SPECIAL SUPPLEMENT BY V O L U M E 0 2 | I S S U E 0 4 | J U N E 2 0 1 6 NETWORK PLANET´CONNECTED´SECURITYFORANETWORKSECURITY´CONNECTED´PLANETFORA With various emerging technologies like IoT and Big Data making their way to the enterprises heart, holistic security is the need of the hour.
Awarded 5-Star Rating in CRN’s 2016 Partner Program Guide For more information visit www.bitdefender.com or write us at salesmea@bitdefender.com
As a responsive media house, our effort is to bring out the trends in this cyber security market so that the CXOs and the ecosystem partners could create their own strategy. In this edition, we have brought out special stories and features based on expert opinions to prove our point that malware, spamming, phishing, cyber espionage, DDOS attacks, infiltrations, etc. are real in this connected world and will keep on growing. So to stay safe organizations need to adopt best practices along with the best of the breed technologies.
WELCOME TO THE 2ND EDITION of Cyber Sentinels. The menace of cyber threat is far from being slowed down over the years rather it is scaling up every year. The motive is absolutely clear. The perpetrators want to either inflict financial injury or reputation injury on the organizations so that they earn hefty bounty from their handlers.
The biggest challenge for the organizations is that they do not know where the threat is coming from and in which form. So it is better now to fortify the defense system and create antidote for such perpetration. The common form of defense of the organizations is investing in IAM, Encryption, DLP, Risk and Compliance Management, IDS/IPS, UTM, Firewall, Antivirus/Antimalware, SIEM, Disaster Recovery, DDOS Mitigation, Web Filtering, and Security Service. On top of it the organizations should lay out straight forward security policies and manage those policies religiously. If there is aberration in system, that should be dealt with high hands, if possible with the help of the enforcement authorities so that the governmental action can be imposed upon for stymieing the advancement.Today,itisestimated that the security market can easily touch $170.21 Billion by 2020 at a Compound Annual Growth Rate (CAGR) of 9.8%, which is a great number though but, in the MEA the spend is around $9.56 billion in 2019 with the estimated Compound Annual Growth Rate (CAGR) of 13.07%% till 2019. So the growth percentage of this region is much higher than the rest of the world.
ë EDITORIAL TO STAY SAFE KEEP ADOPTING PRACTICESBEST PUBLISHER: SANJIB MOHAPATRA MANAGING DIRECTOR: TUSHAR SAH00 EDITOR: SANJAY sanjay@accentinfomedia.comMOHAPATRA M: +971 555 119 432 ASSISTANT EDITOR: ANUSHREE RONAKSALESINFO@ACCENTINFOMEDIA.COMSUBSCRIPTIONSDESIGNER:LEADVISUALIZER:REPORTER:anushree@accentinfomedia.comDIXITSONALLUNAWATsonal@accentinfomedia.comMANASRANJANVISUALIZER:DPRCHOUDHARYAJAYARYAANDADVERTISINGSAMANTARAYronak@accentinfomedia.com M: + 971 555 120 490 SHAMALshamal@accentinfomedia.comSHETTY M: + 971 557 300 132 KHYATIkhyati.mistry@accentinfomedia.comMISTRY M: + 971 556 557 191 VASS RICHAPRODUCTIONYASOBANTCOMMUNICATIONSOCIALvass.accentinfomedia@consultant.comMAFILASMARKETING&DIGITALMISHRAyasobant@accentinfomedia.com&CIRCULATIONSAMANTARAY + 971 529 943 982 PUBLISHED BY ACCENT INFOMEDIA MEA FZ-LLC PO BOX : 500653, DUBAI, UAE 223, BUILDING 9, DUBAI MEDIA CITY, DUBAI, UAE PHONE : +971 (0) 4368 8523 A PUBLICATION LICENSED BY INTERNATIONAL MEDIA PRODUCTION ZONE, DUBAI, @COPYRIGHTUAE 2013 ACCENT INFOMEDIA. ALL RIGHTS RESERVED. WHILE THE PUBLISHERS HAVE MADE EVERY EFFORT TO ENSURE THE ACCURACY OF ALL INFORMATION IN THIS MAGAZINE, THEY WILL NOT BE HELD RESPONSIBLE FOR ANY ERRORS THEREIN. PRINTED BY AL GHURAIR PRINTING & PUBLISHING LLC. MASAFI COMPOUND, SATWA, P.O.BOX: 5613, DUBAI, UAE INFO MEDIA SANJAY MOHAPATRA sanjay@accentinfomedia.com
04 JUNE 2016
The business has gone to that extent that there are today places which are known for hackers or cyber criminals. Transylvania is known to everyone in Bucharest, Romania, which is today identified as “Hackerville,” or “Cybercrime Central.” There might be many such places or clusters in the world which are nurturing the cyber criminals. So, we are up against an organized criminal syndication.
COVER STORY CONTENTS With various emerging technologies like IoT and Big Data making their way to the enterprises´heart, holistic security is the need of the hour. NETWORK SECURITY FOR A ´CONNECTED´ PLANET12 CORPORATE STORY PAVING WAY FOR A ´SECURE´ FUTURE 20 GUEST TALK NO EXCUSESMORE – TIME TO GET A GRIP ON YOUR SECURITYCLOUD 37 THREAT DECODED- POS ANDSECURITYEXPERTSINDUSTRYSHAREDOSDONTS 24 INTERVIEWRUNNINGTHROUGHTHEVEINS OF SECURITY 22 05JUNE 2016
IBM SECURITY
06 JUNE 2016
BT launched Cyber Roadmap Consulting, a new consultancy programme designed to give large organizations a better understand ing of their own cyber security risks and implement measures to mitigate these. By using the Cyber Roadmap Consulting methodol ogy, the BT consultants are in an ideal position to create a bespoke cyber-threat mitigation and defence plan for each customer, providing detailed step-by-step guidance to help them improve security throughout their organisation, covering people, processes and technology.GuusVan Es, BT’s GM for Security Consulting, said, “Our approach not only identifies gaps, it takes a broader view on how to help customers stay ahead of the threat curve. Based on our wealth of experience in protecting BT and our customers, it is an integral part of our security portfolio.”
Derek Melber, Technical Evan gelist for ManageEngine and Microsite Manager of Security Hardening for Active Directory and Windows Servers said, “However, the survey results also indicate that Windows environ ments are far from being secure, and improved overall visibility is essential.”Theresults clearly indicate that organizations need to take immediate action to secure their Windows environments. For efficient management of their Windows environments, IT admins could benefit from exploring available reporting solutions.
GUUS VAN ES, GENERAL MANAGER, BT
DEREK MELBER, TECHNICAL EVANGELIST MANAGEENGINEFOR
MARC MANAGER,
IBM WATSON TO TACKLE
VAN ZADELHOFF, GENERAL
STREETCHANNEL
CYBERCRIME
ManageEngine, revealed the results of the global ManageEn gine Active Directory and Win dows Server Security – Trends and Practices Survey, 2016. Among the critical findings is that 70 percent of IT administra tors across the globe say that their Windows environments are at risk of malicious attacks.
Guiding ThroughBusinessesTestingTimes
ATTACK ALERT FOR ENVIRONMENTSWINDOWS
IBM Security’s Watson for Cyber Security, a new cloudbased version of the company’s cognitive technology trained on the language of security as part of a year-long research project. To further scale the system, IBM plans to collaborate with eight universities to greatly expand the collection of security data IBM has trained the cognitive system with. Marc Van Zadelhoff, General Manager, IBM Security said, “By leveraging Watson’s ability to bring context to staggering amounts of unstructured data, impossible for people alone to process, we will bring new insights, recommendations, and knowledge to security professionals.”
Partners with entry-level projects that are interested in trying the new Security Center Compact edition can do so on a three-month trial basis.
ESET researchers analyzed a scam campaign on Facebook that spreads a malicious browser plugin via social engineering techniques. The attack starts by luring a Facebook user into playing a video, most often titled “My first video”, “My video” or “Private video”. After clicking on the link, the victim is directed to a fake YouTube website where, instead of downloading and playing the video, he/she is requested to install an additional extension. If the victim installs the malicious plug-in, his/ her browser becomes infected and carries the infiltration further: his/her Facebook wall becomes flooded with fake video posts tagging multiple friends from their friends list and subsequently, all online friends will receive an identical message via Messenger with the same harmful contents.
FACEBOOK FACES MALWARE SCARE
Globally 74% of all targeted attack attempts use email vectors, even as business emails are estimated to reach 139.4 billion per day by 2017. Trend Micro on average blocks 50 billion email spam-sending IP addresses.
HID Global has introduced a mobility initiative that includes solutions, services, investments and alliances that expand the capabilities of trusted IDs on mobile devices across a growing range of access control, authentication and Internet of Things (IoT) applications. A highlight of the initiative is the company’s latest mobil ity solutions unveiled at ISC West 2016, including the new HID goID platform for mobile IDs which makes it possible to carry a driver license and other citizen IDs on smartphones, and new enhancements to HID Mobile Access that now enable the use of smartwatches and tablets, in addition to smartphones, for secure access to buildings.
TREND MICRO’S BLOCKING ACT ANDREW ELVISH, VICE PRESIDENT, MARKETING & PRODUCT MANAGEMENT, GENETEC ‘SECURITY CENTER’ AT USERS’ EASE IHAB MOAWAD, VP MEDITERRANEAN, MID.
Genetec introduced its new subscription model in Middle East for its flagship unified security platform, Genetec Security Center. The company also unveiled Security Center Subscription, which intro duces a new, 25-camera, no-training version with flexible ownership and payment options. Both Security Center Subscrip tion and Compact allow customers to get access to Security Center on a ‘pay-as-you-go’ basis, removing the need for upfront capital expenditures (CapEx). “In the past few years, companies like Adobe, IBM, Oracle, Netflix and many other software companies have adopted flexible buying models with impressive success, offered as
RUSSIA & CIS AT TREND MICRO.STEFAN WIDING, PRESIDENT AND
HID GLOBAL.
“The HID Global mobility initiative dra matically elevates how users regard security by enabling them to confidently connect to and use more applications, on the go, than ever before, with a single, trusted ID that can be carried on a smart device,” said Stefan Widing, President and CEO of HID Global.
MAKING WAY FOR A TRUSTED & SECURE DIGITAL WORLD EAST, AFRICA, CEO OF
08 JUNE 2016
“Attackers disguise these emails to make it look like its coming from a legitimate source, a colleague, a new updated from the HR team or something work related. The attackers will have done their homework, so the target is not suspicious of the incoming email, a few clicks and the criminals have been successful in infiltration the system. Email is the most common form of business communication, and one of the easiest way for attackers to get into a company’s network,” com mented Ihab Moawad, VP Mediter ranean, Mid. East, Africa, Russia & CIS at Trend Micro.
CertifiedatmentProductVicesaidor-annuallationon-premisesor(XaaS)ogy-as-a-ServiceTechnolviathecloud,asatraditionalinstalwithmonthly-renewals,”AndrewElvish,PresidentofManageandMarketingGenetec.GenetecChannel
Copyright © Unify Software and Solutions GmbH & Co. KG 2016 Connect. Share. Give. Take. Solve. Save. Smile. Unify. Introducing Unify. Unifying business communications for the new way to work. unify.com 13481_Unify_Ad_Channel Arabic_275x240_v1.indd 1 25/01/2016 14:09
“In Kuwait, the Central Agency for Information Technology through the Kuwait Informa tion Network helps both public agencies and the non-govern mental sector share informa tion more securely and cost efficiently for government operations. Moving forward, the need of the hour is for businesses to make the most of digital technologies without compromising on the security of sensitive data. Cisco is focused on delivering ‘Security Everywhere’ which cuts across the security architecture, the data center, Internet of Things and enterprise network which includes wireless”, said Samer Al-Lahham, GM, Kuwait.
ORGANIZED BY DEWA Dubai Electricity and Water Authority hosted a group of some of the most important Estonian information security experts, to lead a workshop on information security, and raise awareness in about cyber risks and threats. The workshop was held at DEWA’s Sustainable Building in Al Quoz, and was attended by HE Saeed Mohammed Al Tayer, MD & CEO of DEWA, and other DEWA staff. Al Tayer stressed DEWA’s commitment to adopt the best international standards of information security to maintain its position as one of the leading government organisations in Dubai. DEWA is also commit ted to introducing its employees and teams to the latest security solutions, to tackle different current and future challenges.
SENIOR VICE PRESIDENT FOR ENDUSER SECURITY AT SOPHOS. ENTERPRISE MALWARE REMOVAL TOOL BY SOPHOS
SAMER AL-LAHHAM, GENERAL MANAGER, CISCO, KUWAIT
Certificate of Quality
MANAGING DIRECTOR, ESET MIDDLE EAST.
SECURITY FABRIC REDEFINED Fortinet expanded its Security Fabric with introduction of the FortiGate 6040E enterprise firewall. First in Fortinet’s new 6000 series of ultra-high throughput enterprise firewalls, the FortiGate 6040E delivers the next-generation firewall performance, effortless scale, and supe rior security so large enterprises don’t have to compromise between security features or net work speed disruption. Fortinet also announced the launch of two new FortiGate 2000E series enterprise firewalls, bringing the enhanced capabilities of FortiASIC CP9 to enterprises requiring higher next-generation firewalling and increased SSL inspection capabilities.
Two independent testing authorities, Virus Bulletin and AV-Comparatives, recently published their tests of anti-spam protection. The highest-rated security solu tions in both tests were ESET products. ESET Mail Security for Microsoft Exchange Server was tested in the latest VBSpam Test, ESET Smart Security in AV-Comparatives Anti-Spam Test.“Our clients’ safety has always been the core pillar on which ESET was built and these impartial test results reflect our ongo ing efforts to continually invest and develop innovate new products.”, said Neo Neophytou, MD, ESET,ME.
SECONDS6
DarkMatter has found that 48% of respondents to its DarkMatter Cyber Security Poll say their organisations do not have a senior management executive assigned to oversee cyber security, while 46% of respondents said their organisations did not have a Board-level representative responsible for cyber security. The statistics are extracted from a poll conducted by DarkMatter during the Gulf Information Security Expo & Conference (GISEC) 2016 held in Dubai, at which the company was the Cyber Security Innovation Partner. The poll identi fied that 23% of respondents believe that their organisations have been victim to an internal cyber security breach, while 32% believe their organisa tions have fallen victim to an external attack.
Cisco showcased its threat centric security solution suite at the Kuwait Info Security Conference & Exhibition .
G.M
DARKMATTER’S CYBER SECURITY POLL REVELATIONS
Kaspersky Lab’s Global Support Team has been granted an ISO 9001:2015 certification. The company is one of the first to be certified under the new version of the standard, which is the world’s most recognized quality management certification. Alexander Voinov, Head of Global Support at Kaspersky Lab, said, “Achieving this ISO certification is a great honor for the Global Support Team. Our mission is to help them obtain the greatest value from our products and services and continuously provide them with upmost customer satisfaction.”
Sophos launched Sophos Clean, the latest addition to its End user protection portfolio of advanced malware detection, remediation and removal software. The signature-less technology uses progressive behavior analytics, forensics and collective intelligence to discover and remove code from zero-day threats, Trojans, root kits, polymorphic malware, irritating cookies, spyware and adware.
DAN SCHIAPPA, AND
CYBER SECURITY SOLUTIONS FOR DIGITAL ESETTRANSFORMATIONSCORESHIGHEST IN SPAM-FILTERING TESTS
NEO NEOPHYTOU,
CYBER AWARENESS WORKSHOP
10 JUNE 2016
Head Office: P.B. No. 3314, Sharjah, United Aran Emirates. Tel: +971 6 5730000, Fax: +971 6 5736500, Email: sales@omaemirates.com, www.omaemirates.com I www.omams.ae I www.solutiongulf.com VIP INTRODUCING BENEFITS BEYONDOMA LOYALTY SERVICES WINNING IN RETAIL WITH SERVICES Bringing together technical and business expertise to make Transaction Processing a reality Effective Solutions • Fresh Ideas • Business Planning
With various emerging technologies like IoT and Big Data making their way to the enterprises´heart, holistic security is the need of the hour. COVERSTORY NETWORK´CONNECTED´PLANETSECURITYFORA 12 JUNE 2016
<ANUSHREE@ACCENTINFOMEDIA.COM> n PHOTO: SHUTTERSTOCK 13JUNE 2016
SECURING ´SECURITY HUNGRY´ NETWORKS OF TODAY When security climbs up a step, the attacks follow suit. The hacker instincts could never be decoded completely and hence security vendors ANUSHREE DIXIT
Shedding its legacy of being an oil economy, the GCC is rapidly becoming a model region for booming mega enterprises, thereby setting an enticing platform for cyber criminals to target and thrive. The growing adoption of IoT platforms has put immense pressure on the enterprises´networks. As per reports, the GCC firms are expected to spend $1b on cyber security by 2018and are in the race to become the world´s most advanced organizations in deploying solutions that proactively protect devices and user information. Digital transformation projects have also upped the network security market growth in an attempt to provide the 2 Fs of user experience— Freedom and Flexibility.
n BY:
“With the increased use of personal portable devices, there arises a challenge to keep those devices secure and protected. Usually those devices are an entry point for malwares and a door that an attacker can use to get access to the network.”
THE SOPHOS ADVICE: n CISO shave the onus to ensure a secure transition to disruptive technologies while making organization become more compli ant and security aware.
n CISO / CIOs have also come to experi ence another drastic change, requiring them to shoulder a new onus. n CIOs have to choose wisely, while invest ing in technologies that can help transform business to emerge more efficient and col laborative, yet securely.
n Provision a new employee, partner or contractor in 15 minutes across your enterprise andthen de-provisioning them 15 minutes after they depart n Leverage Privileged Account Manage ment controls like password vaulting and session management for those identities who have the “keys to the kingdom”
MOHAMED DJENANE SECURITY SPECIALIST – ESET MIDDLE EAST
“Synchronized security allows next generation endpoint and network security solutions to continuously share meaningful information about suspicious and confirmed bad behavior across an entire organization’s extended IT ecosystem.”
JOSE THOMAS MANAGING DIRECTOR, BULWARK TECHNOLOGIES
n CISOs also have to offer strong measures to entrench security in key business pro cesses, deliver effective metrics for report ing and innovative ways like “gamification” to promote security best practices while align ing security with business and IT goals.
Automatically allow or deny – or step up authentication – for every user access attempt based on context that is derived from the network to identify abnormal activity
THE CIO CORNER 14 JUNE 2016
THE BULWARKS OBSERVATION: n Security is an impediment. In many organizations, there is a certain inflexibility around security: everything is black and white, everything new is dangerous and bad, and when in doubt, block it.
THE DELL VISION: n Not only detect but also block advanced threats at the gateway before they get into your network with extreme low latency n
n Security is a requirement. Compliance, the need to maintain the organization’s image, and the increasing awareness that cybercriminals are out to do enterprises harm all point to the need for good security.
n Security is a pain. Given the rate of innovation in technologies enterprises adopt, how they adopt them, the risks that accompany them, and the failure of basic network security infrastructure to adapt, security has become expensive, complex, and slow.
JIM DANIEL DIRECTOR OF SALES AT ESENTIRE
“Probably the most important factor that makes a true difference in detecting and mitigating APT’s is the integration between different network and security solutions and at different levels of the network.”
ZABANEH
other to more effectively protect against today’s sophisticated threats, in a manageable way,” says Harish Chib, Vice President Middle East & Africa, Sophos.
“Partnering with a managed cybersecurity firm is indispensable, providing the eyeson-glass approach required to combat today’s threats while delivering piece of mind to organizations struggling to keep pace with the rapidly evolving cybersecurity space.”
BEHIND THE WALLS OF THE FIREWALL
As Data burglars get smarter and the network perimeters more vulnerable, it is very necessary for the network security tools to be more sophis ticated and with advanced capabilities. The Next generation firewall or the NGFW goes beyond the traditional firewalls and IPS giving the much needed preventive measure to organizations wherein BYOD rules the roost and the networks are increasingly thronged. “Traditional firewalls have helped us for many good years as a tool to increase network security; though as we always emphasize, the nature of the very same networks have changed dramatically due to the changes in end-users (employees) needs and methods of access – such as BYOD,” says Tony Zabaneh, Channel Systems Engineer at Fortinet . Accord ing to Mohamed Djenane, Security Specialist – Eset Middle East, “The strategy is to make sure that we have a mechanism to manage those devices and keep them secure again threats.ESET provide an effective solution for Mobile devices, an MDM component to manage the organization Mobile Devices, where the administrator has total control on Mobile Devices.”
“By governing every identity across the organisation with Dell identity governance, privi leged management and access management while inspecting every packet with Dell next-genera tion firewalls (NGFW), secure mobile access, and email security, organisations can support new strategic business initiatives while minimizing the exposure to cyber threats,” says FlorianMalecki, International Product Marketing Director at Dell. Sophos on the other hand claims that it is doing something that has never been done in the IT industry. We are succeeding at being a leading provider of both enduser security and network security. And we’re now leading a new wave of security innovation that we call synchronized security that for the first time allows endpoint and network security products to actively and continuously share threat intelligence with each
TONY CHANNEL SYSTEMS ENGINEER AT FORTINET
15JUNE 2016
THE FORTINET POINT OF VIEW n In addition to the continuous and enormous amount of threats, probably the most unattended challenge CIO’s may face would be the number of inde pendent and non-integrated solutions that protects the perimeter and core of the network. n Furthermore, the separate manage ment consoles and non-consolidated threat responses (in sense of real-time zero day signatures) are considered a part of the security gap; simply due to the fact that different vendors solutions are not designed natively to integrate with other vendors and experts have been increasingly pitching this belief that it is no more about ‘íf´ you will get attacked, but ´when´. The modern enterprises have entered into one of its most difficult phases in technology due to the proliferation of BYOD making it an ideal playground for the security vendors and partners to bring the best of all the worlds.
16 JUNE 2016
Our increased dependence on IoT or rather interconnected technology has increasingly been taking over the control of security from our hands. As many studies have been observing, we are entering into yet another industrial revolu tion, but this time it’s not the machine, but the technology that is going to enslave us. According to a Cisco report, 25 billion devices are expected to be connected by 2015 and 50 billion are slated to connect by 2020. In this quickly evolving world, all the things that connect to the Internet are exponentially expanding the attack surface for hackers and enemies. A recent study showed that 70 percent of IoT devices contain serious vulnerabilities.AsJoseThomas, Managing Director of Bulwarks says, in GCC the most common threats today are perceived from external sources, i.e. zero-day malware, advanced persistent threats, phishing, ransom-ware, etc. Most organizations realize that security is a boardroom discussion, however, there exist huge inconsistencies in how they respond to the challenges posed by cyber threats. “Many of organizations in the GCC do not have an effective security awareness program. This needs to be creatively developed in order to engage employees and achieve the objectives need. Most of GCC organizations admitted that they do not have a dedicated function for governance, risk and compliance and Do Not conduct a third party assessment to review existing systems. The need of the hour is to invest in security technology or services, which can integrate and collaborate to give you maximum visibility and intelligence. This will ensure you are aware of the threats before the damage is done. It is preferable to be proactive than reactive. Invest in technologies, tools, and skills which will ensure you have the capability to predict, prevent, detect, and respond.”
FINALLY.... 5G is knocking at the doors!! It is speed and connectivity everywhere. The networking challenges faced today are just the beginning . A dynamic, user centric, and data rich wireless solution is the need of the hour and the road ahead for the IT and an OT partner in security is just to think in TBPS. ë
HAND IN HAND WITH OTHER SECURITY
HARISH CHIB VICE PRESIDENT MIDDLE EAST & AFRICA, SOPHOS
“We are on a mission to help CISOs open their very own “Department of Yes.”
Somehow the saying ´United we stand, Divided we fall´ applies for the security market as well.
Security in silos is no more a clever option, and that is why more and more vendors are increas ingly propagating synchronized security as an effective security solution. “We believe network security shouldn’t exist in a silo and needs to work closely with advanced enduser protection to deliver comprehensive and advanced protection that works against next –generation threats,” says Harish. “We are an innovative leader, driving an exciting new vision of synchronized security.
Sophos is the first security vendor to deliver synchronized security, directly linking nextgeneration endpoint security and next-generation firewall to share threat intelligence that enables faster detection of threats, automatic isolation of infected devices, and more immediate and targeted response and resolution,” he adds.
FLORIAN MALECKI INTERNATIONAL PRODUCT MARKETING DIRECTOR AT DELL
Jim Daniel, Director Of Sales At eSentire says, “We’ve engineered a unified service that brings together our powerful IPS with behavioral-based anomaly detection, full-packet capture, and SIEM to provide proven threat detection and response to threats that traditional point-solutions will miss. Our service works with the technology organiza tion’s already have in place, providing comprehen sive cybersecurity coverage and protection.”
“The driving force behind such network security breaches is that attackers see organisations and institutions as low hanging fruits because in most cases the growing adoption of ICT to drive economic growth has far outpaced the need to install an infrastructure that protection organisations from cyber threats.”
CHALLENGES IN THE CONNECTED WORLD
FRIENDSHIP TOUR WWW.GECOPEN.COM GLOBAL ENTERPRISE CONNECT BROUGHT BY ORGANISED BY KENYA M ALAYSIA N IGERIA S OUTH AFRICA E GYPT T URKEY O MAN U AE S AUDI ARABIA Q ATAR B AHRAIN I NDIA PREMIUM CHARITY GOLF TOURNAMENT FOLLOW US: www.gecopen.comGec Open GECOpen Enterprise Channels MEA
GUESTTALK 18 JUNE 2016
SECURITY FABRIC
1. Cloud Application Security Cloud computing is an unstoppable trend in the enterprise. More and more employees use public cloud applications to discuss work-related topics. These applications range from email services like Gmail and public storage like Dropbox, to chatting software like Whatsapp on mobile devices. It is becoming increasingly difficult for enterprises to block these applications altogether, so managing them and mitigating their risks is one of the most pressing tasks for CISOs.
3. Event Management Data logging, reporting, and event management have been a key part of a system administrator’s job description for as long as I can remember. This age-old practice is not going away, but poised to become even more important as a big part of the defense against complex threats like APTs, and as enterprises get inundated with more network data due to trends like smart cities, the internet of things (IoT) and bigTodata.CISOs, having too much (disjointed) infor mation is almost as bad as having no information on an attack at all.
4. Compliance Regulatory and industry standards like the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX) and similar local regulations are the modus operandi for commerceCompliancetoday.provides a health check for businesses and instills trust in the market. But achieving compliance − and staying that way − can be costly and cumbersome.
A TO SOLVE CISOS’ TOP 5 WORRIES
5. Protecting Their Information Security Investment. Solving it All Each of these headaches point to the need for a security fabric that weaves together security hard ware, software, and communication protocols with advanced internal segmentation into a single architecture to deliver seamless, comprehensive threat protection across the expanding attack surface that comes from cloud and IoT. Cloud, in particular, must be treated like an extension of the enterprise network, and firms need to deploy a security strategy that can see and govern the vast volumes of data traversing an entire borderless network, comprising wired and wireless access points, through both public and private networks, and across traditional and cloud infrastructures. An effective APT defense framework will require the adoption of an internal segmentation firewalling (ISFW) architecture. ISFW works by restricting malware flow between different segments of the organization.
2. Advanced Persistent Threats (APTs) Out of the many types of security threats out there, perhaps none strikes as much fear in organizations as Advanced Persistent Threats, or APTs. There are many guises to these threats, but APTs are generally characterized by their sophistication, multi-pronged approach, stealthiness, and dogged intent to target an organization.Oftenable to foil conventional defenses, APTs usually target business sensitive information and personal data such as credit card details. This means all entities, from very large organizations to individuals, are in their crosshairs.
In terms of compliance, most CISOs follow a certain methodology to mitigate network risks. A security fabric, together with an ISFW deploy ment, allows all deployed firewalls to collectively provide a richer picture of compliance status and a security maturity assessment.
For the CISO, knowing what is connected to his network at any point in time is key to understanding his organization’s security posture and the effectiveness of his other policies and processes.Theindividual network components can change over time, as can the nature of cyber threats, but the solid foundation laid down by the fabric will stay relevant and protect your enterprise for many years to come. ë
MICHAEL XIE, FOUNDER, PRESIDENT AND CHIEF TECHNOLOGY OFFICER, FORTINET
© 2016 HID Global Corporation/ASSA ABLOY AB. All rights reserved. HID, HID Global, the HID Blue Brick logo, and the Chain Design are trademarks or registered trademarks of HID Global or its licensor(s)/supplier(s) in the US and other countries and may not be used without permission. HID Global is leading the industry with the most robust portfolio of secure ID issuance solutions in the world. Our FARGO® line of printers and encoders provide governments, financial institutions and businesses of all sizes fast, efficient and reliable solutions that are as secure as they are affordable. You’ll call it innovation on demand. We call it, “your security connected.” YOUR SECURITY. CONNECTED | Visit us at hidglobal.com/printers Print a card. Any card. Secure ID issuance WITHIN REACH.
future.EXCERPTS FROM RABIH´S ´A WORLD WITHOUT POWER´ n BY: ANUSHREE DIXIT <ANUSHREE@ACCENTINFOMEDIA.COM>
The United Arab Emirates has positioned itself as a global leader in various competitive aspects. From being leaders in smart city to being one of the most economically and socially established countries, the UAE is unique in both a positive and negative scale. With the dawn of IoT and a connected world, the critical infrastructure and national security are the prime priorities of the govern ment sector. Rabih Dabboussi, Senior Vice President of Sales, Marketing and Business Development of Darkmatter, who comes on board Darkmatter at a time when security tops the chart of every decision maker, says, “As we exponentially climb the growth scale, UAE is also seeing a high growth rate in the number of cyber attacks. A few years ago, we used to have 1% of global cyber attack, but today we have 5% -- which is really alarming.” As an ex Cisco veteran, Rabih says that this nation and its progress has always been his passion. “I chose UAE to be my country of living. I have tremendous respect for the visionary leaderships and my mission is to align my business to those progressive strategies.”Rabih adds that, H.E. Sheikh Mohammed Bin Zayed has once remarked in a government summit that the 4 critical pillars of the nations are— Education, Healthcare, Security and Innovation. “We have done an amazing job being No 1, or being one of the top nations in the world in many ways. But, we are still No 48 and 53 in education and healthcare respectively and from a sustainability perspective, if you don’t havehealthy, educated and secure citizens you will not have a sustainable soci ety and economy. Security and innovation are key priorities for the nation. As we live in a connected world where everything is connected, from our homes to government services to national grids— it is very important for security to take centre stage. The standards of securing our digital infrastructure are designed for IT environment and not for nations and this is what drives the Darkmatter vision.”
´SECURE´
CORPORATESTORY 20 JUNE 2016
Rabih says that the model for securing the nation of the future has not been subscribed in any standards;The model for securing the digital infrastructures exist through multiple standards. “Automation is entering mainstream business. Driverless cars are all set to rule the roads in a IoT has opened a whole new world of possibilities— of technology as well as threats.
“Energy companies that underpin the economy of the GCC are particularly vulnerable to attack because of the sheer complexity of their infrastructure and their intersection with third party suppliers and contractors over whom they may have little control. The GCC is particularly vulnerable to this type of attack. In a bus tling economic environment, a power cut would likely cause disruption to any services not backed up with auxiliary generators, potentially affecting everything from transportation links to desalination plants. It’s the responsibility of both the private and public sectors working hand-in-hand to ensure vital infrastructure is not just defended from physical attack, but shielded from hostile states and criminals. To ignore the threat is to leave your nation hostage to the next malware attack.”
Rabih Dabboussi, Senior Vice President of Sales, Marketing and Business Development of Darkmatter, who is all set to lock horns with some intricate security matters while holding the reins of the channel, in a candid chat with EC MEA on his vision for Darkmatter and its roadmap in building a secure nation and sustainable
PAVING WAY FOR A FUTURE
“Rabih says that the model for securing the nation of the future has not been subscribed in any standards; The model for securing the digital infrastructures exist through multiple standards.”
There are many vendors who have a good order of leadership; there are few vendors who have been working closely with the govern ment; there are also a few vendors who have built their R&D centre in the country. We are unique, because we have all the three.”
The market is rife with many security tag lines. So what is the tagline for Darkmatter?
21JUNE 2016
“For Darkmatter, it is about making the nations secure. We are not entering, but have already entered a digital world and the 2 most important commodities of this age are Time and Information. Time cannot be produced, but access to information is critical. It is not only about collecting that information but also protecting it.”
The conversation closes on a very interest ing parallel. Rabih says, “It is always better to take the flour to a baker if you need excellently baked bread. No matter how hard you try at home, it is difficult to match that expertise. Similarly we have positioned ourselves as security experts. We are here to share that expertise with you and make sure that we build a future that is resilient.” ë
RABIH DABBOUSSI, SENIOR VICE PRESIDENT OF SALES, MARKETING AND BUSINESS DEVELOPMENT OF DARKMATTER,
decades time. So what if the hackers use these cars as missiles for attacks. This may sound like a Hollywood plot, but it has all the poten tial to happen and at Darkmatter we believe that if it can happen, it will happen. Our mission here is to come up with something innovative, something which is future proof and can use the legacy systems and technolo gies of the past but really develop the model of the future.DarkMatter team is respected globally for its unique security solutions and we also have the top notch leaderships in the globe. This is what excited me to join the team.
Talking about his role in driving the channel, Rabih says that Darkmatter has a very unique channel strategy. We are not just an SI who receives technology from vendors alone; we have our own R&D centre and we are a supplier of technology. My focus would be on the supply chain of technology. We have vendor technologies incorporated into our own technologies and on the fulfilment chain we are like a vendor to the clients and the SIs.”
Rabih says “The unique differentiator that sets Darkmatter a league apart is that, Darkmatter is at the heart of what is set to become the powerhouse for cyber security and to become the anchor for securing the nations, and I have joined at a right time in a company that is focused on this critical security.”
“Growth and the pace of change in the region’s economy attracts criminals and regional instability leads to a rise in nation-state activity.” Kindly brief about the threat and security landscape in the MEA region. The cyber security landscape in the MEA region has seen a growth in activity over the last few years with an increase in the number of high profile breaches and attacks hitting the news from banks to oil compa nies to critical national infrastruc ture. As more organisations in the region transform their processes and systems to a digital environ ment and the value of information increases, the focus of attackers has moved away from a physical threat to being an electronic one. What’s your view on the readiness of the enterprises for battling the evolving threats? Very few enterprises in the region are ready for the evolving threats. Most are struggling with the pace of change that their organisations are going through, as business processes evolve and become more digital. Which trend do you forecast for the region’s security landscape in the days to come? Unfortunately, it looks like we will certainly see an increase in the number and severity of high profile attacks. Cyber defence will increasingly become a differentiator between organisa tions; a competitive advantage to those who can deploy it effectively and potentially a source of ruin for those who can’t.
What’s your take on the threat posed by DDOS attacks? What can be done to counter the same? In the past they were mainly to take down websites, to embarrass or harass an organisation or prevent them carrying out business. As we increasingly rely on infrastructure and devices being able to communicate securely and reliably across the internet, we will start to see greater potential impact from a DDoS attack. However, the key to countering the threats requires more than just technology products. It requires co-operation between various organisations that manage inter and intra country traffic including telcos, Internet Service Providers and mobile network operators as well as the agen cies, security vendors and national CERT teams.
How is the role of CISO/CIO evolving with the threat landscape getting trickier day by day? The CISO/CIO is now becoming a much more visible member of the executive team, sometimes for the wrong reasons because of a breach or security incident, but also sometimes because raising awareness of security is becoming an increasingly important part of their role. Security is not just the responsibility of those with security in their job title,but increasingly all employees, customers and citizens are required to be more security aware. ë
NEIL GINNS, SENIOR SOLUTIONS CONSULTANT, THALES E-SECURITY
The first is encryption. By encrypting data, we move protec tion closer to the valuable asset so that it is secure even when attackers breach the perimeter protection or when the data has to be stored, transported or used outside the data centre. The second measure is strong authentication. The age of passwords is coming to an end as increasing computing power has weakened their resistance to brute force attacks and time and time again we see users struggling to manage multiple unique strong, complex passwords.
If asked what should be the major security measures that enterprises should adopt, what would you say?
RUNNING THROUGH THE VEINS OF SECURITY
MY VIEWS 22 JUNE 2016
MAKE GITEX PART OF YOUR GROWTH STRATEGY TO GENERATE LEADS AND WIN BUSINESS EXHIBITION | CONFERENCES | STARTUP | NETWORKING Grow your Sales “GITEX brought together some of the best technology minds in the world and it was a pleasure to discuss new advances and best practice with worldwide industry leaders” CELIA WADE-BROWN, MAYOR OF WELLINGTON “Gitex is extremely important for us. We generate leads for incremental business and it gives us an opportunity to interact and demonstrate.” RABIH FORMERDABBOUSSIMD&GM, UAE, CISCO NETWORK WITH THE C-SUITE 3,000 C-Suite executives and senior government officials from over 15 countries came to Gitex in 2015 to network with technology companies MEET NEW PROSPECTS Identify and meet new senior level contacts pre event 24,000 meetings were arranged through our Connexions meeting program TARGET NEW INDUSTRIES Target your customer verticals in banking, healthcare, education, public sector, retail and energy BE SEEN AS A THOUGHT LEADER Hear from industry speakers, your peers and competitors on how the industry landscape is evolving Get in touch today at gitexsales@dwtc.com or call +971 4308 6037/6901/6566 to discuss your involvement in GITEX 2016 82% were closed at the show 49% of senior executives came to GITEX with open RFPs IncubationStartupPartner TravelOfficialPartnerOrganised by Exclusive TransformationDigitalPartner Official Publications OfficialPartnerAirline Supporting Partners SupportingStartupPartnerRobotics Partner 2016_ AD_FP_ACN,Comms MEA_223x275mm.indd 1 5/22/16 6:42
Point of Sale
RECENTLY IN NEWS
Network Sniffer File Scraper Keylogger Memory Scraper that its investigation had “identified signs of unauthorised access to payment card data... at certain Hyatt-managed locations, primarily at restaurants”.November 2015: Hilton Worldwide has fessed up to an attack on its systems that potentially resulted in the theft of customers’ credit card information. Hilton, which owns around 4,500 hotels worldwide, admitted this week that it had discovered malware on its point-of-sale (PoS) terminals designed to grab credit card informa tion. The malware did not expose customers’ home addresses or PIN codes but did provide access to card numbers, security codes and names.May 2016:On May 11, as part of Wendy’s fiscal 2016 first-quarter financial report, the company officially confirmed that some of its locations were, in fact, the victim of a POS data breach.
WHAT DOES POS STAND FOR?
Point-of-sale malware (POS malware) is mali cious software expressly written to steal customer payment data -- especially credit card data -- from retail checkout systems. Criminals often purchase POS malware to steal customer data from a retail organization with the intention of selling the data rather than using it directly. Memory Scraping is an important aspect of the POS malware attack.
24 JUNE 2016
August-December 2015:High-end hotel chain Hyatt Hotels has warned customers to check their bank statements after admitting that the organisation’s payment systems were compro mised by hackers between 13 August and 8 December in 2015. In a statement, Hyatt claimed
DECODEDTHREAT POSPOSMALWARETYPES
WHAT IS A POS MALWARE?
VULNERABILITY POINTS n Lack
n Limited
n
COUNTERING
PRECAUTIONS
25JUNE 2016
n Lack
n Susceptibility
n POS
n Risk assessment
SYMANTEC: A properly configured endpoint pro tection product can block even the most determined attacker, and this is especially true when it comes to a POS system. POS systems actu ally have a security advantage over a PC as a single function device. Because no one on that device is web browsing, emailing or opening shared drives, the functionally of the machine and the files needed on that machine are limited. ë THE POS of 2FA or 2 factor authentication for card data of P2PE or Point to Point Encryption Systems running under old operating systems to malicious code restriction on remote access FOR POS MALWARE: Retailers must ensure compliance with PCI standards for PIN entry devices recruitment of employees
TREND MICRO: Install Payment Application Data Security Standard-compliant pay ment applications. Deploy anti-mal ware security tools with web, file and email reputation to protect against malware attacks.Use network, cloud and host based IDS/IPS tools to shield unpatched vulnerabilities.Use trusted firewalls to provide a cus tomizable perimeter around servers. Assign a strong password to security solutions to prevent application mod ification, using two-factor authentica tion (2FA) whenever possible
n Careful
PALO ALTO: Prevent unauthorized users from installing or running executables on PoS devices using process whitelist ing.Install security software, such as antivirus, on PoS devices.Implement network segmentation between PoS devices and other corporate infra structure.Ensure any remote access applications, such as RDP, VNC, Log MeIn, etc. are configured with unique usernames and passwords, are fully up to date on patches, and are con figured with 2-factor authentication if possible.
GEMALTO: eCommerce retailers should also invest in a standards-based enter prise key management strategy that should include specific methods of limiting access to keys, defining how those keys are issued and dis tributed, and providing protections for them as they are stored. Without these considerations, keys could be copied, modified or even imperson ated by a skilled hacker, who could then access cardholder data.
40% 50% 3% 7% Cyber Crimes Hacktivism Cyber Warfare Cyber Espionage MAJOR MOTIVATIONS BEHIND CYBER ATTACKS E-CRIME RATE MINDSORGANIZATIONMAPPING CYBER CRIME VICTIMS Per 1.5millionOverdayIdentities exposedMore than 232.4 million Victims Persecond-per18year-556million HACKTIVISM of GCC executives lack confidence in their organizations in having the right tools to predict and prevent confirmedexecutivescyber-attacks.that their IT security budgets will either stay the same or decrease in theexternalbelieveorganizationsfunctionandIThaveofassessmentsthird-partyconductorganizations2016.regularsecurityorganizationsadedicatedgovernance,riskcompliancethatthreatsaregreatestdanger56%40%48%50%71%201420132015NUMBER302OF ATTACKS YEAR AMOUNT OF LOSS 1,011745 Dh 3.11 mn Dh 28 mn Dh 40.56 mn 26 JUNE 2016
TYPES OF MALWARE ATTACKS IN THE REGION ENDPOINTS EXPOSED TO MALWARE ATTACKS VULNERABLEYOU’RE IF… MALWARE 7.9% Oman 8.5% Kuwait 8.6% UAE 8.9% Qatar 10.2% KSA Adware Spyware Virus Worm Trojan KeyloggersRootkit RogueSoftwareSecurity RansomwareBackdoors Phishing Malware Dridex was responsible for worldwide losses of $100 Million in There are 5 malware events every second in the world. $100mn 2015 n You use legacy software n Your browser and/or OSes are unpatched. n You operate with outdated equipment. n You don’t have a legitimate backup plan. n You lack a comprehensive cybersecurity strategy of emerging mobile malware threats monitor location, calls, text, emails and track the victims’ web browsing80% 27JUNE 2016
Do not depend on single layered security measures Ensure a regular check on all IT deployments Systematically adapt to the upgrades Establish policies for controlling information
‘There is no place where espionage isn’t possible.’ No vertical or no business in opera tion can breathe the air of relief when it comes to cyber espionage. Often threat actors or hackers use zero day exploits in conjunction with consolidated hacking methods which usually starts with spear phishing or watering hole attacks. The economy of MEA is at a rise, with the penetration of internet getting deeper and accessible to all, there comes an ugly face of this technology too. On one hand it eases the structure of flow of information and data on finger tips whereas on the other hand it gives birth to planned espionage attacks or outsourced attacks by competitors, hackers, criminal groups or organizations with deep political motives. Stealing and using the information to keep a track on the activities of organizations has become a common phenomenon all over the world and MEA is no exception. Organizations in MEA have been facing attacks which particularly start with spear phishing or malware or ransomware which then lead to spying and misusing or using information for the attackers’ benefit. “Threat actors learn about the person they think has the highest privileges on the network and will learn about what they like, what their hobbies are and even where they are living. They will use this to build a picture to spear phish their way into stealing sensitive data.”
n
RULES OF THE GAME n BY: SONAL LUNAWAT <SONAL@ACCENTINFOMEDIA.COM> n PHOTO: SHUTTERSTOCK
Undertake comprehensive security audit of exist ing deployments and security policies Choose solutions/applications which fit into com pany requirements, customization is a key to be secured. Do not take data security for granted Partner with information security experts and understand the parameters related to securing your network Think like an attacker Know where your vulnerabilities lie and try working to rectify it Deploy natively integrated solutions that examine and inspect network traffic and all entry and exit points Compartmentalize and restrict the flow of informa tion within organization Educate the employees about cyber related crimes and espionage
n
n
n
commented Chris Green, Regional Director META, Malwarebytes.
n
n
n
n
n
The burden of crucial classified information viewed by unauthorized users is always like a sword hanging on every CIOs head. Various cases of cyber espionage have come in the limelight, groups like Poseidon, Cazarus, Black vine, Desert Falcons, The Dukes to name a few groups engaged in malicious cyber activities. McAfee Labs predict for the next five years that the dark market of malware code and hacking services could enable cyber espionage malware used in public sector and corporate attacks to be used for financial intelligence gathering and the manipulation of markets in favor of the attackers.
n
Cyber Espionage hasn’t just become an activity; it is a professional service now. Most enterprises learn about espionage from a third party, thus it is mandatory to deploy a perfect solution to solve this crisis and make sure information is accessed by the right individuals.
EYEING YOUR DOMAIN
CURRENT SCENARIO
ESPIONAGECYBER 28 JUNE BE2016 ALERT! THERE MIGHT BE A SPY IN YOUR SYSTEM
“It’s no secret that the Middle East is being heavily targeted by cyberattacks. What used to be single isolated events are now becoming nationwide breaches. This is not least because as Middle Eastern companies embark upon the digitalization of services and infrastructure, this in turn increases the exposure and risk to cyberattacks”, said Roland Daccache, Senior Regional Sales Engineer, Fidelis MENA.Not many organizations
n
n
n
n
While prevention is a must; in case of attack there should be detection and response at the earliest
DIGITAL GUARDIANVARONIS EMEA
“Security is a journey, not a destination, so there is always room for improvement. Companies should promote a ‘Culture of Cybersecurity at Work’.” “If you don’t have a record of activity, it’s difficult to recover from because you don’t know which users were infected, which files were encrypted, or when.”
PINCHING POINT FOR ENTERPRISES IoT, Mobility, social media, digitization and a lot of hosted services have grown faster in MEA and as a result the security spectrum have been compromised as it offers multiple windows for the hackers to sneak in. A typical trend of attacks in the region is seen where it starts from spear phishing mails which leads to ransomware threats like Gameoverzeus, Cryptowall, Torrent Locker, CTB locker, TeslaCrypt, Locky, Petya and others. Tools of contact points could be deceptive fake websites, drive-by-downloads, exploitation in MEA have invested in safeguarding their enterprises from espionage, though the adoption of other advanced IT solutions like cloud, big data, analytics, digitization has been high, but somehow the importance associated to protecting their networks from these illicit activities has been fairly low. Even for organizations who have invested in an infrastructure to safeguard their
THOMAS FISHER, PRINCIPAL SECURITY RESEARCHER, DIGITAL GUARDIAN DIETRICH BENJES, VP – STRATEGIC ACCOUNTS AND ALLIANCES, VARONIS EMEA
SOPHOS
HARISH CHIB, VICE PRESIDENT MIDDLE EAST & AFRICA, SOPHOS
DISCOVERY TIMELINE OF CYBER ESPIONAGE ATTACKS 62% MONTHS16% WEEKS 5% YEARS 9% HOURS 8% DAYS
“A key weak link, like anywhere else in the world, will be the end user and mechanism to protect the data.”
network need to understand the importance of reviving and restructuring their solutions time and again and keep a check on their internal and external framework. Various solution providers in the region are concentrating on the weak points of the problem and provide solutions for network, mobile, web, behavior analysis, identifying company IP, classified information, end-to-end solutions, integrated security etc.
30 JUNE 2016
MENA
TONY ZABANEH, CHANNEL SYSTEMS ENGINEER AT FORTINET
Thomas Fisher, Principal Security Researcher, Digital Guardian said, “We have seen a strong level of compromise related to attacks happening via the local network and removable media versus external web based attacks. The race is on for the Middle East to catch up but recent deployments of technologies such as IoT only compounds the issue and creates a gap in security.”
FORTINET
CHRIS GREEN, REGIONAL DIRECTOR, META, MALWAREBYTES
“Most often threat vectors generally are exploits, which slip through the weaknesses in outdated software to place malware deep in sensitive systems.”
of vulnerabilities by operating systems or applica tions like Adobe Reader, Internet Explorer, Java and many others are gaining a momentum in the MEA region. The major cyber espionage groups in the region include Desert Falcons, Carbanak, GrayFish, Cadelle, Chafer, Sofacy, Rocket Kitten, Novetta to name a few.
CYBER
HOW TO SAFEGUARD? As Cyber espionage is a process, the enterprises need to have right practice to keep them immune from the effect. As stated by various third party analysts, the organizations should take care of the data policy, separate the networks connected with critical infrastructure, monitoring unexpected behavior, apply patches or update the software you have, etc.
ESPIONAGE ACTORS 87% STATE AFFILIATED 1% COMPETITOR 11% ORGANIZED CRIME 1% FORMER EMPLOYEE
31JUNE 2016
FINALLY... As enterprises prosper they have to deal with the wraths of compromised security and cyber espionage. Therefore, there has to be no panic among the competent authorities, instead there has to be right implementations to repel the advancement by constant upgradation of present applications and softwares. The CEOs should understand the gravity of the threats and allocate adequate budget to carry on all practices. ë
ROLAND DACCACHE, SENIOR REGIONAL SALES ENGINEER – FIDELIS, MENA
FIDELIS, MALWAREBYTES
“Educating users and promoting a security conscious workforce is also key to ensuring a strong defense against spear phishing attacks.”
“Organizations should now start looking for natively integrated solutions that examine and inspect network traffic and all entry and exit points.”
How has the role of a CISO evolved over the recent times?
The new generation of CISOs needto understand and manage digital transformation with business objectives, legal and regulatory landscape in mind. CISOs act as a link between IT and business to ensure secure enablement of businessWhile,services.theCISO requires to build trust with executive management through thought leadership, understanding of business issues and translating the technology risks into business language, it needs to be supported with necessary information / reports, metrics and actionable intelligence to gain attention of executive management. The new generation of CISO’s as executives are required to be more social and business friendly with good communication & presentation skills as they would be part of boardroom discussion & decisions. CISOs are not expected to be a geek working behind a closed door, trying to secure and protect the business.
The current technology evolution and digital transformation of businesses globally as well as in the Middle East region is changing the threat landscape.The security threats today are targeted and more organized by cybercrime industry and nation-state actors. The recent wake of attacks on banks and other industries have clearly indicated that we have not done enough. CISOs have to get more prescriptive and more focused on understanding the business risks and threats specific to their industry impacting their business crown jewels that includes valuable data and critical services that could lead to financial or reputation loss.
How vulnerable are the ME organizations to cyber threats?
We at CISO COUNCIL are trying to work with all these players while connecting the industry cyber security leaders for better interaction and learning experience. With the advent of IoT and big data, the scenario has just worsened. Security is an over riding issue and the organizational premises are vulnerable? The modern enterprise demands ubiquitous connectivity and freedom to work from anywhere, anytime on any device, making it a virtually perimeter less organization with humans acting as perimeter and first line of defense. CISOs have to proactively put a plan for protection of critical assets that includes sensitive data as the IoT will change the way employees and operational processes interact generating tons of data known as “Big Data”. This could potentially be the business intelligence and insights for success that needs to be protected from competitors and adversaries.
MY VIEWS 32 JUNE 2016
How should a CISO resume look like for 2016? Today’s CISO must be integrated into all aspects of the busi ness and have a complete understanding of its strategy and objectives.CISOs need to have experience in implementing successful cybersecurity strategy and programs with the right blend of process and technology with management buy in. Security certifications are beneficial but not mandatory. CISOs need to have experience in upward management. ë
AHMED BAIG, CYBERSECURITY STRATEGIST, FOUNDER AT CISO COUNCIL
How do you perceive the evolving threat landscape of the region?
The rapid increase of global cybersecurity players entering the region is a clear indication of demand and threat intelligence that these vendors have as a proposition to targets customers. Many threat intelligence companies see malicious communica tion from regional networks with malicious command and control centers. Some of the key areas of collaboration required in the region are at government, industry and academia level.
SHAPING THE NEXT GEN CISO
The portfolio of a CISO requires not just the knowledge of security but also a deep rooted understanding of the intricate world of the organizations. The evolving role and the dynamic responsibilities of a CISO are reflected upon by Mr Ahmed Baig, Cyber Security Strategist and Founder of CISO Council.
34 JUNE 2016
SUCCESSULLY!go. TRANSACTIONSTATUS: COMPLETED
What lies ahead is a world of endless possibilities combined with infinite security hassles? The digital era of online world leaves no stone unturned to make the life of enterprises free from hurdles and saving their resourceful time. Transactions are backed by smart techniques using mobile applications on the
35JUNE 2016
“A recent study we conducted at Gemalto, surveying mobile banking users worldwide, shows that customers have high expectations from banks: 67% of them are concerned about the risks they face when using a mobile device to access banking services, and 48% would switch banks altogether if they BE SAFE
Separate account for each type of Dualtransactioncontrolover setup and creation of new user accounts Run summary reports of all Reviewtransactionsyour transactions daily Maintain up-to-date spyware detection program and Installanti-virusadedicated firewall, actively monitor and manage it Utilize unique strong passwords 12 TIPS TO SAFEGUARD ONLINE TRANSACTIONS 0501 09 0703 110602 10 04 1208 Never use automatic login features that save usernames and passwords Verify that you are on a secured site by checking browser Be suspicious of e-mails asking for account information or account verification or credentials Employees should only be allowed to perform online transactions in the office premises Clear your browser cache after every transaction and in case of fraud report immediately n BY: SONAL LUNAWAT <SONAL@ACCENTINFOMEDIA.COM> n PHOTO: SHUTTERSTOCK
As the transaction patterns are changing and evolving with newer means of facilitation, the require ments of enterprises are also altering. Enterprises want to ensure a more seamless, convenient and custom made solutions that require minimal thought and input to ease their worries about transactions. As the world shifts from physical cash to plastic cards to contactless payment options, banking patterns have also been tailored to compete with this digital era. At a touch or swipe of the hand your bank serves you at your expediency, no long queues or waiting period to process transac tions, this is the advent of 24/7 banking solution era.
Frost and Sullivan predict eCommerce across the GCC to grow by 40% by 2020, with sales expected to reach USD 41.5 billion, which would mark the highest in the industry worldwide, led by the UAE with 53% market share.
Cases of fraud, stealing data, identity theft, hacktivism, etc. have been on the rise in this region. Technology gives rise to individuals wanting to misuseof technol ogy and hamper transactions which in turn affects the financial institutions as well as users. Trust is the biggest factor driving the entire transaction chain and if it is compromised it surely creates a huge impact. Instances like QNB data breach, NatWest Online, RAK Bank hacking case and many others just prove that even the top notch security measures fail when attackers try and get in the systems. Security is the biggest concern in the minds of enterprises, banks as well as consumers, the constant fear of loss of information as well as stealing of financial assets is a never ending one. The MEA region has also been a victim of various planned attacks by criminals who have breached the security parameters and stolen viable data. Enterprises in the region have started deploying safety solutions like firewalls, antivirus, setting up security alert mechanisms, OTP pass words, PKI digital signing, PCI compliant solutions and regular ethical hacking tests to eradicate the slightest fear of threat from online transactions.
TECHNOLOGY VS THREATS
LetoERP -LETO
Creates unlimited banks and multi-currency bank account, manages up to date Cash balance, checks committed funds against cash reserves or availability, automatically calculates currency gain/loss in cash transactions, effective graphical reports for Bank Cash Movements, manage multiple payment types like check, credit card, cash and other.
INSTITUTIONSFINANCIALSHOULDENSURE
36 JUNE 2016 Updated Operating systems Multi factor authentication Strong Password support Risk based authentication Real-time transaction alerts
NETteller – MDSapTech
Ezio Mobile Secure Messenger– Gemalto Transforms any smart phone into a universal key to securely access all banking channels and digital services. Features include Advanced user authentica tion and transaction verification in mobile banking and wallet applications, Integrated Secure PIN pad - protecting against key loggers, security audit from external lab.
OTP Motion Code – Network International & Oberthur Technologies Provides an extra layer of security for Card-Not-Present (CNP) transactions. The technology replaces the static 3-digit security code usually printed on the back of a card, by a mini screen that displays a code, which is automatically refreshed according to an algorithm, typically every hour.
Controls on transactions made in a day Staff education and training
FINALLY… Technology is a useful servant but a danger ous master, this holds absolutely true in case of online transactions, on one side it makes life simpler and on the other side it gives the hackers a chance to feast. The futuristic market will concentrate on newer means and ways to propagate seamless transactions with OLTP and EFT gaining momentum along with global bank communications as well as flow of funds in real time. 80% enterprises depend on net banking or mobile applications for their financial needs, the questions then arise is what is the next path breaking technology one can expect? and whether the penetration of this digital banking age intensify? ë
felt security was not sufficient”, said Christelle Toureille, Vice President Marketing for Middle East & Africa at Gemalto. MasterCard and Visa are also aiming to phase out passwords in order to facilitate more secure means of authenticating online transactions.
TRANSACTIONSOFPROTECTIONFORSOLUTIONSONLINE
Mint Electronic Payments Services – Mint Enables the Billers on to the POS network and provide maximum reach to their customers through multiple channels, create a cashless environment, auto mated reconciliation and reporting service, eliminate direct cash collection and cashiers, reduce high risk and reduce logistic and operational cost.
NETteller offers unique and value added features which empowers the bank by keeping them one step ahead of its competition by managing customer expectation with personalized banking services that run seamlessly from one channel to another.
meeting compliance and governance require ments, enterprises will need to take advantage of technologies and tools such as two-factor authentication, data leakage prevention, and encryption, on top of their cloud services and applications.Increasingly, organizations are also investing in security-as-a-service (SECaaS) and other tools that can help orchestrate security across multiple providers and environments. These help tackle the visibility issue and ensure compliance needs are met. That’s why I believe we are starting to see the rise of so-called “broker” security services. These cloud access security brokers (CASBs) will enable consolidated enterprise security policy enforcement between the cloud service user and the cloud service provider. In fact, Gartner predicts that by 2020, 85% of large enterprises will use a CASB for their cloud services, up from fewer than 5% today. The key to this is for companies to be able to seamlessly push and enforce their own security policies from an on-premise proxy infrastructure to a public infrastructure. For the enterprise, this provides the ability, if required, to encrypt corporate data that sits in a public cloud service and offer complete protection for every endpoint. It means the same security policy is applied to the end users regardless of how or where they have connected, whether that’s through a public or private cloud, from a smartphone in a coffee shop or a Wi-Fi hotspot at the airport. Cloud adoption in the enterprise is rapidly approaching a tipping point and now more than ever, there is need for a new model of ‘cloud-first’ integrated security that enables the centralized control or orchestration of the myriad of cloud services and apps employees use across the enterprise. ë cloud compliance as their greatest concern. That’s not surprising given the current lack of visibility around cloud usage and where cloud data is being stored. The wider trend to move away from the traditional PC-centric environment to unman aged mobile devices is another factor here.
CLOUD CONCERNS This newfound optimism for the cloud inevitably means more critical and sensitive data is put into cloud services. And that means security is going to become a massive issue. Unfortunately, the same survey revealed that the picture isn’t great when it comes to how well organizations are ensuring cloud security today. Some 40% are failing to protect files located on Softwareas-a-Service (SaaS) with encryption or data loss prevention tools, 43% do not use encryption or anti-malware in their private cloud servers, and 38% use Infrastructure-as-a-Service (IaaS) without encryption or anti-malware.
ENTERPRISE TECHNOLOGY SPECIALIST, INTEL SECURITY
Many organizations have already been at the sharp end of cloud security incidents. Nearly a quarter of respondents (23%) report cloud provider data losses or breaches, and one in five reports unauthorized access to their organiza tions’ data or services in the cloud. The reality check here is that the most commonly cited cloud security incidents were actually around migrating services or data, high costs, and lack of visibility into the provider’s operations. Trust in cloud providers and services is growing, but 72% of decision makers in the survey still point to
NO MORE EXCUSES – TIME TO GET A GRIP ON YOUR CLOUD SECURITY
Cloud use continues to grow rapidly in the enter prise and has unquestionably become a part of mainstream IT – so much so that many organiza tions now claim to have a “cloud-first” strategy. That’s backed up by a recent Intel Security survey of 1200 respondents which showed that 80% of respondents’ IT spend will go to cloud services within just 16 months. To compete today, businesses need to rapidly adopt and deploy new services, to both scale up or down in response to demand and meet the ever-evolving needs and expectations of employees and customers.
GUESTTALK 37JUNE 2016
ROLF HAAS,
HYBRID SECURITYCLOUD
To securely reap the benefits of cloud while
RITTAL MIDDLE EAST FZE P.O. Box # : 17599, Dubai - U.A.E., Phone : +971 4 3416855, Fax : +971 4 3416856 E-mail : info@rittal-middle-east.com, Web : www.rittal-middle-east.com Ramadan Kareem Warm Greetings from Rittal Middle East Team NETWORKING & SERVER CABINETS COOLING SYSTEMS POWER SYSTEMS IT SECURITY ROOM MONITORING & REMOTE MANAGEMENT
© 2015 Dell Inc. All rights reserved. Dell Emerging Markets (EMEA) Limited is registered in England and Wales. Company Registration No: 3266654. Registered address: Dell House, The Boulevard, Cain Road, Bracknell, Berkshire, RG12 1LF. Company details for other Dell UK entities can be found at www.dell.co.uk With customer satisfaction and your profitabilit y on the line, choosing a stable technology par tner is a critical business decision. While other technology providers in the industr y are split ting apar t, Dell is commit ted to remaining a true source of end to-end solutions Cer taint y in an uncer tain world now that ’s a choice you can make with confidence Sell with confidence. Sell with Dell . To learn more, visit Dell .com/par tner/yoursuccess One company. One source. One focus.