Help AG leverages the power of AI and human expertise to pioneer a new era in cybersecurity.
VOLUME 06 | ISSUE 1 | APRIL 2024 SPECIAL SUPPLEMENT BY
STEPHAN BERNER CEO, Help AG
POWERED BY PRESENTS SEC _ RITY IS NOT COMPLETE WITHOUT U! 16 APRIL - UAE | 18 APRIL - PAKISTAN 18 APRIL - KSA | 22 APRIL - QATAR APRIL - EU | APRIL - US OFFICIAL MEDIA PARTNERS BROUGHT TO YOU BY #ZeroTrust
As is rightly said, "In the age of Zero Trust, it's all about 'who are you?' and 'what can you prove?'." And this resonates more profoundly than ever before.
In our April edition of Cyber Sentinel, we delve into the core principles of Zero Trust, recognizing it as the cornerstone of modern cybersecurity. We understand that safeguarding our digital assets is not merely an option but a necessity in today's data-driven world.
ANUSHREE DIXIT anushree@gecmediagroup.com
Our publication has always been at the forefront of gathering insights from leading Chief Information Security Officers (CISOs), providing a panoramic view of industry trends and challenges. Through meticulous analysis, we have identified the looming risks that organizations are poised to encounter in 2024.
Furthermore, we emphasize the imperative of fortifying cybersecurity measures from the ground up. It's not enough to amass riches; in this era, protecting our data is akin to safeguarding the new oil.
With this ethos in mind, Cyber Sentinel advocates for a comprehensive approach to cybersecurity, encompassing proactive measures, robust training programs, and continuous education. We believe that by closing the gap between awareness and action, organizations can mitigate threats effectively.
Central to our endeavors is the upcoming Security Symposium, where we will convene with cybersecurity enthusiasts from across the globe. Through engaging discussions and insightful exchanges, we aim to delve deeper into the realms of Zero Trust, exploring its nuances and implications.
We hope this issue will reach our audience in a way that breaks down the barriers to understanding security.
PUBLISHER TUSHAR SAHOO TUSHAR@GECMEDIAGROUP.COM
CO-FOUNDER & CEO RONAK SAMANTARAY RONAK@GECMEDIAGROUP.COM
GLOBAL HEAD, CONTENT AND STRATEGIC ALLIANCES
ANUSHREE DIXIT ANUSHREE@GECMEDIAGROUP.COM
ASSISTANT EDITORS
SEHRISH TARIQ SEHRISH@GCEMEDIAGROUP.COM
GROUP SALES HEAD RICHA S RICHA@GECMEDIAGROUP.COM
PROJECT LEAD JENNEFER LORRAINE MENDOZA JENNEFER@GECMEDIAGROUP.COM
SALES AND ADVERTISING RONAK SAMANTARAY RONAK@GECMEDIAGROUP.COM
PH: + 971 555 120 490
DIGITAL TEAM IT MANAGER VIJAY BAKSHI
PRODUCTION, CIRCULATION, SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM
CREATIVE LEAD AJAY ARYA
SENIOR DESIGNER SHADAB KHAN
GRAPHIC DESIGNER JITESH KUMAR
SEJAL SHUKLA
DESIGNED BY
SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM
PRINTED
31
EDITORIAL
5613, Dubai, UAE
No #115
Floor , G2 Building Dubai Production City Dubai
Arab Emirates
: +971 4 564 8684
BY Al Ghurair Printing & Publishing LLC. Masafi Compound, Satwa, P.O.Box:
Office
First
United
Phone
FOXTAIL LAN, MONMOUTH
UNITED STATES OF AMERICA
+ 1 732 794 5918 A PUBLICATION LICENSED BY International Media Production Zone, Dubai, UAE @copyright 2013 Accent Infomedia. All rights reserved. while the publishers have made every effort to ensure the accuracyof all information in this magazine, they will not be held responsible for any errors therein.
JUNCTION, NJ - 08852
PHONE NO:
CONTENTS APRIL 2024 EVENT 18-21 CISO OPINION CORNER
GOUTAM PUDOTA IFFCO
JINSON PAPPACHAN Emirates Policy Center, Abu Dhabi
TUSHAR VARTAK RAKBANK
MURALI KONASANI TEK SALAH
MANOHARAN MUDALIAR Truebell Group of Companies
ENG. ABDULLAH FAISAL MAHJOUB Osoul Modern Finance Company 09 40 43 47 53 16 30 34 JAWAD KHALID MIRZA Askari Bank Limited 04 APRIL 2024
TAREK KUZBARI MEA, Picus
FIGHTING MALWARE ATTACKS AND FRAUD ATTEMPTS REQUIRES A PROACTIVE APPROACH
How does our current strategy address the mitigation of fraudulent activities, especially concerning the safeguarding of sensitive data amidst the evolving cybersecurity threats?
Since we are handling patient data, the risk is high even the likelihood is low.. The following general framework that organization often employ to mitigate fraudulent activities and safeguard sensitive data amidst evolving cybersecurity threats.
Risk Assessment: Regularly assess and identify potential
“Employee training and awareness programs are integral components of healthy defences against fraudulent schemes.”
vulnerabilities in your systems and processes that could lead to fraudulent activities or data breaches. This involves understanding the types of threats our organization faces and the potential impact they could have.
Security Measures: Implement robust security measures such as encryption, MFA, firewalls, intrusion detection systems, SSO,
CISO OPINION CORNER
DEEPAK CHERAPARAMBIL IT Director Global Care Hospital
05 APRIL 2024
periodic user access reviews, VA and antivirus software to protect sensitive data and prevent unauthorized access.
Employee Training: Educate employees about cybersecurity best practices, including how to recognize phishing attempts, the importance of strong passwords, and how to handle sensitive information securely. Human error is often a significant factor in security breaches, clear desk and clear screen, so ongoing training and awareness are crucial. Mandatory awareness program conducting every quarter for all employees.
Monitoring and Detection: Utilize advanced monitoring tools and techniques to detect suspicious activity in real-time. This could include network monitoring, log analysis, and the use of artificial intelligence and machine learning algorithms to identify anomalous behaviour.
Incident Response Plan: Developed a comprehensive incident response plan that outlines the steps to take in the event of a security breach or fraudulent activity. This plan should include procedures for containing the incident, assessing the damage, notifying stakeholders, and restoring systems and data. The IR team sitting every quarter and discuss about the updates and regular status.
Regular Audits and Reviews: Conduct regular audits, such as internal audits, of our security measures and processes to ensure they remain effective against evolving threats. This could involve external audits as well as third-party security assessments.
Compliance with Regulations: Ensure compliance with relevant cybersecurity regulations and standards, such as ISO 27001, ADHICS. Compliance frameworks often provide guidelines and requirements for protecting sensitive data and mitigating fraud.
Continuous Improvement: Cybersecurity is an ongoing process, so continuously monitor and adapt your strategy to address emerging threats and vulnerabilities. Stay informed about new developments in cybersecurity technology and best practices.
By incorporating these elements into your strategy, we can better mitigate fraudulent activities and safeguard sensitive data in the face of evolving cybersecurity threats. As a conclusion we can say prevention is better than cure.
What proactive measures have been adopted to combat malware attacks and fraud attempts, taking
into account the heightened sophistication of malicious actors in perpetrating fraudulent activities?
Fighting malware attacks and fraud attempts requires a proactive approach that evolves alongside the complexity of malicious actors. The below proactive measures that can often adopt:
Advanced Threat Detection: Implement advanced threat detection systems that use machine learning, AI, and behavioural analytics to identify and respond to malware and fraud attempts in real-time. These systems can detect unusual patterns or anomalies that may indicate malicious activity.
Endpoint Security: Strengthen endpoint security by deploying endpoint protection platforms and endpoint detection and response (EDR) solutions. These tools help protect devices from malware infections and provide visibility into endpoint activities for early threat detection. If this can integrate with other monitor tools such as SIEM, incident notification, auto response like isolation will serve addition layer beneficts.
Email Security: Enhance email security to prevent phishing attacks and malware distribution through email. This includes implementing email filtering solutions, conducting regular phishing awareness training for employees, and using email authentication protocols like SPF, DKIM, and DMARC to verify the authenticity of incoming emails.
Web Security: Employ web security measures such as web application firewalls (WAFs) and secure web gateways to protect against web-based attacks and malicious websites. These solutions can block access to known malicious sites and inspect web traffic for signs of malware activity.
Patch Management: Establish a robust patch management process to promptly apply security patches and updates to software and systems. Many malware attacks exploit known vulnerabilities for which patches are already available, so timely patching is crucial for reducing the risk of exploitation. The patches should cover operating system and third party applications as well.
Data Encryption: Implement encryption techniques to protect sensitive data both in transit and at rest. Encryption helps prevent unauthorized access to data even if it is intercepted or stolen by malicious actors. Periodic checking of encryption mechanism and updates are important.
User Access Controls: Enforce strict user access controls and least privilege principles to limit the exposure of sensitive systems and data to potential threats. This includes implementing strong authentication mechanisms, role-based access controls, and periodic access reviews.
Incident Response Exercises: Conduct regular incident response exercises and simulations to test the effectiveness of your response plans and improve incident response capabilities. This proactive approach helps ensure that our organization is prepared to effectively mitigate and recover from malware attacks and fraud attempts, also this can show us the employees’ effectiveness of incident reporting and response.
By adopting these proactive measures and continuously adapting to the evolving strategies of malicious actors, organization can strengthen their defences against malware attacks and fraud attempts.
In the context of fraud mitigation, do our employees receive comprehensive training and awareness programs regarding cybersecurity
best practices and potential threats? How integral is this employee training program in fortifying our defenses against fraudulent schemes?
Employee training and awareness programs are integral components of healthy defences against fraudulent schemes. These programs are critical because human error and ignorance often serve as significant vulnerabilities in an organization's cybersecurity posture. Here's how comprehensive training and awareness programs can contribute to fraud mitigation:
Understanding Threats: Training programs educate employees about various types of fraudulent schemes, including phishing attacks, social engineering tactics, and insider threats. By understanding these threats, employees can recognize suspicious activities and take appropriate action to mitigate risks.
Cybersecurity Best Practices: Employees learn cybersecurity best practices such as creating strong passwords, identifying phishing emails, securely handling sensitive information, and reporting security incidents promptly. These practices help minimize the likelihood of falling victim to fraudulent activities.
Compliance with Policies and Procedures:
CISO OPINION CORNER
06 APRIL 2024
Training programs familiarize employees with the organization's cybersecurity policies, procedures, and compliance requirements. This ensures that employees understand their roles and responsibilities in safeguarding sensitive data and adhering to regulatory standards.
Simulated Phishing Exercises: Some training programs incorporate simulated phishing exercises to test employees' ability to recognize and respond to phishing attempts. These exercises provide valuable feedback and help reinforce the importance of vigilance in identifying fraudulent schemes.
Continuous Learning and Updates: Cyber threats are constantly evolving, so ongoing training programs ensure that employees stay informed about new threats and emerging trends in cybersecurity. Regular updates to training materials help employees stay vigilant and adapt to changing threats.
Security Awareness: Comprehensive training and awareness programs contribute to building a culture of security awareness within the organization. When cybersecurity becomes deep-rooted in the organizational culture, employees become more proactive in identifying and addressing security risks, thereby strengthening overall defences against fraudulent schemes.
Reducing Insider Threats: Training programs also address insider threats by educating employees about the potential consequences of insider fraud and the importance of ethical behaviour in handling sensitive information. This helps mitigate the risk of insider-driven fraudulent activities.
Overall, comprehensive training and awareness programs play a crucial role in healthy defences against fraudulent schemes by empowering employees with the knowledge and skills needed to identify, mitigate, and report potential security threats.
How are our security platforms adapted to confront emerging cyber threats, particularly those leveraging advanced AI techniques for perpetrating fraudulent activities?
To adapt security platforms to confront emerging cyber threats, especially those leveraging advanced AI techniques for perpetrating fraudulent activities, several key strategies can be implemented in the organization.
AI-Powered Threat Detection and Prevention:
Integrate AI-driven solutions into security platforms to enhance threat detection capabilities. These solutions can analyse large volumes of data in real-time to identify patterns indicative of fraudulent activities, such as anomalies in user behaviour or network traffic. By leveraging machine learning algorithms, these platforms can continuously learn and adapt to evolving threats.
Behavioural Analysis and Anomaly Detection: Implement behavioural analysis and anomaly detection techniques to identify suspicious activities. By monitoring for deviations from normal behaviour patterns, security platforms can detect potential fraud attempts, even if they are using sophisticated AI techniques to mimic legitimate behaviour.
Adversarial Machine Learning Défense: Develop defences against adversarial machine learning attacks, where malicious actors attempt to manipulate AI models or evade detection using AI-driven techniques. This involves training AI models to recognize and mitigate adversarial attacks, as well as implementing techniques such as model diversification and robustness testing. Threat Intelligence Integration: Integrate threat intelligence feeds into security platforms to stay informed about emerging cyber threats and attack trends. By leveraging up-to-date threat intelligence data, security platforms can better identify and respond to fraudulent activities leveraging advanced AI techniques. User Behaviour Monitoring: Monitor user behaviour across various digital channels to detect potential indicators of fraudulent activities, such as unusual login locations or access patterns. Analysing user behaviours in real-time, security platforms can identify and mitigate fraudulent activities before they cause significant harm.
Automated Response and Remediation:
Implement automated response and remediation capabilities within security platforms to swiftly mitigate detected threats. Automating response actions based on predefined policies and rules, security platforms can minimize the impact of fraudulent activities and reduce response times.
Continuous Improvement and Adaptation:
Continuously assess and update security platforms to address emerging cyber threats and evolving attack techniques. Regularly review and enhance AI models, algorithms, and detection mechanisms to stay ahead of sophisticated fraud attempts leveraging advanced AI techniques.
Collaborative Défense Efforts: Foster collaboration and information-sharing with other organizations, industry partners, and cybersecurity communities to collectively combat emerging cyber threats. By sharing insights, threat intelligence, and best practices, security platforms can benefit from a broader understanding of emerging threats and effective defence strategies. Implementing these strategies, security platforms can better adapt to confront emerging cyber threats, including those leveraging advanced AI techniques for perpetrating fraudulent activities. Alos, proactive approach helps the organization stay ahead of evolving threats and safeguard their systems, data, and assets effectively.
Considering the rising prevalence of attacks targeting APIs and cyberphysical systems, do our security practices adequately address these emerging threats, or do they lag behind in terms of fraud mitigation measures?
To assess whether our security practices adequately address the rising prevalence of attacks targeting APIs and cyber-physical systems, it's essential to review the measures in place to secure APIs, including authentication, authorization, encryption, and monitoring. Ensure that APIs are protected against common threats such as injection attacks, broken authentication, and improper error handling. Additionally, consider implementing API gateways or security solutions specifically designed to protect APIs from attacks.
How are organizations implementing the principles of zero trust security to fortify protection against fraudulent activities, both internally and externally?
Implementing the principles of zero trust security is crucial for fortifying protection against fraudulent activities, both internally and externally.
Identity Verification:
Zero trust security starts with verifying the identity of users and devices attempting to access resources. This involves implementing multi-factor authentication (MFA) and strong identity verification mechanisms to ensure that only authorized entities can access sensitive systems and data.
CISO OPINION CORNER
07 APRIL 2024
Least Privilege Access: Organizations apply the principle of least privilege, granting users only the minimum level of access required to perform their job functions. By restricting access based on user roles and responsibilities, organizations can limit the potential damage caused by insider threats and external attackers who gain unauthorized access.
Micro-Segmentation: Implementing microsegmentation divides the network into smaller, isolated segments, with strict access controls enforced between them. This prevents lateral movement by attackers and contains potential breaches, reducing the attack surface and limiting the impact of fraudulent activities.
Continuous Monitoring and Analytics: Zero trust security relies on continuous monitoring and analytics to detect anomalies and suspicious activities in real-time. Analysing user behaviours, network traffic, and system activity, organizations can identify potential threats and respond promptly to mitigate the risk of fraudulent activities.
Encryption and Data Protection: Zero trust security emphasizes the importance of encrypting data both in transit and at rest to protect it from unauthorized access. Implementing encryption technologies and data protection measures, organizations can ensure the confidentiality and integrity of sensitive information, even in the event of a breach.
Device and Endpoint Security: Zero trust extends to devices and endpoints, requiring organizations to implement robust security measures to protect against malware, phishing, and other threats. This includes endpoint protection solutions, secure configuration management, and continuous monitoring of device health and compliance.
Policy-Based Controls: Zero trust security relies on policy-based controls to enforce security measures consistently across the organization. Defining rough access policies based on user attributes, device characteristics, and other contextual factors, organizations can dynamically adapt security controls to evolving threats and business needs.
Automation and Orchestration: Automation and orchestration play a crucial role in zero trust security, enabling organizations to automate routine tasks, such as access provisioning and threat response, and orchestrate security workflows across heterogeneous environments. This improves operational efficiency and reduces the risk of human error in security operations.
Zero trust provides a holistic approach to security, focusing on continuous verification, strict access controls, and adaptive security measures to defend against evolving threats in today's digital landscape.
What advice would you provide for formulating a comprehensive cybersecurity strategy that encompasses fraud mitigation efforts across all facets of our organization's digital assets, including networks, systems, applications, and data?
Start by conducting a comprehensive inventory of the organization's digital assets, including networks, systems, applications, and data. Understand the value and sensitivity of each asset to prioritize protection efforts effectively. Identify the risk and threats will provide the clear picture of what action needs to carry forward. Every organization risk outcome will vary depends upon their data and business strategy. Employee awareness and periodic reviews can provide better outcome from the insider frauds. Backup and recovery test can help to showcase the data availability in case of unknown incident occurred. Invest on the right solution on right time, and monitor the controls logs and respond on time.
In the context of fraud mitigation, what strategies and measures would you recommend for effectively mitigating AI-related security risks, particularly concerning the adoption of a zero trust security framework?
Mitigating AI-related security risks within the context of fraud mitigation requires a proactive approach that integrates AI-specific strategies into a zero trust security framework. Ensure that third-party AI solutions and services integrated into the organization's ecosystem adhere to rigorous security standards and best practices. This includes conducting thorough security assessments, vetting vendors for security capabilities, and implementing secure integration mechanisms to mitigate the risk of AI-related security.
Incorporate security considerations into the entire AI development lifecycle, from data collection and model training to deployment and operation. This includes implementing secure coding practices, conducting thorough security assessments, and performing rigorous testing to identify and mitigate AI-related security risks early in the development process. It's crucial to adopt a proactive and adaptive approach to security that continuously monitors, detects, and responds to emerging AI-related threats to maintain the integrity and trustworthiness of AI systems. ë
CISO OPINION CORNER 08 APRIL 2024
ADAPTABILITY IS KEY TO MAINTAINING THE INTEGRITY OF OUR SECURITY INFRASTRUCTURE
How does our current strategy address the mitigation of fraudulent activities, especially concerning the safeguarding of sensitive data amidst the evolving cybersecurity threats?
Our current strategy employs a multi-layered approach to mitigate fraudulent activities and safeguard sensitive data. This includes the use of advanced machine learning algorithms for anomaly detection, robust encryption methods for data protection, regular security audits, and
continuous employee training on the latest cybersecurity threats. We also have incident response plans in place to quickly address any security breaches. This comprehensive approach ensures we stay ahead of evolving cybersecurity threats.
“Our employees receive comprehensive training and awareness programs on cybersecurity best practices and potential threats. This includes recognizing phishing attempts, using strong passwords, and understanding the importance of regular software updates.”
GOUTAM PUDOTA Director – Infra and Security IFFCO
CISO OPINION CORNER 09 APRIL 2024
What proactive measures have been adopted to combat malware attacks and fraud attempts, taking into account the heightened sophistication of malicious actors in perpetrating fraudulent activities?
We have adopted proactive measures such as deploying advanced anti-malware software, conducting regular system vulnerability assessments, and implementing strong access controls. We also use threat intelligence to stay updated on the latest malware trends and tactics used by malicious actors. Additionally, we have a dedicated cybersecurity team that continuously monitors our systems for any suspicious activities. These measures help us combat malware attacks and fraud attempts effectively.
In the context of fraud mitigation, do our employees receive comprehensive training and awareness programs regarding cybersecurity best practices and potential threats? How integral is this employee training program in fortifying our defenses against fraudulent schemes?
Yes, our employees receive comprehensive training and awareness programs on cybersecurity best practices and potential threats. This includes recognizing phishing attempts, using strong passwords, and understanding the importance of regular software updates. This training is integral
to our defense strategy as it empowers each employee to act as a human firewall, thereby significantly reducing the risk of fraudulent schemes. It’s a crucial part of our proactive approach to fraud mitigation.
How are our security platforms adapted to confront emerging cyber threats, particularly those leveraging advanced AI techniques for perpetrating fraudulent activities?
Our security platforms are continuously updated to confront emerging cyber threats. We leverage advanced AI and machine learning techniques for real-time threat detection and response. These systems are trained on the latest threat intelligence to identify even the most sophisticated attacks. Furthermore, we conduct regular security audits and updates to ensure our defenses remain robust against evolving threats, including those leveraging advanced AI techniques for fraudulent activities. This adaptability is key to maintaining the integrity of our security infrastructure.
Considering the rising prevalence of attacks targeting APIs and cyberphysical systems, do our security practices adequately address these emerging threats, or do they lag behind in terms of fraud mitigation measures?
Our security practices are designed to adequately address emerging threats, including those targeting APIs and cyber-physical
systems. We employ API security measures such as authentication, encryption, and regular vulnerability scanning. For cyber-physical systems, we implement security controls at each layer - from physical to application - and conduct regular system audits. We continuously update these practices based on the latest threat landscape to ensure we do not lag behind in our fraud mitigation measures. This proactive approach helps us stay ahead of potential threats.
How are organizations implementing the principles of zero trust security to fortify protection against fraudulent activities, both internally and externally?
Organizations are implementing the principles of zero trust security by assuming no user or device is trustworthy, regardless of whether they are inside or outside the network perimeter. This involves strict identity verification for every person and device trying to access resources on a private network, leastprivileged access, and micro-segmentation of the network. These measures help in fortifying protection against fraudulent activities by ensuring that even if a malicious actor gains access, their movements within the system are limited and closely monitored. This approach provides robust defense mechanisms both internally and externally.
What advice would you provide for formulating a comprehensive cybersecurity strategy that encompasses fraud mitigation efforts across all facets of our organization's digital assets, including networks, systems, applications, and data?
Formulating a comprehensive cybersecurity strategy requires a holistic approach that encompasses all facets of an organization’s digital assets. Here are some key steps:
1. Risk Assessment: Identify and assess potential risks across all digital assets, including networks, systems, applications, and data. This will help prioritize areas that require the most attention.
2. Implement Robust Security Measures: Deploy advanced security measures such as firewalls, intrusion detection systems, encryption, and secure access controls.
CISO OPINION CORNER 10 APRIL 2024
Regularly update these measures to confront emerging threats.
3. Adopt a Zero Trust Framework: Assume no user or device is trustworthy, regardless of their location. Implement strict identity verification, least-privileged access, and network segmentation.
4. Continuous Monitoring: Implement realtime monitoring of all digital assets to detect and respond to threats promptly. Leverage advanced AI and machine learning techniques for effective threat detection.
5. Employee Training: Regularly train employees on cybersecurity best practices and potential threats. Employees are often the first line of defense against cyber threats, so their awareness is crucial.
6. Incident Response Plan: Have a welldefined incident response plan in place. This should include steps to contain the incident, eradicate the threat, recover from the incident, and lessons learned.
7. Regular Audits and Updates: Conduct regular security audits to identify any gaps in the security posture. Also, keep all systems and software updated to protect against known vulnerabilities.
8. Data Protection: Implement robust data protection measures, including data encryption, secure data storage, and secure data transmission. Also, ensure compliance with all relevant data protection regulations.
A comprehensive cybersecurity strategy is not a one-time effort but a continuous process that evolves with the changing threat landscape. It requires the commitment and involvement of all members of the organization
In the context of fraud mitigation, what strategies and measures would you recommend for effectively mitigating AI-related security risks, particularly concerning the adoption of a zero trust security framework?
In the context of fraud mitigation, mitigating AI-related security risks, particularly concerning the adoption of a zero trust security framework, involves several strategies and measures:
AI Security Training: Train AI models on diverse and comprehensive datasets to improve their ability to detect and respond to threats. Regularly update these models with the latest threat intelligence.
Robust Validation: Implement robust validation and testing processes for AI models to ensure they perform as expected and do not introduce new vulnerabilities.
Secure AI Infrastructure: Secure the infrastructure used to develop and deploy AI models. This includes securing data
storage and processing environments and implementing strong access controls.
Monitoring and Auditing: Continuously monitor AI systems for any suspicious activities. Regularly audit AI systems to ensure they comply with all relevant security standards and regulations.
Zero Trust Framework: Implement a zero trust framework where every user and device is treated as potentially untrustworthy, regardless of their location. This involves strict identity verification, least-privileged access, and network segmentation.
AI Ethics and Governance: Establish clear AI ethics and governance guidelines. This includes guidelines on data privacy, transparency, accountability, and fairness.
Incident Response Plan: Have a well-defined incident response plan in place that includes steps to contain and recover from AI-related security incidents.
Collaboration and Information Sharing: Collaborate and share information with other organizations and security vendors. This can help stay updated on the latest AI-related security threats and mitigation strategies.
Mitigating AI-related security risks is not a one-time effort but a continuous process that evolves with the changing threat landscape. It requires the commitment and involvement of all members of the organization. ë
CISO OPINION CORNER 11 APRIL 2024
STAYING AHEAD IN 2024 WILL REQUIRE A PROACTIVE AND ADAPTIVE CYBERSECURITY APPROACH
“AI enables predictive analysis, enhancing our ability to foresee potential threats, while machine learning algorithms continuously refine detection capabilities based on evolving patterns.”
12 APRIL 2024
IMAD ALDHFIRI Head of Cybersecurity Risk Monitoring Function Saudi Aramco
As a Security Officer, what are the key responsibilities that define your role within the organization?
As a Security Officer my primary responsibilities revolve around ensuring the organization's security posture aligns with industry standards and regulations. This involves spearheading strategic security initiatives, overseeing risk assessments, and establishing strong governance frameworks. I'm accountable for organizing risk management efforts, conducting thorough audits, and implementing, monitoring, and reporting proactive measures to mitigate potential risks.
Can you share some insights into your organization's cybersecurity strategy for 2024? What are the key focus areas?
Our cybersecurity strategy for 2024 starts with the continuous enhancement of the strategy from a Governance, Risk, and Compliance (GRC) perspective, consider implementing stronger standards to evaluate the effectiveness of security measures. Maintaining and enhancing key performance indicators (KPIs) aligned with industry standards allows for continual evaluation and improvement. This might involve criteria related to threat detection rates, incident response times, compliance observance, and the efficiency of risk reduction strategies. Also, integrating a risk-based approach within the CISO organization is pivotal. Conducting regular risk assessments helps identify, prioritize, and moderate potential threats. Implementing frameworks such as NIST (National Institute of Standards and Technology) or ISO (International Organization for Standardization) standards can provide structured guidelines for risk management and compliance.
With the rapid evolution of technology, what emerging trends in cybersecurity do you believe will have the most significant impact on organizations in 2024?
Well I believe, in 2024, several emerging cybersecurity trends are poised to significantly impact organizations. Firstly, the rise of edge computing and the Internet of Things
(IoT) will introduce new attack surfaces, necessitating sturdy security measures to safeguard interconnected devices and networks. Secondly, the growing importance of privacy regulations worldwide will drive organizations to prioritize data protection and compliance. Lastly, the expanding threat landscape around supply chain attacks will force organizations to enhance provider risk management strategies. Staying ahead in 2024 will require a proactive and adaptive cybersecurity approach that integrates these trends into comprehensive defense strategies.
How are you incorporating new technologies, such as AI and machine learning, into your cybersecurity strategy?
Incorporating new technologies like AI and machine learning into the cybersecurity strategy is pivotal. These innovations serve as force multipliers in the defense mechanisms. AI enables predictive analysis, enhancing our ability to foresee potential threats, while machine learning algorithms continuously refine detection capabilities based on evolving patterns. These technologies automate routine tasks, freeing up resources for more strategic security initiatives. By leveraging AI and machine learning, we're not just strengthening our defenses against known threats but also significantly enhancing the agility to adapt and respond to emerging cybersecurity risks in real time.
In what ways do you consider environmental and social impacts when making cybersecurity decisions?
In cybersecurity decision making, a holistic viewpoint is crucial, considering both environmental and social impacts. Recognizing that choices in the digital sphere can affect communities and the environment, ethical considerations take precedence. Upholding data privacy and aligning security measures with societal values is a priority. Collaboration with ethical suppliers and fostering a secure digital space are key aspects of this approach. The aim is to contribute to a safe, inclusive digital landscape, mindful of broader societal and environmental responsibilities.
What initiatives or training programs have you implemented to enhance cybersecurity awareness among employees?
Within the domain of cybersecurity, enhancing awareness among employees involves versatile initiatives. Considering this importance, many tailored training programs were implemented covering fundamental practices and real-world scenarios, catering to different roles within the organization. Interactive simulations, like phishing exercises, provide hands-on experience to recognize and tackle potential threats. Informative materials,
COVER FEATURE 13 APRIL 2024
and newsletters keep everyone updated on emerging risks and proactive measures with a goal is to foster a culture where every individual becomes a proactive defender against evolving cyber threats.
How do you ensure that the organization remains compliant with relevant cybersecurity regulations and frameworks?
Maintaining compliance with cybersecurity regulations involves a proactive approach. We keep abreast of regulatory changes and conduct regular audits to assess the adherence. Our strategy includes developing and implementing robust policies aligned with these regulations. A dedicated team oversees compliance enforcement and updates while collaborating with legal experts to ensure accuracy. Leveraging specialized tools and continuous monitoring supports the efforts in staying aligned with evolving cybersecurity standards without disclosing specific operational details.
What tools and technologies do you use to monitor and detect potential cybersecurity threats and vulnerabilities?
Well, in general and as a cybersecurity practice,
organizations leverage a diverse range of tools and technologies to effectively monitor and detect potential threats and vulnerabilities. While the specific tools may vary depending on the organization's unique requirements and the threat landscape, we employ industry-leading solutions in line with best practices. This includes network intrusion detection systems, endpoint detection, and sophisticated security information and event management platforms. These tools provide us with comprehensive visibility into network and systems, helping us identify anomalies and potential threats in real-time.
Diversity and inclusion are increasingly recognized as essential in all industries. How does your organization promote diversity and inclusion within the cybersecurity team?
At our organization, fostering diversity and inclusion within the cybersecurity team is a fundamental priority. We have implemented several initiatives to promote a diverse and inclusive work environment. In the organization there is emphasize on fostering teamwork, open communication, diversity and inclusion where the cybersecurity team reflects a wide range of backgrounds and perspectives, to ensure creating a team where everyone
feels valued, respected, and empowered to contribute their unique skills and perspectives to our cybersecurity endeavors.
Based on your experience, what advice would you give to others a aiming to enhance their cybersecurity posture?
Drawing from experience, my advice for enhancing cybersecurity posture would emphasize the significance of aligning security practices with cybersecurity regulations. Complying with these regulations forms a critical foundation for a resilient security stance. Prioritize understanding and abiding by relevant regulations, as they often encapsulate industry standards and best practices. Implement measures that consistently meet these compliance requirements, as they not only bolster defenses but also alleviate risks associated with non-compliance. Lastly, establishing incident response plans and a durable recovery strategy is vital to ensures a rapid and efficient response if a breach occurs, minimizing its impact and facilitating a quicker recovery process. Following these recommendations, organizations can enhance their cybersecurity position and better protect their critical assets and data from cyber threats.ë
COVER FEATURE 14 APRIL 2024
ZERO TRUST IS A SECURITY MODEL THAT ASSUMES NO IMPLICIT TRUST
How does our current strategy address the mitigation of fraudulent activities, especially concerning the safeguarding of sensitive data amidst the evolving cybersecurity threats?
The Emirates Policy Center has developed a thorough strategy to counter fraudulent activities and protect sensitive data amidst evolving cybersecurity challenges. This strategy encompasses several key elements: regular risk assessments, utilization of cutting-edge technologies like firewalls and encryption, extensive employee training in cybersecurity awareness, stringent access control measures, establishment of a comprehensive incident response plan, collaboration with external entities for threat intelligence sharing, adhere to regulations, and ongoing monitoring and heads-up to emerging threats. Through these continuous efforts, the Center is committed to upholding the security and confidentiality of its data in the face of dynamic cybersecurity threats.
What proactive measures have been adopted to combat malware attacks and fraud attempts, taking into account the heightened sophistication of malicious actors in perpetrating fraudulent activities?
To stay ahead of malware attacks and fraud attempts, the Emirates Policy Center has put together a strong defense plan. We use smart technology that can quickly spot and stop new malware threats using artificial intelligence and machine learning. We also regularly check for weaknesses in their security and fix them before bad guys can take advantage. Employees get special training to spot tricks like phishing emails and stop fraudsters from getting in. This helps make sure the organization stays safe from cyber threats. Additionally, the Center strengthens its cybersecurity defenses through various technical measures, installs strong security software on individual devices, like antivirus programs, to stop malware from infecting them, also improves email security to prevent phishing attacks and the spread of malware through email. Actively sharing threat intelligence with others keeps the Center informed about new cyber threats, allowing quickly adjusting defenses. These proactive steps help the Emirates Policy Center become more resistant to malware and fraud from skilled cyber attackers in the
“Through collaboration with industry peers and regular updates and patch management, the Center ensures its security infrastructure remains robust and resilient against the ever-evolving cyber threat landscape.”
JINSON PAPPACHAN Head of Information Security
Emirates
Policy Center, Abu Dhabi
CISO OPINION CORNER 16 APRIL 2024
ever-changing cybersecurity world.
In the context of fraud mitigation, do our employees receive comprehensive training and awareness programs regarding cybersecurity best practices and potential threats? How integral is this employee training program in fortifying our defenses against fraudulent schemes? Indeed, comprehensive training and awareness initiatives concerning cybersecurity best practices and potential threats are vital components of the Emirates Policy Center's strategy to combat fraud. Employees undergo continuous education and training in cybersecurity to ensure they possess the knowledge and skills needed to effectively identify and address fraudulent activities. These programs cover a broad spectrum of topics, including recognizing phishing attempts, practicing secure password management, understanding social engineering tactics, and emphasizing the importance of data protection. Additionally, intensified awareness among employees fosters a culture of cybersecurity consciousness across the organization, encouraging proactive risk mitigation and swift incident response.
How are our security platforms adapted to confront emerging cyber threats, particularly those leveraging advanced AI techniques for perpetrating fraudulent activities?
The security systems used by the Emirates Policy Center are always changing to fight new cyber threats, especially focused on stopping sneaky attacks that use advanced AI. These systems use smart technology to spot unusual behavior and suspicious activity, so we can stop problems before they get worse. Through collaboration with industry peers and regular updates and patch management, the Center ensures its security infrastructure remains robust and resilient against the ever-evolving cyber threat landscape.
Considering the rising prevalence of attacks targeting APIs and cyberphysical systems, do our security practices adequately
address these emerging threats, or do they lag behind in terms of fraud mitigation measures?
The capability of security practices within the industry to address the increasing threats targeting APIs and cyber-physical systems varies. While some organizations have implemented strong measures to mitigate these risks, others may not be as advanced. Factors such as budget limitations, resource availability, and the evolving nature of threats can affect the adequacy of security measures. Additionally, the nature of cyber-physical systems and the complexity of APIs pose unique challenges that may require specialized expertise and technologies for effective mitigation. Continuous assessment, adaptation, and investment in cybersecurity strategies are crucial to staying ahead of evolving threats and ensuring sufficient fraud mitigation measures across industries in the UAE.
How are organizations implementing the principles of zero trust security to fortify protection against fraudulent activities, both internally and externally?
Organizations are implementing the principles of zero trust security to enhance protection against fraudulent activities, both internally and externally, by adopting a holistic approach to cybersecurity. Zero trust is a security model that assumes no implicit trust, even within the internal network, and requires verification of every user and device attempting to connect to resources, regardless of their location or network environment. Multi-factor authentication (MFA) is also commonly employed to ensure that even if credentials are compromised, unauthorized access is prevented. implementing robust identity and access management (IAM) solutions, continuously monitoring for anomalous behavior, and encrypting data both at rest and in transit.
What advice would you provide for formulating a comprehensive cybersecurity strategy that encompasses fraud mitigation efforts across all facets of our organization's digital assets, including networks, systems,
applications, and data?
Organizations are taking proactive steps to strengthen their cybersecurity posture and mitigate fraudulent activities. This includes conducting thorough risk assessments to identify vulnerabilities and prioritize mitigation efforts, establishing clear governance structures for cybersecurity, and implementing zero trust security principles to control and monitor access to digital assets. Continuous monitoring solutions are deployed, and threat intelligence feeds are integrated to stay informed about emerging threats. Comprehensive cybersecurity training and awareness programs are provided to all employees to enhance their understanding of security best practices. Networks and systems are secured using firewalls/Advanced networking tools, application security is ensured through secure coding practices and routine assessments. Additionally, data loss prevention (DLP) solutions can be a good choice to protect sensitive data and ensure compliance with cybersecurity regulations and standards.
In the context of fraud mitigation, what strategies and measures would you recommend for effectively mitigating AI-related security risks, particularly concerning the adoption of a zero trust security framework?
To effectively mitigate AI-related security risks, several key strategies and measures are crucial. Implementing continuous monitoring systems powered by AI helps detect anomalies indicative of fraudulent activities, while behavioral analysis algorithms identify deviations from normal behavior patterns. Robust authentication mechanisms, micro-segmentation, and least privilege access controls ensure only authorized users and devices can access sensitive data. Integrating threat intelligence feeds enables proactive adjustments to security measures, while secure model development practices and encryption techniques safeguard data integrity. Regular security assessments and incident response planning are essential for identifying and addressing vulnerabilities promptly. Additionally, comprehensive employee training and awareness programs ensure staff understand AI-related security risks and adhere to security protocols effectively. By implementing these measures, organizations can effectively mitigate AI-related security risks and enhance their fraud mitigation efforts within a zero trust security framework. ë
CISO OPINION CORNER 17 APRIL 2024
Transformative influence of AI explored at the 10th Future IT Summit
18 APRIL 2024
The 10th Future IT Summit unveiled the transformative impact of Artificial Intelligence (AI) on the global technological landscape, with a special focus on the United Arab Emirates. This groundbreaking event, known as FITS, convened thought leaders, industry pioneers, and tech enthusiasts across multiple countries, including Saudi Arabia, India, Singapore, and the UAE, to commemorate a decade of excellence and innovation in technology.
FITS delved into the vibrant tech ecosystems and forward-thinking initiatives propelling AI innovation in each host
country, including the UAE. Renowned for its ambitious vision and rapid technological advancements, the UAE stood as a beacon of innovation in the region. With initiatives such as the UAE Vision 2021 and the Emirates AI Strategy 2031, the country was at the forefront of embracing AI technologies to drive economic growth, enhance government services, and foster innovation across various sectors.
In alignment with these initiatives, FITS featured sessions exploring AI's role in the UAE's digital transformation journey. From discussions on AI governance and innova-
tion in government services to strategies for harnessing the power of AI in enterprise IT, attendees gained valuable insights into the UAE's commitment to leveraging AI for sustainable development and global competitiveness.
Insightful discussions, interactive workshops, and visionary keynote sessions at FITS illuminated the path forward in the dynamic landscape of artificial intelligence, with a spotlight on the UAE's contributions and aspirations in this domain.
19 APRIL 2024
Highlighted Topics Included:
• Dare to Change - The Three Commitments of Exceptional Leaders presented by Ali El Kontar | Founder and CEO, Zero&One
• The Future of Leadership in an AI-Driven Era: Navigating Opportunities and Challenges
• What HR Professionals Need to Know
• CIO Strategies for Harnessing the Power of AI in Enterprise IT
• Thought Leader Keynote - Dr. Ebrahim Al Alkeem | President of KU Alumni Council, Khalifa University
• AI Trends and Strategies for Finance Professionals
• AI and Economic Growth: From Startups to Global Enterprises
EVENT 20 APRIL 2024
Joining the 10th Future IT Summit allowed participants to be part of the dialogue shaping AI's trajectory in the coming decade, with a keen focus on the UAE's pivotal role in this journey. The event showcased the convergence of technology, investment, and expertise that will define the digital future of the UAE and beyond.
Our esteemed speakers at the event
1. Sandra Reivik | Head of AI Development
2. Kamran Ali | AI and Analytics Program Manager, EMEA/GE Healthcare
3. Dr. Zeyad Sarairah | Artificial Intelligence Expert
4. Shameed Sait | Head of Artificial Intelligence, GEMS Education
5. Awad Ahmed Ali El | Sidiq Head of Artificial Intelligence & Analytics, ADNOC Distribution
6. Ali El Kontar | Founder and CEO, Zero&One
7. Angie Safi | Head of TA Operations, GE Vernova
8. Sana Qureshi | Group HR Head, Midstar
9. Kabira Bhotporia | Head of HR, JLL
10. Dr. Zahir Malik | CHRO, Noble Group
11. Sheena Rajan | Group CHRO
12. Amielyn Galvo | Senior Manager, Huhtamaki
13. Fajis Moossa | HR Operation Manager, Nesto Group
14. Sebastian Samuel | CIO, AW Rostamani Group
15. Dr. Jassim Al Awadhi | Digital Transformation Principal and AI Researcher, Du
16. Somy Varghese | Head of Digital Transformation & Technology, Etoile Group
17. Salahuddin Almohammadi | Group IT Director, HSA Group
18. Dr. Ebrahim Al Alkeem | President of KU Alumni Council, Khalifa University
19. Ashit Dugar | Senior Finance Manager, Petrofac
20. Venkataramana (Venkat) Suryanarayanan | Chief Financial Officer, SFC Group
21. Ali Abouda | Group Chief Financial Officer, Gulf Navigation Holding PJSC
22. Fouad Chahmi | Director Of Finance And Administration, Arthur D. Little
23. Khalid Chami | Group Chief Financial Officer, Ali & Sons Holding LLC
24. Sheik Abdullah Jamal Mohideen | Data, Governance and Engagement Manager -Sheikh Shakhbout | Medical City
25. Dr. Chan Yeob Yeun | Associate Professor, Khalifa University, Abu Dhabi, UAE
26. Shaker Alowainati | Chief Technology Officer, INDEX HOLDING
27. Olaf Penne | Data, Analytics and AI Strategist, Delivering Training, EDGE
28. Dr. Jassim Haji | President, IGOAI
29. Lt. Colonel Dr. Hamad Khalifa Al Nuaimi | Head of Telecommunication, Abu Dhabi Police GHQ
30. Mohamed Ragab | Applications Development Section Head, Electonic Government Authority of Ras Alkhaimah
31. Anas Eltahir | CIO, Dubai Legal AffairsH.H. The Ruler’s Court
32.. Bader Zyoud | Information Security & Projects Manager, Abu Dhabi Media
Event Highlight
Top Ten Happy Tech Companies To Work For 2024
Ernst & Young AmiViz
Connor Consulting
Sprinklr
Zero&One
SUDO Consultants
StorIT Distribution FZCO
Redington
Dell Technologies
Asbis
For more information, visit https://www. futureitsummit.com
About Future IT Summit (FITS):
The Future IT Summit (FITS) is an annual event dedicated to exploring the transformative power of technology, particularly Artificial Intelligence, and its impact on various industries and regions. FITS brought together industry leaders, innovators, and enthusiasts to discuss emerging trends, challenges, and opportunities in the rapidly evolving technological landscape, with a special emphasis on the UAE’s contributions to this global conversation. ë
EVENT 21 APRIL 2024
Meet MORE tech brands Network with MORE tech professionals Discover MORE tech solutions Hear MORE ground-breaking opinions … than anywhere else on the entire African continent
◼ Ai Everything (AI x Cloud x IoT x Data) ◼ Cybersecurity ◼ Consumer Tech ◼ Digital Finance ◼ Telecoms & Connectivity ◼ North Star Africa ◼ Digital Cities ◼ Digital Health
UNLOCK AFRICA’S DIGITAL FUTURE AT GITEX AFRICA MAY 29-31, MARRAKECH, MOROCCO
IN AFRICA VISIT
THE
FIND YOUR WORLD DUBAI ORGANISED BY HOSTED BY UNDER THE AUTHORITY OF
2024 MARRAKECH
Creating A Bold Future For Africa TECH & STARTUP SHOW
Under the High Patronage of His Majesty King Mohammed VI 29 - 31 MAY
Book to secure your Early Bird Ticket today. Expires 18 April 2024 gitexafrica.com
NO SINGLE MITIGATION STRATEGY CAN GUARANTEE TOTAL PREVENTION
How does our current strategy address the mitigation of fraudulent activities, especially concerning the safeguarding of sensitive data amidst the evolving cybersecurity threats?
Cybersecurity consists of information security centric to protecting computers, networks, software, and data from unauthorized access. Some of the top threats today to the organization are:
• Ransomware
• Phishing
• Use of credential
• Data breaches
• Zero-day attacks
• Social Engineering
• Misconfiguration
“No organization can be 100% secure, but with a well-planned strategy, you can significantly reduce your risk and ensure that you are well-prepared.”
Safeguarding sensitive data and mitigating fraudulent activities in the face of ever-evolving digital landscape, cybersecurity threats is a critical endeavour. Some strategies Which can help address these challenges would be:
Ransomware: These attacks have always been on the rise and involve malicious software that encrypts a user’s files, rendering them inaccessible until a ransom is paid. Possible ways to mitigate this threat are:
• Information Security User Awareness Training and Phishing Simulation to raise awareness among the users and stakeholders.
• Securing and monitoring Remote Desktop Protocol (RDP).
• Implement MFA or Multifactor Authentication.
• Availability of backup of all or at least critical data.
23
KUMAR CISO Confidential
KISHORE
CISO OPINION CORNER 23 APRIL 2024
Phishing, a prominent category of cybersecurity attack during which malicious actors impersonates someone else and send messages pretending to be a trusted person or entity. Attacks may result in identity theft, unauthorized entry into organizations, and the execution of illicit operations. Phishing is frequently utilized to acquire credentials that enable unauthorized access to an organization. The best protection from phishing is user awareness and understanding of potential attacks. Use of email security, anti-phishing tools, strong passwords with update and patch of systems are some of very important protection mechanism.
Distributed Denial of Service (DDoS) attacks involves multiple connected online devices which overwhelm systems, networks, website, and servers with fake traffic, making system inaccessible to legitimate users. To protect from such threat:
• Invest in robust DDoS protection solutions that can detect and mitigate attacks promptly.
• Restricting direct Internet traffic to certain parts of your infrastructure.
• Use firewall, Access Control Lists (ACLs) to control what traffic reaches your applications.
• Monitor network traffic patterns to identify anomalies and respond swiftly.
• Leverage content delivery networks (CDNs) and Load Balancer to distribute traffic. Execute VAPT on timely manner. No single mitigation strategy can guarantee total prevention; however multiple combination of proactive measures can significantly enhance our posture. Awareness would remain the key strategy to address the mitigation of fraudulent activities.
What proactive measures have been adopted to combat malware attacks and fraud attempts, taking into account the heightened sophistication of malicious actors in perpetrating fraudulent activities?
Considering the increasing sophistication of malicious actors, several proactive measures are being taken to combat malware attacks and fraud attempts. Here are some strategies:
1. Malware is becoming more complex and often employs advanced tools to evade detection. Organizations need to stay informed about these tools and enhance their defences to detect and prevent their misuse.
2. Threat actors are blending in with benign network traffic by using SSL-encrypted
communication. By mimicking legitimate businesses, attackers can remain undetected for extended periods.
3. Vulnerabilities, remain primary entry points for malware propagation Prioritizing patching and timely mitigation of risks associated with exploitation is crucial.
4. Educating employees regularly about phishing attacks, social engineering, and safe online practices along with phishing simulations is essential.
5. Keeping all systems up to date with the latest security patches and updates is critical.
6. Implementing network segmentation isolates critical systems from potential threats. It limits lateral movement for attackers and reduces the impact of successful breaches.
7. Adopting the least privilege principle ensures that users and processes have only the necessary permissions.
A multi-layered approach, combining technical solutions, user education, and proactive monitoring, is essential to combat malware effectively.
In the context of fraud mitigation, do our employees receive comprehensive training and awareness programs regarding cybersecurity best practices and potential threats? How integral is this employee training program in fortifying our defenses against fraudulent schemes?
Employee training program plays a crucial role in safeguarding organizations against fraudulent schemes and cyber threats. Let’s delve into the details:
It equips employees with the ability to identify security threats when working online and with computer systems. The primary reason for employee training is to shield businesses from cybercriminals who can harm our finances, client information, and overall operations. Many securities breaches stem from human error. Employees’ lack of knowledge can expose vulnerabilities. Training employees on cybersecurity from day one and informing them of their role in protecting the company is essential. Conducing mandatory refresher sessions to reinforce knowledge about Phishing Awareness, Password Security, Access Control and Security Audits etc.
By investing in comprehensive awareness training program, organizations can fortify
their defences and stay ahead of fraudulent schemes.
How are our security platforms adapted to confront emerging cyber threats, particularly those leveraging advanced AI techniques for perpetrating fraudulent activities?
Security platforms are continuously evolving to confront emerging cyber threats, including those leveraging advanced AI techniques for fraudulent activities. AI and Machine Learning (ML) are being used for defence, strengthening network security measures, predict threats and even prevent potential attacks.
AI fraud detection is being implemented that employs machine learning to identify fraudulent activities within large datasets by training algorithms to recognize patterns and anomalies that signal possible fraud. Organization actively engaging with and adapting to regulatory changes, ensuring compliance, and influencing the development of policies that impact the digital realm. User awareness and collaboration remain crucial in staying resilient against threats.
Considering the rising prevalence of attacks targeting APIs and cyberphysical systems, do our security practices adequately address these emerging threats, or do they lag behind in terms of fraud mitigation measures?
Security practices for APIs and cyber-physical systems are evolving to address emerging threats. The complex threat environment created by increasingly interconnected cyberphysical systems demands a comprehensive approach to security. Organizations are increasingly recognizing the importance of securing APIs and cyber-physical systems (CPS)
Organizations need to fortify defences against API vulnerabilities, including authentication flaws, data exposure, and injection attacks. In terms of fraud mitigation measures, advanced analytics and machine learning are being increasingly used. Simulating advanced persistent threats and sophisticated fraud tactics can help organizations stay one step ahead.
Entities are lagging in terms that Physical security and cybersecurity divisions are
CISO OPINION CORNER 24 APRIL 2024
often still treated as separate resulting lack of holistic view of security threats targeting their organizations. Organizations with converged cybersecurity and physical security functions are more resilient and better prepared to identify, prevent, mitigate, and respond to threats. Organizations also need to align their security functions by communication, coordination, and collaboration.
How are organizations implementing the principles of zero trust security to fortify protection against fraudulent activities, both internally and externally?
Zero Trust model is about eliminating implicit trust and instead authenticate and verify all users, devices, and network traffic, regardless of their location or context.
In the last couple of years, “zero trust” has gained significant traction in the cybersecurity realm to protect networks and increase security across organizations.
To fortify protection against fraudulent activities, organizations are implementing the principles of zero trust security in several ways like.
• Establish no trust by default.
• Ensure visibility.
• Apply trust with dynamic and continuous verification.
• Use “least privilege”.
• Ensure the best possible end-user experience.
• Following Best Practices and Steps for a Successful Deployment
• Deploying the Latest Technologies and Solutions
Zero Trust is not a one-time solution but an ongoing approach to security that adapts to evolving threats and business needs.
What advice would you provide for formulating a comprehensive cybersecurity strategy that encompasses fraud mitigation efforts across all facets of our organization's digital assets, including networks, systems, applications, and data?
Formulating a comprehensive cybersecurity strategy that encompasses fraud mitigation efforts across all facets of your organization’s digital assets is a multi-step process. It is is about managing and mitigating risk, not eliminating it. No organization can be 100% secure, but with a well-planned strategy, you can significantly reduce your risk and ensure that you are well-prepared.
Some key steps to be consider are like:
• Risk Assessment to identify, classify, Understand the associated risks of your digital assets.
• Clear and comprehensive security policies
and procedures including acceptable use and password policies, IR, and DR plan.
• Implement firewalls, IDPS, encryption, and anti-malware as part of infrastructure.
• Use of strict Access Control and “least privilege”.
• Conduct regular security audit and testing.
• Employee’s awareness on latest information security trends
• Vendor risk assessment
• Continuous monitoring and improvement.
In the context of fraud mitigation, what strategies and measures would you recommend for effectively mitigating AI-related security risks, particularly concerning the adoption of a zero trust security framework?
Within the context of a zero-trust security framework, mitigating AI-related security risks requires a comprehensive and multi layered approach.
Some strategies and measures could be
• Secure Infrastructure
• Well planned security risk assessments and immediate treatment for AI applications.
• Ensure Data integrity by careful designing and testing of AI data model.
• Authorizes only approved AI applications and users as Zero Trust Architecture.
• Monitoring of system by continuous and comprehensive logging system. ë
CISO OPINION CORNER 25 APRIL 2024 25
COVER STORY
STEPHAN BERNER CEO, Help AG
In today’s ever-evolving threat landscape, true cyber resilience requires the fusion of AI-driven automation with human expertise. Help AG, the cybersecurity arm of e& enterprise, is at the forefront of this new paradigm. Stephan Berner, CEO of Help AG, explains how the human-in-the-loop cybersecurity model, augmented by intelligent automation, is instrumental in thwarting threat actors.
Help AG is blending human intelligence with the capabilities of intelligent automation to bolster digital defences. Why is this approach important in the current threat landscape?
AI has become one of the most used or , arguably, abused terminologies, especially in the cybersecurity industry. We have been using AI as part of machine learning for a long time. Our approach to managed security services is rooted in ML-based smart tools and AI-enabled automation. However, we believe intelligent automation must be integrated with human intelligence because you can’t rely solely on AI to do everything.
While the cybersecurity industry has evolved over the years, AI is still nascent. Within Help AG, we have formed a centre of excellence we call the ‘Cybersphere Nexus,’ which is a strategic approach to examining how the cybersecurity landscape will evolve over the coming years. It prioritises securing AI and intelligent defence mechanisms, advancing post-quantum cybersecurity, and championing sustainable cybersecurity practices to ensure environmental and operational sustainability in the field. We are looking at AI from the perspective of how to secure it, which is important because we believe this powerful technology brings many positive things to the table from a cybersecurity point of view. We believe in leveraging AI/ML for realtime threat analysis and automating incident response protocols for accuracy reasons and, of course, enhancing predictive capabilities for proactive security measures.
That's why we came up with the concept of ‘Intelligence Amplified’ – it's about maximising the potential of the smart tools that we have developed in the last five years and taking them to the next level. This topic is interesting because, as operators of the largest cyber defence centre in the region, equipped with extensive subject matter expertise and tailored resources, we look at various elements of cybersecurity. Establishing security
orchestration, automation, and response is paramount. We ensure that we're equipped and available to respond regardless of when an incident occurs – whether on the weekend or during a workday. It's crucial to have tools implemented along with the expertise of cybersecurity analysts to respond promptly. This ensures that our customers receive value from the services we provide to the market, emphasising intelligent automation coupled with human oversight.
True cyber resilience requires the fusion of AI-driven automation with human expertise. Will AI replace cybersecurity jobs?
I wouldn't say they will be replaced, but in our industry, it's fair to say that due to the changing threat landscape, there is a risk that a very skilled network security engineer may not be as essential five years from now. This is because the requirements might change. Now, we're talking about not only network security but also cloud security and modern applications, which require a certain kind of experience and even education.
For example, imagine you have trained as an automotive engineer with a specialisation in traditional, mechanically-focused vehicles.. How will you manage to upskill, reskill, and adapt when electric vehicles (EVs), which rely heavily on electronic and software systems, become the standard and the industry's approach shifts dramatically? Therefore, our collective responsibility is to ensure that all the excellent resources in the industry, whether they have a background in systems, applications, or networking, are upskilled and reskilled.
Simultaneously, we must attract new talents of tomorrow to provide the impetus needed to address cybersecurity pain points effectively.
Continuous Threat Exposure Management (CTEM) is gaining traction now.
Do you see this
concept becoming essential for shoring up cyber resilience?
Very much so, because organisations need to build a solid cybersecurity foundation. If you look at exposure management, for instance, and assess the state of infrastructure, it provides valuable information on how to mitigate issues from a basic point of view. Even today, despite advancements in smart tools, machine learning, and AI, many incidents are triggered due to misconfiguration of devices, lack of patching, absence of automated password management, and so on.
CTEM helps us become more mature by addressing open vulnerabilities and providing trend analysis. This analysis can be conducted quarterly to observe changes in cybersecurity exposure. It helps identify whether threat exposure remains flat, declines, or increases over time. I believe it's a very helpful tool, especially when delivered as a managed security service, optimising return on investment for our clients by enhancing their security posture efficiently.
How do you define a strong cybersecurity culture, and why is it important for companies today?
This is a topic close to my heart. I remember speaking at a CEO forum, where I highlighted the need of establishing a strong cybersecurity culture. It entails adopting a strategy that encourages exemplary corporate citizenship, particularly by recognising and rewarding individuals who report incidents. No one should fear facing repercussions such as being penalised or losing a job for reporting a cybersecurity incident. So, if someone identifies
COVER STORY
27 APRIL 2024
any kind of loophole and realises that an incident is actually happening, they should be encouraged to inform the relevant functions, which will then follow the process and mitigate the issue as quickly as possible. And that's important; we must transform the existing stigma associated with incident disclosure to ensure a more secure and responsive cybersecurity environment.
We used to say it's not about if you will be attacked but about when it will happen. And nowadays, every organisation - whether it's a large enterprise, a government entity, or small and medium businesses - needs to focus on how to respond if an incident actually happens within their organisation. Crucially, this approach begins with fostering an environment where blame is not immediately cast upon employees, but rather, where a constructive and prepared response is emphasised.
Shouldn't the industry have improved in mitigating ransomware and DDoS attacks, which remain among the most menacing threats?
Let's put it this way: the world is becoming increasingly digitally connected, and everything we do is web-based. Consequently, the total addressable market from a business standpoint
is expanding. However, as the market grows, adversaries and threat actors are also investing more energy and resources to exploit it for financial gain. This explains why the frequency of ransomware attacks and DDoS attacks continues to increase.
From our perspective, we run a highly effective service that specialises in both the prevention and mitigation of DDoS attacks, successfully addressing threats in the UAE every two seconds. This frequency demonstrates the reality of what's happening. When faced with relatively unsophisticated attacks, they are easily neutralised by implementing the right policies. However, as attacks become increasingly sophisticated and larger in scale -reaching
Continuous Threat Exposure Management helps us become more mature by addressing open vulnerabilities and providing trend analysis.
gigabits per second-the challenge grows exponentially. To address this, you require a robust backend platform equipped with specialised resources. We are glad to say that as part of Etisalat, Help AG fully manages the backend platform, which represents one of the largest scrubbing centres in the region.
Do you see OT security as an opportunity, which needs a distinct approach?
Five years ago, OT security represented only one percent of our revenue. Last year, it accounted for close to 18 percent. This growth underscores the vastness of the OT security landscape. However, we also need to recognise that OT security differs fundamentally from IT security, starting from the terminology, and even the mindset of individuals working in these environments. Nonetheless, there is a clear trend towards IT-OT convergence, which presents numerous opportunities from a cybersecurity perspective. Five years ago, few organisations conducted security assessments or penetration testing services for PLC and SCADA systems. Now, we receive multiple requests for these services from our customers every week. OT security is an area we began incubating four years ago. Recognising our lack of subject matter expertise in this field, we hired a specialist who dedicated six months to enhancing our understanding of
The Cybersphere Nexus, Help AG's strategic approach, revolves around some of the pivotal shifts shaping the future of cybersecurity.
Securing AI & Intelligent Defence
Integrating security and privacy measures into artificial intelligence systems and advancing intelligent defence mechanisms to anticipate and neutralise cyber threats.
Advancing Post-Quantum Cybersecurity
Developing cybersecurity measures that are resilient against threats posed by quantum computing and reducing risk exposure in the post-quantum era.
Sustainable Cybersecurity Practices
Promoting environmentally friendly and socially responsible cybersecurity practices to ensure long-term sustainability in line with COP28's goals.
COVER STORY
28 APRIL 2024
OT cybersecurity frameworks. Following this period of intensive learning, we strategically augmented our resources. Presently, this division has evolved into a fully integrated business unit, consistently executing successful projects in the field.
What do you see as the biggest challenge facing the cybersecurity industry today, and how is your company addressing it?
The biggest challenge in the industry, whether it's customers, vendor partners, distributors, or ourselves, is the shortage of skilled resources. I believe talent is the most important element, and organisations must prioritise its acquisition and cultivation. Failure to address this crucial aspect may lead to significant challenges in the future. We collaborate with international recruiting firms, and currently, Help AG boasts a team of nearly 500 cybersecurity experts, representing more than 42 nationalities. This diverse composition underscores our steadfast commitment to fostering diversity and inclusion within our workforce.
Furthermore, the intricate nature of our projects presents a compelling learning and development opportunity for those keen to advance within the cybersecurity industry. We enjoy considerable visibility in the international cybersecurity market, with the UAE emerging as a highly attractive destination for professionals. Similarly, our significant presence in Saudi Arabia reflects a parallel trend, highlighting the region's growing importance in the global cybersecurity landscape.
Additionally, as a component of our corporate social responsibility (CSR) initiatives, we have established partnerships with several institutions, including the University of Sharjah and the University of Wollongong in Dubai, among others, to offer internship opportunities to students. These internships, ranging from four weeks to three months, serve as valuable entry points into the industry. We offer a MSS Graduate Programme for young graduates. This programme, which we built from scratch, consists of two phases. Phase one lasts three months, during which attendees undergo several assessments and gain hands-on experience. Every month, they must pass an assessment to progress to the next phase. In phase two, candidates who pass all the exams are offered a guaranteed job within Help AG SOC. We initiated this programme close to two
No one should fear facing repercussions such as being penalised or losing a job for reporting a cybersecurity incident.
years ago, and it has allowed us to nurture and develop young talent entering the workforce.
How does your company plan to innovate and sustain growth in a fastpaced, highly competitive cybersecurity market?
It doesn't matter how well your organisation is performing; there's always room for improvement. Help AG today has 500 cybersecurity practitioners. We have legal entities in the UAE and Saudi Arabia, and we recently opened in Egypt. All our security operation centres and services are fully compliant with local regulations, whether stipulated by the UAE Cybersecurity Council or the National Cybersecurity Authority in Saudi Arabia.
We are also exploring markets where we don’t have a footprint. Reports from analyst firms such as IDC and Gartner suggest that cybersecurity investments will continue to grow
in double digits, and this will help us expand our business.
As a business, you will always have two choices - you can be part of the pack, or you can lead the pack. We allow ourselves, including the management and all the service delivery departments, as well as our penetration testing teams, to allocate 25 percent of our actual working time to engage in research and development(R&D).This dedicated effort helps us identify strategic advancements and differentiate ourselves from competitors.
We are also benchmarking ourselves against the leading cybersecurity solution providers in the US, Europe, and Asia Pacific to understand how they are operating and developing their businesses. We have advisory boards comprising these prominent cybersecurity players, and we meet at least twice a year to exchange ideas and knowledge about trends shaping the industry, which could be potentially beneficial for our region. ë
COVER STORY 29 APRIL 2024
BEHAVIOURAL ANALYSIS AND ANOMALY DETECTION ARE EMPLOYED TO DETECT SUSPICIOUS ACTIVITIES
How does our current strategy address the mitigation of fraudulent activities, especially concerning the safeguarding of sensitive data amidst the evolving cybersecurity threats?
Our current strategy to mitigate fraudulent activities and safeguard sensitive data amidst evolving cybersecurity threats is multifaceted and robust. We begin by conducting regular risk assessments to identify vulnerabilities and threats, followed by implementing comprehensive risk management practices. Data encryption techniques are employed to protect sensitive information both at rest and in transit, ensuring that even if unauthorized access
is gained, the data remains unreadable. Stringent access control measures and multi-factor authentication are in place to prevent unauthorized access, bolstering security.
Continuous monitoring of network and system activities, utilizing advanced threat detection technologies, allows for the proactive identification and response to potentially fraudulent activities. An incident response plan, regularly tested and refined, ensures readiness to effectively mitigate and respond to incidents. Employee training and awareness programs educate staff on cybersecurity best practices and the evolving threat landscape, empowering them to recognize and report potential threats. Collaboration with industry peers and cybersecurity organizations enhances our ability to stay informed about emerging threats and share threat intelligence. Through these measures, our strategy effectively addresses fraudulent activities and
“Employees are educated about the importance of strong passwords, securely accessing company systems, and reporting any security incidents promptly.”
CISO OPINION CORNER MANOHARAN MUDALIAR IT Security Specialist Truebell Group of Companies
30 APRIL 2024
safeguards sensitive data in the face of evolving cybersecurity threats.
What proactive measures have been adopted to combat malware attacks and fraud attempts, taking into account the heightened sophistication of malicious actors in perpetrating fraudulent activities?
To combat malware attacks and fraud attempts amid increasingly sophisticated malicious actors, our strategy employs a multi-layered approach. Advanced threat detection technologies like Intrusion Detection Systems and Security Information and Event Management solutions continuously monitor network traffic for signs of malicious activity. Robust endpoint security solutions, including anti-malware software and endpoint detection tools, safeguard individual devices from infections. Additionally, regular software patching, employee education on cybersecurity best practices, and participation in threat intelligence sharing initiatives bolster our defences. By integrating proactive measures such as behavioural analysis and incident response planning, we aim to mitigate the risks posed by evolving threats and protect against malware and fraudulent activities effectively.
In the context of fraud mitigation, do our employees receive comprehensive training and awareness programs regarding cybersecurity best practices and potential threats? How integral is this employee training program in fortifying our defenses against fraudulent schemes?
Yes, our employees undergo comprehensive training and awareness programs concerning cybersecurity best practices and potential threats as part of our fraud mitigation strategy. These programs are integral in fortifying our defences against fraudulent schemes. The training covers various aspects such as recognizing phishing attempts, understanding social engineering tactics, identifying suspicious activities, and following secure protocols for handling sensitive data. Employees are educated about the importance of strong passwords, securely accessing
company systems, and reporting any security incidents promptly.
Furthermore, the training program emphasizes the evolving nature of cyber threats and encourages a proactive approach to security. By empowering employees with the knowledge and skills to identify and respond to potential threats effectively, we enhance our overall security posture and reduce the likelihood of successful fraudulent schemes. Regular training sessions and updates ensure that employees remain vigilant and wellprepared to defend against emerging threats, ultimately strengthening our defences against fraud.
How are our security platforms adapted to confront emerging cyber threats, particularly those leveraging advanced AI techniques for perpetrating fraudulent activities?
The security platforms are adeptly tailored to confront emerging cyber threats, even without extensive use of AI. We prioritize proactive measures such as regular updates and patches to address known vulnerabilities swiftly. Behavioural analysis and anomaly detection are employed to detect suspicious activities within our network. Furthermore, we collaborate closely with industry peers and leverage threat intelligence to stay informed about emerging threats. Our security measures are continuously refined to adapt to evolving tactics, ensuring robust defences against fraudulent activities leveraging AI or otherwise.
Considering the rising prevalence of attacks targeting APIs and cyberphysical systems, do our security practices adequately address these emerging threats, or do they lag behind in terms of fraud mitigation measures?
Security practices are adept at addressing the increasing prevalence of attacks targeting APIs and cyber-physical systems. For API-related threats, we enforce strict authentication and authorization measures, regularly assess vulnerabilities, and stay informed about evolving threats. In safeguarding cyberphysical systems, we employ comprehensive security controls, including network segmentation and intrusion detection, to
protect critical infrastructure and assets from unauthorized access and anomalous activities. While we acknowledge the evolving threat landscape, our proactive approach ensures that our fraud mitigation measures remain robust and adaptable to emerging challenges.
How are organizations implementing the principles of zero trust security to fortify protection against fraudulent activities, both internally and externally?
Organizations are increasingly implementing the principles of zero trust security to fortify protection against fraudulent activities, both internally and externally. Zero trust security fundamentally revolves around the concept of "never trust, always verify," requiring continuous authentication and authorization for all users and devices, regardless of their location or network access. Internally, organizations are adopting granular access controls and micro-segmentation to limit access to sensitive data and resources based on the principle of least privilege. This ensures that even if a user's credentials are compromised, their access remains restricted, minimizing the impact of potentially fraudulent activities. Externally, zero trust architectures extend security measures beyond traditional network perimeters, incorporating technologies such as identity and access management (IAM), multi-factor authentication (MFA), and encryption to secure connections and data exchanges with external parties. By adopting a zero-trust approach, organizations can significantly enhance their defences against fraudulent activities by mitigating the risk of unauthorized access and lateral movement within their networks, ultimately strengthening overall security posture.
What advice would you provide for formulating a comprehensive cybersecurity strategy that encompasses fraud mitigation efforts across all facets of our organization's digital assets, including networks, systems, applications, and data?
Formulating a comprehensive cybersecurity strategy that encompasses fraud mitigation efforts across all facets of an organization's digital assets requires careful planning and
EXPERT BYLINE
CISO OPINION CORNER 31 APRIL 2024
execution. Here are some key pieces of advice to consider:
1. Risk Assessment and Analysis: Conduct a thorough risk assessment to identify potential vulnerabilities and threats across networks, systems, applications, and data. Understand the unique risks facing your organization and prioritize them based on their potential impact and likelihood of occurrence.
2. Establish Clear Objectives and Goals: Define clear objectives and goals for your cybersecurity strategy, including specific targets for fraud mitigation efforts. Ensure alignment with overall business objectives and establish key performance indicators (KPIs) to measure the effectiveness of your efforts.
3. Implement Defence-in-Depth: Adopt a defense-in-depth approach by implementing multiple layers of security controls across networks, systems, applications, and data. This includes perimeter defenses, access controls, encryption, intrusion detection systems, and security monitoring.
4. Embrace Zero Trust Principles: Implement zero trust principles to ensure that no user or device is inherently trusted, and that access is continuously verified based on identity, context, and behavior. Implement granular access controls, least privilege access, and continuous authentication mechanisms.
5. Employee Training and Awareness: Invest in comprehensive cybersecurity training and awareness programs for employees
at all levels of the organization. Educate employees about common fraud schemes, phishing attacks, and best practices for protecting sensitive information.
6. Regular Vulnerability Assessments and Penetration Testing: Conduct regular vulnerability assessments and penetration testing to identify and remediate security weaknesses in networks, systems, and applications. Ensure that security patches and updates are applied promptly to mitigate known vulnerabilities.
7. Incident Response Planning and Preparedness: Develop a comprehensive incident response plan that outlines roles, responsibilities, and procedures for responding to cybersecurity incidents, including fraud attempts. Conduct regular tabletop exercises and simulations to test the effectiveness of the plan and ensure readiness.
8. Continuous Monitoring and Threat Intelligence: Implement continuous monitoring solutions and leverage threat intelligence feeds to detect and respond to emerging threats in real-time. Stay informed about the latest trends and tactics used by cybercriminals to perpetrate fraud and adjust your defenses accordingly.
9. Third-Party Risk Management: Assess and manage the cybersecurity risks associated with third-party vendors and partners who have access to your organization's digital assets. Implement contractual obligations, security assessments, and monitoring mechanisms to ensure that third parties adhere to cybersecurity standards.
10. Regular Review and Updates: Review and update your cybersecurity strategy regularly to adapt to evolving threats, technologies, and business requirements. Incorporate lessons learned from security incidents and industry best practices to continually improve your fraud mitigation efforts.
In the context of fraud mitigation, what strategies and measures would you recommend for effectively mitigating AI-related security risks, particularly concerning the adoption of a zero trust security framework?
To effectively mitigate AI-related security risks within a zero-trust security framework for fraud mitigation, several key strategies can be implemented. Continuous monitoring and anomaly detection systems should be put in place to identify any unusual behaviours or deviations in AI algorithms and models. Transparency and explainability of AI models are crucial for easier detection of fraud and biases, necessitating clear documentation and auditability. Additionally, prioritizing data integrity and privacy protection through encryption and access controls is vital to prevent unauthorized access or manipulation of sensitive data. Implementing multi-factor authentication, network segmentation, and regular security audits further strengthens defenses against potential threats, ensuring the reliability and trustworthiness of AI systems within a zero-trust security paradigm. ë
EXPERT BYLINE
CISO OPINION CORNER 32 APRIL 2024
THE SUPER CONNECTOR EVENT FOR COMMUNITY CYBERSECURITY 23-25 APR 2024 DUBAI WORLD TRADE CENTRE HOSTED BY OFFICIAL GOVERNMENT CYBERSECURITY PARTNER OFFICIALLY SUPPORTED BY ORGANISED BY EMPOWER THE CYBER-SECURED FUTURE Enquire about Exhibiting, Sponsorship, Speaking Opportunities & more! gisec@dwtc.com | tel: +971 4 308 6469 #gisecglobal | gisec.ae SCAN HERE CYBER SECURITY COUNCIL ﻲﻧاﺮﺒﻴﺴﻟا ﻦﻣﻷا ﺲﻠﺠﻣ
HUMAN MISTAKES CONTINUE
PRIMARY CAUSES OF DATA BREACHES
“To keep pace with eversophisticated threats, security teams must embrace the latest AI and machine learning as part of their practices.”
KUZBARI Regional Director, MEA, Picus
34
TAREK
CISO OPINION CORNER 34 APRIL 2024
Picus Security emerges as a source of innovation, offering technologies and strategies to empower businesses in effectively managing, understanding, and controlling their dynamic security environments. Tarek Kuzbari, Regional Sales Director for the Middle East and Africa region, spoke to Sehrish Tariq, Assistant editor at GEC Media Group where he discussed about Picus Security's mission to fortify organisations against evolving cyber threats.
Actionable insights:
In today's cyber realm, mere compliance is no longer sufficient to safeguard against sophisticated threats. Tarek Kuzbari emphasizes the necessity of continuous security validation, highlighting Picus Security's pioneering Breach and Attack Simulation (BAS) technology. This innovative approach enables organizations, regardless of their offensive security expertise, to proactively test their defenses
against ransomware and other cyber threats on a continuous basis. Unlike traditional quarterly pen tests, Picus BAS provides immediately actionable insights by simulating real-world attacks, enabling security teams to measure the effectiveness of their defenses comprehensively. Moreover, Picus supplies vendor-specific signatures and detection rules, facilitating swift remediation of coverage and visibility gaps.
AI integration for enhanced security standards:
In the face of increasingly evasive threat tactics, Tarek underscores the critical role of AI and machine learning in bolstering security standards. Picus Security integrates AI seamlessly into its solutions, leveraging advanced algorithms to enhance threat detection and mitigation capabilities. For instance, Picus Detection Rule Validation intelligently maps an organization's Security Information and Event Management (SIEM) rules to the MITRE ATT&CK Framework,
providing tailored suggestions to mitigate coverage and visibility gaps. By harnessing the power of AI, Picus Security ensures that security concerns are addressed at the standard level, enabling customers to defend against the most relevant threats effectively.
Navigating evolving cyber threats:
The dynamic nature of cyber threats, compounded by trends like cloud computing and remote work, presents an ongoing challenge for security leaders. Tarek emphasizes the importance of security validation in navigating this complex landscape, enabling leaders to measure effectiveness and address gaps proactively. By enriching security validation data with threat intelligence and contextual insights, Picus Security equips organizations with the necessary metrics to prioritize exposures effectively. With a comprehensive view of assets, vulnerabilities, and security controls coverage, security leaders can make informed decisions to ensure constant protection and
CISO OPINION CORNER 35 APRIL 2024
mitigate the risk of misconfigurations.
Employee training and awareness: Human error remains a primary cause of data breaches, underscoring the critical role of employee training and awareness in strengthening an organization's cybersecurity posture. While educating employees to identify phishing attacks is essential, Tarek emphasizes the need for supporting controls and processes. Picus Security advocates for regular validation of security controls to prevent and detect attacks effectively, complementing employee training efforts. By instilling a culture of security awareness and validation, organizations can fortify their defenses against evolving cyber threats effectively.
Partner programs for mutual success:
As a 100% channel organization, Picus Security is committed to empowering its partners for mutual success. Tarek Kuzbari highlights the flexibility and support offered through Picus' Partner Program, catering to the diverse needs of resellers, ValueAdded Resellers (VARs), and Managed Security Service Providers (MSSPs). Through Security Validation with Breach and Attack Simulation, partners can assess their customers' security posture, evidence the need for investments, and generate new recurring revenues. Moreover, Picus offers interval-based and continuous licensing models, providing partners with the freedom to offer tailored validation assessments, thereby maximizing engagement and mutual success.
Picus cloud security validation:
In the era of cloud migration, security challenges abound, with misconfigurations posing significant risks to data integrity and confidentiality. Tarek sheds light on Picus Cloud Security Validation, a groundbreaking solution designed to address these challenges effectively. By identifying and preventing common misconfigurations and overly permissive IAM policies, Picus CSV empowers security teams to fortify their cloud environments against potential breaches. Furthermore, Picus goes beyond traditional security posture management by simulating cloud-specific attacks, providing additional assurance of secure configuration and mitigating the risk of privilege escalation scenarios. Through Picus CSV, organizations can reduce threat exposure across the cloud attack surface, safeguarding their critical assets with confidence. ë
CISO OPINION CORNER
36 APRIL 2024
ELIMINATING AND AUTOMATING PERMISSION SPRAWL IN CLOUD ENVIRONMENTS
A new approach can reduce the number of access events to be managed in the cloud, by incorporating data awareness into access management processes and laying the foundation for a new security paradigm that supports contextual risk assessment and enforcement of least privilege, explains Maher Jadallah, Senior Director Middle East & North Africa, from Tenable.
As the definition of what constitutes a system, an application and even a user becomes increasingly blurred, providing secure access to cloud services for human and machine identities requires a shift that starts with the breakdown of traditional data and identity silos.
Under the shared responsibility model for the public cloud, protecting identities and data is the responsibility of the enterprise rather than the cloud service provider. In any kind of cloud deployment model, even in Software as a Service, where the application layer security is managed by the cloud provider, customers are still required to protect their own data, identities and application configurations.
The growing scale and complexity of public cloud deployments introduces security challenges for organizations that try to do their part in the shared responsibility model. Despite the abundance of identity-centric products, organizations still fail to provide protection for their critical assets.
Challenges of managing identity at cloud scale
Identities are a key component of any access security strategy. By assigning an identity to an entity, organizations can define
MAHER JADALLAH Senior Director Middle East & North Africa, Tenable
access rights and permissions about what that entity can see and do. With identity and access management (IAM) systems, organizations can centrally manage authentication and authorization across multiple
CISO OPINION CORNER
systems and applications.
Identity governance and administration (IGA) solutions provide additional capabilities across heterogeneous systems, for managing and governing the lifecycle of identities. Privileged account management (PAM) addresses the specific need to manage and protect privileged accounts and credentials from being abused.
These identity-centric solutions could previously be utilized in the pre-cloud era as the slow pace of change enabled administrators to keep things under control. But when organizations started adapting their IAM systems to operate in the cloud, they soon realized they were not sufficient for dealing with the huge volume of access rights that must be administered. The security industry has responded to the challenge by developing new solutions designed to operate in dynamic infrastructures at cloud scale. The past few years have seen the emergence of various cloud extensions to IGA offerings. But they are not flexible enough to address the requirements of dynamic cloud environments consisting of multiple applications, each with their own authorization models.
In addition, alternatives have been developed to the traditional way of setting permissions based on roles, an approach that is too rigid and granular for cloud environments where roles are prone to frequent changes. More advanced solutions utilize attributebased or policy-based access control (ABAC or PBAC) that allow for managing permissions based on the user’s actual behaviour, considering factors such as user location, time of access and device.
Applying this approach across the enterprise to cover user-to-machine and machine-tomachine interactions in real-time, at cloud scale, is a challenge.
Disconnect between identities and data
Organizations are struggling to monitor interactions or access events, which can be defined as any request by a human or a machine to access a file or a resource for a certain purpose. A postmodern IT environment is emerging, with new types of identities and entities that interact with each other, and are often autonomous of human control.
Due to shorter build times and faster release cycles achieved through the use of DevOps tools, reorganizing permissions across identities and entities every time new code is deployed is a challenge.
But what if this burden could be eased through improved allocation of efforts and resources?
Even in complex cloud environments, most access events pose no risk at all as they involve neither sensitive data nor critical resources that might be compromised. What if organizations could identify risk-free access events to which organizations could automatically create and assign granular, unrestrictive policies and permissions? This will allow organizations to focus attention on those events where sensitive assets are involved or where organizations do not have enough immediate information at hand to decide.
This approach can reduce the number of access events to be managed. Incorporating data awareness into access management processes could lay the foundation for a new security paradigm that supports ongoing contextual risk assessment and effective enforcement of least privilege policies. As much as this might make sense, a solution based on an understanding of identities, integrated with data and resources is not practical with legacy products. In reality, identities and data are two different worlds that do not speak the same language.
Emergence of a new security model
As organizations are required to constantly adapt their policies and controls, IT and human resources and budgets are pushed to their limits.
Many organizations are approaching a tipping point where the scale and flexibility of cloud environments may be too much to deal with, resulting in exposure to risk. Even a single access-related incident due to an over-privileged account or a misconfigured cloud storage bucket may have consequences. The key to addressing the challenge of managing identities and permissions in the cloud at the user, application and resource level is to introduce automation, thereby reducing the level of required human resources.
By leveraging data-awareness, organizations can establish a decision-making framework that distinguishes between legitimate and excessive permissions based on contextual understanding of the risk they pose to critical data or resources. This helps to enforce least privilege policies. By monitoring all access events, organizations can create a baseline of legitimate permissions and detect anomalies and threat activities at this scale.
Characteristics of the new model
Least privilege: Identities and entitlements are no longer static; therefore, policies should ensure users, applications, machines and services can access only data and resources that are necessary for their purposes.
A least privilege model for the cloud relies on the ability to continuously adjust access controls. The incorporation of data-awareness into an access management framework can improve the least privilege posture.
Automation: Automation is the prescription for scale issues. Given the number of entities, resources and permissions, the process of creating and enforcing least privilege policies, should be done rapidly, at scale and with minimal involvement of Dev or Ops teams. This way, organizations can achieve least privilege while allocating human resources to identify and resolve complicated permissions and investigate unknown access events.
Contextual policies: Not all access permissions are equal. Some are risky, others are not, while some others involve an unknown level of risk. Given the number of access policies in modern cloud environments, organizations must be able to differentiate between how to manage them.
The level of risk can be defined according to the sensitivity of the data, the resource where it resides, attributes of the entity that holds the permissions, its past behaviour, among others.
Secure access: Cloud data and resources are accessed by entities including human users, employees and customers, applications, computer-generated identities, microservices, IoT devices and more.
Similar principles and logic should be applied to all entity types to ensure security across the cloud environment, without impacting application continuity or speed to market. Too often; user permissions are managed by IAM teams that struggle with modern cloud environments and focus on features that translate well from the on-premises realm. Minimal disruption: To identify and mitigate access-related risks with minimum disruption to normal business operations, nextgeneration security systems should be able to enforce dynamic policies based on analysis of user behaviour, application requirements, and application and resource dependencies.
In summary, organizations should focus on leveraging automation and contextual data information at cloud scale to eliminate requests for changing privileges that are without risk, while identifying requests that require human intervention. ë
CISO OPINION CORNER 38 APRIL 2024
DRIVING OPERATIONS AND PERFORMANCE EXCELLENCE Phone: +971528732716 | Email: hello@opx america.com | www.opxtechnology.com Cloud & Digital Transformation Enterprise Applications Analytics & Automation AI & ML as a Service Cyber Security Solutions Management Consulting, Advisory and Quality Assurance YOUR PARTNER FOR “Delivery centres in US, Middle East and India” An unit of
ENCRYPTION OF DATA AT REST AND IN TRANSIT IS A CRITICAL DEFENSE MECHANISM
How does our current strategy address the mitigation of fraudulent activities, especially concerning the safeguarding of sensitive data amidst the evolving cybersecurity threats?
In the Banking, Financial Services, and Insurance (BFSI) domain, the strategy to mitigate fraudulent activities, particularly concerning
the safeguarding of sensitive data amidst evolving cybersecurity threats, involves a multi-faceted approach. This strategy encompasses the adoption of advanced technologies, adherence to regulatory standards, and the cultivation of a security-aware culture. Here are key components of this strategy:
Adoption of Zero Trust Architecture - The BFSI sector is increasingly implementing zero trust principles, which assume that threats can originate from anywhere. This approach necessitates strict
“Robust email filtering solutions are employed to scan incoming emails for malicious links, attachments, and phishing indicators, significantly reducing the risk of successful email-based attacks.”
CISO OPINION CORNER
TUSHAR VARTAK EVP & Head, Information, Cyber Security and Fraud Prevention, RAKBANK
40 APRIL 2024
identity verification, micro-segmentation of networks, and least privilege access controls to minimize the attack surface and protect sensitive data.
Enhanced Data Encryption - Encryption of data at rest and in transit is a critical defense mechanism. Financial institutions employ strong encryption standards to ensure that sensitive information, such as customer data and transaction details, remains secure from unauthorized access.
Multi-Factor Authentication (MFA)MFA has become a standard security measure for accessing financial systems and customer accounts. By requiring multiple forms of verification, BFSI organizations significantly reduce the risk of unauthorized access resulting from compromised credentials. This can be complimented by risk based authentication system to introduce friction only at high risk interaction allowing the genuine customers to transact seamlessly.
Regular Security Assessments and Compliance - Continuous security assessments, including penetration testing and vulnerability scanning, help identify and remediate potential weaknesses. Compliance with industry regulations and standards, such as PCI DSS for payment card security, further strengthens the security posture.
Advanced Threat Detection and Response
- Utilizing security information and event management (SIEM) systems, Threat Intelligence (TI), artificial intelligence (AI), and machine learning (ML) for real-time monitoring and analysis enables the detection of suspicious activities and anomalies indicative of fraud. Automated response mechanisms can quickly contain and mitigate threats.
What proactive measures have been adopted to combat malware attacks and fraud attempts, taking into account the heightened sophistication of malicious actors in perpetrating fraudulent activities?
To combat malware attacks and fraud attempts, organizations across various sectors, including the BFSI domain, have adopted a range of proactive measures. These measures are designed to not only counter current threats but also anticipate and mitigate future vulnerabilities. Here's an overview of these proactive measures, reflecting industry best practices:
Advanced Endpoint Protection -
Organizations deploy advanced endpoint protection platforms (EPP) that go beyond traditional antivirus solutions. These platforms utilize machine learning, behavior analysis, and heuristic detection to identify and block sophisticated malware, including zero-day threats.
Email Filtering, Anti-Phishing Solutions, and Sandboxing - Robust email filtering solutions are employed to scan incoming emails for malicious links, attachments, and phishing indicators, significantly reducing the risk of successful email-based attacks. Additionally, sandboxing for email and web traffic is utilized to isolate and analyze suspicious files and URLs in a secure environment before they reach the user, preventing the execution of malware.
Network Segmentation and Microsegmentation - By segmenting networks into smaller, controlled zones, organizations can limit the spread of malware and restrict attackers' lateral movement. Microsegmentation is particularly effective in environments with a high degree of virtualization and cloud usage.
Threat Intelligence and Sharing - Active participation in threat intelligence sharing networks allows organizations to stay informed about the latest malware campaigns and fraud schemes. This collective knowledge enables quicker responses to emerging threats.
Security Awareness Training - Regular training sessions for employees emphasize the importance of security vigilance. These sessions cover recognizing phishing attempts, safe browsing practices, and the proper handling of sensitive information, thereby reducing the likelihood of successful social engineering attacks.
Multi-Factor Authentication (MFA)- MFA is critical for protecting against unauthorized access to systems and data. By requiring additional verification beyond just a password, MFA makes it significantly harder for attackers to gain access even if they have compromised credentials.
Regular Patch Management - Keeping software and systems up to date with the latest patches is essential for closing vulnerabilities that could be exploited by malware. Automated patch management systems ensure that updates are applied promptly across the organization.
Incident Response Planning - A welldefined incident response plan enables organizations to respond quickly and
effectively to malware infections and fraud attempts. This plan outlines roles, responsibilities, and procedures for containing and mitigating incidents.
In the context of fraud mitigation, do our employees receive comprehensive training and awareness programs regarding cybersecurity best practices and potential threats? How integral is this employee training program in fortifying our defenses against fraudulent schemes? In the context of fraud mitigation, comprehensive training and awareness programs for employees regarding cybersecurity best practices and potential threats are fundamental components of an organization's defense strategy. These programs are not just supplementary; they are integral to fortifying defenses against fraudulent schemes. The effectiveness of technical safeguards can be significantly undermined by human error, making it crucial that all employees are well-informed and vigilant. Here are key aspects of how these programs contribute to a robust cybersecurity posture:
Creating a Culture of Security AwarenessComprehensive training programs foster a culture of security awareness within the organization. When employees understand the importance of cybersecurity and their role in maintaining it, they become proactive participants in the organization's defense mechanisms. This cultural shift is critical for identifying and mitigating risks before they escalate into security incidents.
Identifying Phishing and Social Engineering Attacks - A significant portion of cyberattacks, including phishing and social engineering, target individuals within the organization. Training programs that simulate phishing scenarios and teach employees how to recognize and respond to suspicious communications can dramatically reduce the success rate of these attacks.
Safe Handling of Sensitive InformationEmployees often handle sensitive data that could be targeted by cybercriminals. Training on data protection best practices, such as secure data sharing, encryption, and the proper disposal of information, ensures that employees are equipped to protect this data from unauthorized access.
CISO OPINION CORNER
41 APRIL 2024
How are our security platforms adapted to confront emerging cyber threats, particularly those leveraging advanced AI techniques for perpetrating fraudulent activities?
As cyber threats evolve with the advent of advanced AI techniques, security platforms are continuously adapting to confront these sophisticated challenges. Fraudsters are increasingly leveraging AI to enhance the effectiveness of their attacks, including crafting more convincing phishing emails, developing malware, and creating deepfakes. The accessibility of AI technologies has lowered the barrier for cybercriminals, enabling them to deploy complex attacks with greater ease than ever before. To stay ahead of the curve and protect data and customers, organizations are implementing several advanced strategies:
Enhanced Detection with AI and Machine Learning - Security platforms are integrating AI and machine learning algorithms to improve the detection of phishing attempts, malware, and other AI-generated threats. These algorithms can analyze vast amounts of data to identify patterns and anomalies indicative of fraudulent activities, including the subtle cues of AI-crafted phishing emails or the sophisticated behaviors of AI-powered malware.
Behavioral Analytics for Anomaly
Detection - By monitoring user behavior and network traffic, security systems can detect deviations from normal patterns that may indicate a breach or fraudulent activity. This is particularly effective against AI-generated attacks, which may not match traditional threat signatures but will cause anomalies in system or user behavior.
Advanced Threat Intelligence -
Organizations are leveraging threat intelligence platforms that incorporate AI to gather, analyze, and share information on emerging threats. This includes intelligence on AI-driven attack methodologies, such as the use of deepfakes for identity fraud or social engineering. Staying informed about the latest threat trends enables organizations to update their defense mechanisms proactively.
Considering the rising prevalence of attacks targeting APIs and cyberphysical systems, do our security practices adequately address these emerging
threats, or do they lag behind in terms of fraud mitigation measures?
The meticulous design of security practices to address the rising prevalence of attacks targeting APIs and cyber-physical systems reflects a comprehensive approach to cybersecurity, especially pertinent in sectors like healthcare, aerospace, and manufacturing where cyberphysical systems are more prevalent. Despite their relatively lower incidence in the banking sector, the commitment to subjecting these systems to the same level of rigorous testing and security scrutiny as non-cyber-physical systems underscores a proactive stance towards mitigating emerging threats across all technological fronts.
Strategies and Best Practices for API and Cyber- Physical System Security
Regular Security Assessments and Penetration Testing - Conducting thorough security assessments and penetration testing for APIs and cyber-physical systems is crucial. This proactive measure helps in identifying vulnerabilities early on, including those outlined in the OWASP Top 10 for APIs, ensuring they are promptly addressed.
Robust Authentication and Authorization Mechanisms - Implementing strong authentication and authorization mechanisms, such as OAuth 2.0, OpenID Connect, and JSON Web Tokens (JWT), is essential. These standards ensure that only authenticated and authorized users can access APIs, providing a solid line of defense against unauthorized access.
How are organizations implementing the principles of zero trust security to fortify protection against fraudulent activities, both internally and externally?
Organizations are increasingly adopting the principles of zero trust security to fortify protection against fraudulent activities, recognizing that threats can originate both internally and externally. Zero trust security operates on the premise that trust is never assumed, regardless of whether access requests come from within or outside the organization's network. By implementing zero trust principles, organizations enhance their cybersecurity posture significantly. Here's how they are doing it using generic principles:
Least Privilege Access - Organizations enforce the principle of least privilege, granting users and devices the minimum level of access
required to perform their functions. This approach limits the potential impact of a breach by restricting access to sensitive information and critical systems to only those who absolutely need it.
Microsegmentation - Networks are divided into smaller, distinct zones through microsegmentation. This allows for more granular control over traffic and reduces the attack surface by isolating critical systems and data from one another. In the event of a breach, microsegmentation helps contain the threat and prevents lateral movement across the network.
Multi-Factor Authentication (MFA) - MFA is a cornerstone of zero trust security, adding an additional layer of security by requiring two or more verification factors to gain access to resources. This makes it significantly more difficult for attackers to gain unauthorized access, even if they have compromised user credentials.
Continuous Verification - Zero trust security mandates continuous verification of all users and devices attempting to access resources. This involves regularly validating their security posture and compliance with the organization's policies, ensuring that access is securely managed and adjusted in real-time based on risk.
Encrypt Data In-Transit and At-RestOrganizations implement encryption for data both in-transit and at-rest to protect sensitive information from interception or unauthorized access. Encryption acts as a last line of defense, ensuring that data remains secure, even if other security measures are bypassed.
Real-Time Monitoring and AnalyticsContinuous monitoring of network traffic and user behavior, combined with advanced analytics, enables organizations to detect and respond to anomalies and potential threats in real time. This proactive stance allows for the immediate identification and mitigation of fraudulent activities.
Explicit Verification - No entity is trusted by default, from the moment it attempts to access the network. Every access request is explicitly verified against the organization's security policies, ensuring that only legitimate users and devices can access network resources.
Security Policies and GovernanceOrganizations develop comprehensive security policies and governance structures to support the zero trust model. These policies define how identities are managed, how access is controlled, and how data is protected, ensuring a consistent and enforceable security posture across the organization. ë
CISO OPINION CORNER 42 APRIL 2024
THE IMPERATIVE OF CONTINUOUS ZERO TRUST AND ADAPTING SECURITY FOR THE GROWING THREAT LANDSCAPE
Despite Zero Trust) buzz being around for years now, since 2021, the security landscape has seen a surge in Zero Trust adoption. Initial focus centered on raising awareness, followed by an ongoing shift towards product and production deployments. As we have entered 2024, cited by a recent PWC report “2024 Digital Trust Insights: Middle East findings”, a significant portion of respondents are prioritizing Zero Trust implementations within their organizations top priorities.
For decades, the cybersecurity landscape relied on building "castle walls" approach – fortifying perimeters, zones, domains and trusting inside. But with the rise of sophisticated cyber threats, cloud adoption, remote work, increasingly collapsed; or do I say spread across perimeter with more and more integrations to ICT
“Zero trust approach assumes that threats could be both external and internal, and it requires continuous authentication & authorization for every user, device, resource, request, and application attempting to access resources, regardless of their location.”
MURALI KONASANI Principal Consultant CEO at TEK SALAH
CISO OPINION CORNER
environments combined with weak insider factors this strategy has become vulnerable. This is where Zero Trust emerges as a paradigm shift.
Zero Trust is the term for an evolving set of cybersecurity paradigm that move defenses from static, network-based perimeters to focus on users, identities, assets, and resources. “Moving security away from the perimeter approach and towards an integrated security architecture approach focusing on data, applications, entity and services protection will be critical to achieving the Zero Trust vision”. It is not a one-time implementation, it is a holistic security philosophy, security framework that requires ongoing vigilance and continuous adaptation to effectively mitigate risks. Unlike traditional perimeter-based security models, which rely on the assumption of trust within the network, zero trust approach assumes that threats could be both external and internal, and it requires continuous authentication & authorization for every user, device, resource, request, and application attempting to access resources, regardless of their location. It operates under the core principle of "never trust, always verify". This ideally means a 360 degree always on approach to security and data centricity. Access to resources is continuously validated, authenticated and authorized based on multiple factors such as user identity, device health, behavior, risk score and contextual information. It emphasizes that every user, device, or workload connected to or need to access organization’s resources should never be trusted, should always be regularly verified, and should be granted least-privilege access to perform its job.
To Summarize, at the core level Zero Trust security model operates on key principles applied on to what is called pillars or ‘the key focus areas.
Foundational elements- The Principles
• Assumes a Hostile Environment
• Presume Breach
• Never Trust, Always Verify
• Scrutinize Explicitly
• Apply Unified Analytics
Foundational elements- The Pillars
• Data
• Users
• Devices
• Identities
• Environment/ Network
• Applications and workloads
• Automation & Orchestration
• Visibility & Analytics
For Organizations in this journey, a re-engineered security model with Zero Trust for access to resources implements dynamic policy controls. These are tightly combined with observable state of user and the endpoint identity, application, service and the requesting asset with its behavioral and environmental attributes. Confidence levels are corelated from multiple attributes (identity, location, time, device security posture, context, etc) of that authentication & authorization request.
Continuous Zero Trust tightly implements data centricity, multi-factor authentication, conditional access, micro-segmentation, encryption, endpoint security, automation, analytics, and robust auditing to data, applications, assets, services, entities, which are also fundamental to modern cybersecurity practices. It starts with data centric security identifying sensitive data and resources as foundation. The more organizations know where their most sensitive data exists, who can access to it, and what they're doing with it, the more effective the defenses can be. By enforcing
the principle of least privilege, organizations limit access rights for users and applications to only what is necessary for their specific roles and responsibilities. This minimizes the potential impact of a security breach and reduces the attack surface. Furthermore, micro-segmentation divides the network into smaller, isolated segments, effectively containing any potential threats and preventing lateral movement. However, implementing these principles in a static manner is insufficient. Continuous Zero Trust approach must ensure that access rights, segmentation policies and containment, automated actions are dynamically adjusted based on real-time context, such as user behavior, device posture, confidence sore and threat intelligence. By continuously monitoring user entity behavior, device health, network traffic, and system logs, systems can identify suspicious activities and anomalies indicative of potential security breaches. This proactive approach allows security teams to respond swiftly, mitigating the impact of cyberattacks and minimizing downtime.
As AI capabilities advance rapidly, we will continue to see growing sophistication in AI-powered attacks, ranging from deepfake social engineering to adaptive malware crafted to evade detection. However, fully integrated Continuous Zero Trust implementations, enhanced by AI capabilities, offer a robust defense against these threats.
Though a Zero Trust security model is most effective when implemented across the organizational digital ecosystem, most organizations do apply this in their cybersecurity implementations to identity & authentication, firewalls, endpoints but stop before their applications. This is because the existing solution claim "Zero Trust" yet do not follow the "verify first, then allow" model for application workloads or it is not fully integrated into the Zero Trust eco system. Integrating vendor suites of products is critical to this journey and will assist in reducing cost and risk to the organization. Also the absence of standardization in the industry makes it difficult for organization in measuring their Zero Trust implementation effectiveness. Organizations can take a phased but continuous approach based on their current cybersecurity maturity, available resources, and business objectives. It is imperative to consider each investment carefully and align them with the present business needs and the vision.ë
CISO OPINION CORNER 44 APRIL 2024
THE IMPACT OF AI ON CYBERSECURITY IN THE UAE
From smart cities to cutting edge advancements in technology, innovation is a core driving force across the UAE. Such progress relies on seamless integration and interconnection driven by data. Data that carries intrinsic value and makes the region an attractive target for both criminal threat groups and hostile state actors alike.
As cyberattacks increase in the region, cybersecurity has become a strategic business priority. Over the last few years, organizations in the UAE have been victims to fraud
“Enhancing cybersecurity posture includes adopting a multi-layered security approach, investing in employee training and awareness, and staying informed about the latest threats and technologies.”
GOPAN SIVASANKARAN General Manager, META, Secureworks
and ransomware attacks, state sponsored espionage, influence operations and CEO fraud.
Globally there is a growing concern about the impact of AI on cybercrime. In a region that is at the cutting edge of technological advances, it is a concern we’re seeing reflected locally as well. But while there are areas to watch, there are also benefits for AI applied in cyber defense.
CISO OPINION CORNER
The impact of AI on cyber crime
AI is exciting, it has captured our attention globally and it has great potential for changing our lives for the better. But there are also many unknowns about how it can be used by cyber criminals to advance the tactics they use.
One area where it’s a specific concern is in CEO fraud. That might look like phishing emails that are more convincingly written, voice cloning such as the case of a Fremantle Southern European executive who lost $1m in a sophisticated scam. However, this is the only widely known example of such use of AI. It’s important to note that while the concern is valid, the execution is not yet widespread. Interestingly, in our Secureworks® Counter Threat Unit™ (CTU™), we’ve seen a resurgence in the use of phishing, specifically business email compromise as an initial access vector across the world. Our 2023 State of the Threat Report called it out as an important area for businesses to monitor. Security threats are always evolving, and it’s highly likely that we will see more CEO fraud attacks using voice and video.
AI in the hands of the cyber defenders
AI is not just in the hands of cyber criminals; it is already bolstering cybersecurity defenses. New technology like AI Chatbots, Co-Pilots and Assistants are typically what comes to mind when thinking of AI in cyber defense. However, the real benefits of AI in cyber
defense, are often built “under the hood” and are already hard at work making a tangible difference in the fight against cybercrime. The 2023 State of the Threat Report also revealed that ransomware dwell times have fallen to under 24 hours. As a result, security analysts are under more pressure than ever to make the right decisions about which alerts they investigate. AI can help analysts realize significant time savings by filtering out irrelevant alerts and prioritizing the most critical ones, speeding up detection and response times by automating manual tasks and workflows, and improving time to resolution by providing insights and recommendations in near real-time.
All of these mean that security professionals can focus their work and attentions on remediating the most pressing threats and ensuring that businesses are secured. With the current cybersecurity skills gap sitting at 4 million cybersecurity professionals needed to adequately safeguard digital assets, according to the ISC2, AI is providing a real boon in bridging this gap.
Companies like Secureworks are already seeing a positive impact on the cybersecurity workforce, both in helping to fill the skills talent gap and in upskilling the current talent pool so that security operations are more effective at stopping threats.
Securing the future
The pace of the cyber threat landscape
shows no signs of slowing down in the UAE and across the world. Organizations are facing relentless pressure, so they too must be relentless in their pursuit of protecting themselves.
The adversary is continually evolving, and AI is part of both the attack and at the heart of the defense. Organizations must ensure that cybersecurity remains front of mind and that they are equipped to understand the fast-changing threat landscape in which they are operating.
We advocate for giving your people the POWER to be the first line of cyber defense:
• Prepare – Build awareness of what potential scams look like with ongoing training
• Open - Have an open culture, empower people to identify things out of the norm, to question and challenge.
• What? - Question – what is the impact of actioning this request?
• Examine - Examine the source – has it come to you? Who is it actually from? Does it sound legitimate or can you hear pauses or hesitations?
• Report - Report back to your security team and the cyber community so that we are all learning. Collective defense is the best defense.
Alongside this, having the right tools and partnerships in place will ensure the best possible cybersecurity posture both for now, and the future.ë
CISO OPINION CORNER 46 APRIL 2024
THE MOST SIGNIFICANT TRENDS IN CYBERSECURITY WILL BE THE RISE OF AI-DRIVEN CYBER-ATTACKS
As a CISO, what are the key responsibilities that define your role within the organization?
As a Chief Information Security Officer (CISO), my key responsibilities revolve around overseeing the organization's overall cybersecurity strategy. This includes risk management,
“Enhancing cybersecurity posture includes adopting a multi-layered security approach, investing in employee training and awareness, and staying informed about the latest threats and technologies.”
establishing and maintaining a comprehensive information security program, ensuring compliance with regulatory and legal requirements, and leading incident response strategies. Furthermore, I act as a bridge between the executive management
ABDULLAH FAISAL MAHJOUB
Information Security Officer (CISO) Osoul Modern Finance Company
ENG.
Chief
CISO OPINION CORNER 47 APRIL 2024
and the IT security team, ensuring that cybersecurity policies align with business objectives.
Can you share some insights into your organization's cybersecurity strategy for 2024? What are the key focus areas?
For our 2024 cybersecurity strategy, we are focusing on strengthening our defense mechanisms against increasingly sophisticated cyber threats. Key areas include enhancing our threat detection and response capabilities, investing in advanced encryption technologies, and prioritizing the security of our cloud-based services. Additionally, we are working on expanding our cybersecurity training programs for employees to foster a more securityconscious culture within the organization.
With the rapid evolution of technology, what emerging trends in cybersecurity do you believe will have the most significant impact on organizations in 2024?
In 2024, I believe the most significant trends in cybersecurity will be the rise of AI-driven cyber-attacks and the increasing importance of securing the Internet of Things (IoT) devices. These emerging trends pose unique challenges, requiring organizations to adapt their security strategies to protect against more intelligent threats and to secure an ever-expanding network of connected devices.
What are the key skills required for an ideal chief security officer in this age of digital transformation?
CISOs should be capable of transforming cyber security needs using digital transformation tools.
How are you incorporating new technologies, such as AI and machine learning, into your cybersecurity strategy?
We meticulously evaluate these technologies to ascertain optimal methods for incorporating artificial intelligence and machine learning into our cybersecurity
strategy. This integration is intended to bolster our capability to scrutinize substantial data volumes for atypical patterns, automate responses to routine threats, and proactively forecast potential vulnerabilities. We anticipate that these advancements will facilitate a proactive stance in preempting threats and markedly diminish the timeframes for responses.
In what ways do you consider environmental and social impacts when making cybersecurity decisions?
When making cybersecurity decisions, we consider environmental and social impacts, especially in terms of data privacy and ethical implications. We ensure that our security measures do not infringe on individual privacy rights and aim to implement green IT practices. Moreover, our cybersecurity strategies are developed with a focus on social responsibility, aligning with our organization's overall commitment to sustainability and ethical conduct.
What initiatives or training programs have you implemented to enhance cybersecurity awareness among employees?
To enhance cybersecurity awareness, we have implemented comprehensive training programs that include regular workshops, simulated phishing exercises, and online courses. These initiatives are designed to educate employees on the latest cybersecurity threats, best practices, and the importance of their role in maintaining organizational security.
How do you ensure that your organization remains compliant with relevant cybersecurity regulations? How do you stay abreast of changes in the regulatory landscape? Ensuring compliance involves regular audits, continuous monitoring, and adapting to changes in the regulatory landscape. We have established a compliance team that stays updated with regulatory changes and implements necessary adjustments. This team works closely with legal advisors and regulatory bodies, ensuring that our
cybersecurity practices meet the latest standards and requirements.
With the interconnected nature of today's world, how do you address global cybersecurity challenges, especially considering the varying regulatory landscapes in different regions?
Addressing global cybersecurity challenges requires a collaborative approach and an understanding of different regulatory landscapes. We engage with international cybersecurity forums, share best practices with global partners, and tailor our strategies to meet region-specific regulations. This approach helps us navigate the complexities of international cybersecurity requirements effectively.
Diversity and inclusion are increasingly recognized as essential in all industries. How does your organization promote diversity and inclusion within the cybersecurity team?
Promoting diversity and inclusion within our cybersecurity team involves active recruitment from diverse talent pools, fostering an inclusive workplace culture, and providing equal opportunities for career advancement. We recognize that diverse perspectives are crucial for innovative problem-solving in cybersecurity and are committed to maintaining a team that reflects this diversity.
Based on your experience, what advice would you give to others a aiming to enhance their cybersecurity posture?
My advice for enhancing cybersecurity posture includes adopting a multi-layered security approach, investing in employee training and awareness, and staying informed about the latest threats and technologies. It's also crucial to foster a culture of security within the organization, where everyone understands their role in maintaining cybersecurity. Regularly reviewing and updating security policies and practices is key to adapting to the evolving cyber landscape.ë
CISO OPINION CORNER 48 APRIL 2024
ZERO TRUST IS IMPLEMENTED BY ENSURING THAT EVERY USER, DEVICE, AND NETWORK COMPONENT IS VERIFIED
How does our current strategy address the mitigation of fraudulent activities, especially concerning the safeguarding of sensitive data amidst the evolving cybersecurity threats? Our strategy includes multiple methods that we actively apply to safeguard sensitive data amidst evolving cybersecurity threats. The most important and essential ones are,
• Conducting regular risk assessments
• Implementing multi layered security controls.
• Continuously monitoring for suspicious activities
• Educating employees on cybersecurity threats
• Managing vendor risks
• Maintaining an incident response plan
• Ensuring compliance with relevant regulations. This comprehensive approach enables us to proactively manage risks, protect our systems and data, and respond effectively to any security incidents that may arise
“We employ security controls such as network segmentation and intrusion detection systems to safeguard our cyber-physical systems from unauthorized access or manipulation.”
CISO OPINION CORNER
ABHILASH RADHADEVI Head of Cybersecurity OQ TRADING
CISO OPINION CORNER 50 APRIL 2024
What proactive measures have been adopted to combat malware attacks and fraud attempts, taking into account the heightened sophistication of malicious actors in perpetrating fraudulent activities?
The primary measure we take is conducting regular security awareness training for employees to recognize and avoid social engineering tactics used in fraud attempts. We employ advanced endpoint protection solutions utilizing machine learning and behavioural analysis to detect and block malware in real time. We also continuously update and patch our systems to address known vulnerabilities and leverage threat intelligence feeds to stay informed about emerging threats. Furthermore, we perform regular security audits and penetration testing to identify and remediate potential weaknesses in our defences. Lastly, we collaborate with industry peers and security professionals to share insights and best practices, enhancing our overall resilience against evolving threats.
In the context of fraud mitigation, do our employees receive comprehensive training and
awareness programs regarding cybersecurity best practices and potential threats? How integral is this employee training program in fortifying our defenses against fraudulent schemes?
We aim to create a security conscious culture where every employee understands their role in protecting our company's assets and data from malicious actors. Our employees receive regular training sessions covering cybersecurity best practices, including how to identify and respond to potential threats such as phishing, social engineering, and malware attacks. These programs emphasize the importance of maintaining strong passwords, verifying the authenticity of emails and requests, and reporting suspicious activities promptly. By empowering our employees with the knowledge and skills to recognize and mitigate potential threats, our training program plays a crucial role in stimulating our defences against fraudulent schemes.
How are our security platforms adapted to confront emerging cyber threats, particularly those leveraging advanced AI
techniques for perpetrating fraudulent activities?
Regular updates and enhancements to our security infrastructure ensure that we remain resilient against sophisticated attacks. We use AI itself to protect us from AI generated fraudulent activities by integrating AI driven algorithms into our security systems to enhance threat detection and response capabilities. We also collaborate with industry experts and leverage threat intelligence to stay ahead of evolving tactics used by malicious actors.
Considering the rising prevalence of attacks targeting APIs and cyberphysical systems, do our security practices adequately address these emerging threats, or do they lag behind in terms of fraud mitigation measures?
While cyber threats are constantly evolving, we remain proactive in updating our security practices to stay ahead of emerging risks and ensure comprehensive fraud mitigation measures across all fronts. We recognize the increasing prevalence of attacks in these areas and have implemented specific measures to mitigate the associated risks. This includes rigorous authentication and
CISO OPINION CORNER 51 APRIL 2024
authorization mechanisms for API access, encryption of data transmitted through APIs, and continuous monitoring for anomalous activities. Additionally, we employ security controls such as network segmentation and intrusion detection systems to safeguard our cyber-physical systems from unauthorized access or manipulation.
How are organizations implementing the principles of zero trust security to fortify protection against fraudulent activities, both internally and externally?
By adopting a zero trust mindset, organizations can minimize the risk of fraudulent activities by ensuring that only authorized entities have access to sensitive resources and data, regardless of their origin or position within the network. Zero trust is implemented by ensuring that every user, device, and network component is verified and authenticated before granting access to resources, regardless of their location or network status. This includes implementing strong authentication mechanisms such as multifactor authentication micro segmentation to restrict lateral movement within the network, and continuous monitoring for anomalous behaviour.
What advice would you provide for formulating a comprehensive cybersecurity strategy that encompasses fraud mitigation efforts across all facets of our organization's digital assets, including networks, systems, applications, and data?
Always begin with robust risk assessments to identify vulnerabilities and prioritize mitigation efforts. Implement a layered defence strategy encompassing firewalls, encryption, and access controls across networks, systems, applications, and data. Reinforce this with continuous monitoring tools to detect and respond swiftly to suspicious activities.
Additionally, prioritize employee training and awareness programs to educate staff on cybersecurity best practices and potential fraud schemes. Implement rigorous vendor risk management protocols, maintain a well defined incident response plan, ensure compliance with relevant regulations, and regularly test and evaluate security measures to adapt to evolving threats effectively. This holistic approach ensures an effective defence against fraudulent activities across all facets of the organization's digital landscape.
In the context of fraud mitigation, what strategies and measures would you recommend for effectively mitigating AI-related security risks, particularly concerning the adoption of a zero trust security framework?
Firstly, implement robust authentication mechanisms, such as multi-factor authentication, to verify the identity of users and devices accessing AI systems. Secondly, employ encryption techniques to secure data processed by AI algorithms, both in transit and at rest, minimizing the risk of unauthorized access or tampering. Additionally, implement strict access controls and least privilege principles to limit access to AI systems and data only to authorized entities, regardless of their location or network status. Continuously monitor AI systems for anomalous behaviour or deviations from expected patterns, utilizing A -driven analytics and machine learning algorithms to detect potential security threats in real time. Regularly update and patch AI systems to address known vulnerabilities and ensure they remain resilient against evolving threats.ë
CISO OPINION CORNER 52 APRIL 2024
WE HAVE ADOPTED DEFENCE IN DEPTH APPROACH
How does our current strategy address the mitigation of fraudulent activities, especially concerning the safeguarding of sensitive data amidst the evolving cybersecurity threats?
With more than 2 decades of experience in Cyber security, I believe you have to take every shoot in combating against fraudsters and cyber criminals. Not any single strategy works well in rapidly changing threat / fraud landscape
What proactive measures have been adopted to combat malware attacks and fraud attempts, taking into account the heightened sophistication of malicious actors in perpetrating fraudulent activities?
We have adopted Defense in Depth approach to combat against
“Know
JAWAD KHALID MIRZA Chief Information Security Officer Askari Bank Limited
CISO OPINION CORNER 53 APRIL 2024 53
Your Organization Context, challenges and competition .”
emerging threat landscape, ranging from financial mobile applications, Internet Banking channels and the data itself. Moreover, our risk management practice really helps us in balancing the need of security controls.
In the context of fraud mitigation, do our employees receive comprehensive training and awareness programs regarding cybersecurity best practices and potential threats? How integral is this employee training program in fortifying our defenses against fraudulent schemes?
Awareness, Awareness and Awareness is a key to success. Comprehensive cyber awareness program is very much needed along with scenario-based simulations. These simulations really give a litmus test of how much effective your training / awareness program.
How are our security platforms adapted to confront emerging cyber threats, particularly those leveraging advanced AI techniques for perpetrating fraudulent activities?
This is an age of AI and cyber criminals are really leveraging AI in their arsenal for
cyber attacks and we as a cyber security professionals need to leverage the same strength in building up ours’ cyber security program. Mean to say, Defence in depth approach will be complemented by AI.
Considering the rising prevalence of attacks targeting APIs and cyberphysical systems, do our security practices adequately address these emerging threats, or do they lag behind in terms of fraud mitigation measures?
This is really challenging for us due to swiftly changing threat landscape; human resource movements are high; technology costs are in an upward trend. With all this, I feel a gap will arise and that will definitely leverage by perpetrators.
How are organizations implementing the principles of zero trust security to fortify protection against fraudulent activities, both internally and externally?
Zero Trust is a now new buzzword across cyber arena. We as cyber security professionals need to know that while building any control “Zero Trust” play an important role. This will strengthen your cyber security posture and definitely provide resilience.
What advice would you provide for formulating a comprehensive cybersecurity strategy that encompasses fraud mitigation efforts across all facets of our organization's digital assets, including networks, systems, applications, and data?
My few suggestions will be
• Know Your Organization Context, challenges and competition
• Under Regulatory / Statutory environment
• Mark Short term / Medium term / Long term goals
• Benchmark yourself against prevailing international standards relevant to your environment.
• Get a buy in on your strategy from Top Management.
In the context of fraud mitigation, what strategies and measures would you recommend for effectively mitigating AI-related security risks, particularly concerning the adoption of a zero trust security framework?
Prevailing strategy is to build AI powered controls in order to circumvent threats and frauds. Now solutions are available which augment your cyber posture against any adversaries. ë
CISO OPINION CORNER 54 APRIL 2024
A Strategic Imperative
TechOps Competency Framework TechSust Align Biz Insights DXT
Streamline their IT infrastructure and improve operational efficiency, which can result in lower costs and increased productivity.
Assess your current capabilities architecture and identify areas for improvement, helping you to make informed decisions about where to invest your technology resources
Optimize and improve your technology systems, ensuring they are operating at peak efficiency and effectively supporting your business goals.
Provide advanced analytics services, leveraging the latest technologies and techniques to help you turn your data into actionable insights.
Develop a digital strategy that aligns with your business objectives, enabling you to stay ahead of the curve in a rapidly changing digital landscape.
iamcaas.com
I am CaaS
2024 50 COUNTRIES 4000 C-LEVEL EXECS 300+ SESSIONS 200+ EXHIBITORS POWERED BY
MAY-SEPTEMBER