The Path To Proactive Threat Detection

Page 1

SPECIAL SUPPLEMENT BY

VO LU M E 0 5 | I S S U E 6 | N OV E M B E R 2 0 2 3

SUHA ABDULAZIZ LORRY

Chief, Information Systems Security & Quality Assurance Ministry of Works, Kingdom of Bahrain

THE PATH

TO PROACTIVE THREAT DETECTION Revolutionizing information security: the power of AI in proactive threat detection and risk management


IN ASSOCIATION WITH

BROUGHT TO YOU BY

CH ANNE L PARTNE R CON CL AVE & AWARDS 2023

2 9 N OVEMBER 2 023 H YAT T REGEN CY D U BAI C RE E K H EIGHTS, UAE POSSIBILITIES THROUGH OPPORTUNITIES

# C P CAWO R L D

C P CAWO R L D. C O M

Info@gecmediagroup.com

+ 971 4564 8684


PUBLISHER TUSHAR SAHOO TUSHAR@GECMEDIAGROUP.COM

EDITORIAL

CO-FOUNDER & CEO RONAK SAMANTARAY RONAK@GECMEDIAGROUP.COM GLOBAL HEAD, CONTENT AND STRATEGIC ALLIANCES ANUSHREE DIXIT ANUSHREE@GECMEDIAGROUP.COM

Fortifying Digital Defences: CISOs on the Frontlines

W

elcome to the November edition of Cyber Sentinels magazine, where we delve into the minds of 15 Chief Information Security Officers (CISOs) and security leaders who share their insights on the challenges faced by security officers in large and medium enterprises. In a world where digital threats are constantly evolving, these leaders provide valuable perspectives on navigating the complex cybersecurity landscape. Our featured CISOs shed light on the typical challenges they encounter in safeguarding their organizations. From emerging cyber threats to managing the intricacies of security in large enterprises, these leaders share their experiences, strategies, and lessons learned in securing the digital fortresses of today's businesses. In addition to cybersecurity, our focus extends to the environmental sustainability strategies adopted by these organizations. Explore how each company aligns its ANUSHREE DIXIT anushree@gecmediagroup.com sustainability initiatives with broader business objectives, showcasing a commitment to responsible corporate citizenship. Discover how these security leaders leverage artificial intelligence and machine learning to enhance threat detection and incident response. Mark your calendars for the Channel Partners Conclave Awards set to take place in KSA on November 13 and in the UAE on November 29. These gathering promises to be a hub for networking, knowledge sharing, and recognizing excellence in the industry. Looking ahead to 2024, we have an exciting lineup of events, starting with the Future IT Summit. This will be followed by the Security Symposium, BTX, and The World CIO 200 Summit, among other notable events. As we march into the future, these conferences will serve as beacons of innovation, providing a platform for industry leaders to share insights, collaborate, and shape the future of technology. Join us on this journey as we navigate the dynamic world of cybersecurity, sustainability, and technological advancements. The future is unfolding before our eyes, and together, we're at the forefront of shaping it. Happy reading!

ASSISTANT EDITORS REHISHA PE REHISHA@GECMEDIAGROUP.COM SEHRISH TARIQ SEHRISH@GCEMEDIAGROUP.COM GROUP SALES HEAD RICHA S RICHA@GECMEDIAGROUP.COM PROJECT LEAD JENNEFER LORRAINE MENDOZA JENNEFER@GECMEDIAGROUP.COM SALES AND ADVERTISING RONAK SAMANTARAY RONAK@GECMEDIAGROUP.COM PH: + 971 555 120 490 DIGITAL TEAM IT MANAGER VIJAY BAKSHI PRODUCTION, CIRCULATION, SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM CREATIVE LEAD AJAY ARYA SENIOR DESIGNER MADAN SINGH GRAPHIC DESIGNER JITESH KUMAR SEJAL SHUKLA DESIGNED BY

SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM PRINTED BY Al Ghurair Printing & Publishing LLC. Masafi Compound, Satwa, P.O.Box: 5613, Dubai, UAE Office No #115 First Floor , G2 Building Dubai Production City Dubai United Arab Emirates Phone : +971 4 564 8684 31 FOXTAIL LAN, MONMOUTH JUNCTION, NJ - 08852 UNITED STATES OF AMERICA PHONE NO: + 1 732 794 5918 A PUBLICATION LICENSED BY International Media Production Zone, Dubai, UAE @copyright 2013 Accent Infomedia. All rights reserved. while the publishers have made every effort to ensure the accuracyof all information in this magazine, they will not be held responsible for any errors therein.


CONTENTS NOVEMBER 2023

EVENT

28-32

CISO OPINION CORNER

05

08

20

23

GRAHAM THOMSON

BASIL AL-SUWAIDAN

FAHAD ALQARNI

FAHAD M ALSHAMRAN

33

36

43

47

FAHAD NASSER ALYAMI

SUHA ABDULAZIZ LORRY

OZEL HURMUZLU

HAFIZ MUHAMMAD TAHIR ASHRAF

Irwin Mitchell

Kuwait International Bank

Saudia Dairy & Foodstuff Co (SADAFCO)

04

Ministry of Works, Kingdom of Bahrain

N OV E M B E R 2023

Saudi semi-government entity

Qatar University

Saudi Company for Artificial Intelligence

Alfalah Insurance Company Limited


CISO OPINION CORNER

CHAMPIONING CYBERSECURITY EXCELLENCE IN THE AGE OF DIGITAL TRANSFORMATION Please describe your job role? As the Chief Information Security Officer (CISO) at Irwin Mitchell, my job role is to ensure the security and protection of our organisation's information and technology systems. I lead the Information Security teams and focus on developing strategies, policies, and procedures to mitigate cyber threats and risks. I also work closely with other departments to educate and raise awareness about cybersecurity best practices. What are the most important and critical aspects of your job role? The most important and critical aspects of my job role include: • Leadership: I place a strong emphasis on leading and developing high-performing teams, fostering a culture of security awareness and responsibility throughout the organisation. • Risk management: I prioritise identifying and assessing potential risks and vulnerabilities and implementing pragmatic,

“Our aim is to enable everyone to thrive and make everything we do positively impact our future.”

GRAHAM THOMSON

Chief Information Security Officer Irwin Mitchell

N OV E M B E R 2023

05


CISO OPINION CORNER

risk commensurate measures to protect our systems and data. • Incident response: I am responsible for developing and implementing incident response plans to effectively address and mitigate any security incidents or breaches. No matter what security you put in place, incidents can still happen and you have to be well prepared. • Collaboration: the team works closely with other departments across the business to ensure a holistic approach to cybersecurity, aligning our efforts with the overall business objectives. What are the typical challenges faced by a chief security officer in large and medium enterprises? Chief Information Security Officers often face several challenges, including: • Managing complexity: as businesses grow and adopt new technologies, the complexity of managing and securing their systems and data increases. Complexity is the enemy of security. • Balancing security and usability: it can be challenging to strike a balance between implementing robust security measures and enabling the organisation to operate efficiently and effectively. Getting it right is crucial to your success. • Emerging threat landscape: cyber threats are constantly evolving, and staying ahead of the latest threats and vulnerabilities requires continuous monitoring and adaptation. • Compliance and regulatory requirements: ensuring compliance with regulations and standards adds an additional layer of complexity to the role. Security and compliance are not the same thing, but both are critical for different reasons. What are the key skills required for an ideal chief security officer in this age of digital transformation? In this age of digital transformation, an ideal Chief Information Security Officer should possess the following key skills: • Technical expertise: a deep understanding of cybersecurity principles, technologies, and best practices is essential. • Strategic thinking: the ability to align cybersecurity strategies with business objectives and anticipate future security needs. • Communication and leadership: strong communication skills are crucial for effectively communicating security requirements and

06

N OV E M B E R 2023

fostering a culture of security awareness throughout the organisation. You need to be a great storyteller. • Adaptability: the ability to adapt to rapidly changing technologies and threat landscapes is essential. • Collaboration: working collaboratively with other departments and stakeholders to ensure a holistic approach to cybersecurity. What is your organization's current environmental sustainability strategy, and how does it align with its overall business objectives? Irwin Mitchell is strongly committed to Responsible Business, which includes environmental sustainability. Our strategy focuses on doing business responsibly and our commitment to building inclusive and sustainable relationships with our colleagues, clients, and wider communities. Our aim is to enable everyone to thrive and make everything we do positively impact our future. We consulted with our colleagues to help identify the key focus areas of our Responsible Business strategy – diversity, well-being, fairness, resilience, access (to jobs and justice) and environment. All our work across our Responsible Business commitments aligns to these strategic focus areas. According to you, how does digital transformation affect the security posture of any business? Digital transformation has a significant impact on the security posture of any business. It introduces new technologies, particularly cloud computing, the Internet of Things (IoT), and mobility. These expand the attack surface and increase cyber threats and the potential for successful attacks. It is crucial for businesses to ensure that security measures are integrated into the digital transformation process from the outset. This includes implementing strong security standards, conducting project risk assessments, and educating colleagues about the potential risks and best practices for cybersecurity in their areas. How have you leveraged artificial intelligence and machine learning to improve threat detection and incident response? Predicative and analytical Artificial

Intelligence (AI) and Machine Learning (ML) algorithms have become valuable tools in improving cyber-threat detection and incident response. Many leading security products have leveraged AI and ML to automatically analyse large volumes of data, identify patterns and anomalies that may indicate a security threat, and automatically mitigate those threats. This enables security teams to work efficiently with automation in place, detecting and responding to threats more effectively. These technologies also help in automating certain security tasks, freeing up resources for other, more human security challenges. Additionally, the new generative AI tools can assist cybersecurity professionals in various aspects of their roles, including: 1. Written content creation: writing and improving emails, documents, essays, speeches, and creative articles. 2. Summarisation of long text: extracting and listing key themes, key numbers, and list actions. 3. General chatbot: answering questions on any subject in a human-like way. 4. Data and text analysis: insights on numbers, sentiment, categorisation, logical understanding, extracting data. 5. Software code generation, analysis and debugging: creating code and formulas, for example, for Excel, SQL or KQL. However, it is essential to note that while these tools are valuable time-savers, human supervision and verification remain crucial to ensure accuracy and reliability. By leveraging Generative AI, security teams can streamline workloads, allocate resources effectively, and focus on other vital security tasks. Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers? Digital transformation, including IoT, cloud, and mobility, presents both challenges and opportunities for Chief Information Security Officers. Some of the challenges include: • Increased attack surface: the adoption of new technologies expands the attack surface, making it more challenging to identify and secure all endpoints and data. • Complexity: managing security in a multicloud environment or with numerous IoT devices can be complex and requires robust security policies and auditing.


CISO OPINION CORNER

• Third-party risks: digital transformation often involves partnering with third-party vendors or utilising their services, which introduces additional risks. Organisations must carefully vet vendors to ensure they meet the required standards. • Privacy concerns: the collection and processing of large amounts of data raise privacy concerns, requiring organisations to implement strong data protection measures and to educate colleagues on how to handle data when working remotely. On the other hand, these transformations also offer opportunities for improved security, such as: • Enhanced visibility: with cloud services, organisations can gain better visibility into their networks, enabling them to automatically detect and respond to weaknesses more effectively. • Automation: the ability to automate security processes can streamline security operations and improve efficiency. • Scalability: cloud-based security solutions offer scalability, allowing organisations to adapt to changing security needs more easily. In general, looking at the present and future technology landscape, what is the upside and downside of cyber security solutions?

Cybersecurity solutions have both upsides and downsides. The upside is that they provide us with the means to protect our systems and data from cyber threats and mitigate potential risks, often now with a strong element of automation. However, there are also downsides. Cybersecurity solutions can be costly to implement and maintain, especially for small and medium-sized enterprises with limited resources. It can be hard to sort the hype from reality, impeding investment. Additionally, they may introduce complexities or need ongoing management by skilled workers to stay effective. It is crucial for organisations to carefully evaluate and select cybersecurity solutions that align with their specific needs and risk profile. At present, what are your expectations from cyber security solution vendors, channel partners, consultants? My expectations from cyber security solution vendors, channel partners, and consultants are: • Proactive approach: I expect them to stay updated on the latest cybersecurity trends, technologies, and threats, and provide solutions to mitigate real-world risks. • Collaboration/partnership: I value third parties who behave like valued partners who can work collaboratively, understand our

needs, and provide tailored solutions. • Continuous improvement: I expect vendors and consultants to continuously improve their offerings and services, seeking feedback from end users and adapting accordingly. At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants? My advice, feedback, and recommendations for cyber security solution vendors, channel partners, and consultants would be: • Focus on holistic solutions: it is important to consider the entire cybersecurity ecosystem rather than offering standalone products. Integration and interoperability with existing systems are crucial. • Stay ahead of emerging threats: invest in research and development to stay ahead of evolving cyber threats and provide innovative solutions to address them. But remember that the basic cybersecurity controls have the greatest impact on reducing cyber risk. • Provide clear and actionable guidance: communication should be clear, concise, and actionable, enabling organisations to implement security measures effectively. Avoid the fear and hype, as security professionals we’re tired of that now. ë

N OV E M B E R 2023

07


CISO OPINION CORNER

THE IMPACT OF DIGITAL TRANSFORMATION ON BUSINESS SECURITY

The security officers bear the responsibility of supervising and guaranteeing the security of their organization's data and systems. This involves the development and execution of an information security program in strong coordination with other senior executives to guarantee its effectiveness and efficiency. Please describe your job role? As a General Manager in Information Security, Privacy, and Anti-Fraud, my role encompasses a broad spectrum of responsibilities. At the core, I oversee and ensure the information security of our organisation's information assets. This means I’m responsible for developing and implementing an information security program that protects the organisation's data and systems. I work closely with other senior executives to ensure the organisation's security program is effective and efficient. Initiating various approaches

BASIL AL-SUWAIDAN

General Manager – Information Security, Privacy and Anti-Fraud Kuwait International Bank

08

N OV E M B E R 2023


CISO OPINION EXPERT CORNER BYLINE

and techniques, I have embraced defencein-depth modelling to protect and sustain the organisation’s information assets, image, and reputation during uncertain times. Additionally, I also manage the privacy of data within the organisation. I ensure relevant policies, procedures and strategies relating to the privacy of data – customer data as well as organisational data are in place. Beyond technological defences, I also play a pivotal role in anti-fraud efforts, implementing measures and strategies to protect our organisation and stakeholders from fraudulent activities – both internal and external. What are the most important and critical aspects of your job role? The cornerstone of my role lies in strategic oversight, ensuring that the organisation's security posture is aligned with its business objectives and remains agile and ready to combat evolving cyber challenges. This strategic foresight must balance the critical task of data protection, where our information assets' confidentiality, integrity, and availability stand paramount, in light of the pressing concerns of privacy management in our increasingly digital age. This also entails our relentless drive against fraudulent activities. Integral to achieving these objectives is my role in team leadership and development. Nurturing growth, fostering a learning culture, and ensuring consistent motivation amongst specialists are essential. What are the typical challenges faced by a chief security officer in large and medium enterprises? The information security threat landscape is changing rapidly, and attack techniques are becoming more sophisticated. Therefore, a Chief Security Officer (CSO) in large and medium enterprises encounters many challenges. Given the complexity of modern business environments, these challenges can be both technical and strategic. CSOs must continually update their knowledge. Despite the increasing importance of security, CSOs often battle with budget constraints, needing to prioritise certain security measures over others. Another major challenge is talent shortage and retaining skilled professionals, which has resulted in a notable talent gap in the cybersecurity field. Similarly, stakeholder communication is also a significant challenge. Translating technical risks to business impacts

and effectively communicating them to the board or other stakeholders is essential for acquiring support. What are the key skills required for an ideal chief security officer in this age of digital transformation? In the age of digital transformation, the role of a Chief Security Officer (CSO) has expanded significantly. To be effective, a CSO must possess a blend of technical, strategic, and interpersonal skills. A deep understanding of cybersecurity technologies and security strategies is paramount from a technical perspective. They should also be aware of emerging IT technologies and their associated risks. In addition, the ability to develop and implement long-term security strategies that align with the organisation’s business objectives is crucial. This includes anticipating future challenges and staying ahead of the threat landscape. Another critical skill is understanding the business operations and objectives, which allows the CSO to align security strategies with organisational goals, ensuring security does not impede business progress. What is your organization's current environmental sustainability strategy, and how does it align with its overall business objectives? KIB’s Environmental Sustainability Strategy mainly focuses on the below points, which

are embedded into our day-to-day operations internally and externally. KIB is committed to reducing its water, electricity and carbon footprint in the near future. To this effect, the Bank aims to follow recommended global metrics and standards where applicable, in addition to complying with applicable future rules and regulations. Moreover, KIB seeks to reduce its water and electricity consumption in the near future. To this end, the Bank will obtain the right tools to aid it in measuring and setting future targets that allow it to reduce its footprint across this area. Moreover, KIB is committed to recycling paper and plastic and has planned to recycle electronic waste in the near future. According to you, how does digital transformation affect the security posture of any business? Digital transformation means more opportunities for cybercriminals. Digital transformation profoundly affects businesses' security posture, introducing new opportunities and vulnerabilities. Virtually everything is connected to the internet; that means there are more places where a hacker can try to gain entry to a system. Given that digital transformation somewhat relies on agility, rapid change and complexity is a major challenge. The pace of change in digital transformation can be overwhelming. Rapidly deploying modern technologies without proper security evaluations can lead to vulnerabilities.

N OV E M B E R 2023

09


CISO OPINION CORNER

How have you leveraged artificial intelligence and machine learning to improve threat detection and incident response? Leveraging artificial intelligence is paramount in today’s information security operations. This is merely because traditional security tools may rely on signature-based detection, which can be reactive. Therefore, harnessing AI in key information security operations, such as real-time threat analysis, enables proactive threat detection by analysing network traffic in real time, and identifying patterns and anomalies that could indicate a potential security incident. Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers? Digital transformation, encompassing technologies like IoT, cloud, and mobility, presents CSOs with a doubtful advantage. While introducing challenges such as an

10

N OV E M B E R 2023

expanded attack surface, data protection complexities, and regulatory concerns, it simultaneously offers opportunities like enhanced threat intelligence, automation, and improved business agility. Navigating this landscape requires CSOs to balance safeguarding the organisation with leveraging the vast potential of these transformative technologies. In general, looking at the present and future technology landscape, what is the upside and downside of cyber security solutions? Cybersecurity solutions offer significant advantages, including advanced threat detection, regulatory compliance, and sustained consumer trust. However, they also present challenges. Implementing and maintaining robust cybersecurity can be complex and costly, with potential issues like false positives and the need for constant adaptation to evolving threats. As cyber solutions advance, businesses must ensure they are not only technologically prepared but also strategically agile in their approach to security.

At present, what are your expectations from cyber security solution vendors, channel partners, consultants? Businesses generally expect cybersecurity solution vendors, channel partners, and consultants to exhibit foremost expertise in the ever-evolving security domain. Key expectations include offering reliable, adaptable, and transparent solutions that integrate seamlessly with existing systems. At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants? Cybersecurity vendors, channel partners, and consultants should continuously update their expertise in line with the dynamic security landscape. Emphasis should be placed on transparent communication, user-friendly solutions, clear pricing and tailored strategies. Incorporating innovative technologies and providing thorough training are crucial. ë


JOIN

BADMINTON CRICKET CYCLING FOOTBALL SWIMMING PADDLE TENNIS TABLE TENNIS GOLF TEAM BUILDING TASK TUG OF WAR ATHLETIC FITNESS CHALLENGE BOWLING VOLLEY BALL BASKET BALL GO-KARTING

REVITALIZE YOUR WORKFORCE:

A JOURNEY TO CORPORATE WELLNESS N OV 2 2 - N OV 2 6 , D U B A I • • • •

DANUBE SPORTS WORLD D U B A I B OW L I N G C E N T R E A R A B I A N R A N C H E S G O L F C LU B D U B A I AU TO D R O M E

CONTACT US: + 971 565 119 983 + 971 4564 8684 jai@gecmediagroup.com info@gecmediagroup.com

PARTICIPANTS

3000+ SPORTS

GEC

16

MATCHES

CORPORATE CHAMPIONSHIP

150+


CISO OPINION CORNER

SPEARHEADING GLOBAL INFORMATION AND CYBERSECURITY Please describe your job role? I drive Information and Cybersecurity agenda, strategy, and programs for various independent Asset & Investment Management, and Financial Services Companies under the group wholly owned by Temasek Holdings operating across the globe. Group-wide responsibilities for Cybersecurity and tech risk Strategy and Planning, leading and managing large teams of

Security professionals, Security Governance (Cyber / Tech Risk, Policy and Compliance Management, and Audit and regulatory Management), Security Awareness Education and Communications, Security Engineering (Data Security Engineering, Cloud and Infrastructure Security Engineering, Application Security, Cyber Défense & Incident Management) and Security Program Management, Data governance and data protection. As Group CISO, I maintain the group's digital and cyber risk profile and regulatory engagements, delivering confidence directly to the Board and Management, regularly meets with the C-suite / Board to report cyber risk reduction progress and risk appetite metrics.

“An ideal CISO should possess a diverse set of skills and attributes to navigate the complex and dynamic landscape of cybersecurity.”

SUSHANTH NAIR

Group Chief Information Security Officer Seviora Holdings, A Temasek Holdings Company

12

N OV E M B E R 2023


CISO OPINION CORNER

What are the most important and critical aspects of your job role? As a Chief Information Security Officer, my role involves various important and critical aspects that are essential for the security and protection of the organization's information assets. Some of the most important and critical aspects of my job role include Cybersecurity Strategy, Cyber Resilience, Technology and Cyber Risk Management, Compliance and Regulation, Incident Response, Security Awareness at various levels (Vendors, Employees, Management, and Board), Vendor and Third-Party Risk Management, Cloud & AI security and Innovation. What are the typical challenges faced by a chief security officer in large and medium enterprises? Chief Information Security Officers (CISOs) in large and medium enterprises face a wide range of challenges in their roles. These challenges often revolve around managing and mitigating cybersecurity risks, aligning security with business objectives, and staying ahead of evolving threats. Here are some typical challenges faced by CISOs in such organizations: Cybersecurity Threat Landscape: The rapidly evolving and sophisticated nature of cyber threats presents a significant challenge. CISOs must constantly adapt to new attack vectors, malware, and tactics employed by threat actors. Resource Constraints: Balancing security needs with budget limitations can be a challenge. CISOs often need to justify investments in cybersecurity and prioritize spending on the most critical areas. Compliance and Regulation: Meeting compliance requirements, such as GDPR, HIPAA, or industry-specific regulations, is a continuous challenge. Ensuring the organization remains in compliance and avoids penalties is crucial. Data Protection: Safeguarding sensitive data is a priority. This includes addressing issues related to data encryption, data classification, data loss prevention, and ensuring data is only accessed by authorized personnel. Insider Threats: Managing the risk posed by employees or third parties with malicious intent or negligent behaviour is a constant concern. Insider threats can be difficult to detect and prevent. Supply Chain Security: Ensuring the

security of the supply chain, including thirdparty vendors and contractors, is essential. Weaknesses in the supply chain can lead to security breaches. Security Awareness and Training: Building a security-aware culture within the organization and ensuring that employees understand their role in cybersecurity is an ongoing challenge. Complex IT Infrastructure: Large and medium enterprises often have complex IT environments, including legacy systems, cloud services, and hybrid infrastructures. Managing security across these diverse platforms can be challenging. Incident Response: Developing and maintaining an effective incident response plan and the ability to quickly respond to security incidents, such as data breaches or cyberattacks, is critical. Security Talent Shortage: Finding and retaining skilled cybersecurity professionals is a common challenge. The demand for security experts often exceeds the available talent pool. Integration of Security and Business Goals: Ensuring that security strategies align with and support the organization's business objectives can be challenging. CISOs need to communicate the value of security investments in terms of business impact. Vendor and Technology Evaluation: Choosing the right security solutions and vendors from a plethora of options can be overwhelming. Ensuring that selected technologies integrate well and meet the organization's specific needs is critical. Board and Executive Communication: Effectively communicating security risks and strategies to the board and executive leadership can be challenging. CISOs need to provide clear, understandable, and actionable information. Emerging Technologies: Staying ahead of emerging technologies like IoT, AI, and blockchain, and understanding how they impact security, is a constant challenge. Global and Geopolitical Threats: Dealing with global and geopolitical threats, including nation-state cyber-attacks and international cyber regulations, adds complexity to the role. To address these challenges, I would say CISOs need to be proactive, and adaptable, and continuously update their strategies and skill sets. They must also foster a security-focused culture within the organization and collaborate with other departments to ensure that security is integrated into the business processes and decision-making.

What are the key skills required for an ideal chief security officer in this age of digital transformation? In the age of digital transformation, the role of a Chief Information Security Officer (CISO) has evolved significantly. An ideal CISO should possess a diverse set of skills and attributes to navigate the complex and dynamic landscape of cybersecurity. .

What is your organization's current environmental sustainability strategy, and how does it align with its overall business objectives? We have sustainability strategies that encompass several key areas, including environmental, social, and governance (ESG) considerations. We maintain a strong commitment to integrating ESG into our investment processes. According to you, how does digital transformation affect the security posture of any business? Digital transformation can both improve and challenge a business's security. It enhances efficiency and innovation but expands risks due to increased digital exposure. Businesses must adapt by strengthening cybersecurity measures, investing in new technologies, and promoting security awareness. How have you leveraged artificial intelligence and machine learning to improve threat detection and incident response? We've harnessed AI and ML-based tools / SIEM to enhance threat detection and incident response. These technologies analyse vast data to identify patterns, anomalies, and potential threats. This speed up our ability to detect and respond to security incidents, reducing manual workload and improving overall security. Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers? Challenges: Digital transformation introduces

N OV E M B E R 2023

13


CISO OPINION CORNER

cybersecurity challenges like IoT vulnerabilities, cloud data security, and mobile device management. A few other challenges are: Expanded Attack Surface: More entry points for cyberattacks. IoT Security: Managing security of connected devices. Cloud Security: Ensuring data protection in the cloud. Mobile Device Risks: Securing diverse mobile endpoints. Data Privacy Compliance: Navigating complex regulations. Opportunities: CISOs can enhance security through IoT device monitoring, cloud security solutions, and mobile security policies. Improved Threat Detection: Using data analytics for better detection. Automation: Reducing manual tasks with AI and ML. Enhanced User Access Controls: Improved identity management. Scalable Security Solutions: Matching business growth. Innovation: Developing new security approaches and tools. In general, looking at the present and future

14

N OV E M B E R 2023

technology landscape, what is the upside and downside of cyber security solutions? Upside of Cyber Security Solutions: Protection: They safeguard data, systems, and networks from cyber threats. Risk Mitigation: Reducing the likelihood of data breaches and financial losses. Compliance: Helps in meeting regulatory requirements. Trust and Reputation: Building trust with customers and preserving reputation. Innovation: Promoting innovation in the cybersecurity industry. Downside of Cyber Security Solutions: Cost: Implementing and maintaining security solutions can be expensive. Complexity: Managing multiple security tools can become complex. False Positives: Security solutions may generate false alarms, leading to wasted resources. Human Error: Misconfigurations and mistakes can still occur. Evolving Threats: Solutions must constantly adapt to new threats. At present, what are your expectations from cyber security solution vendors,

channel partners, consultants? As a Chief Information Security Officer (CISO), my expectations from cyber security solution vendors, channel partners, and consultants include: • Effective, innovative cybersecurity solutions • Seamless integration and reliable support • Customisation and transparency • Cost-effectiveness and strong ROI • Training and compliance expertise • Risk assessment and incident response • Long-term partnership focus. At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants? As a CISO, I recommend that cybersecurity solution vendors, channel partners, and consultants align their offerings with our specific business goals and needs. Innovation, proactive communication, tailored solutions, and transparency is key. Additionally, focusing on costefficiency, compliance ready solutions/products, and nurturing a long-term partnership mindset will strengthen our cybersecurity strategy. ë


CISO OPINION CORNER

PROTECTING BUSINESS DATA AND DIGITAL ASSETS In an age of rapid digital transformation, the role of a Chief Security Officer has become more crucial than ever. CSOs are tasked with safeguarding a company's data and digital assets from a myriad of cybersecurity threats while ensuring compliance with relevant laws and regulations. Please describe your job role? Ensuring the business data and digital assets are protected from cybersecurity (for simplicity I use cybersecurity and information security interchangeably) threats by developing a vision and a strategy and executing that strategy while being compliant with applicable laws and regulations. What are the most important and critical aspects of your job role? Ability to manage up, down, and sideways, making timely informed decisions, keeping the leadership informed, and enabling the leadership to make informed decisions based on risk evaluation and resource optimisation. What are the typical challenges faced by a chief security officer in large and medium enterprises? In my opinion, conflict of interest, finding and retaining cybersecurity talent, vendor management, and the human error factor.

MOHAMMED ALABBADI Group CISO / Head of Cybersecurity Fertiglobe PLC

N OV E M B E R 2023

15


CISO OPINION CORNER

systems. Putting the above into perspective: IoT (weak security controls by design vs IoT security solutions and architecture services), cloud (shared responsibility model and privacy nightmare vs more tools and automation to control risks), and mobility (larger threat landscape vs acceleration of enforcing zero trust solutions).

What are the key skills required for an ideal chief security officer in this age of digital transformation? Cybersecurity leadership skills (that is developing and leading the leadership team and the teams on the ground), business and technical communication skills, comprehensive and cumulative thinking, emotional intelligence, “enough” cybersecurity technical experience, business and industry knowledge, program/project management, and budget management skills. What is your organization's current environmental sustainability strategy, and how does it align with its overall business objectives? Fertiglobe takes the climate challenge very seriously with many initiatives in that space; even cybersecurity participates. However, to give the matter fairness and seriousness, I’d leave this question to be addressed by a role that is closer to the sustainability domain within the organisation. According to you, how does digital transformation affect the security posture of any business? Digital transformation “transforms” and changes the organisation’s assets, data, and architecture, which naturally increases the threat landscape and weakens the security

16

N OV E M B E R 2023

posture. That’s why security shall be embedded within any digital transformation from its inception. How have you leveraged artificial intelligence and machine learning to improve threat detection and incident response? Almost every new adopted technology nowadays has an element based on AI and machine learning, especially the ones related to detection and response. However, not all are required or mature enough, or relevant in the current cybersecurity maturity state. All technologies must be selected based on capability positioning and the associated prioritised risks they optimise. Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers? For Chief Security Officers, digital transformation creates coins with two sides challenges (cybersecurity risks) and opportunities (solutions and services that optimise the cybersecurity risks). However, with digital transformations, there is a larger organisational leadership support and commitment that enables a bigger and faster cybersecurity change implementation, which in many cases leads to eliminating many security exceptions and constraints, and dependencies such as the use of legacy

In general, looking at the present and future technology landscape, what is the upside and downside of cyber security solutions? Technology is going towards decentralisation and distribution with AI and shared copyrighted data (privacy dilemma?). This makes cybersecurity solutions essential in terms of defining lines of responsibility and providing visibility (and perhaps some sort of automated response) over data and threats. The downside is that cybersecurity solutions by nature will be restricting and will delay implementations if not considered in the early stages of any initiative. At present, what are your expectations from cyber security solution vendors, channel partners, consultants? Having genuine conversations and providing relevant solutions and services. Make it a winwin. The organisation needs something that you have in one way or another. Pitch the value that the organisation requires only based on the current maturity level and you get yourself a partner rather than a client. At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants? Understand your CISOs, their pain points, and the industries they’re in. Come prepared with something that can start the conversation. Don’t ask questions about technologies and services but rather the current state within the roadmap and challenges. Also, if you want to talk about technology, focus on the positioning and the value, and how they relate to the current roadmap. The more the discussion is focused on the very organisation, the same industry, and similar organisations, the more the CISO “feels” heard and less “allergic” to the classic “marketing and consulting” lingo. ë


CISO OPINION CORNER

CELEBRATING YEARS OF EXCELLENCE AND INNOVATION

TOWARDS AN AI DRIVEN WORLD & ECONOMY UAE, FEBRUARY 2024

KSA, FEBRUARY 2024

MUMBAI | BANGALORE, MARCH 2024

SINGAPORE, MARCH 2024

www.futureitsummit.com

UNVEILING THE FUTURE AT #FUTUREITSUMMIT


CISO OPINION CORNER

CONFRONTING CHALLENGES, EMBRACING INNOVATION, AND FOSTERING PARTNERSHIPS Please describe your job role? I am CISSP, CISM, CRISC, CISA, PMP, ISO27K, 20K, 22301 LA, TOGAF, CPISI, PCSM (Cloud), ITIL certified professional and Director of Aiverz Technologies, a leading cybersecurity company based in Dubai. Over the past 3 years, I have been responsible for overseeing the strategic direction of the company, managing our talented team, and ensuring that our clients receive the best cybersecurity services in the industry. What are the most important and critical aspects of your job role? My role revolves around ensuring the efficiency of our cybersecurity solutions. I am responsible for optimising our operational processes,

managing resources effectively, and maintaining high-quality service delivery. Client satisfaction is paramount, and I work diligently to uphold our standards, meeting and exceeding our clients' expectations. What are the typical challenges faced by a chief security officer in large and medium enterprises? Chief Security Officers (CSOs) in large and medium enterprises often face challenges related to rapidly evolving cyber threats, compliance with regulations, and the need to balance security measures without hindering operational efficiency. Additionally, managing complex IT infrastructures and ensuring seamless communication between

“The upside of cybersecurity solutions lies in their ability to mitigate risks, protect sensitive data, and foster trust among clients and partners.”

MOHAMED IQBAL SAMSUDEEN

Director Aiverz Technologies Co, Dubai, UAE

18

O OV N CTO EB ME BR ER 2023 2023


CISO OPINION CORNER

implement innovative security solutions, such as multi-factor authentication and encrypted cloud storage, ensuring data integrity and confidentiality.

different departments can be daunting. What are the key skills required for an ideal chief security officer in this age of digital transformation? In the era of digital transformation, an ideal CSO should possess a strong technical background, excellent communication skills, and the ability to adapt to emerging technologies. Leadership, critical thinking, and problem-solving skills are crucial for making informed decisions to protect the organisation effectively. What is your organization's current environmental sustainability strategy, and how does it align with its overall business objectives? At Aiverz Technologies, we are committed to environmental sustainability. We have implemented energy-efficient practices, reduced paper usage, and encouraged remote work to minimise our carbon footprint. This aligns with our business objective of being socially responsible while also reducing operational costs and enhancing employee satisfaction. According to you, how does digital transformation affect the security posture of any business? Digital transformation, while enhancing

19

efficiency and innovation, also expands the attack surface for cybercriminals. Businesses must invest in robust cybersecurity measures to safeguard their digital assets and customer data. This involves continuous monitoring, employee training, and implementing advanced threat detection technologies. How have you leveraged artificial intelligence and machine learning to improve threat detection and incident response? We have integrated artificial intelligence and machine learning into our cybersecurity strategies to enhance threat detection and incident response. These technologies enable us to analyse vast datasets, identify patterns, and automate responses to potential threats. This proactive approach ensures rapid detection and containment, minimizing the impact of security incidents on our clients. Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers? The proliferation of IoT devices, cloud services, and mobility options presents both challenges and opportunities. Managing the security of diverse devices and cloud environments is complex. However, embracing these technologies also allows CSOs to

In general, looking at the present and future technology landscape, what is the upside and downside of cyber security solutions? The upside of cybersecurity solutions lies in their ability to mitigate risks, protect sensitive data, and foster trust among clients and partners. However, the downside involves the constant evolution of cyber threats, necessitating continuous investments in technologies and skilled personnel. Balancing these aspects is crucial for effective cybersecurity, ensuring a proactive defense against cyber threats while adapting to emerging challenges. At present, what are your expectations from cyber security solution vendors, channel partners, consultants? I expect cybersecurity solution vendors, channel partners, and consultants to offer innovative, scalable, and easy-to-implement solutions. Collaboration is essential; I look for partners who understand our unique requirements and can provide personalized support. Additionally, I value transparency, timely updates on emerging threats, and proactive customer service from our vendors and partners. At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants? My advice to cybersecurity solution vendors, channel partners, and consultants is to invest in understanding the specific needs of their clients deeply. Tailored solutions and personalised support can make a significant difference. Moreover, staying updated with the latest cybersecurity trends and proactively sharing this knowledge with clients can foster a sense of partnership and trust. By offering not just products but comprehensive solutions, vendors and partners can create lasting value for their clients in the ever-changing landscape of cybersecurity. ë

N OV E M B E R 2023

19


CISO OPINION CORNER

CYBERSECURITY LEADERSHIP: ENHANCING THREAT DETECTION AND INCIDENT RESPONSE A cybersecurity professional is responsible for safeguarding critical data and systems. In recent years Artificial Intelligence has leveraged to improve threat detection and incident response in the realm of cybersecurity. Please describe your job role? What are the most important and critical aspects of your job role? As part of my role, I am driven by the importance of overseeing the cybersecurity program and ensuring that critical data and systems are protected. My primary goal is to design a practical and effective cybersecurity program that can withstand the ever-changing and dynamic cyber risks that organizations face. I am passionate about implementing and managing the cyber governance, risk, and compliance (GRC) process, leading cybersecurity operations, and establishing disaster recovery and business continuity plans with business resilience in mind. Advising top leadership on how the organization can meet cybersecurity requirements to conduct business is a significant responsibility that motivates me to

FAHAD ALQARNI

Cybersecurity Manager Saudi semi-government entity

20

N OV E M B E R 2023


CISO OPINION EXPERT CORNER BYLINE

stay on top of the latest developments in the field. I am committed to communicating the risks to decision-makers and advocating for investment and resources to ensure cybersecurity practices receive the attention they deserve. Ultimately, I am inspired by the opportunity to protect organizations and enable them to thrive in a secure and stable environment. What are the typical challenges faced by a chief security officer in digitally transforming enterprises? The Chief Security Officer (CSO) role is challenging due to the evolving technology and cyber threats that organizations face. The CSO must balance the need for cybersecurity with the organization's business needs while keeping up-to-date with the latest security threats and technologies. Digital transformation can introduce new technologies and processes that improve business efficiency but also bring new cyber risks that must be managed. The CSO must protect the enterprise while supporting growth and innovation, navigating the balance between cybersecurity and company success. A CSO is essential for digital transformation as it ensures that all systems and applications are secure and that cybersecurity policies are consistently enforced. Finding and retaining top talent is a challenge due to the increasing demand for cybersecurity professionals. Compliance with relevant regulations and standards is crucial to safeguard the organization's digital assets. A skilled CSO ensures compliance and security, providing a safe and stable environment for growth and success.

According to you, how does digital transformation affect the security posture of any business? Digital transformation brings new technologies that can pose risks to an organization's cybersecurity. To ensure a secure digital transformation, organizations must enhance their IT and cyber risk management functions. Collaboration between cybersecurity, IT, and leadership can help achieve an efficient and secure digital transformation process. It is crucial to realize the risks associated with an insecure third-party service provider or a cloud service, which can increase the chances of reputational damage. By crafting digital transformation strategies that consider all the cybersecurity implications, organizations can stay ahead of the curve and avoid the impact of cyberattacks and data breaches, which can be huge, causing considerable costs and affecting business operations. By being proactive, organizations can ensure a secure digital transformation process that meets their objectives while minimizing risks. How have you leveraged artificial intelligence to improve threat detection and incident response? Cybersecurity breaches and attacks are becoming increasingly common and sophisticated in today's digital world. This has prompted the need for more advanced security solutions, and Artificial Intelligence (AI) has emerged as the game changer. By leveraging AI, cybersecurity experts can analyse large volumes of data, identify patterns, and respond to threats in real time without human

intervention. AI can detect abnormal behavior in a network and differentiate between legitimate and malicious activities to recognise potential cyber threats. By building behavioral profiles and analysing historical data, they can predict future vulnerabilities. Additionally, AI-powered Incident Response systems can automate the response by isolating affected systems, blocking malicious traffic, and quarantining compromised devices to prevent further spread. This proactive approach is crucial in today's fast-paced and rapidly evolving digital landscape. At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants? I recommend that cybersecurity professionals need to build a solid business case and value proposition for their offerings. This involves understanding their clients' specific needs and demonstrating how their solutions can address these challenges. It's important to avoid leading with doubt and fear, which can be counterproductive and undermine the effectiveness of the solutions. Instead, cybersecurity professionals should strive to educate their clients about the benefits of investing in cybersecurity. This includes highlighting the tangible benefits of improved security, such as reduced risk of data breaches and financial losses and increased trust and confidence from customers and stakeholders. By taking a practical and realistic approach to cybersecurity, these professionals can help businesses stay ahead of emerging threats and protect their valuable assets. ë

N OV E M B E R 2023

21


PRESENTS

16 A P R I L - Q ATA R | 17 A P R I L - PA K I S TA N 18 APRIL - KSA | 23 APRIL - UAE APRIL - EU | APRIL - US

BROUGHT TO YOU BY

OFFICIAL MEDIA PARTNERS


CISO OPINION CORNER

SAFEGUARDING THE DIGITAL REALM The most crucial aspect of the CISO's job is not just fortifying the organisation against cyber threats but enabling and supporting business operations by minimising risk. As organisations embrace digital transformation, the CISO offers a unique perspective on how this shift affects the overall security posture.

FAHAD M ALSHAMRAN Cybersecurity Executive Director (CISO) Saudi Company for Artificial Intelligence

N OV E M B E R 2023

23


CISO OPINION CORNER

Please describe your job role? As a CISO, ensure that all cybersecurity requirements are implemented and applied to secure our organisation and meet regulatory requirements. What are the most important and critical aspects of your job role? The most important and critical aspect of my job role is to enable and support the business by minimising risk.

24

N OV E M B E R 2023

What are the typical challenges faced by a chief security officer in large and medium enterprises? The main two issues are Human resources and implementing a cybersecurity (CS) framework. One of the big issues is hiring a qualified resource with high demand in the market. It is hard to keep the qualified resource. The Second issue implementing the CS framework and security controls to secure the

budget and implement CS controls to close the framework requirements. According to you, how does digital transformation affect the security posture of any business? Any organisation planning to do digital transformation will make an announcement to everyone to support the transformation. With this alignment, security posture will not be affected. ë


CISO OPINION CORNER

BUILDING FORTIFIED DEFENSES: THE CORE RESPONSIBILITIES OF A CISO A competent CISO isn't just well-versed in various platforms and solutions; they also stay attuned to the ever-evolving security trends, understanding the intricacies of modern threats and technologies. Please describe your job role? I am responsible for overseeing an organisation's information and cyber security including developing, implementing, and enforcing security policies to protect critical data. Advise senior management and boardroom on the state of security and cyber risks with a focus on people, process and technology safeguards. Drive a long-term cybersecurity roadmap. Guide the organisation's experts on continuous, effective and efficient operations for cybersecurity. What are the most important and critical aspects of your job role? The most critical aspects of the CISO job are to develop Enterprise-wide Security Programs. Identify, Report and Control Incidents, Enhance Cyber Security awareness within and outside the organisation, Monitor Threats and Take Preventive Measures, and continuously focus on the soft skills of security staff.

NOMAN QURESHI

CISO Pakistan Standard Chartered Bank

N OV E M B E R 2023

25


CISO OPINION CORNER

organisation but there are certain challenges that organisation faces while transforming such as IoT systems often face many security concerns because of a lack of computing resources for security functions. Cloud computing usually has challenges such as Misconfiguration, Unauthorised Access, Lack of Visibility, Data Privacy/Confidentiality, External Sharing of Data, Legal & Regulatory Compliance and Unsecure Third-party Resources.

What are the typical challenges faced by a chief security officer in large and medium enterprises? Most notably, common challenges that professionals in the security industry experience include Attracting and retaining top talent, convincing management to budget for security measures and dealing with difficult or aggressive individuals. What are the key skills required for an ideal chief security officer in this age of digital transformation? ICISO should have a diverse knowledge of different platforms and solutions. He should always be aligned with the modernised security trends in terms of threats and new technologies, should have a broad understanding of cyber threats, and should have a technical background, and communication skills. Ideally a CISO can multitask, CISO should ethically follow best practices for information security, and CISO should be able to maximum utilises his limited resources. What is your organization's current environmental sustainability strategy, and how does it align with its overall business objectives? I am not allowed to comment on behalf of my company but as per the Standard Chartered website, “We're committed to sustainable social and economic development across our business, operations and communities including

26

N OV E M B E R 2023

achievement of net zero emissions and the UN Sustainable Development Goals. We are committed to promoting economic and social development in our markets.” According to you, how does digital transformation affect the security posture of any business? Major effects include Generative AI Adopted on both sides of the battle, that is, it is used by companies for better technology solutions but it is equally used by Cyber Criminals to generate cyber-attacks. Moreover, other effects can be next-level Phishing Attacks, IoT Cyber Attacks Cyber Resilience and less than Zero Trust. How have you leveraged artificial intelligence and machine learning to improve threat detection and incident response? This can be done by leveraging advanced algorithms, machine learning, and deep learning techniques to analyse vast amounts of data and identify patterns that human analysts might miss. This enables organisations to proactively detect and respond to threats in real-time incidents. Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers? Digital Transformation is mandatory for every

In general, looking at the present and future technology landscape, what is the upside and downside of cyber security solutions? Upside includes Remote Working Security, Competitive Benefits, Enhanced Customer Trust, Intellectual Property Protection and Early Detection and Response. Whereas, the downside includes the High Cost of Implementation, Evolving Threat Landscape and Limited Effectiveness Against Insider Threats. At present, what are your expectations from cyber security solution vendors, channel partners, consultants? The expectations of CISOs with solution providers is that they should have wellrounded cybersecurity expertise, tools and methods designed for today's business environments, good industry reputation, compliance expertise, managed service and technical Support. At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants? They should have the ability to integrate, they should have a resilient cyber approach and most importantly they should have an excellent monitoring mechanism which should include but not limited to Security Incident and Event Monitoring (SIEM), Intrusion Detection System (IDS), Network Behavior Analysis (NBA), Endpoint Detection and Response (EDR). They should also have good reporting mechanisms, field testing expertise and Flexibility and Responsiveness. ë


CISO OPINION CORNER


EVENT

10th Edition of

GEC Awards 2023

A Night of Glitz, Music and Excellence 28

N OV E M B E R 2023


EVENT

The Conrad Hotel, Dubai was graced with the enchanting allure of a "JAZZ Night" on October 16, 2023, as it played host to the prestigious 10th edition of GEC Awards 2023. This memorable evening celebrated excellence in the technology and innovation industry. GEC Awards 2023 recognised outstanding contributions in many categories. Top Distributor - Recognized leading distributors who have driven the true vision of the channel. Top Reseller - Honoured the visionary resellers who have nailed the channel game with integrated solutions. 'Innovative' Vendors - Celebrated the ‘Innovative’ vendors who successfully brought a difference to the ICT landscape in 2023. Top Project Executions - Honoured the mastery of those who have executed exceptional technology projects that have positively impacted the industry. Top System Integrator - Recognized

the top SIs for their unparalleled service portfolio and cutting edge USPs. Top Public Relations Agency - Recognized the Top Public Relations Agency of 2023 in Editor's choice. The spectacular evening featured a series of performances and special guests, adding to the glitz and glamour of the event. The evening was set alive by a captivating dance performance that left the audience in awe, highlighting the fusion of technology and artistry. The event kicked off with an inspiring and insightful opening note by Ronak Samantaray, CoFounder and CEO, GEC Media Group setting the stage for the night's celebrations. The stage came alive with the rhythm and energy of an African dance performance, showcasing the diversity and vibrancy of the tech industry. As the night progressed, a DJ took over, ensuring that attendees could dance the night away and

N OV E M B E R 2023

29


EVENT

30

N OV E M B E R 2023


2024

EVENT

TRANSFORMATION IN

SECURITY NETWORKING BUSINESS APPLICATIONS IT & COMPUTING TRANSFORMATION IN

TRANSFORMATION IN

TRANSFORMATION IN

02 MAY - UAE 09 MAY - KSA


EVENT

celebrate in style. The GEC Awards marked a spectacular celebration of innovation and achievement in the tech industry. The dazzling Jazz Night, with its rhythm and melodies, added an aura of sophistication to the occasion. This event would never have been successful without the invaluable contribution

32

N OV E M B E R 2023

of the partners. The Platinum Partners were Dell Technologies, Logitech, Redington, Spire Solutions and Ingram Micro. The Gold Partners were Gurucul, Positive Technologies, StorIT and NetApp. The Supporting Partners include HUAWEI, X0PA, Multipoint, Delinea, Jabra, MBuzz, FINESSE and ASBIS. The Registration Partner was Cloudflare.

The GEC Awards this year served as a tantalizing glimpse into our future ambitions, where we intend to continue casting a spell of brilliance akin to this event. Our vision is to keep the entire community gathered under one roof, seamlessly blending business discourse with a symphony of delight, much like a harmonious orchestra.


CISO OPINION CORNER

SECURING THE FUTURE: DIGITAL TRANSFORMATION AND SECURITY POSTURE Please describe your job role? I’m Responsible for the overall cybersecurity of Saudia Dairy & Foodstuff Company (SADAFCO) to ensure mitigating business risk by ensuring security posture is aligned with business objectives. In general, my role is developing, implementing, and maintaining the overall information security strategy and program to protect company data and IT systems. What are the most important and critical aspects of your job role? To ensure business epically operations related to the crown jewels are resilient against any possible disruption of a cyberattack. In short, to

enable the business and to minimise any impact. I’m lucky to be working on a company that has one of the most known brands in Saudi Arabia and many other regions, and one of my critical roles is to protect the brand and company’s IP. What are the typical challenges faced by a chief security officer in large and medium enterprises? In general, visibility especially for companies operating from

“Technology is evolving in a rapid phase, including security tools.”

FAHAD NASSER ALYAMI Director of Information Security Saudia Dairy & Foodstuff Co (SADAFCO)

N OV E M B E R 2023

33


CISO OPINION CORNER

many locations with a complexity of IT/ OT environments, raises the culture of cybersecurity on all business levels, supply chain and third parties’ security, and finally the shortage and the high turnover of highly qualified security resources. What are the key skills required for an ideal chief security officer in this age of digital transformation? Eager to learn with a willingness to understand the business objectives from the operations levels and their IT components. Also, how the CISO communicates those risks associated with the digital transformation and proposed mitigations. What is your organization's current environmental sustainability strategy, and how does it align with its overall business objectives? Per SADAFCO Chair, “We are taking systematic measures to formalise our processes for measuring and monitoring our ESG impact across all dimensions.” And we in IT and Information Security are aligned with that company’s vision of sustainability in our internal processes or via our relations with our vendors and suppliers. According to you, how does digital transformation affect the

34

N OV E M B E R 2023

security posture of any business? It is a simple math here, with more digital transformation efforts and projects, the attack surface will expand. Therefore, security requirements shall be part of the project management and application development at any organization, which will ensure risks are addressed and mitigated in the early stages, and cybersecurity is not working in silo. How have you leveraged artificial intelligence and machine learning to improve threat detection and incident response? As I mentioned earlier with the high demand for qualified resources, leveraging UBEA, AI, and Machine Learning in our tools became a necessity. We hope that in the future more optimisations will happen by vendors to reduce the rates of false positives. Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers? We understand that digital transformations will create more opportunities to enable the business to operate effectively. Whilst this creates a headache for the CISOs to ensure the security principles are being adhered to and to find the right balance between business

requirements and risks associated with digital transformation. In general, looking at the present and future technology landscape, what is the upside and downside of cyber security solutions? Technology is evolving in a rapid phase, including security tools. This will help security personnel to have security solutions that meet the technological developments. Yet we know, that trends keep changing which makes investments in those tools not sustainable, and short to medium term. At present, what are your expectations from cyber security solution vendors, channel partners, consultants? We in SADAFCO try to reflect our TRIPLE values in all our operations. The values are Trust, Respect, Integrity, Passion, Learn/Lead, and excellence. We expect our partners to share the same values when dealing with us. At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants? Be frank with your customers, I think it is OK to be the best in a few things rather than mediocre in everything. ë


CISO OPINION CORNER

DRIVING OPERATIONS AND PERFORMANCE EXCELLENCE YOUR PARTNER FOR

Cloud & Digital Transformation

Enterprise Applications

Analytics & Automation AI & ML as a Service

Cyber Security Solutions

AD

Management Consulting, Advisory and Quality Assurance

An unit of

“Delivery centres in US, Middle East and India”

Phone: +971528732716 | Email: hello@opx america.com | www.opxtechnology.com


CISO OPINION CORNER

BEYOND TRADITIONAL PERIMETERS: CHALLENGES AND STRATEGIES In an era of unprecedented digital transformation, the role of a Chief, Information Systems Security & Quality Assurance is more critical than ever. As organisations embrace technologies like the Internet of Things (IoT), cloud computing, and mobility, the CISSQA plays a pivotal senior-level position in ensuring the security and quality assurance of mission-critical information systems.

Please describe your job role? The job role of a Chief, Information Systems Security & Quality Assurance (CISSQA) is a senior-level position responsible for overseeing and managing the security and quality assurance of MOW's information systems. IT plays a critical role in ensuring the confidentiality, integrity, and availability of the MOW's data and information assets, as well as maintaining compliance with applicable regulations and standards. Here are some key responsibilities associated with my role: Information Systems Security: • Developing and implementing information security policies, procedures, and standards.

SUHA ABDULAZIZ LORRY

Chief, Information Systems Security & Quality Assurance Ministry of Works, Kingdom of Bahrain

36

N OV E M B E R 2023


CISO OPINION EXPERT CORNER BYLINE

• Assessing and managing risks related to information security and implementing appropriate controls. • Conducting regular security audits, vulnerability assessments, and penetration testing. • Monitoring and responding to security incidents and breaches. • Collaborating with IT teams to ensure secure system configurations and network infrastructure. Quality Assurance: • Establishing and maintaining a quality assurance framework for information systems. • Developing and implementing quality standards and processes. • Conducting regular reviews and audits to ensure compliance with quality standards. • Identifying areas for improvement and implementing corrective actions. • Monitoring and measuring system performance and reliability. • Collaborating with software development teams to ensure adherence to quality standards and best practices. Team Management and Leadership: • Building and leading a team of information security and quality assurance professionals. • Collaborating with cross-functional teams, such as IT, operations, and legal departments, to align security and quality assurance efforts. • Communicating and collaborating with senior management and stakeholders to report on security and quality assurance initiatives, risks, and achievements. • Collaborating with legal and compliance teams to address any legal or regulatory requirements. What are the most important and critical aspects of your job role? The most important and critical aspects of the Chief, Information Systems Security & Quality Assurance (CISSQA) job role include: • Information Security Management: I am responsible for establishing and maintaining an effective information security management framework. This includes developing and implementing security policies, procedures, and controls to protect the MOW's information assets from unauthorized access, disclosure, alteration, or destruction. • Risk Assessment and Mitigation: Identifying and assessing potential risks to MOW’s information systems is a critical aspect of my role. My team is conducting regular risk assessments, vulnerability assessments, and

penetration testing to identify weaknesses and vulnerabilities. Based on the findings, they develop and implement appropriate risk mitigation strategies and controls to minimise potential threats and ensure the continuity of business operations. • Compliance and Regulatory Requirements: I must stay informed about relevant laws, regulations, and industry standards related to information security and quality assurance. • Quality Assurance and Process Improvement. • Leadership and Communication: As a senior-level role, I should provide leadership, guidance, and direction to the information security and quality assurance teams. Collaborates with cross-functional teams, communicates with senior management and stakeholders, and advocates for security and quality assurance initiatives. What are the typical challenges faced by a chief security officer in large and medium enterprises? As a Chief Security Officer within MOW, there are several typical challenges that encountered in fulfilling the responsibilities of the role. These challenges include: • Evolving Cybersecurity Threat Landscape: We faced the challenge of keeping up with the rapidly evolving cybersecurity threats and attack techniques. • Limited Resources and Budget: We are facing the challenge of operating within limited resources and budget constraints. We need to prioritise security initiatives and allocate resources effectively to address the most critical risks. This requires careful planning, risk assessment, and effective communication to secure the necessary support and funding for security initiatives. • Compliance and Regulatory Requirements: We need to ensure compliance with various industry-specific regulations, legal requirements, and data protection standards. • Insider Threats: Insider threats, such as malicious or negligent actions by employees or trusted individuals, pose significant challenges. • Incident Response and Recovery: We must be prepared to respond swiftly and effectively to security incidents and breaches. Addressing these challenges requires a combination of technical expertise, strategic thinking, effective communication, and collaboration with stakeholders.

What are the key skills required for an ideal chief security officer in this age of digital transformation? In the age of digital transformation, an ideal Chief Security Officer (CSO) should possess a diverse set of skills to effectively navigate the evolving cybersecurity landscape. Here are key skills that are highly valuable for a CSO in this digital era: • Cybersecurity Expertise: A CSO should have a deep understanding of cybersecurity principles, best practices, and emerging threats. • Strategic Thinking: CSOs must think strategically and align security initiatives with overall business objectives. They need to develop a comprehensive security strategy that supports digital transformation efforts while protecting critical assets. • Risk Management: CSOs should be skilled in risk management, including risk assessment, mitigation, and monitoring. They need to identify potential vulnerabilities and threats, assess their impact and likelihood, and develop risk mitigation strategies. • Leadership and Collaboration: CSOs must demonstrate strong leadership skills to effectively drive security initiatives and gain buy-in from stakeholders. • Regulatory and Compliance Knowledge: CSOs should have a solid understanding of relevant laws, regulations, and industry standards pertaining to data protection and privacy. • Continuous Learning: The field of cybersecurity is constantly evolving, making continuous learning a critical skill for CSOs. They should stay updated on the latest technologies, threat intelligence, and industry trends through participation in conferences, certifications, and professional networks. What is your organization's current environmental sustainability strategy, and how does it align with its overall business objectives? Ministry of Works prioritises environmental sustainability as part of their broader responsibilities to promote sustainable development, protect natural resources, and mitigate the impacts of climate change. MOW’s strategies partially include: • Energy efficiency and conservation: Implementing measures to reduce energy consumption, promote renewable energy

N OV E M B E R 2023

37


CISO OPINION CORNER

sources, and increase energy efficiency in government buildings, infrastructure projects, and public facilities. • Green building and infrastructure: Encouraging sustainable building practices, such as incorporating energy-efficient designs, using environmentally friendly materials, and implementing green infrastructure solutions like rainwater harvesting or green roofs. • Waste management and recycling: Developing waste management strategies that prioritize recycling, waste reduction, and proper disposal practices within government facilities and infrastructure projects. According to you, how does digital transformation affect the security posture of any business? Digital transformation has a significant impact on the security posture of businesses, both positively and negatively. Here are some key sways in which digital transformation affects MOW’s security posture: • Increased attack surface: Digital transformation often involves the adoption of new technologies, such as cloud computing, Internet of Things (IoT) devices, and mobile applications. This expansion of digital infrastructure can increase the attack surface, providing more entry points for potential cyber threats. • Data protection challenges: Digital transformation often involves the collection, storage, and processing of large volumes of data. Protecting sensitive customer information, intellectual property, and other critical data becomes a significant concern. Robust security measures, such as encryption, access controls, and secure data storage, are necessary to mitigate data breaches and unauthorized access. • Integration complexities: Digital transformation initiatives involve integrating various systems, applications, and platforms. This integration process can introduce security challenges, as vulnerabilities in one system may affect the overall security of the interconnected environment. Thorough security assessments and testing are essential to ensure the integrity and confidentiality of data across different systems. How have you leveraged artificial intelligence and machine learning to improve threat detection and incident

38

N OV E M B E R 2023

response? Yes, but not too much because we have certain resource limits. Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers? Digital transformation, including the adoption of technologies such as the Internet of Things (IoT), cloud computing, and mobility, presents both challenges and opportunities for Chief Security Officers (CSOs). Some of these challenges and opportunities are, Challenges: • Increased attack surface: The proliferation of IoT devices, cloud services, and mobile devices expands the attack surface for potential cyber threats. The difficulty of securing a wider and more diverse range of endpoints while also assuring the integrity and confidentiality of data transported and stored across these platforms. • Complex and interconnected systems: Digital transformation involves integrating various systems and platforms, creating complex and interconnected environments. • Data privacy and protection: With the increased use of cloud services and IoT devices, robust security measures to safeguard sensitive data need to be implemented. Opportunities: • Enhanced visibility and control: Digital transformation provides improved visibility into current infrastructure. With centralized security management platforms and advanced analytics, we gain better insights into security events, detect anomalies, and respond more effectively to threats. • Scalable security solutions: Cloud computing and IoT can offer scalable solutions for security. In general, looking at the present and future technology landscape, what is the upside and downside of cyber security solutions? Cybersecurity solutions play a crucial role in protecting organisations and individuals from various cyber threats. However, like any technology, they have both upsides and downsides. Here's an overview: Upsides of Cybersecurity Solutions:

• Threat Mitigation: Cybersecurity solutions help mitigate a wide range of threats, including malware, phishing attacks, ransomware, data breaches, and unauthorized access. • Risk Reduction: Implementing robust cybersecurity solutions reduces the risk of financial losses, reputational damage, legal liabilities, and operational disruptions caused by cyber incidents. • Compliance and Regulations: Cybersecurity solutions are helping to meet regulatory requirements and industry standards related to data protection and privacy. Downsides of Cybersecurity Solutions: • False Positives and Negatives: Some cybersecurity solutions sometimes generate false positives, flagging benign activities as potential threats, which can lead to unnecessary disruption and increased operational costs. • Complexity and Implementation Challenges: Certain cybersecurity solutions are complex to implement, configure, and manage. They require specialized expertise and ongoing monitoring and updates to ensure their effectiveness. • Cost Considerations: Implementing comprehensive cybersecurity solutions is costly, especially for MOW that is having limited budgets. At present, what are your expectations from cyber security solution vendors, channel partners, and consultants? • Comprehensive Security Offerings: we expect cybersecurity solution vendors to provide comprehensive offerings that cover a wide range of security needs. This includes solutions for network security, endpoint protection, cloud security, data protection, threat intelligence, identity and access management, and incident response. Vendors are expected to offer integrated solutions that address multiple layers of security. • Advanced Threat Detection and Prevention: With the rise of sophisticated cyber threats, there is a growing expectation for vendors to provide advanced threat detection and prevention capabilities. This includes leveraging technologies such as Artificial Intelligence (AI), Machine Learning (ML), and behavioral analytics to detect and mitigate emerging threats in real time. Vendors should continuously update their solutions to address new attack vectors and the evolving


CISO OPINION CORNER

threat landscape. • Scalability and Flexibility: Cybersecurity solutions should scale with the existing business needs. • Seamless Integration and Interoperability: Cybersecurity solutions are expected to be seamlessly integrated with the existing IT infrastructure and other security tools. • User-Friendly Interfaces and Management: Ease of use and intuitive interfaces are vital for cybersecurity solutions. • Expertise and Support: Channel partners and consultants are expected to have deep expertise in cybersecurity and a thorough understanding of the specific industry and regulatory requirements of their clients. At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners,

and consultants? As the cybersecurity landscape continues to evolve rapidly, here are some advice, feedback, and recommendations for cybersecurity solution vendors, channel partners, and consultants: • Focus on Holistic Solutions: Rather than offering siloed security products, emphasize the importance of holistic solutions that address multiple layers of security. Encourage the integration and interoperability of different security tools to create a comprehensive and cohesive security ecosystem. • Embrace Advanced Technologies: Invest in researching, developing, and integrating advanced technologies such as artificial intelligence (AI), machine learning (ML), behavioral analytics, and automation into your cybersecurity solutions. These technologies can enhance threat detection, and response capabilities, and improve overall security effectiveness. • Prioritize Usability and User Experience: Put significant emphasis on

user-friendly interfaces, intuitive management consoles, and streamlined workflows. Aim to simplify and automate security operations as much as possible, ensuring that security teams can easily manage and respond to threats without unnecessary complexity. • Collaborate with Customers: Foster strong collaboration with customers to understand their unique security challenges, industry-specific requirements, and risk profiles. Offer tailored solutions and guidance, conduct security assessments, and provide ongoing support to help customers achieve their security goals effectively. • Emphasize Incident Response and Recovery: Help customers develop robust incident response plans and provide guidance on effective incident management. Offer solutions and services that facilitate rapid detection, response, and recovery from security incidents. Enable customers to minimise the impact of cyber-attacks and effectively restore normal operations. ë

N OV E M B E R 2023

39


CISO OPINION CORNER

ADAPTING TO A DIGITAL-FIRST WORLD: THE CISO'S STRATEGIC ROLE In an era defined by relentless digital transformation, the role of a Chief Security Officer has evolved into a critical pillar of organisational success. With the everincreasing complexity of cyber threats and the integration of technology into every aspect of our lives, the responsibilities and challenges faced by CISOs have never been more profound. Please describe your job role? I am the advisor to CISO and the cyber security department: • Responsible for the development, deployment, maintenance, and support of all Company’s Cybersecurity Policies, Procedures, KPIs, KRIs and Metrics and their ability to support current and future changing business, regulatory, legal, and audit requirements.

ABDELMAJED SAEED Cyber Security Advisor Confidential

40

N OV E M B E R 2023


CISO OPINION CORNER

• Responsible for interaction with Compliance functions, Audit, and Risk within the Company. • The thought leader for information risk and security management and related activities throughout the organisation. • Responsible for developing and implementing strategies concerning the protection and legitimate exploitation of information assets. • Building and managing Computer Emergency Response Team / Computer Security Incident Response Team. • Planning and managing Disaster recovery and business continuity management. • Responsible for Information regulatory compliance (e.g., US PCI DSS, FISMA, GLBA, HIPAA; UK Data Protection Act 1998; Canada PIPEDA). What are the most important and critical aspects of your job role? Choosing the right path for solving the critical issues of Cyber Security department: • Develop a culture of security around all client and business information, explaining the relevance, validity and dimensions of Information Security to employees across the entire organisation, in order secure working practices are embedded throughout and if necessary, breaches are identified, investigated and resolved. • Responsible for information security programs, awareness and training, in addition to identity and access management. • Responsible of ensuring Company compliance with relevant laws and regulations. • Responsible for liaises with external stakeholders such as auditors, service suppliers, customers and authorities such as industry regulators on significant matters. • Managing Information Security Operations Centre ISOC. • Responsible for IT Investigations, Digital Forensics, eDiscovery • Responsible for Security Architecture. What are the typical challenges faced by a chief security officer in large and medium enterprises? CISOs face threats both inside and outside of the company, ranging from common tasks like employee management, retention, and training to sophisticated threats from external

sources. They also handle the challenge of managing budgets, ongoing business priorities, and communicating well with senior stakeholders. What are the key skills required for an ideal chief security officer in this age of digital transformation? CISOs should be capable of transforming cyber security needs using digital transformation tools. What is your organization's current environmental sustainability strategy, and how does it align with its overall business objectives? • There are three pillars of corporate sustainability: the environmental, the socially responsible, and the economic. • Companies can improve their environmental sustainability by, for example, reducing their carbon footprint or wasteful practices. • The social responsibility pillar represents practices that benefit the company's employees, consumers, and the wider community. • The economic (or governance) pillar refers to maintaining honest and transparent accounting practices and regulatory compliance. According to you, how does digital transformation affect the security posture of any business? By following security best practices, such as integration and automation, organizations can reduce the security challenges and stress that accompany digital transformation. How have you leveraged artificial intelligence and machine learning to improve threat detection and incident response? AI can be used to autonomously implement security measures such as isolating compromised systems and blocking suspicious network traffic. Also, it can be used in forensic investigation to get quick results, and SIEM solutions well. Specifically, what are the

challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers? On the challenge side, the expanded attack surface and the diverse array of technologies in use make securing the organisation more complex. Protecting data in the cloud and on mobile devices becomes paramount, and ensuring compliance with regulations while embracing new technologies is a persistent concern. The phenomenon of "shadow IT," where employees use unauthorized apps and services, creates security blind spots. Additionally, the vulnerabilities in IoT devices add another layer of security risk. In general, looking at the present and future technology landscape, what is the upside and downside of cyber security solutions? The more advanced our technology, the more secure we are. The more advanced our technology, the more complexity we face. At present, what are your expectations from cyber security solution vendors, channel partners, consultants? More advanced technologies to adopt the rapid changes in threats landscape while now organizations going towards digital transformation, we expect most of cyber security solution vendors, channel partners, consultants adopting the digital transformation tools that is, Cyber Security, blockchain, bigdata, digital printing, IoT, and AI. At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants? Cope with changes. The game changed after the pandemic since all cyber security solution vendors, channel partners, consultants should prepare themselves for automation, mobile apps, delivery solutions and more. ë

N OV E M B E R 2023

41


Accelerate Intelligent Outcomes Everywhere with AI to Win We are witnessing the rise of artificial intelligence (AI) at an unprecedented pace and scale, with a market forecast to reach the $500 billion mark in 2023*. Dell Technologies and NVIDIA have the AI-optimized end-to-end solutions to help you adapt to the enormous change being driven by increasing amounts of data, advancing technological capabilities and the large-scale adoption of connected devices.

Illuminate the opportunity Identify, curate and activate high-value data Enable effective data access, scale and control across your organization from edge to core to cloud to create measurable value Put AI to work anywhere in any way Power your choice of AI workloads with modern IT infrastructure that supports on-premises, cloud or hybrid environments with protection across boundaries Achieve success at any scale AI-optimize your business with AI solutions and analytics at any scale to match growing data and as your use cases change *IDC Forecasts Companies to Increase Spend on AI Solutions by 19.6% in 2022. IDC, Feb 2022.

Partner CTA Add Partner Logo


CISO OPINION CORNER

THE DUAL MANDATE OF CSOS: SAFEGUARDING AND STRATEGIC INTEGRATION CSOs are tasked with not only safeguarding their organisations from a diverse range of risks but also ensuring that security is seamlessly integrated into strategic planning and decision-making.

Please describe your job role? My role is to oversee and proactively drive the risk management function by facilitating the assessment and treatment of all types of risks and by developing standards and methods for managing, treating, monitoring, and reporting risks. Also, ensuring that risk management is an integral part of

OZEL HURMUZLU

Senior Enterprise Risk Management Analyst Qatar University

43

N OV E M B E R 2023

43


CISO OPINION CORNER

the strategic planning and decision-making process and is closely linked to the institution’s goals, objectives and Key Performance Indicators (KPI). What are the most important and critical aspects of your job role? Effectively identifying, assessing, and mitigating risks that could impact the institution’s operations, financial stability, and reputation. This includes data-driven risk analysis, the development of risk mitigation strategies, and effective communication with stakeholders to foster a risk-aware culture. Crisis management and business continuity planning are also vital for ensuring the institution’s resilience in the face of unforeseen challenges. What are the typical challenges faced by a chief security officer in large and medium enterprises? Chief Security Officers (CSOs) in sizable and medium-sized organisations frequently confront a range of obstacles. These include the management of ever-changing cyber threats, the allocation of funds for security investments while adhering to financial limitations, the recruitment and retention of cybersecurity personnel, the mitigation of insider threats, the safeguarding of interconnected digital ecosystems, the implementation of business continuity plans, and the proficient dissemination of security risks to senior management and the board of directors. What are the key skills required for an ideal chief security officer in this age of digital transformation? Technical and strategic abilities are essential for a Chief Security Officer in the digital age. This requires a strong grasp of cybersecurity, risk management, compliance, and threat adaptation. To connect the organisation's security posture with its business goals, strong leadership, good communication, and stakeholder collaboration are needed. What is your organization's current environmental sustainability strategy, and how does it align with its overall business objectives? My institution has joined the International

44

N OV E M B E R 2023

Network to Champion Environmental Sustainability. By incorporating the recycling of food residue, single-use items, paper, and plastic, and this initiative effectively mitigates its environmental footprint. Moreover, the institution has embraced renewable energy policies and conservation measures to reduce its carbon footprint. According to you, how does digital transformation affect the security posture of any business? In my view, digital change greatly affects enterprise security. New technologies and networked systems increase the attack surface and expose vulnerabilities. In an increasingly complex and dynamic digital landscape, proactive threat detection, rapid response, and data protection, compliance, and risk management are needed to secure the organisation's digital assets and reputation. How have you leveraged artificial intelligence and machine learning to improve threat detection and incident response? We are conducting research on how to effectively integrate AI into the function of risk management. We have initiated the application of AI by constructing our risk profile and are presently exploring methodologies to aid in the identification and monitoring of risks via AI. Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers? The increasing attack surface and data flow enhance security threats, including data breaches and vulnerabilities. However, AI can improve threat detection and incident response, improving security. In a growing digital ecosystem, rigorous security and compliance frameworks must be balanced with creative solutions to protect essential assets. In general, looking at the present and future technology landscape, what

is the upside and downside of cyber security solutions? Cybersecurity solutions bring both major advantages and problems in the current and future technological landscape. The benefit is increased defense against new and emerging cyberthreats, data leaks, and illegal access, which fosters digital trust and uninterrupted corporate operations. The negative, however, is that in order to keep ahead of hostile actors and protect sensitive data, a significant investment in security measures and resources is required due to the complexity of cyber threats and the necessity for continuous change. At present, what are your expectations from cyber security solution vendors, channel partners, consultants? I expect cybersecurity solution vendors, channel partners, and consultants to be innovative, collaborative, and skilled. I expect vendors to offer innovative, effective, and flexible solutions. Integration, support, and value-added services should be provided by channel partners as cross system integration reduces silos and lowers costs. Consultants should bring extensive expertise, specialised methods, and the capacity to handle new threats to improve security and promote a proactive and collaborative cybersecurity approach. At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants? I would recommend cybersecurity solution providers, channel partners, and consultants give preference to a comprehensive approach that ensures security strategies are aligned with the respective business goals and strategy. Maintaining awareness of emergent threats and technologies is of the utmost importance in order to deliver solutions that are proactive, adaptable, and cost-effective. It is very important to maintain consistent and transparent communication, routine reviews of performance, and a strategy for collaborative engagement in order to keep the effectiveness and adaptability of cybersecurity activities in response to constantly shifting requirements. ë


CISO OPINION CORNER

EXPLORING COMPLEX CYBERSECURITY TERRAIN IN ENTERPRISES Please describe your job role? I currently hold the position of Chief Information Security Officer (CISO) at MCB Islamic Bank, a role I've been dedicated to since November 2019. In my current capacity, I'm responsible for various critical aspects of information security, including Information Security Governance, Information Security Risk Management, and fostering Cyber Security Awareness within the organisation. What are the most important and critical aspects of your job role? The role of a Chief Information Security Officer (CISO) is critical in ensuring the protection and security of an organisation's digital assets. Some of the most critical aspects of the CISO role include: 1. Information Security Governance 2. Risk Management 3. Cybersecurity Awareness and Training 4. Incident Response and Management 5. Security Architecture and Infrastructure 6. Compliance and Regulation 7. Security Strategy and Planning 8. Collaboration and Communication 9. Continuous Improvement and Innovation 10.Leadership and Team Management.

What are the typical challenges faced by a chief security officer in large and medium enterprises? The typical challenges in large and medium enterprises often encounter a variety of challenges due to the complex nature of their responsibilities and the evolving threat landscape. Some typical challenges include: 1. Cybersecurity Threats and Attacks: Dealing with an everevolving landscape of cyber threats, including sophisticated attacks, ransomware, phishing, and malware. Staying ahead of these threats while ensuring the organisation is prepared to mitigate and respond to potential breaches is a constant challenge. 2. Resource Constraints: Balancing limited resources, such as budget, skilled personnel, and technology, against the growing demand for robust security measures. Allocating resources effectively to cover all security needs can be a significant challenge. 3. Regulatory Compliance: Adhering to a myriad of industryspecific regulations and compliance standards. Ensuring the organisation meets these requirements while also staying updated on changes and implementing necessary adjustments is a constant struggle. 4. Rapid Technological Changes: Managing the security implications of rapid technological advancements, such as the

“As technology continues to evolve, the balance between the benefits and challenges of cybersecurity solutions will likely shift.”

ASIF IQBAL

CISO MCB Islamic Bank Ltd. N OV E M B E R 2023

45


CISO OPINION CORNER

adoption of IoT devices, cloud technologies, and mobile devices. Ensuring these new technologies integrated securely into the existing infrastructure is challenging. 5. Third-Party Risk Management: Overseeing the security of external vendors, partners, and suppliers who have access to the organisation's systems or data. Managing and ensuring the security of these third parties is crucial yet challenging. 6. User Awareness and Human Error: Educating and maintaining a high level of security awareness among employees to mitigate the risk of human error or negligence. Human error remains one of the leading causes of security breaches. 7.Incident Response and Recovery: Being prepared to handle and recover from security incidents effectively. This includes having robust incident response plans and the ability to quickly recover while minimizing potential damage. 8. Executive and Board Engagement: Effectively communicating security risks and strategies to non-technical executives and boards to ensure they understand the significance of security investments and decisions. 9. Vendor and Technology Selection: Choosing the right security vendors and technologies that align with the organisation's security needs and objectives. With a vast array of solutions available, selecting the most suitable ones can be challenging. 10. Organisational Culture: Cultivating a security-conscious culture throughout the entire organisation. Getting buy-in and commitment from all levels of the enterprise is a continuous challenge. What are the key skills required for an ideal chief security officer in this age of digital transformation? An ideal CISO possesses a blend of technical expertise, business acumen, leadership, and a forward-thinking approach to navigating the complexities of cybersecurity in the digital age. They must be adaptable, innovative, and capable of understanding the broader implications of security decisions within the organisation. What is your organization's current environmental sustainability strategy, and how does it align with its overall business objectives? By integrating environmental sustainability

46

N OV E M B E R 2023

into core business strategies, organisations can create a positive impact on the environment while also achieving their business objectives and maintaining a competitive edge in their respective industries. According to you, how does digital transformation affect the security posture of any business? Digital transformation significantly impacts the security posture of a business in various ways: Increased Attack Surface Complexity in Security Management Data Security Challenges Cloud Adoption Cybersecurity Skills Gap Regulatory Compliance User Awareness and Training To address these challenges, businesses undergoing digital transformation need to integrate security measures into every stage of the transformation process. This includes considering security from the planning phase, implementing robust security protocols, and continuously updating and evolving security strategies to keep pace with technological advancements and emerging threats. How have you leveraged artificial intelligence and machine learning to improve threat detection and incident response? I don't have the ability to directly implement AI or machine learning, but many cybersecurity professionals and companies have indeed utilized these technologies to enhance threat detection and incident response. AI and machine learning have been crucial in developing advanced systems that can quickly analyses vast amounts of data, recognise patterns, and identify potential threats or anomalies in real time. This technology enables more proactive and efficient incident response by automating certain processes and helping to identify and respond to threats faster than traditional methods. Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers? including IoT, cloud, and mobility, for chief security officers?

The digital transformation, driven by IoT, cloud, and mobility, presents both challenges and opportunities such as: Challenges: 1. Expanded Attack Surface 2. Complexity 3. Data Privacy Concerns 4. Interoperability and Standards 5. Security Skills Gap Opportunities: 1. Advanced Security Solutions 2. Adaptive Security 3. Collaborative Security Ecosystems 4. Compliance and Governance 5. Innovation and Efficiency The role of CSOs involves not just securing the current infrastructure but also adapting strategies to manage and mitigate risks arising from these technological advancements. It's a delicate balance between embracing innovation and ensuring robust security measures. In general, looking at the present and future technology landscape, what is the upside and downside of cyber security solutions? As technology continues to evolve, the balance between the benefits and challenges of cybersecurity solutions will likely shift. Ensuring the upside remains prominent while mitigating the downsides through comprehensive, adaptive, and responsible cybersecurity strategies will be key. At present, what are your expectations from cyber security solution vendors, channel partners, consultants? In essence, the expectations revolve around a combination of cutting-edge solutions, support, ethical standards, and education that collectively contribute to bolstering cybersecurity measures for businesses and individuals. At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants? Cybersecurity solution vendors, channel partners, and consultants can enhance their offerings, ensure client satisfaction, and contribute more effectively to the broader landscape of cybersecurity. ë


CISO OPINION CORNER

CISO: PROTECTING DIGITAL ASSETS AND BUSINESS CONTINUITY In today's technology-driven landscape, the role of the Chief Information Security Officer (CISO) has evolved into a pivotal position within organisations. The responsibility of a CISO entails safeguarding digital assets, ensuring the confidentiality, integrity, and availability of sensitive information, and navigating the challenges presented by the ever-expanding digital frontier. Please describe your job role? As the Chief Information Security Officer (CISO) at Alfalah Insurance, my primary role is to oversee and manage the organisation's information security and data protection strategies. I am responsible for safeguarding the company's digital assets and ensuring the confidentiality, integrity, and availability of sensitive information. What are the most important and critical aspects of your job role? Critical aspects collectively contribute to the

HAFIZ MUHAMMAD TAHIR ASHRAF

CISO Alfalah Insurance Company Limited

N OV E M B E R 2023

47


CISO OPINION CORNER

CISO's overarching goal of protecting the organisation's digital assets, maintaining trust with customers, and ensuring the continuity of business operations in the face of security threats and challenges. What are the typical challenges faced by a chief security officer in large and medium enterprises? CISOs in large and medium enterprises need to be proactive, adaptable, and strategic in their approach to cybersecurity to address these challenges effectively and protect their organisations from a wide range of security threats. What are the key skills required for an ideal chief security officer in this age of digital transformation? In the age of digital transformation, an ideal Chief Information Security Officer (CISO) should possess a diverse set of skills to effectively address the evolving cybersecurity landscape and meet the complex demands of today's technology-driven business environment. In addition to these technical and managerial skills, an ideal CISO should possess a proactive and collaborative mindset, continuously staying informed about the latest security developments and fostering a security culture throughout the organisation. The ability to balance security with business needs and innovation is key to success in the digital age. What is your organization's current environmental sustainability strategy, and how does it align with its overall business objectives? In my role as the Chief Information Security Officer (CISO) at our organisation, my primary focus is on information security and cybersecurity. However, I can provide some insights into how environmental sustainability aligns with our overall business objectives. Our organisation recognizes the importance of environmental sustainability in today's world. While I primarily address cybersecurity and data protection, I am aware that our broader strategy involves environmental responsibility. While my primary focus is on information security, I understand the interconnectedness of these initiatives and the importance of a holistic approach to corporate responsibility. I

48

N OV E M B E R 2023

EXPERT BYLINE

am committed to supporting and contributing to our organisation's environmental sustainability efforts in alignment with our overall business objectives. According to you, how does digital transformation affect the security posture of any business? Digital transformation also offers security benefits, such as the ability to implement more advanced security solutions, automate security processes, and enhance overall resilience. To maintain a strong security posture during digital transformation, organisations should take a proactive and holistic approach to security, integrating it into every aspect of their digital strategies. How have you leveraged artificial intelligence and machine learning to improve threat detection and incident response? As the CISO, I've implemented AI and machine learning solutions to enhance threat detection and incident response. These technologies enable us to analyse large datasets in real-time, identify anomalies, and predict potential threats. They also help automate response actions, reducing response times and minimising the impact of security incidents. Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers? On the challenge side, the expanded attack surface and the diverse array of technologies in use make securing the organisation more complex. Protecting data in the cloud and on mobile devices becomes paramount, and ensuring compliance with regulations while embracing new technologies is a persistent concern. The phenomenon of "shadow IT," where employees use unauthorized apps and services, creates security blind spots. Additionally, the vulnerabilities in IoT devices add another layer of security risk. In general, looking at the present and future technology landscape, what

is the upside and downside of cyber security solutions? The upside of cybersecurity solutions is their ability to protect organisations from evolving cyber threats, safeguard sensitive data, and maintain business continuity. These solutions provide real-time threat detection and response, reducing the risk of data breaches and financial losses. They also enhance customer trust and brand reputation. However, the downside includes the evolving nature of cyber threats, which can outpace security measures, and the cost and complexity of implementing and maintaining robust cybersecurity solutions. Balancing security and user convenience can also be challenging. Additionally, there's a risk of overreliance on technology, as no solution is foolproof, and human factors can still introduce vulnerabilities. At present, what are your expectations from cyber security solution vendors, channel partners, consultants? My expectations from cybersecurity solution vendors, channel partners, and consultants include innovative and comprehensive solutions, ease of integration, scalability, cost-effectiveness, timely updates, robust support and training, channel partner and consultant expertise, threat intelligence, compliance assistance, and transparent pricing. These factors are crucial for enhancing our organisation's security posture in a rapidly evolving threat landscape. At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants? My advice to cybersecurity solution vendors, channel partners, and consultants would be to focus on continuous innovation, offering flexible and scalable solutions. Provide clear and transparent pricing models, robust support and training, and emphasise the importance of staying updated on emerging threats. Collaborate closely with clients to understand their unique security needs and regulatory requirements, and provide proactive threat intelligence. Finally, align your services with the client's business objectives to create a holistic and effective security strategy. ë


CISO OPINION CORNER

SECURING THE FUTURE: AI CHALLENGES, COMPLIANCE, AND CLOUD MIGRATION Please describe your job role? I am the head of information security for a national law firm. My job role is to mitigate the firm’s security and privacy risks and comply with client and regulatory requirements. What are the most important and critical aspects of your job role? The most important aspects of my job are developing and enforcing security-related policies. AI is the most challenging one right now. We also have to ensure that we maintain compliance with our various regulatory requirements, such as GDPR, CPRA and other state privacy laws. Maintaining and improving our Information Security

Management System for our ISO 27001 certification is another critical function of my role. What are the typical challenges faced by a chief security officer in large and medium enterprises? Some of the challenges I typically face is, working with several compliance initiatives simultaneously, ensuring that the firm is properly educated on the latest threats and how they can mitigate them, and ensuring that the security team is always involved with projects at their inception.

“AI brings the promise of increasing productivity to the workforce for many unforeseeable applications.”

KEN FISHKIN

Senior Manager of Information Security Lowenstein Sandler LLP

N OV E M B E R 2023

49


What are the key skills required for an ideal chief security officer in this age of digital transformation? A key skill that I have observed is that one must be able to develop a strategic approach for developing secure solutions that are efficient, productive, and resilient. You also need to investigative and research skills to identify and prioritise the latest threats and vulnerabilities. The third skill is to have a business background so that you can develop security controls that are tied to key business processes. According to you, how does digital transformation affect the security posture of any business? Manual business processes that are migrated to the cloud can be properly managed with an adequate third-party risk management program that is tied in with a comprehensive zero-trust solution, which would only allow users to access to data assets that they are required access per their job role. How have you leveraged artificial intelligence and machine learning to improve

threat detection and incident response? Many of our security tools now have AI/ML built in to better detect suspicious behaviors and block malicious activities. As a result, we are able to react quickly to potential cyber-attacks.

of cyber security solutions? AI is the perfect example of this. AI brings the promise of increasing productivity to the workforce for many unforeseeable applications. As a result, there are many applications that will be developed by criminals to perform malicious acts.

Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers? Now that data is no longer solely on PCs, there is a larger attack surface that criminals can use to gain access to a company’s data. While productivity greatly increases for the users being able to work wherever they are and with whatever tools they have, the challenges to secure these devices greatly increase. Having tools, such as Mobile Device Management (MDM) and a Network Access Control (NAC), along with strong policies to prevent insecure devices from accessing the corporate network or cloud services that hold corporate data.

At present, what are your expectations from cyber security solution vendors, channel partners, consultants? I always expect them to know what our general business requirements are, they know what their competition is doing and they are working with the larger security community to partner with other vendors to provide more holistic and robust solutions.

In general, looking at the present and future technology landscape, what is the upside and downside

At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants? Too often, vendors will try to shoehorn their solution into a company’s existing security program where it might be inappropriate. Make sure that they are solving a problem that needs to be addressed. ë


I am CaaS

A Strategic Imperative

TechOps Streamline their IT infrastructure and improve operational efficiency, which can result in lower costs and increased productivity.

Competency Framework

TechSust Align

Assess your current capabilities architecture and identify areas for improvement, helping you to make informed decisions about where to invest your technology resources

Optimize and improve your technology systems, ensuring they are operating at peak efficiency and effectively supporting your business goals.

iamcaas.com

Biz Insights

DXT

Provide advanced analytics services, leveraging the latest technologies and techniques to help you turn your data into actionable insights.

Develop a digital strategy that aligns with your business objectives, enabling you to stay ahead of the curve in a rapidly changing digital landscape.


POWERED BY

MAY-SEPTEMBER 2024

50

300+

4000

200+

COUNTRIES

C-LEVEL EXECS

SESSIONS

EXHIBITORS


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.