SPECIAL SUPPLEMENT BY
TRENDS FOR CYBER AND INDUSTRIAL SECURITY EXECUTIVES
VIMAL MANI, CISO OF BANK OF SHARJAH
The Security
Manifesto Vimal Mani points out that a CISO would not only require the right skill sets but also a forward-thinking and long-term vision. ...22
AUGUST 2019
CONTENTS AUGUST 2019
14
12
TOP OF MIND
TOP OF MIND
Which Data Security Story Ending Do You Prefer? From ‘Horror’ to ‘Happy’ — and Many More In Between
Gartner Keynote: Leverage Automation for Modern Security
15
22
TOP OF MIND
TOP EXECUTIVE
Cyber security is broken here’s the three steps to fix it
16
The Security
Manifesto TOP OF MIND Using USB Drive Encryption to keep Data Secure
20
28
REAL LIFE
32
18
Own The Router, Own The Traffic
GECSS 2019
30
TOP OF MIND
DEEP DIVE Creating Trusted Identities Starts with Trusting Your IAM Vendor
03
A U G U ST 2019
Widening the Horizons
VENDOR TALKS Cybercrime seen to be getting worse: The time to act is now
VENDOR TALKS
36
Unofficial Telegram App Secretly Loads Infinite Malicious Sites
Epicor ERP Positioned as a Visionary in Gartner 2018 Magic Quadrant for Cloud ERP for Product-Centric Midsize Enterprises
MANAGING DIRECTOR: TUSHAR SAHOO
EDITORIAL
CEO: RONAK SAMANTARAY DIRECTOR & EDITOR: ANUSHREE DIXIT anushree@gecmediagroup.com SUB EDITOR: DIVSHA BHAT divsha@gecmediagroup.com EVENTS EXECUTIVE: SHRIYA NAIR
CUT THE CLUTTER, CUT THE COMPLEXITY How should enterprises act and utilize threat intelligence to increase their proactiveness? This question has been playing in the loop and in all the board room meetings. News after news has been surfacing of various attacks in various parameters. Risk is increasing, gap is widening and the trust of customers is declining. Regardless of all the claims, today it is clear that there is nothing as hundred percent security or zero threats. Though emerging as one of the topmost priorities, it has been observed that organizations do not have the required clarity on the levels of automation or insights needed for the cyber perimeters. As Tarek Kuzbari, Regional Director of Middle East at Bitdefender says in the inside feature, today the entire philosophy of cyber security has changed to ‘The Assumption Philosophy’, where the security professionals in a ANUSHREE DIXIT network work with the assumption that there Editor & Director is already an intruder in the network and they anushree@gecmediagroup.com have to get in the right tools and measures to combat that, rather than waiting for a breach to happen. In our cover feature, Vimal Mani, CISO of Bank of Sharjah says that a CISO would not only require the right skill sets but also a forward-thinking and long-term vision in order to fortify the enterprise from the sophisticated threats. He also lays down some elaborative points on the key skills required for an ideal chief security officer in the age of digital transformation. Putting a different perspective to security, we have a research article from Doug Peckover, Co-Founder and Chief Scientist, kloke on new quantum computers that will solve problems in 100 seconds that would take a classical computer one billion years and how that redefines today’s encryption based data security . All that and much more in this issue of Cyber Sentinels. Hope you enjoy reading them. Also, Cyber Sentinels is all set to host the second edition of The GEC Security Symposium and CISO Awards. As the GCC sees a dramatic rise in the sophistication of threat attacks, the symposium will feature some important keynotes from leading security vendors and CISOs on which technologies and innovations will make the most impact on cyber security. The symposium will also delve into the crucial issue of why cyber security is not being integrated in the enterprise digital transformation strategy. Wishing all readers a happy Eid! ë
shriya@gecmediagroup.com SALES MANAGER : NEHA SHARMA neha@gecmediagroup.com GROUP SALES HEAD: RICHA S richa@gecmediagroup.com + 971 529 943 982
VISUALIZER: MANAS RANJAN LEAD VISUALIZER: DPR CHOUDHARY DESIGNER: AJAY ARYA ASSISTANT DESIGNER: RAHUL ARYA
SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM SOCIAL MARKETING & DIGITAL COMMUNICATION YASOBANT MISHRA yasobant@gecmediagroup.com
DESIGNED BY
PRINTED BY AL GHURAIR PRINTING & PUBLISHING LLC. MASAFI COMPOUND, SATWA, P.O.BOX: 5613, DUBAI, UAE
I N FO M E DIA PUBLISHED BY ACCENT INFOMEDIA MEA FZ-LLC PO BOX : 500653, DUBAI, UAE 223, BUILDING 9, DUBAI MEDIA CITY, DUBAI, UAE PHONE : +971 (0) 4368 8523 31 FOXTAIL LAN, MONMOUTH JUNCTION, NJ - 08852 UNITED STATES OF AMERICA PHONE NO: + 1 732 794 5918 A PUBLICATION LICENSED BY INTERNATIONAL MEDIA PRODUCTION ZONE, DUBAI, UAE @COPYRIGHT 2013 ACCENT INFOMEDIA. ALL RIGHTS RESERVED. WHILE THE PUBLISHERS HAVE MADE EVERY EFFORT TO ENSURE THE ACCURACY OF ALL INFORMATION IN THIS MAGAZINE, THEY WILL NOT BE HELD RESPONSIBLE FOR ANY ERRORS THEREIN.
A U G U ST 2 019
05
NEWS
BeyondTrust Simplifies Endpoint Privilege Management
A10 NETWORKS HOSTS SSL SECURITY EVENT IN SAUDI ARABIA
MOREY HABER, CHIEF TECHNOLOGY OFFICER AND CHIEF INFORMATION SECURITY OFFICER, BEYONDTRUST
BeyondTrust released its Privilege Management for Windows and Mac, formerly Avecto Defendpoint. Now integrated with BeyondTrust’s BeyondInsight platform, organizations can achieve critical security and compliance requirements of enterprise-wide least privilege more quickly and easily than ever before. BeyondInsight is a unified platform combining privilege and vulnerability management solutions, enabling IT professionals and security experts to work together with increased visibility and enhanced efficiency. According to Gartner’s Top 10 Security Projects for 2019, Privilege Access Management (PAM) is first on the list of priority security projects for organizations that have already adopted all basic security measures. Analysis from BeyondTrust’s recent Microsoft Vulnerabilities Threat Report supports Gartner’s top security priorities, finding that enforcing least privilege and removing admin rights from users eliminates 81% of Microsoft vulnerabilities. With the release of BeyondTrust Privilege Management for Windows and Mac, true enterprise-wide PAM can be deployed in weeks, not years, based on BeyondTrust’s unique Quick Start methodology and BeyondInsight platform integration. “This release marks a key milestone along the path started late last year as we brought four companies together to create the most powerful and easy to deploy PAM solution on the market,” said Morey Haber, Chief Technology Officer and Chief Information Security Officer at BeyondTrust. “With the power of the leading privilege management solution now coupled with BeyondTrust’s BeyondInsight platform, organizations have the most comprehensive, robust, and granular privilege management solution for Windows and Mac available today.”
06
A U G U ST 2019
A10 Networks co-hosted a security workshop with the theme ‘Embrace data chaos by inspecting your SSL’ in collaboration with technology alliance partner Splunk and channel partner, Saudi Business Machines (SBM). The event took place at the Ritz Carlton hotel in Riyadh on 23 July, 2019. Abdulmajeed Alobailan, country manager for Saudi Arabia at A10 Networks says, “Today data breaches are causing more damage than ever. Two-thirds of all internet traffic is encrypted. Almost half of all cyber-attacks use encryption to evade security, leaving organisations vulnerable to the SSL blind spot. Traditional security defences are ineffective for SSL. This combined with an ever-increasing amount of cyber-crime means the need for companies to deploy comprehensive protection is greater than ever.” At the event, executives from A10 Networks, Splunk and SBM teams educated attendees on how regional organizations can learn to embrace their data and use it to better protect enterprise networks in order to maintain business as usual. A big spotlight at the event was turned on SSL decryption, which is no longer a ‘nice to have,’ but a ‘must have’ as it eliminates blind spots introduced by SSL encryption and thus prevents cybercrime. A10 Networks has the most comprehensive decryption solution, A10 Thunder® SSLi (SSL Insight) that decrypts traffic across all ports, enabling third-party security devices to analyse all enterprise traffic without compromising performance. SBM are high-level consultants with system integration services to take the joint solution to the market and add additional value for customers.
NEWS
Mimecast Announces New Cyber Alliance Program
CHRISTINA VAN HOUTEN, CHIEF STRATEGY OFFICER, MIMECAST
Mimecast launched the Cyber Alliance Program, a new program designed to align security vendors into an extensive cyber resilience ecosystem. Interoperability and data sharing are key to
any advanced security plan while building a more cyber resilient organization. Mimecast’s Cyber Alliance Program is focused on bringing complimentary cyber software vendors together
for the greater good of the customer. Driven by customer demand, the Cyber Alliance Program is based on the premise that sharing data about threats, malicious code and attack vectors among cyber vendors helps strengthen products and creates additional protection for the customer – helping each product become more effective and allowing for customers to be more cyber resilient. The program is open to select technology companies offering security and cyber resilience products that meet the program criteria and that are interested in integrating their technology into Mimecast’s platform using open APIs. “Organizations are often strapped from a resource and budget perspective, yet, IT admins are still responsible for processing and responding to alerts, all while managing a variety of disparate security solutions. Automation through interaction with Mimecast APIs helps streamline and simplify these efforts as they bolster cyber resilience,” said Christina Van Houten, chief strategy officer at Mimecast. “The goal of creating the Cyber Alliance Program is to provide an ecosystem of like-minded vendors who want to help customers efficiently and effectively protect their infrastructures, helping organizations build a more cyber resilient world.” Customers can now benefit from the Cyber Alliance Program by maximizing their current or planned investments, reducing administration time, and immediately gaining deeper insights into today’s advanced threats. Cyber Alliance Partners can now work more effectively with Mimecast on integrations by accessing APIs and conducting impactful joint go-to-market initiatives.
QUICK HEAL TECHNOLOGIES GRANTED US PATENT FOR ANTI-RANSOMWARE TECHNOLOGY Quick Heal Technologies has been granted a patent for its Anti-Ransomware Technology by the United States Patent and Trademark Office (USPTO). Post the patent approval, Quick Heal has become the first Indian company to indigenously develop and be awarded a patent for anti-ransomware technology. The US patent grant adds to Quick Heal’s
25-year legacy of designing future-ready solutions aimed at providing bestin-class protection against sophisticated cyberthreats to individual users, enterprises, and governments. Designed and developed by Quick Heal’s state-of-the-art R&D and innovation center in Pune, the AI-powered AntiRansomware Technology further underlines its
commitment to delivering the most advanced and innovative security solutions. Ransomware have evolved over the years to avoid signature-based detection and, therefore, can easily sneak past traditional security measures. These attacks accounted for 23% of over 973 million malware attacks on end-user devices across the country
in 2018 alone, according to the latest annual Quick Heal Threat Report. It is against such a scale and intensity of ransomware threats – which far surpasses the preventive capacities of traditional security solutions and human-only teams – that Quick Heal’s powerful anti-ransomware technology enters the fray. Powered by Artificial Intelligence and Machine
Learning at its core, Quick Heal’s state-of-theart Anti-Ransomware technology uses signature-less behavioral detection to proactively block new and unknown ransomware attacks in real-time. Its unique and advanced algorithms conduct focused activitybased detection, while also empowering users to recover their critical data in case of a breach.
A U G U ST 2 019
07
NEWS
Retarus bolsters Email Security Services with new features Munich-based Retarus GmbH has developed its Email Security Services with a range of new features, including Office 365 Sync, Whitelisting, Targeted Members List, and new anti-phishing measures. The new functionality has been added to Advanced Threat Protection services, which include ‘Patient Zero Detection’ and Retarus’ unique ‘botnet recognition’, both patented across Europe. For companies working on Office 365, Retarus Email Security now synchronizes with directory services of Microsoft cloud. Azure Active Directory Synchronisation has replaced manual data maintenance, thus reducing both the error-rate and efforts. The Whitelisting Service, enhancing CxO Fraud Detection, has become an ATP component. Customers can use this option when sending internal information, ie management newsletters, announcements and alerts from the HR or IT departments, via external service providers, ensuring these ‘internal’ emails are received reliably. Another new feature is the Targeted Members List. Here the company can list employees whose email identities are particularly interesting for cybercriminals. As soon as a message arrives from a ‘Targeted Member’, the CxO Fraud Detection service checks the display name for authenticity. Depending on the outcome, the message is placed either in the inbox or in quarantine. To identify phishing, Retarus Email Security now refers to additional data which is obtained with the help of machine-learning. This means that the filter is now able to detect the URLs of fake websites in inbound emails even more reliably and that Retarus’ customers are now even better protected against phishing attacks. “We are constantly searching for new ways to meet the ever-rising security requirements of our customers. I’m proud of our development team and its power in innovation, with Forrester* including us among the twelve most important providers of Email Security in the world,” says Martin Hager, founder and CEO of Retarus.
08
A U G U ST 2019
SUPREMA INTRODUCES LATEST ACCESS CONTROL AND BIOMETRIC SOLUTIONS Suprema introduced its latest range of biometric security solutions at Security Exhibition & Conference 2019 in Sydney, Australia. At the show, Suprema showcased FaceLite, its latest facial recognition terminal, 2nd generation fingerprint IP readers and enterprise access control solutions. Launched at ISC West in April this year, Suprema extends introduction of the FaceLite in Australia. The FaceLite provides the world’s best facial recognition performance in terms of matching speed, operating illuminance and user capacity. In addition to the FaceLite Suprema will demonstrate its range of access control terminals, updated BioStar 2 security platform with visitor management solution. The new FaceLite is designed for both the enterprise access control systems and time attendance applications by featuring Suprema’s industry-leading technologies and innovative features. Loaded with powerful 1.2GHz CPU and massive 8GB memory, FaceLite achieves incredible matching speed of up to 30,000 matches per second and accommodates up to 30,000 users while providing intuitive face-enrollment GUI for faster user registration. On the optical side, the new face recognition technology overcomes possible interference from dynamic lighting conditions including sunlight and ambient light. The new technology allows greater range of operating illuminance from zero lux to 25,000 lux which covers almost every possible lighting conditions regardless of indoor or outdoor, day or night.
NEWS
Human Safety Put at Risk as Increased Focus on Cybersecurity Lloyd’s Register Foundation and the Global Manufacturing and Industrialisation Summit (GMIS), launched a new report, collated by the University of Cambridge’s Institute for Manufacturing (IfM), highlighting the need for an integrated approach when it comes to the safe and secure adoption of Fourth Industrial Revolution (4IR) technologies within the manufacturing sector. The report, named ‘Safety and Security
Dimensions of Industry 4.0’, reveals that current international efforts to tackle the challenges posed by 4IR technologies are focused on cyber security, with less attention being given to the safety dimension. The report states one of the main reasons for the imbalance is due to the lack of information and uncertainty surrounding the possible impacts of new human-machine interactions and the potential physical and psychosocial hazards for
workers and users of new technology. The new report suggests that in order to ensure that the full potential of the new industrial paradigm is reached, those within the industry must proactively engage, understand and manage emerging safety and security requirements. Based on an extensive review of international evidence of how industries are tackling safety and security risks, the report reveals that industry leaders are focusing on six
areas of priority action: development of new frameworks, regulations and standards; awarenessraising and information sharing; skills development; anticipation of risks and needs; research and development; and funding of co-innovation efforts. The key finding from the evidence review is that these six priority areas are interrelated, highlighting the need for collaboration between stakeholders across the value chain, to mitigate security and
safety risks. According to the report, future collaborations should focus on building a global knowledge database on 4IR safety and security, developing a vision of the future, creating interest groups for knowledgesharing and the adoption of best practice, establishing industrial safety and security guidelines to inform new sector standards and developing a 4IR-ready workforce able to integrate safety and security skill requirements.
Zain Jordan Partners with Infoblox
Zain has implemented Infoblox ActiveTrust solution to enable secure internet browsing for its subscribers. Now both, home and business users of Zain’s internet services are assured protection against malware and the risk of data exfiltration without having to pay any additional security subscription fees. Since its establishment in 1995, Zain Jordan
10
A U G U ST 2019
quickly became the foremost telecom company in Jordan, a position that it kept to this day through a policy of investing in cutting edge technology to provide state of the art services to customers. Mr. Yousef Abu Mitawe’ Chief Operating Officer at Zain Jordan said, “The foundation of our work at Zain is to provide the best and most distinctive services, to our customers, as the
Internet has become a multi-service and serves all fields, added that Zain is proud to partner with Infoblox, which has been selected thorough study, ensuring that Zain subscribers are fully aware of the benefits.” Most Internet communications, including malware, rely on DNS (Domain Name System). Attackers use DNS to exfiltrate data and as a malware control point. More than 90% of malware relies on DNS to redirect traffic to malicious sites. Existing security controls, such as firewalls and email and web proxies, rarely focus on DNS and associated vulnerabilities. DNS is as critical a protocol as web and email. It requires a dedicated solution that enables early detection and the sharing of valuable network context with the broader ecosystem to accelerate response. Infoblox ActiveTrust is that dedicated solution which provides Zain Jordan and its internet subscribers with proactive network protection against data exfiltration and fast-evolving, elusive malware threats that exploit DNS to communicate with command and control servers and botnets.
G L O RY AWAITS THE CHAMPIONS
1 ST OCTOBER 2019 FOR MORE VISIT g e c m e d i a g r o u p. c o m
TOP OF MIND
WHICH DATA SECURITY STORY ENDING DO YOU PREFER? FROM ‘HORROR’ TO ‘HAPPY’ — AND MANY MORE IN BETWEEN
Here’s how this story starts: According to Microsoft, the new quantum computers will solve problems in 100 seconds that would take a classical computer one billionyears. That’s not a typo! This new computing power puts today’s encryption-based data security at risk because its premise is based on math being ‘difficult.’
The big question is when will this ‘quantum risk’ begin? If you prefer short stories, you’ll like research suggesting that quantum computers may not break encryption for decades. So, sit back, relax and do nothing. If you prefer a story ending with a bit more drama, your encryption will be broken within a few years because 99 percent of online encryption is vulnerable to quantum computers, according to Mark Jackson, scientific lead for Cambridge Quantum Computing. With this ending, start planning now for a massive code review. The cost for such an undertaking is unknown, but the last major code review was for Y2K, which cost an estimated $400 billion worldwide and took years to complete. If you like scary endings, IBM is calling the quantum computer threat ‘imminent,’ suggesting it will affect nearly all encrypted data on personal devices, communications, private databases, smart vehicles and government databases. That, indeed, is a very scary ending. If horror stories are your thing, you’ll love the one from Rep. Will Hurd, Chairman of the House Oversight and Reform IT subcommittee. He says “whoever gets to true quantum computing first will be able to negate all the encryption that we’ve ever done to date. That is why China [and] Russia are sucking up ciphertext.” Translation: the quantum threat already exists. If you’re into nightmares, one comes from a mathematician at the National Institute of Standards and Technology (NIST — the standards body working on quantum-resistant cryptography) who said, “It will take 10 to 20 years to get new algorithms selected, standardized and implemented out into the field.” A related story goes on to state that NIST “must evaluate each [solution] against both classical and quantum attacks to ensure that the
12
A U G U ST 2019
DOUG PECKOVER, CO-FOUNDER AND CHIEF SCIENTIST, KLOKE
problems are still difficult to solve, with the hopes of drafting updated standards by 2022 to 2023.” Three words make this story a nightmare — ‘difficult,’ ‘hope,’ and ‘2022.’ There’s one more story ending to consider — one with a happy ending. Unlike the nightmare, its three words are ‘simple, ‘proven,’ and ‘now,’ because a remarkable data security solution already exists — ‘tokenization’ — proven by financial institutions (and protecting credit card transactions) for more than a decade. A U.S. firm has seven patents that upgrade tokenization security, making all data quantum-
safe — from IoT devices and blockchain ledgers, clear up to legacy databases. However, the most remarkable benefit of such an enhanced tokenization security solution is that, unlike potential encryption options still years out on the horizon, upgrading existing systems is seamless, requires little or no programming changes, won’t cost the industry billions or take years to deploy. For firms and government agencies ready to take advantage of this simple — and immediately available — quantum-safe security solution, their story has a happy ending. ë
TOP OF MIND
GARTNER KEYNOTE: LEVERAGE AUTOMATION FOR MODERN SECURITY Security and risk leaders must explore automation to provide increased business value and maintain security standards.
With multiple clouds in use, it would be impossible for CISOs to manually relax permissions for IaaS and ensure adequate controls for SaaS. The solution? Automation.
Automation does add risk. But, if done correctly, automation can also be hugely beneficial to the security team and business.
IDENTITY IS THE FOUNDATION FOR ALL OTHER SECURITY CONTROLS
“The best way to bring value to your organization today is to leverage automation” “No long are we asked a singluar question, ‘how are you providing security and managing risk?” said Katell Thielemann, VP Analyst, during Gartner Security and Risk Management Summit in National Harbor, MD. “We are now asked a more complex question, ‘how are you helping the enterprise realize more value while assessing and managing risk, security and even safety?’ The best way to bring value to your organization today is to leverage automation.”
THE IMPACT OF AUTOMATION As pieces of the business begin to adopt emerging technologies ranging from the cloud to blockchain to digital twins and immersive technologies, CISOs will find themselves overwhelmed with priorities. “Other business units are likely building solutions without consulting those of us in security. This means they are making technology-related choices every day, often without realizing the risk implications of what they are doing,” said Beth Schumaecker, Director, Advisory, Gartner. “The consequences of these business choices —choices over which we have no control and do not always see — can be huge, especially as the potential for digital business continues to grow.”
AUTOMATION IN THE BUSINESS Many automation tools are ad hoc; others formally automate key parts of a process. Some tools use one technique, while other types of automation utilize a handful of techniques. Some
14
A U G U ST 2019
Decisions regarding identity should always remain within the control of security and risk teams. This becomes even more important as businesses increasingly move to cloud environments. As systems and companies become more complex, relying solely on multiple passwords for identity confirmation becomes difficult and risky. A CARTA approach to identity will be key to ensuring that the risk engine isn’t too relaxed or restrictive, but also works for the user.
KATELL THIELEMANN, VP ANALYST, GARTNER
companies will use automation to reduce costs, standardize or increase productivity. Others will use it to improve the quality and consistency of risk controls, while reducing error caused by humans. Organizations will also use automation to increase speed or agility.
CARTA IS A KEY ENABLER Regardless of how automation is being used, security and risk leaders can no longer depend on traditional security approaches. Continuous adaptive risk and trust assessment (CARTA) is a strategic approach to security that acknowledges there is no perfect protection, and security needs to be adaptive, everywhere, all the time.
DATA IS WHERE MUCH OF ENTERPRISE VALUE RESIDES Businesses are data generation powerhouses. Failing to protect and watch data can be costly — and can, in fact, harm an organization’s value. Review the access control models for any infrastructure as a service and SaaS applications and consider using a cloud access security broker (CASB) to identify and classify data and files.
NEW PRODUCTS OR SERVICES DEVELOPMENT IS A FOCUS FOR COMPANIES Companies are developing new products and services to gain competitive edge and are leveraging emerging technologies, which are highlighting new business opportunities. With an increasing need to go to market faster, DevOps processes can run afoul of security protocols. Automation can help achieve the ultimate goal of DevSecOps, where security is built into the beginning of the process with no negative impacts. ë
TOP OF MIND
CYBER SECURITY IS BROKEN HERE’S THE THREE STEPS TO FIX IT The IT security industry has failed its customers. Despite a proliferation of investment, a recent VMware and Forbes Insights study found that only a quarter of business leaders across Europe, Middle East and Africa are confident in their current cyber security, and less than a fifth are confident in the readiness of their people and talent to address security concerns.
THREE STEPS TO FIX CYBER SECURITY More specifically, three things need to happen. We need to stop focusing as much on reactive threat detection, increase the focus on applications and make security intrinsic. Why do we need to stop focusing as much on threat detection? Historically, that’s where security spend has been. VMware’s own analysis suggests 80% of enterprise IT’s investment in security goes on reactive measures, and it’s also where 72% of VC funding in security start-ups goes. More than half of respondents to the VMware/Forbes Insights study say they plan to spend more on detecting and identifying attacks. Cyber threats are evolving rapidly – by honing in on detecting threats, at best you can defend yourself against copycats. You’ll still be exposed to those attackers that do something different. That’s before you consider that it’s a case of ‘when, not if ’, your defences are breached: a ransomware attack happens every 14 seconds. So, to only invest in threat detection means less resource for other areas of security. Don’t get me wrong, reactive threat detection is still critical. But there needs to be a shift away from trying to prevent breaches at all costs. With the inevitability of breaches a reality, what matters is how quickly we can detect them and take effective mitigating action. There needs to be more focus on proactive, preventative measures – in essence, those that reduce the attack surface area. In short, definitely invest in detection, but invest more in prevention. Secondly, the real focus should be on applications. You’d be hard pressed to find a security product that doesn’t claim to be ‘application aware’, but what does that actually mean? Knowing more about the known good of application behaviour becomes critical. With this in mind you can better on understanding the 50 things that should be happening rather than
AHMED AUDA, MANAGING DIRECTOR - METNA, VMWARE
trying to protect against the 50,000 that shouldn’t be. Think about it this way. When you get out of bed in the morning, you know you are supposed to feel. If you feel unwell, you don’t individually in your head go through the thousands of different viruses that could be the cause. You can single out the thing, the sore throat or painful eye that hurts. Because you know your body and what your known good feels like. The same approach can be taken to security. That means security is really about understanding how applications actually work. All of this is just not possible without truly intrinsic security. Again, this is the sort of phrase that gets touted about, but how often does it truly happen? Currently, enterprises use anywhere between 50 to 100 different security products. That’s 50 to 100 solutions that need to be managed, updated, patched, aligned and connected
to relevant apps, which in turn need constant management and updates. What if, instead of bolting on more products, we took a step back and looked at how we use what we already have in our operations to secure the organisation? Software. It’s not another product you buy, install or operate, or an agent you have to install and manage. It’s foundational software that you are already using, common across apps and data, wherever they reside: private data centers, clouds, edge, containers, desktops, and mobile devices. We see applications, we know what they are, where they are, what they are doing, and what they are supposed to be doing. How do you make things intrinsically secure? By protecting the network, the common element that touches everything. It used to be that IT and network security were separate – now they’re converging rapidly. Deploying virtual cloud networks gives enterprises a universal fabric – secure that and everything it touches is secure.
A MULTI-LAYERED APPROACH What these three focuses do is introduce a multilayered approach to security – one that puts proactive prevention alongside threat detection. This future of security makes every individual element of the infrastructure inherently secure: if one layer or element gets breached, then the next element is secure, and the next, limiting the damage that can be done. It recognises that breaches are a case of when, not if, and acts accordingly. In doing so, we can all improve confidence in our security policies and procedures, cut down on unnecessary spending, and reduce the damage successful attacks can cause. And, importantly, this built in security means a business can take their business in any direction, innovate and add new IoT, AI and ML technologies, knowing that the heart of the business is secure. ë
A U G U ST 2 019
15
TOP OF MIND
USING USB DRIVE ENCRYPTION TO KEEP DATA SECURE
HARDWARE ENCRYPTION
USB’s are small devices, yet they store vast amounts of data. They are affordable, yet robust, with no detachable or moving parts and are extremely easy to use. Even though they form an integral part of most people’s lives looking to back up their data, unfortunately, because of their small size, they are fairly easy to misplace or lose. According to a 2016 article in ElectronicsWeekly.com, it is estimated that 22,000 USB’s get lost each year. The article also states that 48% of people who find USB drives plug them in and click on at least one file. Their very portability and accessibility, however, makes USB drives a security threat. USB drive encryption is the only viable option for corporations looking to protect valuable data while balancing control and accessibility.
USBS – THE RISK Employees using USB’s at home or on personal systems and then plugging them back into corporate network pose a great security threat. Even with all the information floating about cybercrime, malware and breaches, employees still choose to practice unsafe cyber security habits, with majority not backing their data in any form. According to a study, 24% of employees use more than 5 USB drives; however, given the substantial risks involved, in 49% of companies, the USB drives have disappeared and 91% of the USB drives do not use hardware-based encryption. Employees not being properly trained on data safety practices is one of the primary risks organizations face in these digital times, as their carelessness results in 50% of USB’s being lost, 10% USB’s being stolen and 40% USBs disappearing. “In today’s time, it is crucial for IT departments to address the issue, and create the necessary awareness of the problem by educating and training the employees accordingly. Organizations should pay heed to implementing best practices
16
A U G U ST 2019
USB hardware encryption enables security as the drive’s contents cannot be copied to a computer until the user enters a correct password. There is added protection against brute force attacks, as the login counter is built into the hardware. Certain devices, such as flash drives from IronKey, offer high levels of encryption and feature anti-tampering technology to keep data even more secure. Many secure USB drives also include software for remote management and security policy enforcement, which may be appealing to corporate buyers.
GDPR COMPLIANCE
LAURENT SIRGY, REGIONAL DIRECTOR - FRANCE, SOUTHERN EUROPE, MEA, KINGSTON TECHNOLOGY
for managing all types of portable devices; and create security and acceptable-use policies for all portable media devices, along with educating employees about those policies; teaching employees to report missing devices immediately so they can be wiped of all data; training employees about the value of using strong passwords and PINs, implementing their use; banning personal, portable media devices (that can’t be controlled and monitored by the organization) from the workplace; and considering the costs and benefits of distributing locked-down, corporatecontrolled devices over implementing a “bring your own device” policy.”
GDPR compliance is an important aspect of ensuring proper data security measures are being implemented when doing business with European companies. Hardware encryption and endpoint management practices form the core of organizations becoming GDPR compliant. “GDPR has made it mandatory for companies that handle large amounts of personal data to seek and adopt best practices when it comes to this new regulation. Encrypted USBs serve organizations by ensuring that information shared between different parts of a workplace are secure at all times, which in turn ensures all data is protected and is processed in the correct way. With Kingston different offerings of secured USB drives, users can get an important item ticked off the GDPR to-do list by investing in 256-bit AES hardware-based encryption.” In the current digital age, the importance of sharing information across departments in organizations have never been greater. Large multi-national companies spend a vast amount of money to ensure internal security of their assets, but even if organizations do not have a large budget, encrypted USBs which are password protected add that extra layer of security to sensitive information that is shared across the business. ë
Discover the Edge.
Smart Solutions. Real Business. Rittal solutions for the technology of the future. Edge computing enables enormous amounts of data to be processed directly at the place where they arise. Securely and in real time. Rittal prepares you and your IT infrastructure for new challenges - exibly, economically, and globally.
Visit us at
Sheikh Rashid Hall Stand SR-E2
For Enquiries:
Rittal Middle East FZE Tel: +971-4-3416855 I Email: info-it@rittal-middle-east.com I www.rittal.com/uae-en
REAL LIFE
OWN THE ROUTER, OWN THE TRAFFIC
As threat actors increasingly target supply chains, man-on-the-side techniques introduce another layer of complexity that organizations must consider.
During a 2018 incident response engagement, Secureworks® analysts discovered strong evidence of a Russia-based espionage group using ‘man-on-the-side’ techniques to install malware on targeted networks. The threat actors used the same techniques in other incidents as well. This type of attack can undermine the integrity of the Internet’s fundamental communications infrastructure.
WHAT IS A MAN-ON-THESIDE ATTACK? A ‘man-on-the-side’ attack involves a threat actor subverting existing communications infrastructure to inject malicious content into legitimate traffic. To conduct this type of attack, the threat actor must first gain access to a network communications channel. They then leverage this access to monitor and manipulate network communications, including inserting malware
into response traffic.
WHAT WAS THE INITIAL DISCOVERY? During this particular engagement, the Secureworks Advanced Endpoint Threat Detection (AETD) - Red Cloak™ solution detected that a system was compromised with the Karagany malware. This version of Karagany is exclusively used by the Russia-based IRON LIBERTY threat group (also known as Energetic Bear and Dragonfly), which has historically targeted global energy, nuclear, and defense organizations. There were no obvious indications of where the malware came from — no evidence of a phishing email, no sign of a malicious download link, and no suggestion of a drive-by download.
WHAT IS THE EVIDENCE? A forensic analysis revealed a legitimate request
Figure 1. NTFS MFT showing the ‘FN Info Creation date’ of the Adobe and Karagany files. (Source: Secureworks)
Figure 2. FN Info Creation dates for Karagany activity. (Source: Secureworks)
Figure 3. Timestamps associated with SearchIndexer.exe. (Source: Secureworks)
18
A U G U ST 2019
to download an Adobe Flash installer around the same time that Karagany was downloaded. Figure 1 shows timeline data extracted from the master file table (MFT) from the compromised system’s NTFS partition. In this instance, Karagany was installed on March 21, 2017: • 07:38:07-07:38:25 — Chrome download logs indicate that an install_flash_player.exe file is downloaded to the user’s Downloads directory after the user initiated a download over HTTP from adobe.com. This file was not present on the system at the time of the investigation and was not recovered. • 07:38:45 — An install_flash_player.exe file is written to %TEMP%, and a set170.exe file (the Karagany malware) is created in the %APPDATA% directory. When set170.exe is executed, Karagany checks if it is installed in its target location. If not, it installs itself to that location. • 07:38:51-07:38:52 — The executed Karagany malware creates relevant directories and copies set170.exe as SearchIndexer.exe to the hardcoded %APPDATA%\Local\SearchIndexer\ installation directory. • 07:38:53 — The malware establishes persistence by creating a link to SearchIndexer.exe in the user’s Startup folder. • 07:38:53-07:39:06 — Karagany writes several additional files and directories to disk, which matches the postinstall behavior described in Secureworks’ detailed Karagany analysis. At 05:58:31 the following morning (March 22), approximately 9:00 am Moscow Standard Time, the first evidence of interactive use of the malware appears in the forensic timeline (see Figure 2). The svchost filenames align with other Karagany samples observed by Secureworks analysts. Additional analysis of the MFT showed the ‘Std Info Creation date’ for SearchIndexer. exe was June 1, 2013 (see Figure 3). All of the other timestamps associated with this file align with the 2017 timeline. The Std Info Creation date timestamp is rounded to the nearest hundreth of a second; it is the only timestamp from the compromised hard drive that contains four zeros. This type of rounding can indicate manually altered timestamps (also known as timestomping).
REAL LIFE
Figure 4. Timestamps for the initial and final install_flash_player.exe files. (Source: Secureworks)
Figure 5. Discrepancy between the requested and delivered Flash installers. (Source: Secureworks)
Adobe installer file: • Option 1: Compromise of Adobe’s website Secureworks assessment: unlikely. Neither the investigation of the incident nor visibility across nearly 4,000 global organizations’ networks revealed indications that Adobe’s website was compromised during the attack timeframe. • Option 2: Man-in-the-middle (MitM) attack using the victim’s internal or gateway systems Secureworks assessment: unlikely. Although it is possible that the threat actor could have used existing access to other systems in the victim’s network to intercept and manipulate the response traffic, there was no evidence of this behavior in the environment. In addition, the nature and function of the infected host would have made it an unlikely target for a threat actor that had a presence in the network. • Option 3: BGP hijack Secureworks assessment: unlikely. Border Gateway Protocol (BGP) hijacking involves an unauthorized change in the routing of Internet traffic that sends an unsuspecting user’s traffic through an attacker-controlled path that could be monitored and manipulated. After the request for the Adobe installer left the network, it could have been routed to attacker-controlled systems. However, these types of attacks can be “noisy” and are often detected by the security community. There was no evidence of this technique. • Option 4: Man-on-the-side attack outside of the victim’s network Secureworks assessment: likely. Analysis of the environment suggests that the most likely scenario was that the threat actor used manon-the-side techniques to intercept the Adobe installer request when it transited a compromised router outside of the victim organization and then return the trojanized response (see Fig 6).
CONCLUSION
Figure 6. Suspected chain of events for man-on-the-side attack. (Source: Secureworks)
The forensic data shows that both the initial and final install_flash_player.exe files were modified at the same time the Karagany malware was installed (see Figure 4). As shown in Figure 5, the file size of the final Adobe Flash binary is smaller than the initial download. This discrepancy, in addition the lack of other events at the time of the Karagany download, indicate that the initial Adobe Flash binary download was the source of the Karagany malware. The byte sizes of set170.exe and the final Adobe binary do not equal the size of the initial
install_flash_player.exe download. The remaining 86kB were likely associated with a wrapper to facilitate the installation. Secureworks analysts assess that once the malware was installed, the initial install_flash_player.exe download self-modified to remove all traces of the malicious content to leave only a legitimate Adobe Flash installer (version 25.0.0.127) binary on disk.
HOW DID THIS HAPPEN? There are several credible explanations for how the Karagany payload was delivered alongside the
Using access to compromised routers to deliver malware is part of a growing trend of threat actors exploiting organizations’ supply chains. Historically, threat actors gained access to targeted networks by using stolen credentials, abusing of trust relationships, or using access to software developer networks to trojanize software updates. Various incidents in 2018 affecting major service, software, and infrastructure providers highlight risks to organizations from outside their network perimeter. The use of man-on-the-side techniques further complicates the challenge of defending against supply chain risks. As reports of targeted threat actors leveraging compromised routers become more common, it is important for organizations to consider their resilience to these techniques. ë
A U G U ST 2 019
19
DEEP DIVE
CREATING TRUSTED IDENTITIES STARTS WITH TRUSTING YOUR IAM VENDOR Finding the right identity and access management (IAM) solution can be a challenge. With dozens of vendors and products in the marketplace, how do you pick the right one?
The following guide helps to identify the unique needs, challenges and various factors in an organization to consider when selecting the perfect IAM solution and vendor to meet security goals.
build it into your organization’s use case.
CREATE AN IAM PROJECT PLAN TO ASSESS AUTHENTICATION AND SECURITY NEEDS
DETERMINE THE AUTHENTICATION AND SECURITY NEEDS OF YOUR ORGANIZATION Choosing the right IAM solution starts with understanding the systems, data and other areas that require protection. Begin the process by: l Connecting with stakeholders across the organization — security experts, engineers, application owners, information architects, end users and others l Understanding the sensitivity and confidentiality of the various systems and data that need to be protected l Identifying potential issues that may arise when adding authorization to existing systems l Prioritizing systems that need to be secured l Establishing how systems and information integrate across the organization l Deciding the appropriate level of authentication for all systems and data Use these findings to create a wish list of features and functionality that an IAM solution must have. This information will allow you to filter IAM vendors according to whether their solutions meet your security needs. Begin an initial round of fact-finding or requests for proposals to help shortlist IAM vendors for further investigation.
UNDERSTAND THE CHALLENGES OF IAM DEPLOYMENT, MANAGEMENT AND SUPPORT An IAM solution will affect all of the systems, data, processes and employees within an organization. Working with your shortlist of IAM vendors, be certain you discuss and comprehend:
20
A U G U ST 2019
AXEL HAUER, DIRECTOR EMEA ENTERPRISE SALES, IAMS, HID GLOBAL
The methods of creating, managing and removing user accounts l The complexity of the integration process within your organization’s current applications and infrastructure l Any custom configurations required for the solution to work across various IT environments l How to measure fluctuations in employee productivity due to the change in accessing business systems l How the solution will impact helpdesk support dealing with IT issues, including failure to authenticate, lockouts, etc. l The auditing and reporting capabilities of the proposed solution Once you understand the administrative and productivity costs of an IAM solution, you can l
Your IT security team should develop an IAM strategy for deploying access management across the organization. Prioritize where resources will go the furthest, and understand the systems and information that need to be protected now. Develop more granular project plans that detail IAM requirements. You can then drill down into the IAM solutions and match features against your security needs to help decide on a vendor. Go through your project plans and ask the shortlisted vendors to provide information on how their proposed solution matches your requirements. This final step will help in creating a gap analysis for making a final choice.
CHOOSE AN IAM VENDOR BASED ON STRONG CRITERIA Ideally, you will choose an IAM solution and vendor based on: l Alignment with your high-level business needs l How closely the solution matches granular project requirements and specifications l How easy the solution is to deploy and manage for users, developers and the security team l The impact the solution will have on productivity and employee satisfaction l How responsive, open and transparent the vendor is about what their IAM solution can and cannot do l How the vendor meets the needs of the business use case regarding scope, licensing costs and support l The vendor’s reputation as a trusted provider of high-security access controls. ë
Protect Your Information Wherever It Travels
Data Classification, DLP, and CASB only solve part of your data security challenge. Seclore Data-Centric Security makes it easy to unify your best-of-breed solutions and automatically add granular usage controls as information is discovered, classified, and shared. Ensure your information is protected and trackable wherever it travels with Seclore.
We look forward to showing you Seclore Data-Centric Security in action during the Future of IT Summit 2019, Dubai
www.seclore.com
TOP EXECUTIVE
VIMAL MANI, CISO OF BANK OF SHARJAH
22
A U G U ST 2019
TOP EXECUTIVE
The Security
Manifesto As growing technology implementations in the BFSI sector make way for new breed of cyber risks to emerge, Vimal Mani points out that a CISO would not only require the right skill sets but also a forward-thinking and long-term vision in order to fortify the enterprise.
PLEASE DESCRIBE YOUR JOB ROLE IN THE ORGANIZATION. I am heading the Information & Cyber Security Operations of Bank of Sharjah. I am responsible for the bank’s end-to-end cybersecurity program. I coordinate cybersecurity efforts within banking operations across the Middle East. I am also responsible for coordinating bank wide cybersecurity strategy and standards, leading periodic security risk assessment efforts, leading incidents investigation and resolution, and coordinating the bank’s security awareness and training programs.
WHAT ARE THE MOST IMPORTANT AND CRITICAL ASPECTS OF YOUR JOB ROLE FOR
YOUR ORGANIZATION? Ensuring the resilience of Information & Cyber Security Management System is established in place, building a Strong Cyber Risk Aware Culture, ensuring the fool proof implementation of Cybersecurity Policy Framework, achieving Compliance w.r.t Cyber Security Regulations and implementing robust security awareness programs are the most important and critical aspects of my present role with Bank of Sharjah.
WHAT ARE THE TYPICAL CHALLENGES FACED BY A CHIEF SECURITY OFFICER IN LARGE AND MEDIUM ENTERPRISES? I consider the following as some of the critical challenges faced by CISOs of large and medium enterprises such as
A U G U ST 2 019
23
TOP EXECUTIVE
Bank of Sharjah: l Lack of vision, strategy from the top for security implementation l Growing Technology Implementation in Banking which makes way for new breed of Cyber Security Risks l Proliferation of new banking business models driven based on Fintech, Blockchain, Regtech, WealthTech, InsureTech kind of new technologies l ICT Supply Chain Infiltration Attacks l Regulatory challenges faced by Banking & Financial Services Sector l Continually evolving threat landscape of Banking & Financial Services Sector l Lack of Security Awareness among staff
WHAT ARE THE KEY SKILLS REQUIRED FOR AN IDEAL CHIEF SECURITY OFFICER IN THIS AGE OF DIGITAL TRANSFORMATION? I consider the following as list of critical skills that need to be possessed by a CISO: l Strategy Planning l Project & Program Management l Budgeting/Investments/Cost Management l Business Relationships Management l Change Management l Audit & Assurance l Technology & Innovation Management l IT GRC (Governance, Risk and Compliance) l Security Architecture l Incident Management l Oral & Written communication skills l Influencing skills l Team Management skills l People Management skills l Negotiation Skills l Collaboration skills
ACCORDING TO YOU, HOW DOES DIGITAL TRANSFORMATION AFFECT THE SECURITY POSTURE OF ANY BUSINESS? Banking & Financial Sector firms that embrace digital transformation and implement new technologies such as FinTech face variety of cyber security risks from integration issues such as compatibility and legacy technologies. Integration of FinTech with traditional banking systems may raise concerns regarding data privacy. Fintech enterprises collect large volumes of customer data, including sensitive personal information, making them ripe targets for hackers.
l
24
A U G U ST 2019
When banks establish formal relationships with FinTech service providers to leverage their services, banks take on third-party security risk such as data leakage, service failures, litigation and reputational damage. Financial data such as payment card information and user credentials are vulnerable to data-leakage attacks when banks venture into FinTech partnerships with third-party FinTech firms. Automated systems that interface with FinTech service providers are particularly vulnerable to sensitive financial data leaks. l Financial data such as payment card information and user credentials are vulnerable to dataleakage attacks when banks venture into FinTech partnerships with third-party FinTech firms. Automated systems that interface with FinTech service providers are particularly vulnerable to sensitive financial data leaks. l Fintech implementation is driven by various banking systems that need to access financial profiles of banking customers to perform real-time transactions. Applications are always preferable attack vectors due to the vulnerabilities that are hidden in their design and code. l Mobile devices play a predominant role in FinTech banking services. If mobile devices without strong encryption algorithms are used for FinTech services, integrity issues regarding the financial data that are communicated over the cluster of FinTech interfaces may result in cyber risks. l
AT PRESENT, WHAT ARE YOUR EXPECTATIONS FROM CYBERSECURITY SOLUTION VENDORS, CHANNEL PARTNERS, AND CONSULTANTS? Cyber security solution vendors, channel partners, and consultants should maintain formally approved information security policies and procedures for the administration of information security throughout their organizations. l Security requirements should be included into contracts and other formal agreements signed by cyber security solution vendors, channel partners, and consultants. l Liabilities of cyber security solution vendors, channel partners, and consultants for cyber incidents need to codified into contracts and other formal agreements and signed by them. l Cyber security solution vendors, channel partners, and consultants must have their roles and responsibilities defined in a manner that allows for segregation of duties and least privileges allocation in for accessing client data. l
Cyber security solution vendors, channel partners, and consultants should ensure encrypting of data shared with them by clients, monitoring of their network and testing of business continuity plans. l Cyber security solution vendors, channel partners, and consultants must have periodic security awareness programs conducted for all their staff. l Clients should have right to Audit the facilities, networks, environments or systems owned by cyber security solution vendors, channel partners, and consultants in need basis upon reasonable advanced notice. l The solution vendors, channel partners, and consultants should have adequate amount of transparency on the security posture of their respective organizations with their clients to build a mutually trust filled long lasting relationships. l
WHAT ADVICE OR FEEDBACK RECOMMENDATION WOULD YOU GIVE TO CYBERSECURITY SOLUTION VENDORS, PARTNER, AND CONSULTANTS? Solution vendors should work proactively on identifying and mitigating the broad spectrum of ICT supply chain risks targeting the products and services they supply to various clients. l The Secured Software Development is a foundational element for reducing the risk in the development of products, and for protecting it against the introduction of product vulnerabilities, whether malicious or inadvertent. l Solution vendors need to implement Software integrity policies, procedures and technology to preserve the integrity of its products, including checking for malware and other code driven defects. l Cyber security solution vendors, partner, and consultants should have restrictions on subcontracting done by them. l Cyber security solution vendors, partner, and consultants must immediately report any security or other events they will come across while handling client data, network and facilities owned by clients. l To protect customers from the risks of counterfeit software, which could contain vulnerabilities, solution vendors should identify counterfeit versions of its software, work to maintain the integrity of its distribution models, and work closely with law enforcement agencies around the globe to help reduce the piracy issues related to their products. ĂŤ l
Swing
Local
-
Connect
Global
2019-20 AUSTRALIA AZERBAIJAN BAHRAIN BOTSWANA CANADA CHINA EGYPT FRANCE GERMANY GHANA
INDIA INDONESIA IRELAND ITALY KAZAKHSTAN KENYA MADAGASCAR MALAYSIA MAURITIUS NEW ZEALAND
40
PARTICIPATING COUNTRIES
NEPAL NIGERIA OMAN PAKISTAN PORTUGAL RWANDA RUSSIA SAUDI ARABIA SCOTLAND SINGAPORE
SRI LANKA SPAIN SOUTH AFRICA SWITZERLAND THAILAND TURKEY UAE UNITED KINGDOM US ZIMBABWE
60 QUALIFYING ROUNDS
4500 C-LEVEL EXECUTIVES
FOR MORE VISIT: www.gecopen.com CONTACT: ronak@gecmediagroup.com, vineet@gecmediagroup.com, bharat@gecmediagroup.com
DEEP DIVE
HOW DOCUMENT MANAGEMENT CAN SPELL SECURITY FOR YOUR CUSTOMERS How many times have we heard the phrase, “Ignorance is bliss?” When it comes to protecting the business documents, the data contained in them – most SMBs have long had the luxury of believing that hackers only targeted large corporation. Unfortunately, nothing could be further from the truth.
AUTHOR
CONTROL
JOHN REILLY, VICE PRESIDENT VELOCITY CHANNEL GROUP, XEROX
By enabling access controls through secure printing, you can give your customers the peace of mind that comes from knowing only authorized users can access their MFP. Also known as PIN and pull printing, print jobs can be saved electronically on the device, or on an external server, until the authorized user is ready to print them. Customers can decide whether to employ PIN code authentication, or another method, such as a swipe card, proximity card or fingerprint. This not only prevents unauthorized access; it also protects data security and reduces printing costs by ensuring that unclaimed documents aren’t left lying in the printer tray.
Ponemon’s 2017 State of Cybersecurity in Small and Mid-Sized Businesses showed that a staggering 61% of companies surveyed had faced a cyber-attack in the past 12 months, with 54% of these companies suffered a data breach involving employee and/or customer information. According to Small Business Computing, 58% of those data breaches occurred at small businesses. Although the majority of SMBs still rely on paper-based processes for at least some of their core business activities, most are focused on safeguarding their PCs, laptops and servers from threats, leaving their print environment unsecured.
WHY DOCUMENT MANAGEMENT SPELLS DOCUMENT SECURITY Today’s multifunction printers (MFPs) have undergone a significant transformation, with devices going beyond print, fax and scan to be true workplace assistants, bringing new levels of convenience and productivity to the modern office. But like any piece of the office landscape, they require their own security considerations. These MFPs are intelligent networked devices that require their own layer of protection from unauthorized access, and that’s just for starters. Most business owners and managers never consider things like the risk of confidential or sensitive material being left uncollected in output trays Document management services (DMS) from a knowledgeable, qualified channel partner can help mitigate these risks and help customers
26
A U G U ST 2019
work better with fast, cost-effective print security measures and solutions that are easy to manage.
ASSESS Whether you’re dealing with larger SMB customers who host a diverse printer fleet, or a smaller customer who may have the wrong number or wrong type of devices, the first step should always be an assessment. A thorough assessment determines the type and number of devices, and what security measures are already in place. This can evaluate all points of vulnerability and help you build a comprehensive security plan that covers everything from information point of entry to user access and even how the device will be disposed of at the end of its life. It’s also a great way to help customers consolidate, upgrade, and improve their paper processes, while also cutting cost.
PROTECT Part of a good DMS assessment is to ensure that your customer’s MFPs do not provide open access to the network. Your assessment will make certain that all ports are closed, and that automatic firmware and software updates are in place to ensure that each device has the latest and best possible security protection.
SECURE MFP devices often use SSL (secure socket layer) processes to make it safe for sensitive documents to be printed over their network.
MONITOR AND AUDIT With so much focus on protecting the device, it is easy to overlook an essential part of the conversation: ongoing device monitoring. Continuous device monitoring should be a part of every customer’s workflow strategy. Print environments are a complex mix of products and technology that becomes even more complex when users enter the mix. A centralized print management tools can monitor and track all MFP related usage with the tracking and management easily outsourced to you, their MPS provider. With security attacks becoming both increasingly sophisticated and likely to target SMBs, the time for action is now. By leveraging the expertise of a knowledgeable MPS provider, SMBs can rest easy knowing their data is protected at the same level and with the same expertise large corporations employ. ë
UPTO
10TB CAPACITY
SUPPORTS UPTO
64
CAMERAS
247
OPERATION
READY FOR
NVR, DVR HYBRID DVR & RAID STORAGE
180 TB/YEAR WORKLOAD
UPTO
256MB BUFFER SIZE
ROTATION VIBRATION
RV SENSOR
TOP OF MIND
WIDENING THE HORIZONS For Tarek Kuzbari, Bitdefender’s newly appointed regional director for the Middle East, innovation in security has always been of interest. This interest took him to Bitdefender, a company Tarek has been observing closely for the last few years. Onboard, Tarek has already chalked out his ambitions and geared up for some major enterprise customer wins.
IT complexities are increasing and so are the number of sophisticated attacks with billions of connected devices talking to each other. Moreover, borderless enterprises have widened the attack surface and CISOs are left to wonder how the gap can be filled. This has ignited the need for a more comprehensive and defense-driven cybersecurity strategy in the modern enterprise. While others see this as a challenge, Tarek Kuzbari sees this as an opportunity. Bitdefender’s leadership are wishful of higher growth trajectories as they see an upward demand for their NTA solutions owing to a large number of attacks. Tarek says that he has joined at a very exciting phase as the company is strategizing
strongly to expand its enterprise business in the region by capitalizing on the growing market for network traffic analytics (NTA) solutions.
TRIED AND TRUSTED “I have been closely observing the growth and innovative solutions of Bitdefender for the past few years and I was quite impressed with the portfolio that the company brought forth,” says Tarek. “Several high-end enterprises and leading government organizations have invested their faith in our solutions. Bitdefender’s GravityZone has been one of the most trusted solutions for enterprise security and now the integration of NTA into that platform is further strengthening
3
our portfolio and adding value to our offerings. Not many vendors offer this capability today. Our layered approach to security not only detects and investigates network or endpoint abnormalities but also reduces the time consumed in remediating the threat.” Tarek says that Bitdefender’s technology is tried and trusted by over 150 technology vendors worldwide, including Cisco, FireEye, Fidelis, etc. “These vendors not only trust our technology but also offer it to their clients. This is further testified by that fact that Bitdefender is the only company to have been ranked by AV-Comparatives for eight times in a row for its consistent performance.”
KEY CHALLENGES FACED BY ORGANIZATIONS
n
LACK OF PROPER
SECURITY FOR SMART DEVICES, IOTS AND OTS n
QUALITY OF
PROTECTION AND EASE OF USE OF ENDPOINT DEVICES THAT DOESN’T CONSUME MUCH RESOURCES n
AWARENESS AND
EDUCATION
28
A U G U ST 2019
TOP OF MIND
consumer product. It is only when we go to meet the client and showcase them our offering that they realize that Bitdefender is an enterprise-grade brand with a bunch of comprehensive enterprise security offerings other than endpoint security. I firmly believe that the addition of NTSA to an already strong portfolio of EPP, EDR and threat intelligence solutions, gives Bitdefender a vital competitive advantage and an opportunity to address a gap in the regional market by meeting the growing demand from enterprises for more holistic, AI-driven cybersecurity solutions. Bitdefender is on a strong growth trajectory here in the Middle East and I look forward to leading the regional team on this journey.”
TAREK KUZBARI,
REGIONAL DIRECTOR ME AT BITDEFENDER
PRODUCT ENHANCEMENT
ON TAREK’S TOP PRIORITY LIST BRAND AWARENESS
The company’s expansive portfolio, that includes endpoint security, cyber threat intelligence, sandboxing, NTA solutions, etc, is offering a unique value proposition to the customers in the
Talking about the major security breaches that are happening across the region, Tarek says that if the security team of an organization does not take necessary measures, no product or solution is useful. “If there is no accurate monitoring, follow-up and patching of any visible intrude, any solution is useless. At Bitdefender, we have designed our products in two levels to fit the customer needs. A large enterprise customer who is looking for some specific capabilities or features has the option to buy our product a-la-carte where he can customize the solution as per his infrastructure. On the other hand, we have specific solutions for the SMBs that is easy to install and maintain. The whole philosophy of Cybersecurity has changed over the last few years. Earlier organizations used to buy the technology, install it and if they see that there is no intrusion, everything is good. But today the philosophies have changed to ‘Assumption of Breach’. The network managers or engineers work with this assumption that there is somebody already there in the network and they need the right tools to monitor that. This is where we started to see a new dawn in endpoint security which we call the EDR or endpoint detection and response.”
GO-TO-MARKET
GROW, SUPPORT AND DEVELOP THE CHANNEL THE BRAND AND THE VALUE PROPOSITION
THE CHANGING PHILOSOPHY
region. Taking this brand image to the enterprise customers in the Middle East region is one of the topmost priorities of Tarek onboard Bitdefender. “Some consider it as a challenge, but I consider it as an opportunity. In the Middle East, seldom people associate and consider Bitdefender as a
Assuming responsibility for Bitdefender’s operations in the region, Tarek will focus on growing Bitdefender’s enterprise sales, particularly in the government, finance, telco, manufacturing, and healthcare sectors. With a 100% channel-driven go-to-market strategy in the Middle East, Tarek will also focus on expanding Bitdefender’s channel ecosystem and will work closely with the channel team to rollout several enhancements specifically around enablement, deal protection, and margin growth—to the partner program, over the next 12-18 months. ë
A U G U ST 2 019
29
GECSS 2019
As the sophistication of cyber-attacks continue to increase, the challenge of keeping the enterprises protected while ensuring the business requirements are met is an extremely difficult task. The GEC Security Symposium 2019, presented by Cyber Sentinels, will explore the true meaning of what end-to-end security means in a digital enterprise. The symposium is an excellent platform for collaboration between those working in the IT security industry and those who provide the latest solutions and services in this sector. The event will take place in Dubai,UAE on 4th September and at Riyadh, KSA on 11th September.at The Address Boulevard and Movenpick Hotek respectively. The event will bring in thought provoking presentations by the industry security leaders from GCC, panel discussions and latest security insights.
GUEST OF HONOR UAE
BRIGADIER JAMAL AL JALLAF, DIRECTOR OF CRIMINAL INVESTIGATION DEPARTMENT, DUBAI POLICE
30
GUEST OF HONOR KSA
SPEAKERS AND PANELISTS
ABDULAZIZ AL ORAIJ,
KAIS BARAKAT,
ERDAL OZKAYA,
FOSS DIRECTOR, MINISTRY OF COMMUNICATION AND INFORMATION TECHNOLOGY - KSA
HEAD OF INFORMATION SECURITY, SAUDI ARAMCO (SAUDI)
HEAD OF INFORMATION AND CYBER SECURITY, STANDARD CHARTERED BANK
A U G U ST 2019
GECSS 2019
2018 STATISTICS
ATTENDEE DEMOGRAPHICS
CISOS
55
KSA
45
INFORMATION SECURITY MANAGERS
UAE
35
110
CIOS
70
OMAN
20
KUWAIT
IT MANAGERS
42
15
BAHRAIN
SOLUTION PROVIDERS
20
08
MOHAMMED SHAKEEL AHMED, CISO, ABU DHABI AVIATION
SAURABH VERMA,
ANAS HAJ KASEM,
ADAM EL ADAMA,
HEAD – DIGITAL TRANSFORMATION & ICT, FROST & SULLIVAN MEA REGION
SR. CONSULTANT ICT AND DIGITAL TRANSFORMATION, FROST & SULLIVAN MIDDLE EAST AND AFRICA
CISO, ADNOC SOUR GAS
A U G U ST 2 019
31
VENDOR TALKS
CYBERCRIME SEEN TO BE GETTING WORSE: THE TIME TO ACT IS NOW What mounting public concern about falling victim to cybercrime says about government and corporate efforts at cybercrime deterrence.
Is the risk of becoming a victim of cybercrime increasing? Most people in North America and Europe think it is, based on the surveys that I’ve been looking at. Earlier this year the European Union published the results of its latest consumer survey on internet security in which 87% of internet users agreed that the risk of becoming a victim of cybercrime is increasing.
FACTS AND FIGURES ESET recorded similar concern in a North American survey that asked the same question in roughly the same timeframe. In the US, 87% of respondents agreed that the risk of becoming a victim of cybercrime was increasing. Canadian respondents were slightly less pessimistic at 83% (sample sizes: 2,500 and 1,000 respectively.) These findings have to be worrying news for companies whose business models rely on public trust in the internet. They should also concern politicians and the government, including law enforcement agencies. The survey findings strongly suggest that government efforts at cybercrime deterrence have not given the public much cause for hope. Clearly, fear of crimes like identity theft and misgivings about data privacy loom large in many countries and some people are reducing or adjusting their use of online technology as a result. The following graph charts responses to the question: Has concern about security issues made you change the way you use the Internet in any of the following ways? (The EU data are from EBS480 fieldwork in October and November, 2018. US and Canada data are from ESET’s fieldwork in July and August, 2018.) The number of people who are self-limiting their exploration of the internet has to be bad news for companies trying to start businesses online; and while the percentage of people limiting their online shopping and banking is a lot lower, it should still concern the retail and financial services sectors. When ESET asked Americans about a variety of concerns related to online banking and shopping, 70% of those surveyed indicated that they
32
A U G U ST 2019
STEPHEN COBB,
SENIOR SECURITY RESEARCHER, ESET
are worried about the misuse of personal data supplied online. The EU study found a lower level of concern (43%), but this varied widely within the EU – from 32% in Austria and Poland to 50% in Croatia and 62% in Cyprus. As you can see, roughly two thirds of respondents (66%) in North America expressed concern about the security of online payments. Again, this could be interpreted as a call to online merchants to step up their security efforts and demonstrate that they take the security of online transactions seriously. To help assess privacy concerns related to use of the internet, the EU and ESET surveys asked respondents if they agreed or disagreed with this statement: I am concerned that my online personal information is not kept secure by websites. Sadly, one third of US respondents said that they totally agreed, compared to one in four Canadians. The percentage that agreed totally or tended to agree was 80% in the US, 72% in Canada, and 77% in the EU. That EU result is up from 70% in 2013, which is not a good sign. The survey also asked people if they agreed with this statement: I am concerned that my online personal information is not kept secure by public authorities. Unfortunately, more than three quarters of US respondents (76%) either tended to agree or totally agreed, versus two
VENDOR TALKS
self-driving vehicles, and 5G.
WHAT CAN WE SAY?
thirds in Canada. In the EU, 68% of internet users share this concern, up from 64% in 2013. Given the extent to which companies and government agencies have come to rely on the internet as a tool for communication and interaction with the public, these numbers should be
worrying. If the public doubts the ability of organizations to protect personal data from exposure, those organizations may find it much harder than expected to realize net gains from further digital transformation, such as the Internet of Things, machine learning, artificial intelligent, big data,
Cybersecurity is concerned with the protection of digital technologies – technologies upon which our world is now heavily dependent – against criminals and other entities who seek to abuse those technologies for their own selfish ends. Public support for efforts to reduce cybercrime is critical to society’s efforts to preserve the benefits of digital technologies. That is why it is so important to know what the public thinks about cybercrime and cybersecurity, the safety of online activities, and the privacy of personal data shared with companies or government agencies. So why don’t the governments of the world do a better job of researching these things? My take is that the cost of such research strikes many politicians as too high, but that strikes me as extremely short-sighted, given what is at stake, and how much surveys like those reviewed here can teach us. Consider the lost opportunities for retailers and financial firms that were revealed: by digging deeper into the demographics of this distrust, a savvy company could craft targeted marketing to improve engagement with customers who are nervous about online activity because of cybercrime. Maybe industry lobbyists should be pushing for more of these studies given that they reveal valuable business intelligence. For example, the current numbers suggest that marketing strategies which rely on people giving up data online may be facing stronger headwind if cybersecurity does not improve. Conversely, these statistics might prove useful to Chief Information Security Officers (CISOs) and Chief Privacy Officers (CPOs) as they argue the case for greater emphasis on cybersecurity within their organizations. Clearly, these surveys show that more needs to be done to deter cybercrime. Given the extent – revealed by these surveys – that cybercrime is impeding progress and threatening the promised benefits of the next wave of digital transformation, concerted action by government agencies and corporate entities to improve this situation would seem to be seriously overdue. The findings of the EU and ESET surveys strongly suggest that – unless cybersecurity initiatives and cybercrime deterrence are made a top priority of government agencies and corporations – the rate at which systems and data are abused will continue to rise, further undermining the public’s trust in technology, trust that is vital to the economic wellbeing of our planet, now and in the future. ë
A U G U ST 2 019
33
VENDOR TALKS
“I’VE LOOKED AT CLOUDS FROM BOTH SIDES NOW”: REFLECTIONS ON VISIBILITY, CONTEXT & CONTROL IN CLOUD SECURITY”
Noa Katz, Product Marketing Manager, Cloud Security for Check Point shares views on cloud security.
In her timeless song and feathery voice, Joni Mitchell sings about hope versus reality, a duality which makes sense given reports she had written the song while on a plane. A plane ride embodies duality at its best: ephemeral existence between real and ethereal, ground and firmament, timely and endless. Some of us may feel a need for control despite being
34
A U G U ST 2019
utterly helpless. Perhaps that’s how Joni felt, looking at clouds from her window seat, and perhaps some of you security practitioners can relate. Security concerns remain one of the primary barriers for organizations to deploy an application on a public cloud. That doesn’t mean public clouds are less secure than on-premises environments. They are secure!
It is because security professionals lack visibility, and context to effectively enforce security best practices in the cloud. All too often, developers have accidentally left open ports on a cloud service or forgotten to encrypt sensitive data. Further swerving security teams out of control is the ephemeral nature of assets in modern cloud environments. While on-premises infrastructure
VENDOR TALKS
and applications are relatively static and rarely changed, cloud deployments are all about flexibility and agility: objects come and go by design, sometimes deliberately failed, to test resiliency. Virtually nothing is static in the cloud. Because applications change daily / hourly, it’s hard to model a change to reflect anomalous behavior. More so, the process of change is highly automated, which means that it isn’t viable to insert human-driven control points in the development process. As a way of addressing these challenges, some security practitioners refer to native cloud tools or SIEM solutions and analytics tools to gain visibility and control. But SIEM solutions were created for static environments and therefore provide little visibility into ephemeral assets and nearly no context at all. The result is a host of unintelligible activity logs and limited capacity to shed light on malicious cloud activity. So if a woman of Mitchell’s stature can feel so baffled by clouds, so will you. On June 11th, Check Point announced the launch of CloudGuard Log.ic. CloudGuard Log.ic is a cloud-native threat protection and security analytics solution for the public cloud. The latest addition to the CloudGuard family, it enriches cloud logs with context, transforms them into readable security logic, and enables security teams to take cloud security to the next level. If you are running your business on public cloud services, you’re probably all too familiar with the following security operational challenges: l Limited monitoring and logging tools l Time wasted, searching through vast amounts of log data l Ongoing, or inconclusive incident reports These challenges result in frustration and inefficiencies in managing and protecting your business.
CloudGuard Log.ic reduces those inefficiencies significantly. Making use of native APIs, available log data, robust logs enrichment engine, and Check Point’s Threat Cloud for rich intelligence feeds, CloudGuard Log.ic intelligently detects anomalous events, and alerts and quarantines public cloud threats. Its insights-infused visualization, intuitive querying method, and integration with 3rd party SIEM solutions, will help you cut down on operation cost and significantly accelerate security incident investigations. In addition, CloudGuard Log.ic is the only platform that attributes network traffic to cloud-native ephemeral services such as AWS Lambda as well as other cloud-native platform components (RDS, Redshift, ELB, ALB, ECS). Utilizing its rich, context-aware visualization and exploration tool, it provides you with a complete view and understanding of your cloud infrastructure across time. A step back to Mitchell’s perspective: Stating “Both Sides, Now” when looking at clouds expresses the benefit of seeing both sides of the coin. Mitchell’s outlook on life while plane-writing her song was not just dual, it was complete. Her travel experience allowed CONTEXT. And context-giving for picture-completeness is what CloudGuard Log.ic does. From a narrow focused view into every IaaS and PaaS asset, the relationships they carry between them and the threat intelligence sources they should correlate with, to a broad high level view into the entire public cloud infrastructure; CloudGuard Log.ic enables organizations to fully see and understand cloud security postures. Thus, they can better rely on DevOps to implement security controls, and give security teams the tool they need to verify those are properly working. Furthermore, security teams can respond and mitigate threats faster, as well as easily launch forensics. ë
A U G U ST 2 019
35
VENDOR TALKS
UNOFFICIAL TELEGRAM APP SECRETLY LOADS INFINITE MALICIOUS SITES The MobonoGram 2019 app was downloaded more than 100,000 times before it was removed from Google Play.
Symantec recently found a malicious app named MobonoGram 2019 (detected as Android.Fakeyouwon) advertising itself as an unofficial version of the Telegram messaging app and claiming to provide even more features than both the official and other unofficial versions in the market. While the app does provide basic messaging functionality, they found it was also secretly running a
36
A U G U ST 2019
few services on the device without the user’s consent, as well as loading and browsing an endless stream of malicious websites in the background. The app was available to mobile users even in regions that have banned Telegram, such as Iran and Russia, and was also downloadable by U.S. users. It allowed users to toggle between English or the Persian language
(Farsi). The app seemed to have used the opensource code of the legitimate Telegram app. Its developers appeared to have injected their malicious code into the app before publishing it on the Play store. The app was available on Google Play for a time and downloaded more than 100,000 times before it was removed from the store. The developer, RamKal Developers, is believed
VENDOR TALKS
when an app is being installed, or when any app is being updated. When the broadcast receiver class receives the said events, the AddService class will be summoned, then initiates a few other services, namely AndroidAF, AndroidAL, AndroidPA, AndroidPC, AndroidSH—all without the user’s knowledge. To ensure the service would run persistently, the developer added two methods in the AddService class: Firstly, to start the service as a foreground service in AddService class. According to Android, a foreground service is rarely killed, even when memory is low. Secondly, in the event that the service is killed, the malware sets an alarm that initializes the AddService class to reboot itself 7,200,000 milliseconds, or two hours, after it was destroyed. With such tactics, the malware will be able to execute itself indefinitely. With the services up and running, it starts to access a few designated servers, which will respond with JSON-formatted content consisting of three main parts: a URL (denoted as Link in the response), a user agent (denoted as Agent in the response), and three JavaScript codes (denoted as S1, S2, S3 in the response).
INFINITE REQUESTS
to have published at least five updates for the app on the Play store before it was taken down.
PERSISTENCE MECHANISM From the malware’s manifest file, Symantec spotted a class named Autostart which implements a broadcast receiver. This receiver responds to three events on the device: whenever it is booted up,
With the given URL, the malware tries to access and load the page. A fraudulent user agent is also added to the URL’s request header to disguise the source of the request. From Symantec’s research, they believe that the user agent generated is at least semi-random, since no two same user agents are generated from querying the same server. They found that the URL changes based on the geographical location of the device’s IP address. For example, when Symantec used an IP address originating from the U.S., a fraud website similar to Fakeyouwon was returned. When they used an IP address from Singapore, the server responded with a Fakeyouwon, pornography, or gaming website. “We cannot say how many different URLs can be returned by the server—for all we know, what we’ve seen was only a drop in the bucket,” said a Symantec Researcher. “We have also seen the URL making a request to itself, causing an infinite loop of requests to the website. Such activity not only exhausts the device’s battery, but also leads to an unpleasant user experience and may even cause the device to crash,” the researcher added.
THREE JAVASCRIPT CODES Looking at the three JavaScript codes, Symantec initially believed that the app was originally
designed to simulate clicking behind the scenes in order to generate ad revenues and increase web traffic (click fraud). However, the clicking events were not seen in action, even though all JavaScript codes were indeed loaded. Nonetheless, they cannot entirely dismiss the possibility of the malware being used for click fraud or some other malicious end. From the source code, Symantec could see that the contents of the JavaScript were indeed executed in the code, and they were entirely controlled by the server, which implies that the content can be easily changed as and when desired. Upon obtaining the server’s response, the code will first load the “Link” URL, followed by loading the “S1” JavaScript after 1,000 milliseconds (1 second), then the “S2” script after 15,000 milliseconds (15 seconds), and finally the “S3” script after 35,000 milliseconds (35 seconds).
DIFFERENT APPS, SAME BEHAVIOR During the research, Symantec also came across another social messaging app named Whatsgram on the Play store. Not only does this app exhibit similar malicious behavior described in this blog, it was also published by the same developer (RamKal Developers). On many third-party Android app stores, they found four other apps that were published by a developer known as PhoenixAppsIR. These apps also contain similar malicious code that accesses malicious and/or phishing websites using the victim device unbeknownst to the user. Symantec believes that either these two developers belong to one and the same organization, or the code was being copied from one to the other.
PREVALENCE From January through May 2019, Symantec detected and blocked 1,235 infections related to the Android.Fakeyouwon malware family, with the highest number of infections located in the U.S., Iran, India, and the UAE. Meanwhile, the highest number of devices infected by the particular Fakeyouwon variant described in this blog since January 2019 were located in Iran, the U.S., UAE, and Germany.
MITIGATION Such code structure is usually hard to spot via static code analysis, making it extremely easy for the attacker to sneak its way into Google Play. Additionally, these attacks can become really nasty quickly as it can load and execute any dynamic malicious contents that are sent by the server. ë
A U G U ST 2 019
37
TOP OF MIND
IT MANAGERS STRUGGLING TO KEEP UP WITH GROWING CYBER ATTACKS: SURVEY
Sophos unveiled the findings of its global survey, The Impossible Puzzle of Cybersecurity, which reveals IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up to date technology. The survey polled 3,100 IT decision makers from mid-sized businesses in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India, and South Africa.
MULTIPLE ATTACK METHODS The Sophos survey shows how attack techniques are varied and often multi-staged, increasing the difficulty to defend networks. One in five IT managers surveyed didn’t know how they were breached, and the diversity of attack methods means no one defensive strategy is a silver bullet. “Cybercriminals are evolving their attack methods and often use multiple payloads to maximize profits. Software exploits were the initial point of entry in 23 percent of incidents, but they were also used in some fashion in 35 percent of all attacks, demonstrating how exploits are used at multiple stages of the attack chain,” said Chester Wisniewski, principal research scientist, Sophos. “Organizations that are only patching externally facing high-risk servers are left vulnerable internally and cybercriminals are taking advantage of this and other security lapses.”
SUPPLY CHAIN COMPROMISES Based on the responses, it’s not surprising that 75 percent of IT managers consider software exploits, unpatched vulnerabilities and/or zeroday threats as a top security risk. Fifty percent consider phishing a top security risk. Alarmingly, only 16 percent of IT managers consider supply chain a top security risk, exposing an additional weak spot that cybercriminals will likely add to
38
A U G U ST 2019
CHESTER WISNIEWSKI, PRINCIPAL RESEARCH SCIENTIST, SOPHOS
to detect, investigate and respond to security incidents. Recruiting talent is also an issue, with 79 percent saying that recruiting people with the cybersecurity skills they need is challenge. “Staying on top of where threats are coming from takes dedicated expertise, but IT managers often have a hard time finding the right talent or don’t have a proper security system in place that allows them to respond quickly and efficiently to attacks,” said Wisniewski. “If organizations can adopt a security system with products that work together to share intelligence and automatically react to threats, then IT security teams can avoid the trap of perpetually catching up after yesterday’s attack and better defend against what’s going to happen tomorrow. Having a security ‘system’ in place helps alleviate the security skills gap IT managers are facing. It’s much more time and cost effective for businesses to grow their security maturity with simple to use tools that coordinate with each other across an entire estate.”
SYNCHRONIZED SECURITY their repertoire of attack vectors. “Supply chain attacks are also an effective way for cybercriminals to carry out automated, active attacks, where they select a victim from a larger pool of prospects and then actively hack into that specific organization using hand-tokeyboard techniques and lateral movements to evade detection and reach their destination,” said Wisniewski.
LACK OF SECURITY EXPERTISE, BUDGET AND UP TO DATE TECHNOLOGY According to the survey, IT managers reported that 26 percent of their team’s time is spent managing security, on average. Yet, 86 percent agree security expertise could be improved and 80 percent want a stronger team in place
With cyberthreats coming from supply chain attacks, phishing emails, software exploits, vulnerabilities, insecure wireless networks, and much more, businesses need a security solution that helps them eliminate gaps and better identify previously unseen threats. Sophos Synchronized Security, a single integrated system, provides this much needed visibility to threats by integrating Sophos endpoint, network, mobile, Wi-Fi, and encryption products to share information in real-time and automatically respond to incidents. More information about Synchronized Security is available at Sophos.com. The Impossible Puzzle of Cybersecurity survey was conducted by Vanson Bourne, an independent specialist in market research, in December 2018 and January 2019. All respondents were from organizations with between 100 and 5,000 employees. ë
SEPTEMBER-DECEMBER, 2019
3
CONTINENTS
14
COUNTRIES
3000+
C-LEVEL EXECUTIVES
B R O U G H T BY
W W W. G LO BA LC I O FO R U M . C O M
#REVOLVESENTINELS PRESENTS
04 SEPTEMBER 2019
DUBAI, UNITED ARAB EMIRATES
11 SEPTEMBER 2019
KSA, RIYADH, KINGDOM OF SAUDI ARABIA
ARE YOUR CYBER SENTINELS ARMED? BROUGHT BY
OFFICIAL MEDIA PARTNER
FOR MORE VISIT: gecmediagroup.com CONTACT: arun@gecmediagroup.com, anushree@gecmediagroup.com, divsha@gecmediagroup.com, ronak@gecmediagroup.com, FOLLOW US:
www.youtube.com/channel/UCbR-mbzVb6RThghxHg_HxRg