SPECIAL SUPPLEMENT BY VOLUME 0 3 | ISSUE 0 7 | MARCH 20 1 7 As the region grows Opex-savvy, Cloud security market is gaining importance for reasons more than one...... 14 ‘LEAK-PROOF’ TOWARDS CLOUDS STRATEGICPARTNERSECURITY
GBM continues to innovative and provide next-generation cybersecurity services Know your risks and mitigate them today! • Cyber Security Assurance • Information Security Strategy and Roadmap • Integrated Compliance (ISO, NESA, BCP) • SCADA/IOT Risk Assessments • SOC Consulting Unless you know your risks, you can’t mitigate them www.gbmme.comABU DHABI • BAHRAIN • DUBAI • KUWAIT • OMAN • PAKISTAN • QATAR
It is a fact that reaching the required levels of maturity is an uphill task, but at the same time the enterprises should move ahead of considering technology as just a boardroom discussion and make it a business imperative. It is not only about protecting the systems but each and every organization has to take security as a shared responsibility and make it an organizational culture, whilst making sure that all the employees are educated and aware of their security ‘rules’.
The recent massive outage of AWS was yet another incident that created ripples in the security market this month. The reason for this, as cited by the company, was an employee debugging an issue with the billing system that took many servers offline. Two major examples of an outsider attack and insider flaw. What message does it send across?
It is a wake-up call— A call that is imperative of the need to stand guard to the network and its perimeters. It is a wake-up call for the enterprises to brush up your security basics; it is a wake-up call for the security solution providers to rethink their approach towards the security market; it is a wakeup call for the channel partners to rethink the way they are educating the end-users on the security solutions and the basic do’s and don’ts.
ë EDITORIAL A WAKE- UP CALL PUBLISHED BY ACCENT INFOMEDIA MEA FZ-LLC PO BOX : 500653, DUBAI, UAE 223, BUILDING 9, DUBAI MEDIA CITY, DUBAI, UAE PHONE : +971 (0) 4368 8523 A PUBLICATION LICENSED BY INTERNATIONAL MEDIA PRODUCTION ZONE, DUBAI, @COPYRIGHTUAE 2013 ACCENT INFOMEDIA. ALL RIGHTS RESERVED. WHILE THE PUBLISHERS HAVE MADE EVERY EFFORT TO ENSURE THE ACCURACY OF ALL INFORMATION IN THIS MAGAZINE, THEY WILL NOT BE HELD RESPONSIBLE FOR ANY ERRORS THEREIN. PRINTED BY AL GHURAIR PRINTING & PUBLISHING LLC. MASAFI COMPOUND, SATWA, P.O.BOX: 5613, DUBAI, UAE INFO MEDIA ANUSHREE DIXIT Assistant anushree@gecmediagroup.commEditor EXECUTIVE DIRECTOR: SANJIB MOHAPATRA FOUNDER AND COO: TUSHAR SAHOO GROUP EDITOR: SANJAY sanjay@gecmediagroup.comMOHAPATRA M: +971 555 119 432 ASSISTANT EDITOR: ANUSHREE RONAKSALESINFO@GECMEDIAGROUP.COMSUBSCRIPTIONSDESIGNER:LEADVISUALIZER:NIZAMUDDINBUSINESSREPORTER:anushree@gecmediagroup.comDIXITDIVSHABHATdivsha@gecmediagroup.comCONTENTDEVELOPER:AISHAKHANaisha@gecmediagroup.comMANASRANJANVISUALIZER:DPRCHOUDHARYAJAYARYAANDADVERTISINGSAMANTARAYronak@gecmediagroup.com M: + 971 555 120 490 SARAsara@gecmediagroup.comJASSIM M: + 973 66 707 505 KHYATIkhyati.mistry@gecmediagroup.comMISTRY M: + 971 556 557 191 SOCIAL MARKETING & DIGITAL RICHAPRODUCTIONYASOBANTCOMMUNICATIONMISHRAyasobant@gecmediagroup.com&CIRCULATIONSAMANTARAY + 971 529 943 982
04 MARCH 2017 ALL OF US ARE AWARE OF THE WREAKING HAVOC THAT THE SERIES of attacks on Saudi Arabia recently had over the country’s leading government and mission critical applications. This is in sharp contradiction to the fact that Saudi Arabia is expected to be the largest market on the basis of spending and adoption for cyber security solutions and services by 2017-19.
COVER STORY CONTENTS As the region grows Opex-savvy, Cloud security market is gaining importance for reasons more than one. The proliferation of IoT, increased cyber attacks, BYOD and data exchange are just fuelling the fire; and before we blink and open our eyes, the global cloud security market is expected to reach USD 13.93 billion by 2024. TOWARDS ‘LEAK-PROOF’ CLOUDS14 INTERVIEWCHANGINGTHEGAME OF SECURITY 12 SPECIAL EXPERTISEWITHBLOCKCHAINLEVERAGINGARTICLEREGIONAL 23 GUEST TALK IS IT TIME SYSTEM?ACCESSUPGRADETOYOURCONTROL 18 INTERVIEWRANSOMWARE BY THE NUMBERS AND PRACTICAL TIPS TO BACKUPATTACKSPREVENTONSTORAGE 13 05MARCH 2017
FORTINET PROVIDES UNI VERSAL ACCESS TO NSE PROGRAM
Sophos Mobile 7 Takes Security a Notch Higher Award
KEN XIE, FOUNDER, CHAIRMAN OF THE BOARD AND CHIEF EXECUTIVE OFFICER AT FORTINE
PALO
Palo Alto Networks had made enhancements to its Next-Generation Security Platform. Lee Klarich, EVP, Product Management, Palo Alto Networks said, “W e have too often seen headlines that highlight credential theft as one of the primary methods cyber adversaries use to gain access to networks, systems and assets. For years, there has been an absence of an effective and scalable way for organizations to address this challenge. We are pleased to introduce these unique and industry-leading capabilities as part of our Next-Generation Security Platform and to deliver yet another innovation among many designed to help organizations prevent cyber breaches.” Most organizations continue to keep simple password based credentials as the primary means of allowing users access to systems Sophos launched Sophos Mobile 7, the latest version of its Enterprise Mobility Management solution. This new version extends containerization support for Android Enterprise that enables IT administrators to manage IoT devices, strengthens security features and will be available through the Sophos Central cloudbased management platform. “The introduction of IoT device management will enable IT organizations to realize the value of IoT projects and help reduce the additional resources required to effectively manage and secure these devices. The development team at Sophos wanted to lead the industry by offering the first steps towards an integrated protection strategy for all devices – mobile and IoT” commented Dan Schiappa, general manager and senior vice president of Sophos Endpoint and Network Security Groups. The new IoT functionality will provide basic management features to organizations that are designing and deploying solutions at scale using low-cost Android Things or Windows 10 IoT devices. Sophos Mobile 7 security enhancements include antiphishing technology to protect users from malicious links in emails and documents and improvements to Sophos’ Android security and anti-malware app.
Fortinet is providing universal access to their Network Security Expert (NSE) training and certification program. Ken Xie, founder, chairman of the board and chief executive officer at Fortinet said, Opening Fortinet’s Network Security Expert program to the public increases access to educational resources and creates new opportunities for current and future IT security professionals whose skills will be critical to ensure the continued growth of the digital economy.. Fortinet believes it is our responsibility to foster the development and continuing education of cybersecurity talent and close the cybersecurity skills gap.”
06 MARCH 2017
STREETCHANNEL
THEFTCREDENTIALAPPROACHNEWNETWORKS’SALTOTO
SUMMIT 2017 CATCH THE TREND FUTURE IT OFFICIAL MEDIA PARTNERBROUGHT BY FOLLOW US: Gec Open GECOpen Enterprise Channels MEA www.gecopen.com FOR MORE INFO, PLEASE EMAIL TO; anushree@gecmediagroup.com,ronak@gecmediagroup.com 14 MARCH, 2017 THE BURJ AL ARAB HOTEL, DUBAI, UAE
Trend Micro is making available the Trend Micro Deep Security 10, powered by XGen Security. XGen Security is a blend of cross-generational threat defense techniques fueled by market leading threat intelligence, and powers all Trend Micro security solutions.
TREND
08 MARCH 2017
Other key initiatives include transitioning Opportunity Registration to a front-end discount only, which ensures that the financials of doing business with Symantec will be more predictable moving forward. Symantec is also creating new opportunities to earn with a Platinum Performance Rebate, Renewal Incumbency and by enabling partners to submit an unlimited number of activity proposals for Symantec Partner Development Funds. With a $30 billion dollar opportunity in cyber security, Symantec will see massive growth potential in the industry this year.
Mimecast has enhanced its Mailbox Continuity offering, designed to strengthen customers’ cyber resilience by automatically detecting a Microsoft Exchange, Microsoft Office 365, or G Suite by Google Cloud email outage or disruption and enabling rapid mitigation. New Continuity Event Management features will reduce the time it takes for administrators to identify and respond to email disruptions by monitoring availability in real-time.Mimecast’s new Continuity Event Management features monitor for high latency and failed deliveries, reducing the time it takes administrators to respond to mail flow issues. The system will alert administrators via SMS or an alternative email addresses and allows administrators to quickly respond to an incident.
Symantec is bringing two separate partner programs into one rock-solid program designed to give partners more opportunity for growth and profitability.
“The business demands for faster application delivery using the cloud without increasing IT spend means that security needs to be looked at differently,” says Jason Cradit, senior director of technology for TRC Solutions. Deep Security includes a smart blend of cross generational threat defense techniques for protecting servers from known bad threats, including anti-malware and intrusion prevention to detect and stop sophisticated attacks. As a part of the XGen Security strategy, Deep Security 10 adds multiple new security techniques, including the prevention of unauthorized software changes with application control. Reimagined for the hybrid cloud, the new application control feature can protect servers from sophisticated attacks such as ransomware, even when applications are constantly changing and elastic workloads are distributed across virtual and cloud environments.“Deep Security is available as software, as-a-service, and through the AWS and Azure marketplaces, giving organizations unparalleled purchasing flexibility, including per hour pricing matched to the cloud” said Bill McGee, senior vice president and general manager, hybrid cloud security for Trend Micro.
RITYWITHSECURESMICROCLOUDDEEPSECU10
This spring, Symantec Secure One, will be even easier to navigate based on two competences – Core Security and Enterprise Security – for the combined enterprise portfolio. Partners will have a huge opportunity to cross-sell and up-sell, providing the mutual customers with leading solutions to solve the world’s biggest cyber security problems.
“As more organizations move email to the cloud, planning for disruptions is an essential part of risk management. Mimecast’s new features allow organizations to strengthen their cyber resilience strategies by helping them quickly identify and respond to email disruptions from anywhere, and any device,” said David Hood, cyber resilience expert at Mimecast.
“Deep Security gives us the breadth and environment support we need to respond quickly to business requirements that include protection of physical, virtual and cloud workloads” said Tariq Alvi, founder and president of XentIT
Symantec to Introduce Integrated Partner Program
DAVID HOOD, CYBER RESILIENCE EXPERT AT MIMECAST IS YOUR ORGANIZATION ‘EMAIL’ AVAILABLE? ASKS MIMECAST
Arthur Dell, Director, Technology Services, MEA, Citrix said,”The UAE’s constantly evolving cybersecurity threat landscape requires a new, more flexible IT security framework - one that extends beyond traditional fixed end-point security approaches to deliver threat detection and protection of apps and data at all stages. Citrix is committed to delivering robust solutions that are designed with data security in mind.”
possible for customers to extend our robust Blue Coat web security capabilities to their mobile workforce, protecting users and information on any device and from any location.”
Institute on IT security infrastructure found that 40% of UAE based respondents said their organization has security policies in place to ensure employees and third parties only have the appropriate access to sensitive business information. Nearly 79% of business respondents said that some of their existing security solutions are outdated and inadequate.
MARK HUGHES, CEO, BT SECURITY DELL, TECHNOLOGY
ARTHUR
And the Symantec Cloud Service makes it
SECURITY TECH NOLOGY OUTDATED AND INADEQUATE TO HANDLE TODAY’S THREATS
BT INTEGRATES
SYMANTEC’S LATESTTECHNOLOGYFAISALALBANNAI,FOUNDER AND CHIEF EXECUTIVE OFFICER, DARKMATTER
BT has integrated Symantec’s latest technology into BT’s portfolio of managed security services. With this new agreement, BT customers will benefit from enhanced visibility of incoming internet traffic and from simplified administration of network security and hybrid cloud infrastructure.Symantec SSL Visibility Appliance enables organisations to cost-effectively eliminate blind spots that come with the lack of insight into encrypted data traffic onSymantecnetworks.Cloud Service provides global coverage and ensures always-on security for user devices against malware, viruses and advanced threats.Mike Fey, president and Chief Operating Officer, Symantec, said: “Expanding Symantec’s capabilities within BT’s portfolio will provide BT customers a comprehensive service that is needed in today’s cyber security environment. By providing dedicated SSL visibility we can combat security threats hidden in encrypted traffic so that customers can focus on critical business priorities.
DarkMatter used its presence at this global event to showcase its latest offerings and expertise in the areas of Big Data & Analytics, blockchain, and Secure Communications. The firm will also present its proprietary Cyber Security Resilience Platform.Thiswas the second consecutive year that DarkMatter participated at this event, and the firm communicated milestones it has achieved since its participation in 2016.
Additional emerging system vulnerabilities are expected before devices become more secure.”
10 MARCH 2017
TCommenting on DarkMatter’s motivation behind taking part in RSA Conference USA, Faisal Al Bannai, Founder and Chief Executive Officer said, “Cyber threats are becoming increasingly sophisticated and the ever-quickening march towards digitisation only broadens the risk surface. At DarkMatter we believe it is important to form collaborations and share innovations, with the aim of creating environments that are secured end-to-end.”
DIRECTOR,
“If anything, our analysis of Q4 2016 proves the old axiom ‘expect the unexpected’ to be true for the world of web security,” continued McKeay. “For example, perhaps the attackers in control of Spike felt challenged by Mirai and wanted to be more competitive. If that’s the case, the industry should be prepared to see other botnet operators testing the limits of their attack engines, generating ever larger attacks.”
Mark Hughes, CEO, BT Security, said: “ Our agreement with Symantec helps address this issue and is a new step in providing a full, comprehensive package that equips Chief Information Security Officers with the administrative tools needed to monitor their networks.”
SERVICES, MIDDLE EAST AND AFRICA, CITRIX AKAMAI RELEASES FOURTH QUARTER 2016SECURITY REPORT DARKMATTER GEARS-UP FOR RSA CONFERENCE USA
“As we saw with the Mirai botnet attacks during the third quarter, unsecured Internet of Things (IoT) devices continued to drive significant DDoS attack traffic,” said Martin McKeay, senior security advocate and senior editor, State of the Internet/Security Report. “With the predicted exponential proliferation of these devices, threat agents will have an expanding pool of resources to carry out attacks, validating the need for companies to increase their security investments.
OF UNWAVERINGÊCOMMITMENT TO TRAILBLAZINGÊÊVALUEÊSERVICESÊINÊITÊDISTRIBUTION Thank you for being part of our journey! YEARS AUTHORIZED VALUE ADDED DISTRIBUTOR StorIT Distribution fzco P.O.Box 17417 Dubai, United Arab Emirates Tel: +971 4 881 9690 | Fax: +971 4 887 1637 Email: info@storit.ae Riyadh, Saudi Arabia Tel: +966.1.276.8014 | Email: www.storit.aeksa@storit.ae 1 5 Y E A R S OF EX C E L L E N C E
Tell us about your recent acquisition of Invincea? How will it engance your security portfolio? Sophos is committed to be the best in the world at delivering complete IT security and is driven to build or buy the very best technology. After extensive research, Sophos found the technology from Invincea to be the best fit to strengthen our portfolio from both a technology and a business standpoint.
The developers at Invincea built the software on the same principles Sophos has for making advanced security simple to use. In addition, Invincea have developed the same GTM model as Sophos, exclusively selling through registered channel partners.Invincea technology will be integrated into our Sophos Endpoints products which leverages Synchronized Security. How is Sophos Intercept X a security game changer for the modern enterprises? Sophos Intercept X addresses the current threat landscape
In an exclusive interview with Harish Chib, VP MEA of Sophos,
MY OPINION 12 MARCH 2017
CHANGING THE GAME OF SECURITY
he talks about Sophos’ unique capabilities in making advanced security simple to use and how the acquisition of Invincea is strengethening their position from a technology and business side.
HARISH CHIB, VICE PRESIDENT, MIDDLE EAST & AFRICA
The threat landscape continues to change on a daily basis – volumes are predicted to rise by every vendor and commentator out there .Threats today have two major vectors for attack – and they are often used together:
What are the emerging security requirements that you see in the security market and how are you geared-up for the same? When we review today’s threat environment, we see four basic intents for cyberattack: nation or state-sponsored disruption, industrial espionage, hacktivism and commercial gain. The first three usually target large organisations or high-profile individuals and get the most attention in the media, but the motivator for the majority of cybercrime is financial gain. The biggest threat today comes from groups of professional, highly organised commercialCybersecuritycybercriminals.remainsvery high on the agenda for IT departments and, now more than ever, for management teams and boards at organisations of every size. Providing a truly effective, affordable, and manageable solution to protect organisa tions against cybercrime is a massive and growing need and opportunity. At Sophos, we focus on this opportunity through our mission to be the best in the world at deliver ing complete IT security.Our strategy to synchronize multiple and previously disparate security disciplines, to deliver complete security made simple, to leverage the cloud to both manage and deliver our security solutions, we believe is highly differentiated and compelling.
1. User-focused malware a. Social engineering is the primary method used to trick users into opening email, clicking an attachment or visiting a URL b. Malware on removable media such as USBs 2. Vulnerability exploits a Cybercriminals look for weaknesses in software to send threats into the network b. Unfortunately, vulnerabilities in software are not going away, and companies still struggle to keep up with patching Sophos Intercept X uses advanced anti-malware and antiexploit techniques together to protect against these two vectors of attack. With thousands of vulnerabilities and exploits out there, Sophos is taking a new approach. Instead of trying to recognize attacks by individually approaching each variant, Sophos Intercept X looks for the most common 20-30 types of attack behavior and immediately stops it.Sophos Intercept X is an affordable anti-ransomware, anti-exploit solution with the added value of root cause analysis. What were your recent customer wins in the region? We have secured organizations of varied form and size and have security solutions for all kinds of security needs and challenges. ë
The 3-2-1 rule states to have three different copies of your media, on two different media, one of which is off-site. This is great because it can address nearly any failure scenario and doesn’t require any specific technology. In the ransomware era, it’s a good idea to add another “1” to the rule where one of the media is offline. The offline storage options listed above highlighted a number of options where you can implement an offline or semi-offline copy of the data. You may not need to completely reconfigure an installation to implement an offline element. However, consider these options as additional steps to existing designs.
4. Take storage snapshots on backup storage if possible Storage snapshots were mentioned above as what I call a “semioffline” technique for primary storage, but if the storage device holding backups supports this capability it may be worth leveraging to prevent ransomware attacks.
One of the best defenses against propagation of ransomware encryption to the backup storage is to have offline storage.
7. Let the Backup Copy do the work for you
2. Have offline storage as part of the Availability strategy
If one thing has the attention of IT decision makers worldwide, it is the risk of ransomware. We frequently see headlines on outages caused by ransomware and the reality is that this is a big problem for organizations of all shapes and sizes.
There many ways to prevent ransomware from encrypting your backups as well and hopefully one or more of these tips listed above can be leveraged in your environment. ë
Backup Copy is a great mechanism to have restore points created on different storage and with different retention rules than the regular backup job. When the previous points above are incorporated, the backup copy job can be a valuable mechanism in a ransomware situation because there are different restore points in use with Backup Copy.
MY VIEWS 13MARCH 2017 RANSOMWARE BY THE NUMBERS AND PRACTICAL TIPS TO PREVENT ATTACKS ON BACKUP STORAGE RICK VANOVER, DIRECTOR OF TECHNICAL PRODUCT MARKETING AT VEEAM SOFTWARE
One important part of being resilient to ransomware is being able to recover from backups. That’s the Availability you want when things don’t go as planned, should ransomware become an issue in your data center. Here are a number of tips I’ve prepared to incorporate into your designs for backup storage:
3. Leverage different file systems for backup storage Having different protocols involved can be another way to prevent ransomware propagation. Put some backups on storage that uses different authentication. The best examples here are backups of critical things like a domain controller. In the unlikely event that a domain controller would need to be fully restored, there can be an issue if the storage containing the backups is an Active Directory authenticated storage resource.
6. Have visibility into suspicious behaviour
Design for resiliency and plan for vigilance
1. Use different credentials for backup storage This is a generic best practice and in the ransomware era it’s more important than ever. The username context that is used to access the backup storage should be very closely kept and used exclusively for that purpose. Additionally, other security contexts shouldn’t be able to access the backup storage other than the account(s) needed for the actual backup operations. Whatever you do, please don’t use DOMAIN\ Administrator for everything!
5. Start using the 3-2-1-1 Rule
One of the biggest fears of ransomware is that it may propagate to other systems. Having visibility into potential ransomware activity is a big deal. It is good to have an availability solutions that provides a pre-defined ‘Ransomware activity alarm’that will trigger if there are a lot of writes on disk and high CPU utilization.
14 MARCH 2017
SECURITY IN THE CLOUD Tony Zabaneh, Senior Systems Engineer –Channel, Fortinet says, “As Fortinet, our security portfolio is on a constant growth and development trajectory, probably the most notable or major developments were adding FortiSIEM to our solutions to complete the security cycle, and introducing our Security Fabric, which is the deep and tight integration between the network security components.” Furthermore, multiple Cloud services and offerings are nowadays sharing the same infrastructure, networks, storage, bandwidth, and many resources.
n BY: ANUSHREE DIXIT <ANUSHREE@GECMEDIAGROUP.COM> n PHOTO: SHUTTERSTOCK ‘LEAK-PROOF’ TOWARDS CLOUDS COVERSTORY
The growing trends of BYOD and CYOD are expected to boost the global cloud security market. The significant utilization or adoption of the cloud-based service computing in the various sectors such as healthcare, BFSI, IT and telecommunication, and others help fuel the growth of the global market. Additionally, the rising threats related to the cyber world increase the dependency on the cloud-based services which in turn attributes the growth of the global market.
“This meant that if a cyber threat is targeted against one cloud service;
As the region grows Opex-savvy, Cloud security market is gaining importance for reasons more than one. The proliferation of IoT, increased cyber attacks, BYOD and data exchange are just fuelling the fire; and before we blink and open our eyes, the global cloud security market is expected to reach USD 13.93 billion by 2024.
The Cloud Security market for year 2016 waswithestimatedatotalof$3.65billion The 2022fromhikeexpectedinSecurityEastMiddleCybermarket,general,istoby22.5%2016toGemalto’s H1 2016 Breach Level Index has found that data breaches in the Middle East increased by 50% in the first six months of 2016Cloudhikesmarket,securityontheotherhand,isaforecastof$20.20billionby2022.According to research by $marketglobalsandMarkets,MarketthecloudsecurityisexpectedtobeworthUS$8.71billionby2019 3.65 bn $ 8.71bn $ 20.20bn 50% 22.5% 22% DEEPAK NARAIN, REGIONAL PRESALES MANAGER –MENA, VMWARE “VMware NSX software-defined networking platform, which provides the foundation for agile cyber-security policies in virtualized and cloud environments, is on a USD 1 billion run-rate for FY2018.” 15MARCH 2017
Today security is extended to be part of the services, applications, architecture, network, storage, access controls, and every aspect that touches the Cloud,” says Mohammad Jamal Tabbara Senior Systems Engineer – UAE at Infoblox
HANI NOFAL, VICE PRESIDENT, NETWORKING, SECURITY AND MOBILITY AT GBM
“This is an area where Palo Alto Networks can add great value for its customers and partners.”
CLOUD SECURITY LATEST BUZZ Gemalto’s 2016 Global Cloud Data Security Study
“CCSK certification by CSA has now been acquired by ISC2 and is renamed as CCSP, which means that even big certification companies feel the need to educate more professionals on cloud security. Breaches are continuously observed in both cloud and non cloud environment,” says Hani Nofal, Vice president, Networking, Security and Mobility at GBM Saeed Agha, GM Middle East at Palo Alto says that, As cloud presence and the offerings available increase in the region, the consistency of security policies and data security capability will be more critical for cloud operators and cloud users alike.
“Our approach to providing security solutions to our clients is an end to end approach, which means that GBM has the reach to multiple partners and the ability to understand the technology to help our clients in achieving the highest level of security.” it will most likely impact another untargeted victims.Cloud driven services are now threatened by unprecedented evolving cyber threats, which have to be tied with unprecedented security to provide threat mitigation and containment.
For GBM, Cloud security seems to be gaining more popularity across the world and hence security has also become a prime concern.
current security best practices are not enough to stop lateral movement inside the data center in the event of a breach Storing data in the cloud without properly considering security is the same as locking your front door but leaving the garage open. Your network may be secure, but it means nothing if the cloud isn’t equally secured as well.
“Fortinet is the only network security solution vendor with an end-to-end portfolio designed to work together as an integrated and collaborative Security Fabric.”
SECURITY TIPS FOR THE CIO
Making Cloud access with consistent security policies for employees and contracts a requirement.
With cyber-attacks exist, CIOs should implement effective interventionsgovernancecompliance,andrisk CIOs can create a network micro segment that is a bespoke perimeter for the application, where a much more granular set of policies can be applied.
SEBASTIEN PAVIE, REGIONAL DIRECTOR, MEA, IDENTITY AND DATA PROTECTION, GEMALTO TONY ZABANEH, SENIOR SYSTEMS ENGINEER –CHANNEL, FORTINET
The biggest value of cloud security strategy and tools is the capability of integration with the rest of network.the CIOs should be aware of any laws and regulations that may apply to them and their data when opting for the cloud model.
16 MARCH 2017
“It is no longer an option to secure one part of the ecosystem – security is required throughout the entire data lifecycle, from the cloud and core of the enterprise to the edge of the network.”
Security policy must be based on context such that policy does not have to change the underlying mapping to what is happening from a dynamic, automated nature
Consider third party controls from service providers in their clouds security plans, especially in terms of compliance and data sovereignty, along with end-point security.
Cloud security currently is in the middle of two major changes: one is securing the exponentially growth of endpoints of connected devices in the Internet of Things era, vital for securing critical national infrastructure, and the other is defining cloud security policies rather than policies for private clouds on data centers. ë
SAEED AGHA, GENERAL MANAGER - MIDDLE EAST AT PALO ALTO NETWORKS
has found that while 73% of IT professionals say cloud computing applications and platform solutions are important to business operations today, only 43% say their organisations have clearly defined roles and accountability for safeguarding confidential or sensitive information in the cloud.
According to Infoblox, in Private Cloud model, Cyber-Security Ecosystem integration within the Cloud was a highly desired aspect in 2016, and it will continuo to do so. SDN Security is as well a very trendy topic that attracted CIOs and CISOs adopting the SDN technologies. “Yet tying all the diverse Cloud Security solutions together and deriving security intelligence out of the integrations and analysis would be the ultimate goal in 2017,” says Jamal. And so, a key point in our view on security is the ability to detect an attack at one stage, and then automatically reprogram the security infrastructure to be able to prevent that attack at a later stage. That requires consistent security capabilities in all stages, in all occasions where that attack may spread.
17MARCH 2017
RAJIV PRASAD, CIO AT SÀVANT DATA SYSTEM
“Last year has also seen a marked increase in the storage of customer information in cloud environments from 53% of respondents to the Gemaltostudy in 2014, to 62% in 2016.,” says SebastienPavie, Regional Director, MEA, Identity and Data Protection, Gemalto.
“As cloud presence and the offerings available increase in the region, the consistency of security policies and data security capability will be more critical for cloud operators and cloud users alike.”
MOHAMMAD JAMAL TABBARA, SENIOR SYSTEMS ENGINEER – UAE AT INFOBLOX significantCloud“InfobloxActiveTrustprovidesasecurityfor the Oxygen of the Internet –i.e the DNS.”
“We also employ stringent security audit performed by the internal security team and third party integrators to raise the level of confidence for our partners to embrace cloud platforms and solutions.”
Utilising smartphones are a very straightforward solution that solves three of the top concerns of employees looking for updated access control.
FLEXIBILITY
JAROSLAV BARTON, PRODUCT MARKETING DIRECTOR, PHYSICAL ACCESS CONTROL SOLUTIONS, EMEAWITH HID GLOBAL with 32% requesting multiple levels of access depending on authority required. This added security element is clearly an important function, and one that can be easily designated with more modern technologies. Having mobile credentials that allows for multiple access levels, for instance, saves the users from having multiple access control devices that could lead to confusion or possibly misplacement. The survey also noted that 29% of respondents would like future-proof technology. This can easily be provided through mobile access solutions which grant users modern techniques for access control, but also a single credential for multiple access devices.
A new access control solution must be flexible so users don’t just see it as an ‘expensive way of opening doors’. Open Supervised Device Protocol (0SDP) for secure communication between field devices in a physical access control system has gained increased importance allowing for standardization, more flexibility and freedom of choice for security managers.
18 MARCH 2017
The use of older, legacy access control systems exposes an organisation, a building, a server room, a computer to the possibility of unauthorised access and the consequences of this. But why should users upgrade?
UPGRADE
ARTICLEGUEST
When is it ever a good time to upgrade your access control solution? Many organisations follow the policy of ‘if it isn’t broken, don’t fix it’ but this can be a risky situation in a world where technology and threats are changing so rapidly.
DATA PRIVACY In The Access Control Report 2016: Legacy Infrastructure and Motivations for Upgrading, 44% of respondents stated they were planning on upgrading their access control solution. This is a strong indicator that end-users are acknowledging that the risk to organisationsis evolving, and the need to protect their physical assets and consequently data assets is important. It would take a security breach that exposed a flaw in the current system for 92% of respondents to consider changing their current access control system, but not beforehand. In the report, 75% of respondents have third-party members on site on a regular basis. Integrated visitor management solutions in modern access control systems significantly improve the distribution and use of temporary credentials but also safeguard various parts of the site to unwarranted access. Access control solutions, such as mobile access, make it easier for facilities and securities managers to track who is accessing what parts of the site to ensure nobody is in an area they shouldn’t be.
One of the largest stumbling blocks to updating an enterprise’s access control system is the perceived disruption that the upgrade will cause.
The use of older, legacy access control systems exposes an organisation, a building, a server room, a computer to the possibility of unauthorised access and the consequences of this. But why should users upgrade?
When is it ever a good time to upgrade your access control solution? Many organisations follow the policy of ‘if it isn’t broken, don’t fix it’ but this can be a risky situation in a world where technology and threats are changing so rapidly.
Flexibility also supports multiple applications for managing not only physical access but also logical access applications, like computers and software logins. Additional access control systems, such as secure print management, require an associated card issued to users. This represents a prime opportunity for organisations to consolidate to a single access control device, such as a contactless wearable or smartphone that combines access control with other functions. ë
USER CONVENIENCE . The report noted that 48% of respondents would like an easy-to-use access control system, IS IT TIME TO YOUR ACCESS CONTROL SYSTEM?
69% of respondents in the report believe that upgrading to a new access control system would be disruptive to their daily business, while 55% cite cost as the biggest misgiving about upgrading. Despite the perceived disruption, many sites can be retrofitted using existing access control hardware behind the scenes, with minimal replacements needed to upgrade technologies. Not having to start from scratch also helps to significantly lower the costs, making it a more cost efficient venture with minimal disruption.
Sophos Intercept X is a next-generation endpoint detectionand response platform designed to stop ransomware, zero-day exploits, and provide detailed threat intelligence. Stop ransomware before it can take hostages Block zero-day attacks with signatureless anti-exploit technology Get easy to understand threat insight and root cause analysis
• Stop ransomware before it can take hostages
• Get easy to understand threat insight and root cause analysis
INTERCEPT
A completely new approach to endpoint security.
•
Automate remediation and malware removal Learn more and try for free at www.sophos.com/intercept-x
•
Sophos Intercept X is a next-generation endpoint detection and response platform designed to stop ransomware, zero-day exploits, and provide detailed threat intelligence.
• Block zero-day attacks with signatureless anti-exploit technology
•
Automate remediation and malware removal Learn more and try for free at www.sophos.com/intercept-x
•
·
Source: Pinterest attracted more attackers in the recent years. The intrinsic risk of social media can be bad for enterprises. The threats include account impersonations, leakage of sensitive business information, scams and frauds. Employees who bring their own devices are considered the biggest risks to enterprise security. As BYOD boomed, scammers have targeted mobile phones to hack data. A good back-up plan is nothing short of essential for any business, BYOD-based or not. But BYOD does have its own challenges. There are concerns, particularly when it comes to mobile devices. They have sporadic internet connections, which means that they can only be
Over the years, we have seen that the usage of social media websites has increased to amazing levels. It helps users to communicate with family, friends and social groups. However, it is also important to keep an eye on the security risks. Social media has become a part of our life. It can be web based or mobile technologies which can turn the communication into interactive dialogue.
20 MARCH
AND
WHO IS AT RISK? With millions of users, the social media has BE SAFE n BY: DIVSHA BHAT <DIVSHA@GECMEDIAGROUP.COM>
MEDIA
SOCIAL2017 SECURITY RISKS
In today’s world, it is impossible to navigate the web without crossing virus or a threat. Sharing information like photos, text messages, videos, latest news, assignments, online surveys has become an everyday practice. While we all enjoy, this sharing of information, the internet also poses a great risk of security. Social media has become prime cause for scammers to target individuals. The worldwide workforce is changing. There are 3 billion Internet users and 2 billion of them have active social media accounts. Companies are adopting of social media for market research, to gather customer feedback, reduce the time spent in unnecessary in person meetings, to make product offers, to even strengthen employee productivity and spark collaboration among them. Social media websites such as Facebook, Twitter, LinkedIn are increasingly being used by enterprises to engage with customers. For enterprises, there are risks of using social media ranging from damaging the name of the company to leaking of sensitive information. According to McAfee, more users experience crimes on social media than any other platform. In fact, social media phishing scams cause $1.2 billion per year in damages and 40% of users report clicking malicious links.
n SHUTTERSTOCK
PHOTO:
YOU ARE BEING WATCHED!
MARCH 2016
backed up regular intervals.So, when adopting the BYOD practice, it is important for the enterprises to update their social media Accordingpolicies.toGartner, by 2018, twice as many employees owned devices will be used for work than enterprise owned devices. But this also increases the risk of a breach at an enterprise.
n Make backups of important files and folders.
n Change passwords regularly.
n Install and use Antivirus.
FINALLY Social media opens a world of opportunity to connect with people. The risks involved in deploying security of social media is very poor. Many of the social media users have lack of technical transformation and yield the privacy concerns to their own content. Enforcing a well defines social media policies like awareness of changing password often or having strong password or using antivirus would secure the social media websites. The more social media websites people are connected to, the broader the risk. That doesn’t mean social networking should be limited. It means people should just be alert. Better safe than sorry! ë
n Minimize the use of personal information on profile.
n Use caution while clicking links.
BEST PRACTICES
n Consider unique user names and strong passwords for each profile.
n Never give out username and password to third parties.
WAYS TO BE SAFE
Scammers use a wide range of techniques to trick individuals into giving personal information. Websites such as Facebook, LinkedIn, Twitter are full of phishing attempts which range from fake accounts to spams. It is good to understand that there are people online who take advantage if opportunity given. Once something is posted online on a social media website, it can spread rapidly. So, be aware of what you post online. Within the enterprises, it is important to proactively educate employ ees of the security threat. Employees may accidently share information regarding their company, projects, products on direct messages such as LinkedIn or Facebook which may benefit the hackers. Employees are less likely to bypass restrictions if they understand the logic behind them.All the employees must be give security awareness and usage policy of social networking which include best practices, guidelines and procedures. They need to be made aware that although a content can be easily posted, it is impossible to delete it completely. In depth training, should be given to all the employees including the executives.
22 MARCH 2017
Faster transactions: Blockchain transactions can be processed in near real-time around the clock
In the UAE specifically, several initiatives have been launched though are still in the proof-of-concept stage. In fact, Dubai has announced plans to use blockchain for all government documents by 2020 and several departments have announced that they would explore the technology in reas including healthcare, wills and diamond transactions.
LEVERAGINGBLOCKCHAIN
BLOCKCHAIN WITH REGIONAL EXPERTISE
Enhanced Security and Privacy: parties are able to make an exchange without the oversight or intermediation of a third party, strongly reducing counterparty risk
23MARCH 2017
Durability and Reliability: due to decentralized networks, Blockchain does not have a central point of failure and is better able to withstand malicious attacks
How are you contributing to this space?
LUTFI ZAKHOUR, SENIOR VP, HAMILTONSERVICESATFINANCIALBOOZALLEN
Booz Allen Hamilton is leveraging its expertise across different industries in order to support Blockchain adoption in the financial services industry. We have supported the integration of Blockchain and distributed ledger technology in a leading global stock exchange, as well as utilized Blockchain technology to improve liquidity and reduce the occurrence of real estate transactions using fraudulent deeds. Furthermore, we have supported several industries internationally such as disaster relief organizations where we have created a Blockchain-based system in order to allow these organizations to efficiently and effectively monitor the distribution status of supplies in real time with guaranteed accuracy and security in emergency situations.
How has Blockchain redefined the financial landscape and what ease has it brought to thebusiness processes? Blockchain has offered support on a wide range of use cases for financial institutions, including trade finance, remittances, syndicated loans, loyalty programs and KYC registries, to name a few. In the financial sector specifically, several banks have managed to develop Blockchain-based platforms in order to help optimize internal processes, gain access to digital records, reduce manual processes, increase the speed to process transactions and reduce overall risk and fraud due to traceability and transparency of all Specifically,transactions.the benefits which Blockchain technology can offer both financial institutions as well as usersCostinclude:efficiency: financial institutions can benefit from reduced costs and fees due to the lack of required intermediary and associated overhead costs
How is blockchain empowering the ‘Knowledge based economy’? The knowledge economy focuses largely on the technology and human capital sector. Blockchainspecifically is playing a big role in advancing and empowering the knowledge based economy. Through technology advancements, data mining and overall connectivity, Blockchain is pushing the economy to further advance itself and become more inclusive. With authenticated digital information available for all parties across different sectors, entities can now use available knowledge to extend their offerings not only to the select few. The technology has indeed enabled people to digitize and monetize their information, connected several parties across different industries and opened up the opportunity for further advancements. ë
Ensured transparency: Changes to public Blockchains are publicly viewable by all parties, which ensure that all transactions are immutable
How has the effectiveness of the Blockchain solutions been in the UAE so far and howwell received was this?
BOOZ ALLEN HAMILTON GIVE THEIR VIEWS ON HOW BLOCKCHAIN IS CHANGING THE REGIONAL LANDSCAPE AND WHAT IMPORTANT ROLE THEY ARE PLAYING IN LEVERAGING THIS NEW GAME IN FINANCE.
DARKMATTER
Tell us about the much talked about Blockchain technology?
How has Blockchain redefined the financial landscape and what ease has it brought to the business processes? For enterprise, commercial and financial entities, blockchain allows them to trust that transactions will be executed exactly as the protocol commands removing the need for a trusted thirdparty. By eliminating third-party intermediaries and overhead costs for exchanging assets or finan cial instruments, blockchains have the potential to greatly reduce transaction fees.
How are you contributing to this space?
Blockchain is basically a decentralised, distributed database that maintains a continuouslyupdated list of records that are secured against unauthorised tampering and revisions. The technology can be used in Internet of Everything (IoE) environments to reliably track the billions of networked devices, enable the secure processing of transactions, aid coordination between devices, while allowing for significant savings to IoE device manufacturers/vendors.
DR. NAJWA AARAJ, SENIOR VICE PRESIDENT – SPECIAL AT
24 MARCH 2017 BLOCKCHAIN CARVING A RELIABLE BLOCKCHAIN ARCHITECTURE
DR. NAJWA AARAJ SHARES HER EXPERTISE ON HOW DARKMATTER IS SET TO REALIZE THE VISIONS OF BLOCKCHAIN WITH THEIR UNIQUE AND CUTTING EDGE SECURITY SOLUTIONS.
Last year we saw Dubai Government announcing it is looking to become paperless by shifting all transactions to blockchain by 2020. We have also seen institutions such as Emirates NBD bank announce trials of blockchain technology and these kinds of developments are giving real impetus for the technology’s uptake in the country, across sectors.
Ultimately, blockchain technology facilitates immutable, distributed logging of events. In the finance industry, those events are transactions. Any sector that needs distributed, immutable logging will benefit. It is the intention of DarkMatter to discuss with customers their needs and then apply our solutions to their problems. There are at least three ways that DarkMatter intends to be of service, namely, by: (1) availability of a software development kit (SDK) that fulfils the main requirements of clients’ use cases where blockchain offers an advantage, (2) customisation beyond the SDK, especially where multiple clients would thus benefit, and (3) evaluation of blockchain solutions already in use by or being considered for use by clients. DarkMatter is assessing the blockchain ecosystem for suitable, customer-centric technology. Our focus is on addressing real problems by innovating solutions that streamline account reconciliation, provide error detection, enable privacy preservation, handle non-repudiation, lower OSS and BSS maintenance costs, and that are traffic-analysis resistant, managing risk through an appropriately layered auditability framework.
How is blockchain empowering the ‘Knowledge based economy’? Through developments such as the Dubai Blockchain Strategy the emirate is looking to achieve a high degree of efficiency in government departments, based on three themes — efficiency, creating new specialised sectors, and achieving global knowledge development and leadership. ë
How has the effectiveness of the Blockchain solutions been in the UAE so far and how well received was this?
PROJECTS
AWARDS 2017 RECOGNIZING EXCELLENCE CATALYSTSFORMOREVISIT gecopen.com CONTACT anushree@gecmediagroup.com,ronak@gecmediagroup.com OFFICIAL MEDIA PARTNERBROUGHT BY FOLLOW US: Gec Open GECOpen Enterprise Channels MEA www.gecopen.com 14 MARCH, 2017 THE BURJ AL ARAB HOTEL, DUBAI, UAE
A botnet, a bot network also referred to as a zombie army, is an interconnected network of computers that are controlled by cybercriminals. Without the user’s knowledge, these internet-connected devices which are used by a botnet owner are used to perform various cybercrime such as Distributed Denial of Service Attack, steal data, send spam emails, transmit viruses,authorize the attackeraccess to the device and its connection. The owner, in turn, can govern the botnet using command and control (C&C) software. Botnet, as a word is mixture of the words robot and network. Whereby, the computers which have been set up to forward the spam or viruses to other computers on the internet are known as zombie, and a computer “robot” or “bot” that assists the commands of some master spam or virus originator. According to a report by Kaspersky Labs, botnets -- not spam, viruses, or worms –are theprime threat to the Internet at the moment. How to recognize a BOTNET Slow computing/high CPU usage l IRC traffic (botnets and bot masters use IRC for communications) Connection attempts with known C&C servers Multiple machines on a network making identical DNS requests l High outgoing SMTP traffic (because of sending spam) Spikes in traffic, especially Port 6667 (used for IRC), Port 25 (used in email spamming), and Port 1080 (used by proxy servers)
Downloading operating system updates is impossible Prevention of BOTNET attacks Use a remediation tool- Install powerful antivirus software on computer to locate and remove Set software setting to update automatically Be alert while surfing the internet (don’t click, download, or open anything doubtful)
l
l
26 MARCH 2017 BOTNET
l
l
l
l
l
l
l
What is a botnet attack?
l
Outbound messages (email, social media, instant messages, etc) that weren’t sent by the user l Problems with internet access Unexpected pop-ups (because of click fraud activity)
Downloading antivirus software updates / visit vendors’ websitesis impossible
l
l
May 2011: ZeroAccess estimated to be controlling in excess of 1.9 million computers around the world, it split its focus on click fraud (a process whereby a virus generates fake clicks on advertising, yielding revenue under payper-click schemes) and bitcoin mining. Unlike other botnets, which are typically made up of computers, the Mirai botnet is largely made up of so-called “internet of things” (IoT) devices such as digital cameras and DVR players.
l 2014: The Windigo botnethaving been operating undetected for three years had infected 10,000 Linux servers – not computers – enabling it to send 35 million spam emails a day, affecting upwards of 500,000 computers. Curiously, Windigo sends out three different forms of malware depending on the operating system of the device receiving it: malware for Windows PCs, dating website ads for Mac OS X users, and pornographic content to iPhone users. The threat posed by Windigo is ongoing, although now that its been detected, sysadmins can remove it from affected computers by wiping them clean and reinstalling the OS with fresh credentials. More than 60% of all web servers use Linux servers, making the potential risk huge.
l Cutwail, the botnet controlled up to 2 million computers in 2009, sending a vast 74 billion spam emails per day – equivalent to nearly a million per minute. This made up 46.5% of the entire world’s spam volume at the time.
October 2016: Dyn, a company that controls much of the internet’s domain name system (DNS) infrastructure was hit by Mirai botnet and remained under sustained assault for most of the day, bringing down sites including Twitter, the Guardian, Netflix, Reddit, CNN and many others in Europe and the US. This Mirai botnet was likely the largest of its kind in history, experts said.
27MARCH 2017 l Hire a Web-filtering service l Switch browsers (Google Chrome) l Disable scripts: disable browsers from scripts altogether l Deploy intrusion-detection and intrusionprevention systems l Protect user-generated content l Secure router against BOTNET: Go into router’s settings to disable remote management (through Telnet), next disable Universal Plugand-Play (UPnP), buy a new faster router l change the default password on as many IoT devices as possible, especially cameras BOTNET attacks in the news l
KAMELHEUS, REGIONAL MANAGER - MEA, CENTRIFY Kamel Heus, Regional Manager - MEA, Centrify says that Centrify is on a mission to be a part of regional organisations’ journey to secure their data and critical assets.
MY VIEWS 28 MARCH 2017 ON A SECURITY MISSION
How has Centrify’s journey been in the Middle East so far? How has the reception been for your solutions? Organisations in the region are being more vigilant when it comes to accessing their critical assets. We see more tightening in the way people are accessing data within the company boundaries or from outside. Employees, partners and contractors are able to access data from anywhere at any time, and combined with the fact that the traditional perimeter is dissolving, more work is being done to protect the identities of people (or devices) accessing the organisation’s data. Centrify considers Identity as the new security perimeter. Centrify’s messages resonate very well in this market, and ourjourney has been very good so far. We opened ourregional office in Dubai in December 2015, which covers Centrify’s entire Middle East and Africa (MEA) and Indian subcontinent operations. Prior to this, Centrify was managing the region remotely for a couple of years. Since the MEA is one of our fastest growing regions, we felt it was important to have a local office in Dubai to support our growing number of customers and resellers.
Identity management or Secure identity- What kind of demand did you see in the region? Are you able to share any success story with us on that? IAM projects can be long and complex, with many different blocks to put together. We have seen people prioritizing their investment by starting with the security side first. Securing identity has the immediate effect of protecting organisations from data breaches, which can lead to a loss of reputation, IP and revenues. Most projects focus on managing and enforcing secure access for all users across all apps and infrastructure, whether on-premises or in the cloud (so-called “hybrid enterprises”). We have seen more adoption of multi-factor authentication (MFA) and least privilege model (where people have access to resources on a need to know basis). Companiesshould consider investing in a platform that offers full identity security rather than piecemeal a solution of many products that may introduce gaps or require extensive integration and redundant management tools and skillsets. We have had many success stories last year in this area throughout the region. Who are the partners that you are working with now? And what would be your 2017 go to market strategy? Centrify’s success inthe region would not have been achieved without the support of our committed channel. Starlink is our Value Added Distributor for the MEA region. Starlink’sexpertise in security, strong security focused channel, market knowledge, and technical and sales skills,has played a key role in our growth so far. We strongly believe in long-term relationships and extended our full support and commitment to our channel partners so that they can add greater value to their customers. We also look forward to enabling our channel partners by holding regular training programs and workshops and supporting their sales efforts. ë
INFRASTRUCTURE MANAGEDSERVICES APPLICATIONSMROFNIATIONUCESRITY ISYX Technologies, 18th Floor, Marina Plaza, Dubai Marina, Dubai, UAE T +971 4 452 8885 F +971 4 452 8886 E info@isyxtech.com W www.isyxtech.com MIDDLE EAST | AFRICA | UK | INDIA
KEY DIFFERENTIATORS OF THE GBM SECURITY OFFERINGS ARE andSecurityAssessmentConsultingPortfolioofServicesdeliveredviaadedicatedandhighlyexperiencedprofessionalsbasedinlocation. CertificationsHolisticofferingstomeetorganizationspainareasandbusinesschallenges.includeCISA,CISM,CISSP,CRISK,CEH,ISO27001LA,CCIE,andSecurityProductsCertifications.Integratedsolutionswithdifferentpartners,tooffercustomersROIandcohesiveProtection.
1 Build awareness of the risks involved within management as well as users across the organization.
5 Invest in technologies, tools, and skills which will ensure you have the capability topredict, prevent, detect, and respond.
30 MARCH 2017
2 Appoint an owner for security and governance within the organization.
outsourcingoperationsmaintainedallsecurityhavein-houseandhavelowconfidenceontheirsecurityoperations. 40% of organizations admitted that they do not have a dedicated function for governance, risk complianceand 71% securitytionsoforganizaplannedorinvestedsimilarorlesserinin2016.
The most common threats today are perceived from external sources, i.e. zero daymalware, advanced persistent threats, phishing, ransom-ware, etc. Most organizations realize that security is a board room discussion, however, there existhugein consi stenciesin how they respond to the challenges posed by cyber threats.Lack of coordination between organizations and undermining the risks in volved with an ostrich mentality can proveto be disastrous. A key as pectdiscussedin there port, and one of the questions askedin our poll, is:“Can cyberattack scan be prevented?” thatdonotbelieverespondentsoftheirorganizationiscapableofpredictingorpreventingcyberattacks.
As sophisticated threats engulf the regional security landscape, GBM takes this opportunity to wear the advisory hat and lay out a detailed perception of the security threats and its preventive measures. Excerpts from the GBM Security report.
INSIGHTSSECURITYGBM 49%
50% Do Not conduct a third party assess ment or existingsystems.review
Around70% ofor ganizations
3 Build security into the design of the infrastructure and applications from the initialstages and not as an after 4thought.Theneed of the hour is to investinse curity technology or services, which can integrate and collaborate to give you maximum visibility and intelligence. This will ensurey ou are aware of the threats before the damage is done. It is preferable to be proactive than reactive.
49% 40% 50% 71% 70%
#1 in everything now in one place.
