evidence that technology has a useful role to play in mitigating the crisis and making a valuable contribution in this global battle. The use of mobile devices as part of this effort has raised several important questions around privacy and security. This blog will explore them and the limits when considering the use of mobile technology and location data in the global fight against COVID-19. Firstly, it’s important to clarify what types of mobile data and application usage we are talking about. They fall into three main categories: to understand general population movement, potential proximity to with 30
CXO INSIGHT ME
MAY 2020
COVID-19 positive individuals and advise on measures for self-quarantine, and the collection of information from patients for statistical analysis. Mobile tracking to understand population movement and the impact of lockdown: Mobile carriers in Germany, Italy and France have started to share mobile location data with health officials in the form of aggregated, anonymised information. This falls in line with the law and local regulations. Because European Union member countries have very specific rules about how app and device users must consent to the use of personal data, developers must consider other forms of useful data unless they get individual consent from users. The aggregated and anonymised approach is related to groups within a population and not individuals, but it gives a clear view on population displacement trends and therefore the risk level of each area.
Determining potential proximity to COVID-19 positive individuals: This approach is being tested in countries such as Germany and France. The objective is to limit the spread of the virus by 1) identifying people who have potentially come into contact with an individual who has tested positive, and 2) advising those people to self-quarantine, if proximity was determined. In Germany, the government is relying on the rules defined by the PanEuropean Privacy-Preserving Proximity Tracing (PEPP-PT). France is exploring this subject with INRIA under the project: ROBERT-ROBust and privacy-presERving proximity Tracing protocol. These types of applications have been in place in several countries since the beginning of the pandemic, including Singapore (TraceTogether), China (Alipay Health Code) and Israel (Hamagen). Collection of users’ information for statistical analysis: This approach has
been used by the UK government through the application ‘C-19 Covid Symptom Tracker’ which was developed by the startup ZOE, in association with King’s College London. The data needed to meet all three objectives is then stored by mobile providers in a variety of places that must be secured, both to protect the app users’ privacy but also to prevent manipulation/ spoiling of the data by a third party. And given that data is sourced from different places, like repositories of GPS, Bluetooth and other apps on the device, different security arrangements by source may need to be considered. Regulators are recognising that app developers need timely guidance to balance the collection of data with safeguarding privacy, with appropriate tools for the public to have control over its data. In the EU, the statement by the EDPB Chair on the processing of personal data in the context of the COVID-19 outbreak, published in March 2020 advances this objective. Key Principles of Responsible COVID-19 Location Data Apps Collection of consent for tracking data on an individual level: Today, most apps are voluntarily downloaded and activated by users. The challenge is that these applications often need to be used by a certain percentage of the population to truly be of value in the fight against the virus. This can tempt developers not to disclose the true purpose of an app. A recent survey in Europe showed that around 80% of the population in France, Italy and Germany was willing to adopt a tracking application during the COVID-19 pandemic. However, if the app hides a type of data collection and sharing, then the consent given by an individual cannot be valid. Apps must explain which data types are collected, how they are collected, and what the goal behind the collection is. As an example, the Pan-European PrivacyPreserving Proximity Tracing team have explained clearly on their website that they do not collect any personal information such as addresses, phone numbers, or
DEPENDING ON THE JURISDICTION, ENDUSERS MAY HAVE THE RIGHT TO REQUEST ACCESS TO PERSONAL DATA THAT HAS BEEN COLLECTED AND TO DELETE THE DATA. APP DEVELOPERS MUST THINK THROUGH HOW THEY WILL RECEIVE, VALIDATE, AND ACTION THESE REQUESTS. geo-location. We are also encouraging developers to ensure that an application respects the privileges it has been granted by users and doesn’t abuse them by operating outside of necessary tasks. App developers should outline under what conditions data collected by the app may be shared or sold to third parties. Third party sharing limited to public health bodies, as an example, may be more palatable to the end user than a sale of data to an unrelated third party.
Time restrictions: App developers should build in the ability to discontinue their use if national health authorities determine that the data they collect is no longer needed to address the pandemic. Data retention and storage should also be guided by decisions flowing down from national health authorities. Use the right technology: Understanding the technology that users and providers are relying on to exchange information is the key to successful adoption. Providers and policy makers will need to define the specific rules for each technology and its associated use. The way technologies are collecting information is important when defining the how, the when and the why of using one technology over another. Properly secure the collected data: App providers need to ensure an appropriate level of security, possibly through the use of encryption, to avoid any data leaks and any data manipulation by non-trusted third parties. Providers should also be transparent about their choices regarding the technology implementation of their applications and how secure it is. A state-of-theart implementation guide should be followed, as well as the compliance rules already put in place by international organisations and governments. Prepare to facilitate data protection rights, including deletion rights: Depending on the jurisdiction, end-users may have the right to request access to personal data that has been collected and to delete the data. App developers must think through how they will receive, validate, and action these requests. App developers are advised to work with their legal counterparts to understand evolving guidance from regulators. Achieving a balance between swiftly releasing a new app to maximise its impact in helping halt the virus’ spread, whilst ensuring there’s a stringent and tested security / privacy strategy in place is a challenge. However, if the above steps are followed then it should mean users will have one less issue to worry about during what is already a difficult period for many.
MAY 2020
CXO INSIGHT ME
31
VIEWPOINT
OPEN BANKING’S OPEN SECRET TABREZ SURVE, REGIONAL DIRECTOR – GULF, LEVANT & TURKEY AT F5 NETWORKS, DESCRIBES WHY HOLISTIC API MANAGEMENT IS THE KEY TO UNLOCKING OPEN BANKING’S VAST POTENTIAL.
I
n the age of digital banking, financial data now stretches way beyond traditional banks. Last year was rife with hype and speculation about open banking’s disruptive credentials, and it is easy to see why. Customers are becoming increasingly receptive to alternative payment methods from established technology firms such as Apple Pay, Samsung Pay, Amazon, and Google. There is already a growing number of people who are transacting exclusively via PayPal or bitcoin. This rapidly advancing technology has taught consumers to demand everyday
32
CXO INSIGHT ME
MAY 2020
information instantaneously and with little effort—and now consumers want more control over their money. that is where open banking comes in. Essentially, it is the practice of sharing financial information electronically, securely, and only under conditions that customers approve of. Open banking chatter persists because it is can be a significant innovation catalyst, enabling better user experiences, streamlining lending, automating accounting, and pioneering new payment options. It opens the way to new products and services that could help customers and
small to medium-sized businesses get a better deal. It could also give you a more detailed understanding of your accounts, and help you find new ways to make the most of your money. Here in the GCC, Bahrain is taking an early lead in the introduction of open banking systems, and the rest of the region appears poised to follow. Pent-up demand for digital banking services also points to a need for open banking in the region. Indeed, recent research from McKinsey on urban consumers in UAE and KSA showed that at least 80 percent of consumers prefer digital banking, yet only 20-25% of them have acquired a product digitally. Looking elsewhere in the world, Asia is already enthusiastically embracing the concept, buoyed by a slew of countries digitalising in real-time, a large base of tech-savvy consumers and digital payment platform ubiquity. Europeans are slightly more circumspect. The biggest hurdle to date is consumer sentiment. There is still a reluctance to share personal information, which is partly a cultural mindset but also a reaction to the prevalence of data breaches. Awareness is another pressing concern. According to a Splendid Unlimited study on the state of open banking, a mere 22% know what it is. Open banking services were used by just 9% of survey participants. Ernst & Young’s Open Banking Opportunity Index predicts it will take around three to five years to really get going. That can change fast, however. Recently, the Open Banking Implementation Entity (OBIE) – the body set up by the Competition and Markets Authority (CMA) to deliver Open Banking in the UK – said the number of users has doubled in the past six months. More than 1m customers have made use of open banking technology in the two years since the tool came into effect. Meanwhile, regulations continue to drive the pace of open banking rollout. In Europe, the European Union’s Second Payment Services Directive (PSD2) will continue to resonate. In effect since 14 September 2019, the directive aims
to promote innovation, help banking services integrate new technologies, and ensure payments are secure. The UK’s Open Banking Directive is effectively the country’s implementation of PSD2, though timeframes for full implementation have recently been extended. Importantly, PSD2 includes new requirements for multi-factor authentication when executing bank operations. The value of EU consumers’ data is further elevated by the EU General Data Protection Regulation (GDPR) that came into effect in May last year. Markets such as Australia, Canada, New Zealand, Mexico, Argentina, Nigeria, Hong Kong, Japan and Taiwan are all monitoring the situation closely and poised for regulatory shifts. Yet, while regulations clearly play an important role, open banking will only be sustainable if it makes a genuine difference to customers. It is their demands for greater agility and improved user experiences that push service providers to compete and innovate at pace. Banking on holistic API management This is where Application Program Interfaces (API) come in. In simple terms, an API is a set of routines, protocols, and tools for building software applications. An API basically specifies how software components should interact. In the banking realm, the use of open APIs enables third-party developers to build foundational technologies for applications and web sites that provide greater financial transparency options, ranging from open data to private data, for the financial institution’s account holders. Notably, Open Banking Europe – operated by European Banking Subsidiary Clearing subsidiary Preta – published a directory last November that intends to list all publicly available bank APIs in the EU. The PSD2 Transparency Directory meets the need of third-party providers (TPPs) and account-servicing payment service providers (ASPSPs) for a repository storing all key information on bank APIs a single place. It currently contains information on over 1,500 bank-related
developer portals. Input is expected from additional banks and financial institutions in the coming months. The onus is now well and truly on infrastructure, operations and DevOps teams to define, publish, secure, monitor, and analyse APIs. API management solutions enable authors to publish APIs to various environments such as production, test, or staging. This ensures consistency for each environment and prevents misconfigurations. Key examples include:
IN THE BANKING REALM, THE USE OF OPEN APIS ENABLES THIRDPARTY DEVELOPERS TO BUILD FOUNDATIONAL TECHNOLOGIES FOR APPLICATIONS AND WEB SITES THAT PROVIDE GREATER FINANCIAL TRANSPARENCY OPTIONS, RANGING FROM OPEN DATA TO PRIVATE DATA, FOR THE FINANCIAL INSTITUTION’S ACCOUNT HOLDERS.
• API gateways. API gateways secure and mediate traffic between backend API consumers. API gateway functionality includes authenticating API calls, routing requests to appropriate backends, applying rate limits to prevent system overloads. It can also mitigate DDoS attacks, offload SSL/ TLS traffic to improve performance, and handling errors and exceptions. • Microgateways– Traditional API gateways may be inefficient when handling traffic in distributed environments (for example microservices or handling IoT traffic to support real time analysis). An additional software component – a microgateway – is required to process API calls in these types of scenarios. Microgateways are still API gateways but are more lightweight and suited to microservice architectures. • Today’s solutions can provide deep visibility into operational metrics on a per API basis, enabling new levels of troubleshooting and performance optimisation. • There are no shortcuts here. API infrastructure security should encompass authentication, authorisation, role-based access control (RBAC) and rate limiting (imposing a limit on the number of requests a caller can make during a defined period). • Developer portal A well designed developer portal is pivotal to the success of any API program. It should facilitate rapid onboarding of consumers and include a catalogue of external APIs, comprehensive documentation, and sample code. Some solutions also provide a mechanism for developer interaction. Development and deployment demands are more pressurised than ever, especially as DevOps methodologies start to permeate mainstream operational processes. Despite some relative regional sluggishness, open APIs are definitively the future and virtually impossible for anyone with open banking aspirations to ignore. Watch this space.
MAY 2020
CXO INSIGHT ME
33
INTERVIEW
MASTERING CONTAINER MANAGEMENT AYMAN A SHAIKH, SENIOR MANAGER, SOLUTION ARCHITECTS -MIDDLE EAST AND AFRICA, RED HAT, ON WHY KUBERNETES IS THE MOST WIDELY POPULAR CONTAINER ORCHESTRATION PLATFORM TODAY.
W
hat is driving the adoption of Kubernetes in enterprises? We are observing containers and Kubernetes adoption being driven primarily by three trends. First and foremost is the need for enterprises to innovate and reduce the time to market. With digital transformation becoming the CXO focus and emphasis on better customer engagement and experience, more and more applications are required to be developed in a shorter time frame, with a richer experience and an ability to respond to rapid changes in scalability and performance requirements. It also requires unsuccessful initiatives to be identified faster and scrapped if the need arises. This is leading to changes in traditional development and operational practices with more micro services-based, cloud-native application architectures, and adoption of Agile and DevOps practices across IT Teams. Containers and Kubernetes play a vital role in these as they allow the development of MVPs and sandbox environments quickly while maintaining the ability to release them in production and scale-out/back quickly based on the success of the initiative. On the other hand, to deliver business applications faster, developer productivity is the key for the organisations. With support for both stateless and stateful applications, built-in features like service discovery, secrets management, ingress, portability, and scalability, Kubernetes simplifies rapid application development and deployment of applications. Along with CI/CD tools like Jenkins, Bamboo, Git repository etc. Kubernetes supports faster feedback loops for developers and helps in the safer promotion of applications to production environments. Associated CNCF projects like Istio and KNative ease the burden of building advanced integration, reliability, and scalability logic into every application/ micro-service and allow better integration and security. Helm charts and Operators enable developers to consume internal as 34
CXO INSIGHT ME
MAY 2020
well as 3rd party applications and tools in a much simpler manner, allowing them to focus on enhancing their applications’ functionality or usability. Kubernetes helps developers to achieve the desired goal of build once and deploy anywhere, any number of times in a more straightforward manner. Operational Efficiency is another driver. Kubernetes orchestration allows enterprises to build application services that span multiple containers, schedule containers across a cluster, scale those containers, and manage their health over time. It eliminates many of the manual processes involved in deploying and scaling containerised applications. It can cluster together groups of hosts, either physical or virtual machines, running Linux containers, and Kubernetes provides the platform to manage those clusters easily and efficiently. What are the popular Kubernetes deployment methods today? Primarily, there are two approaches to adoption. One is self-managed. In this approach, enterprise IT teams deploy a Kubernetes cluster either on-prem or in a public cloud and manage it themselves. They are also responsible for Day-two activities like patching, security scanning, scalability and upgrades, and integration with corporate tools and services (SDN, firewalls, proxies, LBs, storage, IAM, etc.). Running a production cluster also requires access to a container registry, logging and monitoring solutions, image validation and signing tools, etc. Depending on the choice of infrastructure (physical, virtual, private/public cloud) and the familiarity of teams in setting up, scaling, and upgrading a distributed platform, this can be a complex task. With its fastmoving nature of frequent releases, rapidly evolving feature sets and an ever-increasing choice of
integration options, running and upgrading multiple Kubernetes clusters at scale can be daunting for IT teams. The other one is a managed Kubernetes environment, under which management of the cluster is owned by a third party, for example, public cloud providers. Typically, these are Kubernetes offerings of these vendors who may allow enterprises access to certain limited management capabilities. The advantages of this approach include ease of deploying or scaling a cluster, cost-effective approach to begin with. Challenges include that most of these offerings are specific to the Cloud vendors requiring integration with the services offered by that provider making a hybrid or multi-cloud approach much more difficult. These offerings also require customer IT teams to still take ownership of certain operations such as patching and upgrading worker nodes, integrating with other services of cloud vendors. Another approach is using serverless options provided by leading public cloud vendors. On-prem serverless initiatives are also starting to gain traction with the KNative project as the popular choice. How does Kubernetes compare with other orchestration platforms such as Docker Swarm, Mesos, etc.? Kubernetes has become the defacto standard for Container Orchestration. As per CNCF’s Cloud Native Landscape, 89% of around 109 container management tools are based on Kubernetes. Kubernetes is one of the top Open Source projects in the world receiving contributions from a wide range of IT companies as well as individual contributors. All major IT vendors today offer some sort of a Kubernetes offering(managed or unmanaged), including Docker(now under Mirantis) and Mesosphere. There are over 90 certified Kubernetes offerings listed at the CNCF website. Kubernetes also has a vast ecosystem of compatible solutions as confirmed by CNCF’s Cloud Native Landscape and is becoming the cloud OS of choice for the majority of enterprises.
VIEWPOINT
A SECURITY CHECKLIST FOR REMOTE TEAMS WERNO GEVERS, CYBERSECURITY SPECIALIST AT MIMECAST ON THREE FACTORS YOU NEED TO ADDRESS TO KEEP YOUR REMOTE TEAMS CYBERSECURE
A
s employees across the Middle East join the world of remote working in response to the current pandemic, companies are having to urgently implement policies and processes to keep their teams cybersecure. Countries in the Middle East have now implemented strict lockdowns to curb the spread of COVID-19, with most only allowing people to leave their houses with permission. If organisations didn’t already have work from home policies in place, they’ve quickly had to implement them if they wanted any business continuity.
36
CXO INSIGHT ME
MAY 2020
There is a general escalation in cybercriminals’ activity during times of heightened disruption. Already, malicious actors are spreading disinformation with the sole purpose of creating panic. Once panic settles in, rational thought goes out the window. And that creates gaps that cybercriminals exploit. Suddenly, there’s an increase in false specials and sales for in-demand products like face masks, hand sanitiser and protective gloves that are being promoted online. The Mimecast Threat Intelligence Centre has seen a large number of malicious emails
impersonating trusted brands like the World Health Organisation and the Centres of Disease Control. Additionally, the Mimecast Brand Exploit Team found 59,700 spoofed coronavirus related websites in just two weeks. Even one mis-click on a link could initiate malware and put the user – and the organisation – at risk. A combination of self-isolation and heightened tension also puts strain on people’s psyche which can lead to irrational or sometimes careless actions. People are desperate to find out more about the crisis and are letting their guards down, clicking on just about
As more COVID-19 themed malicious emails make their way into employees’ mailboxes, user awareness is going to be vital. Just last week our Threat Intelligence Centre spotted a phishing scam hitting thousands of mailboxes that claimed to be an airline offering immediate refunds to travellers. The link takes users to a refund page that then asks them to enter their credentials.. Travel restrictions and difficulties in obtaining refunds have been widely reported in the media. For those facing financial issues, the prospect of an immediate refund is very appealing, and they may be more likely to fall for the scam. With attacks like this doing the rounds, the cost of human error escalates, so organisations need to take steps to adequately prepare employees to spot these threats.
anything sent to them. When your entire workforce is working remotely, any careless action could have ripple effects across the organisation as security becomes vulnerable. Companies need to ensure they are looking after the cybersecurity of their remote teams, so those teams look after the cybersecurity of the company. Three factors should inform company policies and processes as they prepare for a swelling remote workforce: Factor 1: Web Security Despite a growing tendency among professionals to work remotely, very few companies have built policies to ensure web security maintains the same standards at the employee’s home as at the office. Home routers with default or easy-to-guess passwords could open the employee - and the company - up to compromise. Connected devices - smart TVs, home automation, baby monitors and other devices that are connected to home networks - all offer potential entry points for cybercriminals. Employees should be required to change all default passwords and ensure all security software is up to date. In addition, now more than ever, organisations need to have an easy to deploy and manage service that keeps the web safe and consistently secures employees even when they’re off the company network. The web is used in 91% of malware attacks and is the second-most commonly used vector for cyberattacks. It’s also the top distraction for employees, especially right now as communication channels are flooded with links about COVID-19, that may or may not be legitimate. Factor 2: Awareness Training Remote working means you are now sitting with a distributed workforce, and each employee is potentially an entry point into the organisation’s processes and data. Employees are the last line of defence against cyberattacks. One IBM study found that human error was a factor in more than 90% of security breaches.
TOOLS THAT EXTEND BEYOND THE COMPANY’S SECURITY PERIMETER, SUCH AS DMARC, CAN HELP COMPANIES IDENTIFY WHEN THEIR BRAND IS BEING ABUSED BY IMPERSONATORS SEEKING TO EXPLOIT CUSTOMERS, EMPLOYEES AND PARTNERS. HOWEVER, ONLY HALF OF UAE ORGANISATIONS REPORTED USING DMARC IN 2019. Companies should conduct regular and effective cybersecurity awareness training, giving employees adequate and up-to-date information about how to identify and avoid risky behaviour. Alarmingly, only a third of UAE companies in Mimecast’s 2019 State of Email Security report offered regular awareness training.
Factor 3: Impersonation attacks The threat of impersonation attacks is heightened during extended periods of remote work. It’s now much harder to walk over to the financial director’s desk and confirm a payment to a supplier. Even before governments ordered lockdowns and forced every employee to work remotely, impersonation fraud was a major issue: three quarters of UAE companies reported an increase in impersonation in Mimecast’s 2019 report. Companies need to implement appropriate policies to ensure payment processes and other tasks involving money are not compromised. Tools that extend beyond the company’s security perimeter, such as DMARC, can help companies identify when their brand is being abused by impersonators seeking to exploit customers, employees and partners. However, only half of UAE organisations reported using DMARC in 2019. Mimecast has launched a website focused on helping organisations better secure and protect their employees while enabling a mobile workforce. This site will be updated daily and will provide insights into new threats, best practices and offers we have to help organisations through this challenging time: https:// www.mimecast.com/coronavirus
MAY 2020
CXO INSIGHT ME
37
VIEWPOINT
HOW VIDEO TECHNOLOGY CAN HELP TRANSFORM HEALTHCARE AS THE COVID-19 PANDEMIC CONTINUES UNABATED, VIDEO TECHNOLOGY IS CHANGING THE HEALTHCARE INDUSTRY, WRITES HAIDER MUHAMMAD, COMMUNITY MANAGER MIDDLE EAST, TURKEY & AFRICA AT MILESTONE SYSTEMS
W
ith the health sector being under great pressure in many countries, all avenues are explored in the quest to reduce the spread of the Coronavirus (Covid-19). Across the Middle East, we are seeing video technology increasingly playing an important role in the fight against Covid-19. From efforts to contain the spread of the virus to solutions that can be deployed in the protection of our frontline responders in healthcare. So, what are some of the solutions that can support our health care workers in these trying times?
38
CXO INSIGHT ME
MAY 2020
Reducing the spread of the virus As the number of Coronavirus cases increases, so does the need for noncontact temperature measuring equipment. Thermal imaging cameras have for some time been adopted to support high-risk environments such as airports, train stations and immigration checkpoints. The cameras provide thermal imaging for body temperature solutions which can quickly identify people with elevated body temperatures, one of the key symptoms of COVID-19. Now, these technologies are also increasingly put to use at shopping malls, medical facilities and hospitals, providing an additional layer
of protection from increased exposure to the coronavirus. The way the thermal imaging cameras work is to instantly visualise temperature differences from a safe distance, identifying those who may have been infected. An integrated system raises an alarm when the higher temperature readings are reported, and the individual can be further screened for spot testing for more accurate readings. By using the systems with thermal or infrared capabilities, health officials can quickly identify, test and if needed isolate unwell individuals to prevent further spread of the disease.
Pros and cons of thermal cameras The use and effectiveness of this technology have been discussed and there are indeed factors that one needs to pay attention to. First, we need to recognise that thermal body temperature solutions can only support the early identification of a key symptom of the disease, they do not diagnose COVID-19. The effectiveness of thermal imaging cameras in public areas may also be impacted by external factors like visual field and target size, environmental temperature, physical exertion etc. Privacy concern is another issue that has often been raised. This is, in fact, a misconception, as the thermal imaging systems are not registering any personal information on individuals. As an alternative to measuring temperatures manually with handheld devices, which is a time consuming and labor-intensive process, thermal body temperature solutions are a noninvasive and fast method to check body temperatures from a safe distance. With the introduction of facial detection and AI the accuracy of temperature scanning’s can be improved to offset environmental factors. Some thermal cameras can detect temperature differences down to 0,05 degrees and register objects and people even in total darkness at a distance of over 100 meters. The effectiveness of these cameras has led the police in Dubai to test wearing thermal imaging devices on their helmets, enabling a quick
WITH VIDEOS ANALYTICS AND FORENSIC TOOLS, SYSTEMS CAN BE SET UP TO TRACK THE MOVEMENTS OF INDIVIDUALS ACROSS CCTV NETWORKS. AND BY LEVERAGING CORRELATIONS OF IOT DEVICES, SYSTEMS AND INTELLIGENT ANALYSIS OF LARGE AMOUNTS OF DATA WITH ARTIFICIAL INTELLIGENCE, THE SPREAD OF THE VIRUS CAN BE TRACKED ACROSS SOCIETIES. temperature scan of any individuals they encounter. There is also the possibility of further integrating thermal body temperature solutions with video analytics for added health-related functionality. This could, for example, be checking social distancing and that sanitising stations are used as specified. Keeping a safe distance Keeping a safe distance is a key aspect of combatting the coronavirus. When the risk of contagion transmission is high, video technology has proven effective in minimising contact between infected patients and medical staff. By allowing monitoring of patients remotely medical staff can save valuable time and even help limit use of single-use protective equipment. Keeping a continuous eye on all patients, video analytics notifications can be made to register incidents, for example, if a patient has had a fall or is experiencing breathing difficulties. By combining video technology with twoway audio, messages can be given to a patient from a safe distance, being it with family or nursing staff.
Video technology also helps hospitals manage public access to their facilities. In times like these, shortages of medical equipment can make hospitals more prone to thefts and access control solutions are key in securing restricted areas and preventing unauthorised access. Drones and robots are also increasingly being used in new ways to secure safe distancing. In situations where direct contact is necessary, robots can serve as middlemen. In cases where unauthorized persons are identified, they can enable security personnel to communicate with the persons from a safe distance. In Dubai drones and robots are, for example, used to disinfect streets and buildings at night. Staying informed and protecting personal privacy Understanding the spread of the virus also becomes especially important, to be able to proactively plan for actions to be taken during this pandemic. From an individual level, identifying the spread of the virus by an infected person or groups of people. To societies, keeping track of the spread across the cities and countries. Crowd management systems with the enablement of video technology can be implemented to enforce social distancing to curb down the spread of virus. Accurate counting solutions using video technology and contact less access control systems can play an important part in the areas where evacuation is required and help organisations know that no one is missed. With videos analytics and forensic tools, systems can be set up to track the movements of individuals across CCTV networks. And by leveraging correlations of IoT devices, systems and intelligent analysis of large amounts of data with artificial intelligence, the spread of the virus can be tracked across societies. In summary, innovation in video technology is proving to be an important ally in helping protect the health and safety of people and communities.
MAY 2020
CXO INSIGHT ME
39
VIEWPOINT
THE PATH TO LOYAL CUSTOMERS DAVID NOËL, VICE PRESIDENT MIDDLE EAST, AFRICA & RUSSIA/CIS AT APPDYNAMICS, ON WHY APPLICATION LOYALTY IS THE NEW BRAND LOYALTY
W
e can all relate to the frustration felt when an application is difficult to use and we are unable to complete a purchase or finish a transaction. Websites not loading, passwords unrecognised or an unresponsive web page — these are common pains which we all face on a day to day basis. But as we become increasingly reliant on applications to complete everyday tasks, brands risk losing customers at an alarming rate if they fail to address poor application performance and bad digital experiences. In today’s connected world, our demand for applications leaves no room for failure, and these expectations are only set to increase. According to the AppDynamics’ App Attention Index 2019 — a global survey of consumers — just over half can only go without a mobile device for up to four hours before they find it difficult to manage tasks in their everyday life. And one third admit they reach for their smartphone before talking to another person when they wake up. For consumers across the Middle East, modern technology has transformed the way we live, work and play. And the challenges of home working, home
40
CXO INSIGHT ME
MAY 2020
schooling and social distancing in the last few months have likely made us even more reliant on the digital services that are a deeply fundamental part of everyday life. We have entered the Era of the Digital Reflex and brands need to understand how to manage consumer expectations and deliver the incredible digital experiences that many of us take for granted. Getting to grips with ‘the Digital Reflex’ The use of digital services has evolved to become an unconscious extension of human behaviour — a ‘Digital Reflex.’ While consumers used to make a conscious and deliberate decision to use a digital service to carry out a task or activity, they now happen spontaneously. Consumers also admit that digital services are so intrinsic to their daily lives that they don’t realise how much they now rely on them. As these digital reflexes become habitual, consumers are becoming increasingly dependent on devices and digital services, relying on them to complete many of their daily tasks. Businesses need to pay attention as consumers now have a zero-tolerance policy for anything other than an easy, fast and exceptional digital experience. The research shows that in the event of performance issues, consumers will take decisive action such as turning to the competition (49%) and actively discouraging others from using a service or brand (63%) without notifying the brand and giving them a chance to make improvements. With an increasing intolerance for poor digital performance, what impact does this have on brands, and how can businesses remain competitive in a digital world? In the Era of the Digital Reflex, consumers will no longer forgive or forget poor experiences. A great digital performance is now the baseline for any business, but the real winners will be those that consistently exceed
customer expectations by delivering a flawless experience. Simple steps to achieving exceptional digital experiences Many businesses are already investing heavily in digital innovation to drive customer loyalty and revenue, but failure to monitor the performance of those applications and digital services puts brands at significant risk of unhappy customers, or even losing those customers to a competitor. However, there are steps that brands can take to address these challenges and begin to achieve incredible digital customer experiences. Firstly, manage your application performance by implementing a robust application performance management solution. This enables you to monitor digital performance, safeguarding those missioncritical applications and user experience. Secondly, align digital performance to your business outcomes. By analysing your application performance in correlation with business performance you can ensure that digital services are always aligned to business objectives, such as customer experience and revenue. Finally, consider how you can use insights to take action. For example using an AIOps approach, turning the monitoring of data into meaningful insights quickly or automatically using machine learning and AI, allows you to deliver exemplary digital experiences, by real-time monitoring the full technology stack, from the customer’s device to the back-end application to the underlying network. In the ‘Era of the Digital Reflex’, a great digital experience should be considered the bare minimum for any organisation. The real winners will be those that consistently exceed customer expectations by delivering a flawless digital experience that goes above and beyond the consumers’ expectations.
VIEWPOINT
HOW TO STAY PRODUCTIVE WHEN WORKING FROM HOME GAMAL EMARA, COUNTRY MANAGER, UAE AT ARUBA, A HEWLETT PACKARD ENTERPRISE COMPANY, EXAMINES HOW TO STAY PRODUCTIVE AND COLLABORATIVE WHEN WORKING REMOTELY.
A
ll it takes is one major event or natural disaster to disrupt the way businesses operate, which can ultimately negatively impact productivity and the bottom line. These events can often prevent us from working in our corporate offices, conducting business on the road and confining us to our homes. However, many of us are ingrained with the concept of traveling to a location to meet with clients, partners, industry associates or collaborate with fellow employees to “get business done” because, let’s face it, there really is no complete replacement for the face-toface. But in today’s highly connected business world, staying connected doesn’t always require us to be in the same physical space to be engaged, present and productive. One way organisations can help their workforce stay productive in the midst of travel restrictions is by providing your workforce with the same corporate access and digital experience they would receive while at the corporate offices. This starts with having a seamless and secure onramp into corporate resources. Tools such as remote access points paired with secure network access that follows you – no matter where you are – can keep you connected and help you remain competitive when time is money. Technology really has come a long way and companies have created hardware and software solutions that extend the corporate employee experience to anywhere they choose to be productive. Employees today have a wealth of remote working options that they can employ when the need arises, such as
ANOTHER BENEFIT IS THAT RAPS SUPPORT CENTRALISED MANAGEMENT OF DATA, VOICE AND VIDEO APPLICATIONS, INCLUDING WIRED VOICE OVER IP DESK PHONES, PRINTERS AND OTHER IOT DEVICES. SINCE MOST EMPLOYEES DON’T HAVE A DEGREE IN IT, RAPS ARE SIMPLE FOR ANY EMPLOYEE TO POWER UP SINCE THEY’RE ESSENTIALLY PLUG-AND-PLAY.
remote access points or RAPs. RAPs come preconfigured, so any employee can simply plug in to any existing Internet connection and they’re ready to work as if they were inside the office. IT departments can securely extend the corporate enterprise network to every remote employee to easily overcome common issues, such as having to repeatedly login and authenticate in order to access applications, that make traditional remote networking painful. Another benefit is that RAPs support centralised management of data, voice and video applications, including wired voice over IP desk phones, printers and other IoT devices. Since most employees don’t have a degree in IT, RAPs are simple for any employee to power up since they’re essentially plug-and-play. No matter the reason behind an organisation’s decision to implement a remote working protocol, the fact is that technology advancements are helping to bridge the digital and physical worlds. In other words, experiences that were once only thought possible through in-person interaction can now be had without physically being in the same room. When combined with skyrocketing costs, associated productivity loss from travel, as well as the physical and mental fatigue that comes with navigating airports and juggling time zones, many organisations are re-thinking the possibilities around remote working simply because the technology is now capable of delivering an experience very similar to that of in-person interaction to the point where many of the benefits of the daily commute into the corporate offices and longer haul travel for business may no longer be worth it.
MAY 2020
CXO INSIGHT ME
41
VIEWPOINT
TRANSITIONING TO THE CLOUD
JONATHAN WOOD, GENERAL MANAGER, MIDDLE EAST & AFRICA, INFOR, EXPLAINS HOW MIGRATING TO THE CLOUD IS IMPERATIVE FOR SUCCESSFUL BUSINESS OPERATIONS TODAY AND TOMORROW.
I
n virtually every industry, organisations of all sizes have reached the tipping point where they’re now recognising the value of cloud deployment and acknowledging that migrating on-premises solutions to the cloud brings many benefits. This is a massive shift from the early days of cloud computing, where many organisations were cloud-shy, worried about security, protecting intellectual property, and giving up their heavily modified solutions. Now, cloud technology providers have proven the reliability of cloud platforms and demonstrated stringent security, robust capabilities, and ease of deployment— driving more businesses to the cloud than ever before. Operating in the cloud sets an essential foundation for modernisation in today’s digital age. For any organisation that’s still on the fence, here are some key trends to consider that demonstrate why migrating to the cloud is not just a critical factor for conducting business today, but also being ready for how business will be done tomorrow. The need to remove data silos and democratise decisions at all levels: Data in on-premises solutions is often siloed and provides only minimal insight to key decision makers, leaving executives, employees, and partners without direct access to critical information. In contrast, cloud solutions typically centralise data in the cloud, creating a single system of record for an enterprise, with data universally accessible and useful. The cloud enables the right data to provide the right insights at the right time—in the right context, form factor, and security model. As a result, organisations are empowered to speed decision-making, improve the customer experience, and mitigate risk. Industry-specific capabilities are a 42
CXO INSIGHT ME
MAY 2020
requirement, not just a “nice-to-have”: Organisations need their business solutions to provide industry-specific capabilities so they can deliver best-in-class products and services to their customers. Leading cloud providers preconfigure industryspecific capabilities into their solutions, giving organisations the unique functionality they need, without complex customisations. This allows an organisation’s business systems to be more adaptable and provides a longterm platform for growth. Today’s workers demand a modern user experience: As a new generation of digital natives enter the workforce, they demand technology that is user-friendly and supports how they like to work. This often means software that mirrors the look and feel of the mobile and social applications they use in their day-today lives and that provides immediate access to data and collaboration. Cloud technology is typically more user friendly for not only employees, but also customers, partners, and suppliers— essentially, an organisation’s entire business ecosystem. Hybrid cloud deployments take center stage as integration improves: Organisations are looking for solutions that offer choice and efficiency, so they can focus on what truly differentiates them from the competition. The shift to the cloud comes with multiple deployment options. In fact, many of today’s organisations have cloud components that are tied to an on-premises core solution set. Over time, an increasing number of deployments will shift from such a hybrid approach to a pure cloud
model. Integration technology continues to improve in ease of use, implementation time, and cost of ownership Trusting a cloud partner to reduce the risks of cybersecurity threats: With cybercrime seeping into virtually every industry, ensuring that enterprise systems and platforms are protected from the financial impact of security breaches is critically important. Data breaches cost organisations $3.92 million on average, and present overwhelming vulnerabilities. Industry-leading cloud partners have greater cybersecurity resources available than most organisations could ever hope to have on their own. By moving enterprise systems and platforms to the cloud, organisations can effectively hand off cybersecurity responsibilities and significant costs to a committed cloud partner. Push for post-sale revenue drives support for subscription-based business models: In the fast-changing digital age, organisations are looking for ways to differentiate themselves, meet the evolving needs of their customers, and improve profits by creating opportunities for post-sale revenue. Cloud-based solutions can provide real-time data that’s accessible anytime, anywhere, enabling organisations to turn traditional product offerings into services, such as a subscription-based business model. Such a customer-centric feature can become a differentiator, adding value, building relationships, preventing commoditisation, and adding profit. Adopting a subscription-based business model creates a recurring revenue relationship by charging customers a regular, generally time-based fee. This approach allows organisations to increase their focus on customer experience while positively impacting the bottom line.
VIEWPOINT
HEALTHCARE UNDER ATTACK EMILE ABOU SALEH, REGIONAL DIRECTOR, MIDDLE EAST & AFRICA AT PROOFPOINT, WRITES ABOUT THE RISE OF EMAIL FRAUD AND HOW TO PROTECT YOUR EMPLOYEES
A
ccording to the FBI, email fraud attacks on businesses have resulted in worldwide losses of at least $26bn (£21bn) since 2016 Every business is a target for cyber attacks, and the healthcare sector is no exception. Criminals are developing sophisticated, complex attacks to better target important people across healthcare organisations to get around the checks that we’re used to. Healthcare organisations are often complex and decentralised and hold highly sensitive information, making them a noticeable target for cybercriminals. As such, they face the increasing challenge of protecting staff, patients and stakeholders against an everevolving threat landscape. Whilst malware and other cybersecurity threats affect all sectors, email fraud is particularly damaging for the healthcare sector as cybercriminals prey on the most vulnerable segment of the population and the people dedicated to helping them. But how serious is the problem? Assessing the problem Increasingly, cybercriminals are using social engineering tactics to trick their victims. They simply take on the identity of a trusted organisation or employee and craft highlyresearched, sophisticated phishing emails, making a request for funds or an attempt at harvesting login credentials. This use of identity deception is key to email fraud and payment transfer fraud, making up the leading form of email attacks in healthcare. Furthermore, cybercriminals are also careful to pick their moment in order to trick as many targets as possible to increase the chances of success. This couldn’t happen to me… So, what could a healthcare email fraud attack look like in reality, and why does this tactic work so well? An attack targeting a member of staff could look like exactly like any other email coming from a well-known stakeholder in or outside
the organisation. This could be an email from an accounts payable contact at a medical supply vendor informing you that their payment information has changed and that one of their invoices is overdue. Receiving an email from this contact wouldn’t raise any suspicion: you have been in communication with each other via email in the past and the request made is indeed within your job responsibilities. So you update your internal systems and get the invoice payment processed. Eventually, the senior accounts payable contact from the supplier reaches out complaining that payment has not been received and that supply deliveries will be suspended until full recompense is provided; only then, you realise you have fallen victim to email fraud. So what approaches can healthcare organisations take to protect their staff, patients and stakeholders from this risk? People-centric approaches to preventing email fraud in healthcare Email fraud tactics are constantly shifting, however there is one constant: cybercriminals continue to focus on the human factor, targeting employees at all levels across organisations. This means that healthcare companies need to re-think their approach to cybersecurity. By taking a people-centric view to cybersecurity defences, healthcare organisations can minimise the human risk of email fraud and better protect their employees, as well as their entire business ecosystem. This means understanding who is at risk within your organisation, and tailoring your strategy to each individual. Today’s threat landscape requires a multi-layered defense strategy that encompasses people, processes and technology in equal measure. Building employee resilience through training and awareness programmes is
critical to educate the employees to be vigilant and act as the last line of defence against attacks targeting the company itself. Simulated phishing attacks and engaging ‘gamified’ programmes help employees to think twice and actively take part in protecting their company against cybercriminals, as opposed to becoming the latest victim. In parallel, there has to be a level of prioritisation if which business processes need to be hardened. Some business processes (e.g. the transfer of funds) are of huge value/ risk to all companies; others (e.g. engineering/ production) are company-specific. Most importantly however, processes that are people-dependent are more vulnerable since people are prone to social engineering attacks; compromises to technical processes may be more pernicious but may only be achieved with a greater level of technical sophistication. Businesses should ensure that they are able to authenticate entities, people and devices that provide inputs into the business processes. If actions are taken and decisions made based on instruction/input from an entity whose identity has been spoofed, a business processes can be easily compromised. Companies should ensure that entities involved in the process are authenticated before their input into the process is trusted. Finally, healthcare organisations need to implement multi-layered security strategy to shut down most avenues for cybercriminals. Technology such as Domain Message Authentication Reporting and Conformance (DMARC) can be used as a significant barrier to cyber criminals who are attempting to impersonate trusted figures within organisations. It stops criminals from spoofing businesses’ domains and sending emails on their behalf to unsuspecting recipients. Organisations should also consider dynamic email analysis to block display name spoofing at the gateway, and lookalike domain discovery to search for domains that have recently been registered by third parties as well as Data Loss Prevention (DLP) and encryption to protect their business-critical assets.
MAY 2020
CXO INSIGHT ME
43
PRODUCTS
BOSCH UNVEILS OPEN CAMERA PLATFORM IN THE UAE Bosch has announced the launch of INTEOX, a new camera platform designed to modernise the security and safety industry. The first fully open platform of its kind, INTEOX gives users, system integrators, and application developers unlimited freedom for innovation and customisation, said the company. The INTEOX open camera platform combines builtin Intelligent Video Analytics from Bosch with superb performance, a commonly used open OS, and the ability to add software apps securely, said the firm. The new powerful platform supports latest technologies. For example, neural network-based analytics, the next step in machine learning and Artificial Intelligence. INTEOX enables app developers and integration partners to take advantage of its built-in intelligence and capabilities to easily develop unlimited software apps based on a common language. At the same time, system integrators can customise their security solutions to meet specific and changing customer requirements by adding apps and deploy them into INTEOX cameras. The INTEOX camera platform will power an entirely new line of MIC, AUTODOME, FLEXIDOME, and DINION fixed and moving cameras supported by an open IoT infrastructure. The first cameras based on the INTEOX platform are expected from July 2020 onwards.
Intel Introduces Fastest Gaming Processor
44
CXO INSIGHT ME
MAY 2020
Lenovo Launches New Data Centre Servers Lenovo Data Center Group (DCG) has launched ThinkSystem SR645 and SR665 two-socket servers, featuring enhanced performance and I/O connectivity for higher performance workloads. With the addition of the new ThinkSystem SR645 and SR665 servers featuring more CPU cores and a larger memory footprint, Lenovo can help customers accelerate higher performance workloads and improve efficiency. The features of the ThinkSystem SR645 and SR665 servers include: Next-generation technologies, including PCIe 4 support, which doubles I/O bandwidth eliminating potential bottlenecks found in previousgeneration servers increase networking capabilities essential for I/O intensive applications; increased GPU support (up to 8x 75W NVidia T4s) allowing customers to efficiently implement video analytics and inference solutions for artificial intelligence; and increased onboard storage up to 40 2.5” drives or up to 32 NVMe drives allowing for dense softwaredefined storage solutions The high core counts allow customers to buy fewer servers, saving them rack space and power, in addition to obtaining results faster. Lenovo claims these benefits are material in multiple industries including the financial services industry, where typically, servers are in a premium space located near the exchanges so saving rack space is paramount, and also in retail environments, where faster video analytics results can identify high-traffic areas in stores to strategically place products. All products are secured by Lenovo ThinkShield and available through Lenovo TruScale, the pay-for-what-you-use data centre.
Intel has introduced the 10th Gen Intel Core S-series desktop processors, including its flagship Core i9-10900K processor, the world’s fastest gaming processor, said the firm. With speeds reaching up to a maximum of 5.3 GHz with Intel Thermal Velocity Boost2 out of the box, 10th Gen Intel Core desktop processors deliver realworld performance for a new level of experience in gaming. At the top of the stack is the unlocked 10th Gen Intel Core i9-10900K, the world’s fastest gaming processor featuring up to 10 cores, 20 threads and DDR4-2933 memory speeds. The i9-10900K processor powers the ultimate gaming experience, allowing more tuning control, faster multitasking and smoother gameplay. The new Intel Turbo Boost Max Technology 3.0
provides automatic performance boosts on lightly threaded applications, while per-core hyperthreading control allows experienced overclockers to decide which threads to turn on or off on a percore basis. The 10th Gen Intel Core S-series processors deliver smooth gameplay through best-in-class connectivity, immersive entertainment and enhanced streaming. It features Intel Thermal Velocity Boost, Intel Hyperthreading Technology, Enhanced Core & Memory Overclocking and Intel Ethernet Connection I225 and Intel Wi-Fi 6 AX201. 10th Gen Intel Core S-series processors are expected to be available globally through normal retail channels and in desktops sold worldwide by OEMs and channel system integrators, starting this month.
D-Link Announces New DWR-925W 4G LTE M2M Router
D-Link Corporation has launched the DWR-925W 4G LTE M2M Router in the Middle East and Africa (MEA) region to offer seamless connections to businesses. The easy-to-deploy, high performance 3G/4G router features a dedicated Gigabit WAN port and dual-SIM 4G LTE mobile broadband for maximum redundancy and flexibility for intense
machine-to-machine applications. DWR-925W comes with 4 Gigabit LAN ports to connect wired devices for highspeed activities and same time enjoy high-speed wireless IEEE 802.11AC with speeds of up to 1200 Mbps, so that you can access the Internet and transfer data quickly over wireless for better flexibility. Equipped with powerful VPN tools and advanced remote management combined with ease of use make the DWR-925W ideal for both large-scale and individual deployments. Customers can effortlessly connect to their high-speed 3G/4G LTE mobile internet backup network connection with the DWR-925W 4G LTE M2M Router. They can enjoy brisk combined downlink speeds of up to 300 Mbps with dual SIM load balancing mode, taking
Logitech Introduces G102 LIGHTSYNC Gaming Mouse Logitech G, a brand of Logitech and a provider of gaming technologies and gear, has introduced the Logitech G102 LIGHTSYNC Gaming Mouse, which provides gaming-grade performance, versatility and a classic design at a great value, according to the firm. The Logitech G102 LIGHTSYNC Gaming Mouse features a classic and time-tested 6-button design, which can be used directly out-of-the-box or fully configured to simplify and customise in-game actions. The new gaming mouse includes a high-precision sensor with adjustable DPI up to 8000 DPI, delivering the utmost accuracy, tracking speed and consistency. The G102 LIGHTSYNC RGB lighting includes a palette of up to 16.8 million colours and different brightness levels, which provides the capability of displaying a “rainbow” colour wave lighting effect. The gaming mouse communicates at up to 1,000 reports per second – eight times faster than standard mice – so that when the mouse is moved or clicked, on-screen response is near-instantaneous, said the firm. Metal spring button tensioning further refines the experience by keeping the left and right mouse buttons primed to click, delivering exceptional click feel, response and consistency. To help gamers get the most from their gear, the G102 LIGHTSYNC can be programmed using Logitech’s G HUB software. Featuring a clean and modern interface, the advanced gaming software allows gamers to quickly personalise and customise commands for each button on their mouse. The Logitech G102 LIGHTSYNC Wireless Gaming Mouse is expected to be available at global retailers in May 2020 in black and white versions for a suggested retail price of $29.99 (€29.99).
advantage of the speed needed for fast, responsive Internet access. The industrial dual 4G module allows to greatly boost the bandwidth from regional telecom service providers, ensuring 100 percent connectivity for all business and mission critical environments. D-Link’s new router can be deployed in a remote location to access IP cameras and systems without physical contact. The blazing fast LTE connection allows multiple users to access e-mail and stream music and video on the go. Configurable dual-SIM fallback and load balancing provides reliability and flexibility in mixed network environments. The DWR-925W 4G LTE M2M Router is currently available for purchase from D-Link resellers and distributors across the region.
Kingston Releases Next-Gen SSD Kingston Digital, the Flash memory affiliate of Kingston Technology Company, has announced KC2500, its next-generation M.2 NVMe PCIe SSD for desktop, workstations and high-performance computing (HPC) systems. KC2500 NVMe PCIe SSD delivers powerful performance using the latest Gen 3.0 x 4 controller and 96-layer 3D TLC NAND. With speeds up to 3,500MB/s read and up to 2,900MB/s write, KC2500 combines outstanding performance and endurance that improves workflow for desktop, workstation and power users. KC2500 is available in capacities up to 2TB housed in a compact M.2 2280 form factor that saves space for other components while allowing users to take advantage of PCIe speeds. The selfencrypting SSD supports a full-security suite for end-to-end data protection using AES-XTS 256-bit hardware-based encryption. It allows the usage of independent software vendors with TCG Opal 2.0 security management solutions such as Symantec, McAfee, WinMagic and others. KC2500 has builtin Microsoft eDrive support, a security storage specification for use with BitLocker. KC2500 is currently available in 250GB, 500GB and 1TB capacities with 2TB shipping soon. KC2500 is backed by a limited five-year warranty and free technical support.
MAY 2020
CXO INSIGHT ME
45
BLOG
THE IMPACT OF COVID-19 ON CASH ECONOMY SUNIL PAUL, CO-FOUNDER AND COO OF FINESSE, ON HOW TO SANITISE CURRENCY TO REDUCE CONTAGION RISKS.
T
he maxim ‘cash is king’ still carries currency in the oilexporting countries in the Middle East. In fact, cash remains the most widely used payment instrument in Saudi Arabia and the United Arab Emirates (UAE), the first and second biggest Arab economies in the world. While the UAE and Saudi have some of the highest levels of Internet and smartphone penetration in the region, and although non-cash payment instruments like credit/debit cards and mobile wallets gaining traction among the youth; in the UAE, for example, cash transactions accounted for 82 percent of total payment transaction volume in 2018, according to ResearchAndMarkets.com. Cash remains popular in GCC countries because of several factors: consumers see cash as a quicker and safer payment option which gives them more control on their spending and stay within their budgets. The large transient and unbanked blue-collar workforce in the region prefers cash as they don’t have credit cards or bank accounts. There is also a significant part of the trading and small business sectors in these countries that prefer to transact in cash. Even the growth of e-commerce hasn’t dented cash’s pole position with 62 percent of MENA online shoppers preferring cash on delivery (COD) as a payment method when buying online, according to a study released by Bain last year. So, where this region is concerned, it is clear cash is going to be around for much longer period than in the West where people would be hard-pressed to remember the last time, they had used cash to settle bills. But then came the coronavirus pandemic, which is still reworking the way the world looks at work, travel and community hygiene. Now, cash is being 46
CXO INSIGHT ME
MAY 2020
regarded not so much as a vector of wealth than as a vector of the dreaded coronavirus that has, to date, claimed 308,000 lives worldwide. However, physical currency, whether notes or coins, being viewed as carriers of bacteria, viruses and other organisms that potentially pose a threat to human life, isn’t something that happened with COVID-19. A study by Indian scientists in 2015 of banknotes collected from street vendors, grocery stores and money exchanges found that they harboured fungi (70%), bacterial populations (9%) and viruses (<1%). Swiss researchers discovered that when they smeared bills with mucus from children with the flu, the virus lived for up to 12 days, according to a New York Times report. A recent report in US News and World Report cited a study which found that “counting paper notes using saliva, coughing and sneezing on hands then exchanging money, and placement or storage of paper notes on dirty surfaces leads to the contamination and these notes will act as a vehicle delivering bacteria to contaminate the hands of the next user.” COVID-19, since it lies dormant for longer periods on surfaces and has a high infection rate, has raised the fear level several-fold among the public about the virus spreading through currency notes. Reuters had reported that the US federal reserve was quarantining dollars repatriated from Asia before recirculating them, as a precautionary measure against spreading the virus. Recently, the UAE Central Bank asked customers to use the same precautionary measures as other surfaces to bank notes, such as cleaning it with antiseptics, or washing hands after each use. Even the Bank of England has gone on record that banknotes can spread viruses and bacteria, thus, it is urged for people to wash hands frequently.
The spread of COVID-19 has made sanitising every item a necessity. However, disinfecting liquids like sanitiser gels are not recommended, especially for paper currency notes, since they can damage its security features. While the onus for hygiene and safety is mainly on the consumer who is asked to wash his or her hands frequently, companies and organisations that handle cash and/or coins regularly – like banks, currency exchanges, retail shops and even hospitals - could do their bit as well. In Thailand, for example, a local forex firm sprays currency with disinfectant before sealing them in the plastic bags to be sent to its other branches. There are also machines available in the market disinfect currencies and coins in contactless manner while eliminating elements of human error that arise with manual cleaning. Ultraviolet (UV) disinfection systems mainly apply Ultraviolet Germicidal Irradiation concept to kill or inactivate microorganisms. However, plasma ion sterilisers go a step further by eliminating bacterial fine dust (PM 2.5) and kills 99.9 percent of germs in 30 seconds. Unlike UV-based systems, where the currency must be exposed to UV rays for a period of time, plasma ion systems do the job while counting currency ensuring that minimal work flow disruption. Dubai World Finesse has launched a one of its kind open steriliser based on plasma ion technology in the region. While governments worldwide are keen to accelerate the adoption of contactless payments to ensure social distancing, cash is going to be around as long as people prefer to use it or have no trustworthy and cost-effective alternatives to it. Moreover, the desire to hold more physical cash during a time of crisis may give some people a sense of control over the situation, according to an article in the Wall Street Journal.
Authorized Distributor: Exclusive Networks n eni dtei ntt y i t .y c . co om w w w . o nw w e wi .do e m