EC-MEA January 2023

2023

ANNUAL TRENDS FORECASTS PREDICTIONS

Aggressive adoption, course corrections in 2023

In this month’s edition, thirty-five top industry executives share their perspectives on innovative technologies, course corrections and action plans for 2023. There is a new emphasis on location of people, assets, applications says Aruba HPE’s David Hughes. The focus is shifting to the location of work activity and assets, identity of people and machines, real-time applications being used and by whom or what.

The large number of IP based surveillance cameras deployed regionally are now also powerful sensors for a variety of uses cases say Johan Paulsson at Axis Communications. The focus is shifting from pure analytics to insights meant for specific use cases, telling you something is wrong, and helping you decide what action to take.

Chris Stephens at Callsign feels that security shortcomings in social media will be amplified inside the Metaverse. Everything wrong from a security perspective with social platforms will become worse in metaverse. How are people going to be protected inside the Metaverse from digital compromise? 2023 will see a new population of people who have never fallen victim to fraud before.

Deep fake technology fraud will escalate because there are few tools on the market that can stop these frauds.

Cisco’s Reem Asaad feels that 2023 will be the year of multi-cloud frameworks in the region. We will see a big move toward new multi-cloud frameworks such as Sovereign Clouds, Local Zone Clouds, Zero-Carbon Clouds, and other novel cloud offerings, she says.

John Engates and Matthew Prince at Cloudflare, feel that passwords may come to an end and FIDO Alliance passkey may become standard in 2023. Cloud platforms will add built-in compliance standards to reduce the challenges for majority of enterprises.

While the migration to cloud has provided benefits to enterprise CIOs, Greg Day at Cybereason feels the big shift to SaaS has fragmented more than a decade’s worth of work to simplify and consolidate corporate Identity and Access Management.

The accelerated cloud adoption during pandemic has now lost sight of where sensitive data lives. 73% organisations suffered at least one ransomware attack in 2022, compared with just 55% in 2021.

Security teams around the world have been working long hours from home. We should not be surprised if burnout impacts security teams’ ability to function, points out Day.

Pervez Siddiqui from Genetec points out that security professionals are looking at improving the functionalities of physical security solutions. Security leaders are reevaluating their technology stack seeking solutions that help streamline tasks, automate processes, and enhance team efficiency.

Turn these pages to read more about what 2023 holds in store.

Best wishes for the back to business winter months ahead.

ARUN SHANKAR, CHIEF EDITOR

ARUN@GECMEDIAGROUP.COM

PUBLISHER

TUSHAR SAHOO

TUSHAR@GECMEDIAGROUP.COM

CHIEF EDITOR

ARUN SHANKAR

ARUN@GECMEDIAGROUP.COM

CO-FOUNDER & CEO

RONAK SAMANTARAY

RONAK@GECMEDIAGROUP.COM

GLOBAL HEAD, CONTENT AND STRATEGIC ALLIANCES

ANUSHREE DIXIT

ANUSHREE@GECMEDIAGROUP.COM

GROUP SALES HEAD

RICHA S

RICHA@GECMEDIAGROUP.COM

PROJECT LEAD

JENNEFER LORRAINE MENDOZA

JENNEFER@GECMEDIAGROUP.COM

SALES AND ADVERTISING

RONAK SAMANTARAY

RONAK@GECMEDIAGROUP.COM

PH: + 971 555 120 490

DIGITAL TEAM

IT MANAGER

VIJAY BAKSHI

PRODUCTION, CIRCULATION, SUBSCRIPTIONS

INFO@GECMEDIAGROUP.COM

CREATIVE LEAD

AJAY ARYA

GRAPHIC DESIGNER

RAHUL ARYA

DESIGNED BY

SUBSCRIPTIONS

INFO@GECMEDIAGROUP.COM

PRINTED BY

Al Ghurair Printing & Publishing LLC.

Masafi Compound, Satwa, P.O.Box: 5613, Dubai, UAE

Office No #115

First Floor , G2 Building

Dubai Production City

Dubai

United Arab Emirates

Phone : +971 4 564 8684

31 FOXTAIL LAN, MONMOUTH JUNCTION, NJ - 08852 UNITED STATES OF AMERICA

PHONE NO: + 1 732 794 5918

A PUBLICATION LICENSED BY International Media Production Zone, Dubai, UAE @copyright 2013 Accent Infomedia. All rights reserved. while the publishers have made every effort to ensure the accuracyof all information in this magazine, they will not be held responsible for any errors therein.

ANNUAL TRENDS FORECASTS PREDICTIONS

PERMANENT PROTECTION FOR DATA THROUGH IMMUTABILITY

This means storing backups in an immutable, read-only manner and prevents all data and backups from being encrypted if infiltrated by ransomware threat actors.

3%, that is the percentage of organisations that have been affected by at least two ransomware attacks in the past year, according to the Veeam Ransomware Trends Report 2022. In most cases, the criminals’ path into the corporate network leads through the weakest element of the digital defence: humans.

Phishing remains the means of choice for hackers and data thieves to gain unauthorised access - as confirmed by the latest Verizon Data Breach Report. While backups are often able to act as a last bulwark against extortionists, the right credentials can crack even this bastion. As a result, companies must become increasingly aware that their own employees also pose an unwanted threat. The best way to manage this risk is through Zero Trust.

Zero Trust is not a standalone product, but a paradigm that is woven into the corporate culture. IT administrators must weigh which employees should have access to which content, applications, networks and data. This goes double for storage, because: Backups are, in many situations, the lifeline that can keep companies running. However, if this anchor is damaged, downtime increases rapidly and recovery is made nearly impossible.

Therefore, roles and rights related to storage must be assigned with appropriate caution. Only dedicated staff and storage administrators should have the ability to access backups. But what happens if a user account of these very administrators falls into the wrong hands?

The only way to permanently protect backups from the wrong hands is immutability. In the area of storage, this means storing backups in an immutable, read-only manner, so to speak. This prevents all data and backups from being encrypted even in the event of infiltration by ransomware groups, for example. The options for setting up an immutable backup range from air-gapped solutions to the AWS S3 Object Lock - arguments for the different variants can be found quickly.

However, it is important that they are implemented as a fixed part of the backup strategy. This guarantees that the reassurance provided by backups remains intact throughout if access falls into the wrong hands, and data can always be restored in the event of an emergency.

Implementing Zero Trust in storage is a process that takes time and then needs to be looked at regularly to ensure continuous security. Phishing will certainly continue to be one of the biggest threats to organisations and their data, as the employee will remain the

biggest risk to the defence. However, if roles and privileges have been assigned according to the zero-trust paradigm, then you minimise that risk as much as at all possible. This keeps backups the bulwark against ransomware that they are supposed to be. ë

Options for setting up an immutable backup range from air-gapped solutions to AWS S3 Object Lock

HOW FORENSICS CAN HELP TO IDENTIFY YOUR CYBER ADVERSARY

Once an adversary has been spotted inside the organisation’s infrastructure, alert levels can be raised, shields-up declared, and intelligence can drive threat-hunting.

Adversary attribution enables security professionals to understand the who, how and why behind the cyberattacks targeting potentially their business. Knowing about espionage-motivated adversary provides guidance on where to place defensive shields-up measures and how you can best prepare. This could include decisions on where to implement new controls, new training needs or prepare with more targeted red and blue team exercises.

Once a known, sophisticated adversary has been spotted inside your organisation’s infrastructure, alert levels can be raised, shields-up declared, and the available intel on the adversary can drive the threat-hunting process to find and expel the adversary.

Without this knowledge, analysts waste time and resources, playing whack a mole in chasing every commodity attack or being blind to adversary activity that may be seen as normal activity without the context provided by threat intelligence.

Forensics gaps

When an attack or critical event is detected, analysts run forensics, gathering all artefacts during the attack, including network traffic, sources, assets, files touched, commands run, so that incident response teams can eradicate all threat activity. Chances are low that forensic evidence will be complete because the amount of data, and volatility within the data, can be too overwhelming to analyse.

Detection and hunting

Detection is an art and involves many moving parts. While standard security analytic tools like SIEM can execute simple IF-THEN rules, including if traffic originates from location X create an alert and even perform baselining or trending analysis, threat actors have learned how to bypass these standard detection rules by living off the land and hiding under legitimate activities. By knowing individual actor behaviours and attack techniques, security engineering teams can set up more targeted detection or better execute threat-hunting practices.

Vulnerability remediation

Vulnerability lists are always too long, and standard risk scoring, like the Common Vulnerability Scoring System is usually too static. By shortlisting actors that apply to your environment and understanding which vulnerabilities are leveraged, risk teams can better prioritise where to focus and concentrate their efforts. Having the latest information on which actors use which exploits can save vulnerability remediation teams a lot of time and pre-emptively reduce threat risks.

Security strategy

Attribution enables security teams to understand their true risk posture by defining who could come after them and how and pre-emptively adjust their security strategy. For instance, targeted attacks may be driven by cyber espionage, which indicates the threat will most likely be persistent and comprise multiple sophisticated attacks that can be expected to attempt to gain access to your sensitive company data.

Silos

Security organisations are often split into operational silos, with each silo focusing on specific detection or protective tools. This structure, with attention to tools in use and small-team objectives, is not always advantageous. Focusing instead at a higher level, knowing the adversaries that are trying to breach your defences, changes the dynamic, which benefits the individual security professional as well as the entire security organisation.

While attribution provides the information that helps security teams prepare, there is additional intrinsic value in taking an adversaryfocused approach to security. Attribution enables the entire security organisation, proactive and reactive defenders alike, to orient their actions toward specific actors that target their business and begin to communicate across all teams with a common language, including the adversary’s name, attack steps and point of view.

This approach helps security teams step away from tool- or processheavy tactics and build strategies to increase the effectiveness of their security efforts. ë

launch of THE GCF Academy

The GCF Academy for global CIOs was launched by Global CIO Forum at the grand finale of The World CIO 200 Summit.

The Global CIO Forum Academy was launched during The World CIO 200 Summit, Grand Finale in Bangkok in the month of November 2022. This was the sixth edition of the world’s largest CIO excellence and leadership programme organised by GEC Media and Global CIO Forum at the Grand Fourwings, Convention Hotel in Bangkok.

Established in 2017, the World CIO200 Summit is a multi-country CIO felicitation ceremony that recognises the achievements of digital leaders of today who have transformed the IT infrastructure of their organisations driving growth and change. The summit in Bangkok was the culmination of the year-long face-to-face and virtual celebrations across Africa, Europe, Qatar, UAE, Kuwait, Bahrain, KSA, Oman, Egypt, India, Singapore, and Pakistan editions of the event.

At the event, the Global CIO Forum Academy organised three master class level and mentoring workshops including:

l Workshop on CIO-CEO Journey, destiny is calling: CIOs are built to be the 21st Century CEOs by Henry Santos, Serial Entrepreneur, COO, Board Member, Global CIO; and Darren Shaffer, a former Military Board Member and CTO.

l Workshop on Cybersecurity Go ‘Phishing’ by Patrick Doliny, Retired US Marine Officer and a career CIO, CISO.

l Leadership Transformation Workshop by Martin Roll, Business and brand strategist, CEO mentor, advisor, bestselling author, and keynote speaker.

The Global CIO Forum Academy intends to bridge the gap between formal and full-time education and part time education, especially for senior executives who need specialised workshops and mentoring. The Academy intends to host workshops and classes for master programmes, management programmes, and specialisation programmes in finance, leadership, strategy.

“The Academy is looking at building alliances with leading global management and technology institutions. This will help provide CIOs the most suitable global mentors, coach, research fellows and teachers to help them move forward to the next level in their career,” says Tushar Sahoo, Founder Global CIO Forum.

Adds Anushree Dixit, Global Head, Content and Strategic Alliances, “Resources are abundant but knowledge is rare. The Academy is designed to provide aspiring CIOs with the right kind of skillset and hands on training that will help them leverage their positions in the organisation. The courses will be tailored keeping in mind the future of leadership.”

Building the team

The first step for CIOs to grow out of their roles is succession planning. Says Darren Shaffer, “Many times, a good performer is left tied to the position because the organisation is unable to find a replacement. Learning to delegate, teaching, upgrading the team is key to scaling up. A good leader needs to nurture and grow more leaders.”

It is also important for the Board of the enterprise to be aware of the aspiring executive as a CIO, indicates Shaffer. “It is important the Board perceive you as a strategist who can go beyond the existing role and grow into a leader with vision and drive growth. You will need to be seen as the person with plan and knowledge who can help all departments.”

A CIO needs to work on gaining trust of board members, which is critical for moving up the ladder. CIOs must reach out to CEO, CMO and CFO with ideas that can help them meet their objectives better.

CIOs will also need to reconcile that their current skills may not be fully required at the top executive level and somebody else will replace their position as CIO. “Leaders are not required to look into technology gaps and what to automate but people and processes. We also live in a chaotic world full of uncertainties, which makes moving up the curve difficult,” Shaffer admits.

Confronting failure

“Leadership is a challenging and demanding position that requires a wide range of skills. As executives rise through the ranks, they face more responsibility and uncertainty. And it can be difficult to adjust to these new demands,” explains Martin Roll.

TESTIMONIALS FROM PARTICIPANTS AT GCF ACADEMY

l The mix of topics with inclusion of non-technical motivational speakers adds huge life knowledge. Introduction of GCF Academy is an excellent initiative. Praful Thumper, Jazeera Airways, Kuwait.

l I would like to thank the entire GEC Media group for organising such a phenomenal event and workshop which will enlighten the vision of new CEOs.

Dr Mustafa Qurban, KFMMC, Saudi Arabia.

l Thanks GEC media and sponsors for such a grand power packed event and for connecting the dots between world class IT leaders. The leadership journey workshop, and the quality of speakers was awesome.

Ganesh Joshi, Nilons, India

l I would like to thank the entire GEC Media group for organising such a phenomenal event and workshop which will enlighten the vision of the new CEOs .

Qasim Nadeem, Abana Enterprises, Saudi Arabia.

l It was an amazing experience for me. One of the highlights of the event was the workshop to help transition CIOs to CEOs.

Ichwan Peryana, Pinjam Modal, Indonesia.

l It was well organised with relevant topics covered both in speaker sessions and also in workshops. Highlights for me was the workshop and collaboration. I believe it was tailored very well and everybody got something out of it.

Peter Gesper, Noon.com, UAE.

One of the reasons why aspiring executives can fail at the CEO position is being unprepared for the complex approach required to run a company. Micromanaging staff and insufficient attention to the larger picture are common reasons for failure.

Another point of failure is overconfidence. Aspiring executives can overestimate their strengths and underestimate their flaws. Especially if they have not been through formal feedback processes and mentoring, which is the role that the Academy intends to play in 2023.

While the pace of change may be a challenge for most business executives, this is one area where CIOs may outperform others, Typically they would have adapted themselves to the pace of digital innovation, digital transformation and change, in their role as CIO.

Inside senior ranks

C-suite executives have a wealth of technology, innovation, business understanding and enterprises invest in CIOs to build the IT organisation and the skill sets of the IT team members.

But what happens if CIOs want to move to the next level of their career, whether it is inside the same business or outside. What if they aspire to be CEOs or successful entrepreneurs. Formal masterclass coaching and training and mentoring programmes are usually instrumental in taking them to the next level.

“The process of executive mentoring enables the C-suite to foster and support their long-term progress. Mentorship supports executives in achieving both short- and long-term objectives,” says Roll.

A typical such programme covers improving leadership skills, personal development and understanding the requirements of life changes. CIOs aspiring for the next level of their careers also need to prepare for the next level of challenges that are associated with these changes.

“Executives can become overwhelmed by the demands of their roles when they hold a top position,” points out Roll. “Mentoring benefits executives by having someone who is aware of their struggles, appreciates their journey, and can offer advice, he summarises.

Oracle CEO Safra Catz visits stc Group in Riyadh marking 18 years of partnership

Stc Group, a leading regional digital enabler and Oracle Corporation, multinational cloud and technology company have launched a partnership agreement enabling the two organisations to better serve both local and regional markets and support national digitalisation objectives as part of Saudi Arabia’s vision 2030.

This announcement came after a visit by

Oracle’s CEO Safra A. Catz to stc’s headquarters where the two parties commemorated 18 years of partnership and discussed further collaboration between the two organisations.

Stc will leverage Oracle’s secure cloud platform to migrate stc’s business-support database workloads as part of its multi-cloud adoption roadmap

e& enterprise, Bespin Global form JV operating across METAP offering cloud, managed services

e& enterprise, announced signing of a binding agreement to form a joint venture with Bespin Global, a public cloud managed services provider. The joint venture will be branded “Bespin Global MEA, an e& enterprise company”, focusing on offering public cloud, managed and professional services to serve the customers in the Middle East, Turkey, Africa and Pakistan,

METAP.

The joint venture will leverage on the capabilities of both companies. e& enterprise will provide strong local market presence and its broad portfolio of digital transformation solutions. Bespin Global will provide deep expertise in cloud migration, cloud operations, cloud native application development, cloud optimi-

As part of this agreement, stc will leverage Oracle’s highly performant secure cloud platform to migrate stc’s business-support database workloads as part of stc’s multi-cloud adoption roadmap. This will allow stc to simplify and modernise stc’s cloud technology landscape.

sation and cloud billing. The joint venture will provide a one stop cloud solution to help enterprises in their digital transformation journey.

Bespin Global is one of the fastest growing cloud managed service providers serving over 1,700 customers from its locations in South Korea, China, Japan, Singapore, Vietnam, Indonesia, and the US. Bespin Global has been recognised as ‘Visionary’ in the Gartner MQ for the Public Cloud IT Transformation Services category, and has over 1,000 cloud experts across AWS, Microsoft Azure, Google Cloud and other cloud platforms.

The JV will be 65% owned by e& enterprise and 35% by Bespin Global. Both e& enterprise and Bespin Global will contribute their existing public cloud businesses and related professional and managed services from the region to the JV. e& enterprise will be making a primary investment of $60 million in Bespin Global and join its Board of Directors.

e& enterprise has the option to invest another $60 million within a period of 18 months from completion of the transaction. Both shareholders will contribute growth capital to the JV. The total investment and future commitments announced today are worth over $100 million. As a part of the agreement, e& enterprise will also invest in Bespin Global’s holding company.

Bespin Global MEA awarded 2022 MENA Partner of the Year at AWS Partner Awards

ner program, focused on helping the tens of thousands of participating AWS Partners build successful AWS-based businesses or solutions by providing business, technical, marketing, and go-to-market support. The APN Program includes independent software vendors, systems integrators, and other types of partners around the world.

A panel of AWS experts selected the regional winners across the regions based on strict criteria:

AWS Partner of the Year: An APN Consulting Partner who has delivered consistently well throughout the period, developed their AWS business, and grown with AWS during 2022.

Bespin Global MEA, a cloud consultancy and management company, announced it has been awarded the AWS MENA Partner of the Year recognition during the 2022 EMEA AWS Partner Awards, which recognises the top AWS Partners in EMEA for their significant roles in helping customers drive innovation and build solutions on the AWS Cloud.

The AWS Partner Awards recognise a wide

range of born-in-the-cloud, and traditional AWS Consulting and Technology Partners, whose business models have embraced specialisation and collaboration over the past year. The AWS Partner Awards also recognise AWS Partners whose business models continue to evolve and thrive on the AWS Cloud as they work with customers.

The AWS Partner Network, is a global part-

Bespin Global MEA is one of the leading born in the cloud Advance partner with AWS in the MEA region and the only Managed Service Partner in the Emerging Region to date.

Bespin Global MEA comes with deep knowledge about AWS services and advises customers to deliver results based on the best practices and innovate with AWS to digitally transform.

Jeraisy Computer and Communication Services, SAS to boost advanced analytics in Saudi

SAS announced partnership with Jeraisy Computer and Communication Services. Under this new collaboration, the two companies aim to empower and inspire customers in Saudi Arabia lead the change towards the Saudi Arabia’s ambitious Vision 2030 and beyond, with advanced analytics and AI acting as catalyst.

Jeraisy Computer and Communication Services, JCCS was established in the 1983 and provides information technology, IT, telecommunications, Internet, and managed services, with a strong emphasis on systems integration and infrastructure services projects. The introduction of cutting-edge technology in Saudi Arabia has always been JCCS’s top priority, and this is reflected in the company’s significant contribution to the Saudi Arabia’s goal of developing technological self-sufficiency.

The National Strategy for Digital Transformation is one of the major pillars for achieving the Saudi Arabia’s Vision 2030. With SAS’s broad portfolio of analytics and AI solutions,

JCCS will be able to assist Saudi Arabian customers in digitally transforming their businesses with confidence, via data-driven insight and intelligent decisioning.

With solid foundations based on data analytics, JCSS customers can create new applications to address business challenges, build resilience against disruptive events, uncover new business opportunities and spark green innovation, since Vision 2030 places sustainability at its core.

As Saudi organisations move to a digitalfirst mindset to support long-term, sustainable business growth, IDC forecasts that ICT spending in Saudi Arabia will reach $33 billion in 2022, a year-on-year growth of 2.3 percent, making the Saudi ICT industry one of the fastest growing sectors in the region. Furthermore, according to another IDC research, cloud will continue to dominate technology investments. Fuelled by the regulatory clarity, public cloud spending in the country is projected to exceed $2.5 billion by 2026.

64% developers love their jobs, yet only 46% are very satisfied finds OutSystems global report

OutSystems, a global leader in high-performance application development, released a new developer jobs report identifying the factors that motivate them to stay with their companies and the frustrations that drive them away. The new report, Developer Engagement Report: Are Your Developers Happy or Halfway Out The Door? draws on data from more than 860 global developers from different backgrounds to identify trends regarding developer satisfaction and retention and provide best practices for IT leaders to avoid developer burnout and turnover.

The report findings give IT teams and C-level executives new insights into retaining talented developers and opportunities to attract new developer talent as competition tightens. Key findings include:

Developers love their jobs, but are less satisfied with day-to-day work: Globally, 64% of respondents say they “love” their jobs, yet only 46% say they are very satisfied with the day-to-day elements of their jobs. Overall, US developers seem less happy than their global counterparts. Only 49% of US developers love their jobs, yet only 37% are very satisfied with their day-to-day work.

Retention is a challenge: Globally, fewer than half, 48% of developers said they would definitely be with their current company a year from now — and that percentage falls to 29% when looking two years out. For US developers, the numbers were even lower. Only 38%

said they would definitely be with their current company in one year and only 18% felt they would be in two years.

US developers are leading in work-life balance: US developers feel significantly better overall about their work-life balance. While 50% of respondents strongly agreed they need better work-life balance, only 30% of US developers felt the same.

The grass isn’t always greener: While slightly more US developers are seriously considering changing companies right now, 33% US vs. 31% globally, they feel less confident about their prospects. Only 25% of US developers strongly agreed that there are many opportunities to easily get a better position right now, compared to 42% of global respondents.

With the significant rise of low-code as a streamlined development technique, the report investigates developers who use low-code as a subset of the larger developer community. Results indicate low-code users – most of whom also use traditional coding languages alongside low-code – experience greater satisfaction around workload, shorter work weeks, more career growth, and fewer other factors that contribute to burnout.

Redington Value, was awarded with Distributor Partner of the Year –APJ and the Rising Star Distributor of the Year – EMEA by Amazon Web Services, AWS at its annual conference AWS re:Invent 2022 recently. These accolades are a testament to the company’s strengths and efforts in accelerating cloud transformation agendas across the region.

Redington’s vision is to simplify cloud journeys for regional organisations, and towards this, the company is continuously enhancing its capabilities and embracing innovation. One such initiative includes its cloud commerce and marketplace platform CloudQuarks by Redington. The digital aggregator supports partners to deliver on the promise of cloud and fast-track go-to-market strategies efficiently through this platform.

Redington has a long-standing relationship with AWS and has several accreditations with AWS including AWS Advanced Consulting Partner and AWS Distributor.

Infoblox unveils Skilled to Secure new partner programme

Infoblox, a vendor in cloud-first networking and security services, unveils its new partner program, designed to maximise opportunities partners can secure and deliver. The Skilled to Secure trusted partner program reflects the changing security landscape and shifting customer requirements – and the need for providers of security solutions and services to adapt in response.

In the new program, partners will be assigned levels based on their acquisition of the competencies required to deliver BloxOne and maximise its value for customers.

Benefits partners can gain through the new program include partner-hunted sales incentives and deal registration, “Guardians of the Network” rewards and incentives, marketing

campaigns, marketing development funds, and demonstration software.

The Skilled to Secure program is built around three tracks designed to deliver support across the channel: Value-added Reseller and Systems Integrator, Service Provider, and Value-added distributor. Based on their track record and meeting the defined competency requirements, partners’ awarded level will be announced in May 2023.

Infoblox BloxOne is the first cloud-native platform delivering DDI – DNS, DHCP, and IPAM, and DNS data-enabled threat detections, and offers partners predictable, reliable renewal margins year after year. A Forrester Economic Impact Report found that BloxOne Threat Defense can deliver a staggering 243%

Omnix appointed viAct master distributor across UAE, Saudi Arabia, Qatar, Kuwait, Oman, Bahrain

Omnix, an end-to-end digital solutions and services pioneer, announced that it has signed a strategic partnership agreement with viAct, a leading ESG-focused AI company, to foster digitalisation and boost safety in the Architecture, Engineering and Construction and oil and gas Industry across the Gulf Cooperation Council region. According to the agreement, Omnix will become the master distributor of viAct’s products and services across the UAE, Saudi Arabia, Qatar, Kuwait, Oman and Bahrain.

Omnix International has a long-standing legacy of over 35 years as an industry-leading provider of solutions in digital infrastructure, digital transformation in the AEC industry,

computer-aided engineering, and cybersecurity, cloud computing, Autodesk trainings and BIM consultancy services in the GCC region and across the world.

Omnix has been working with the AEC and oil and gas industry in digital transformation, training and implementation of advanced technologies by providing best-in-class digital solutions for the public and private sector across the GCC region. It has also been the value-added distributor of Autodesk and Faro solutions for the region.

The AEC and oil and gas industries are two of the most prominent, lucrative and at the same time critical industries. Safety concerns

return on investment.

Integrated into the security ecosystem, BloxOne enables DNS data to be used to address blind spots in enterprise threat defence and security systems. Internal and external threats can be identified, prioritised, and remediated in a fraction of the time without significant additional investment in new solutions.

lurk through all the stages of the supply chain of both the industries. The very nature of these industries makes them vulnerable to workplace fatalities.

In fact, the construction industry is regarded as one of “the most dangerous industries” for experiencing the highest number of workplace deaths. The oil and gas industry is no far behind. According the safety report released by the International Association of Oil and Gas Producers, IOGP, there has been a 10% hike in the overall total recordable injury rate in the industry in 2021 than in 2020.

viAct, since its very inception, has been striving to make jobsites safer, efficient and sustainable. It has engaged itself in constant and rigorous R&D to develop and improve its proprietary scenario-based AI to offer smart and innovative AI solutions that leverage the power of industrial grade video analytics to cater to various safety needs of different industries like construction and oil and gas. Its various solutions that leverage the power of AI video analytics for the oil and gas industry and AEC industry for locking safety and productivity in these sectors, includes:

Work at Height Safety Monitoring

With AI video analytics fall from height, FFHs; slips, trips and falls, STFs; workers not wearing, proper PPE like hard hats, safety jackets, safety ropes, etc.; workers’ improper means of climbing, and such others can be detected to ensure work at height safety.

Nutanix empowering channel to become Champions of Nutanix for public sector in Saudi Arabia

Nutanix reiterated its commitment to helping public sector organisations in Saudi Arabia embrace the power of hybrid multicloud as part of their digital transformation initiatives. The company is developing and empowering its channel ecosystem to become true ‘Champions of Nutanix’ and help government agencies sort through the complexities of cloud adoption and deliver the applications, networks, cloud services, storage solutions and other IT components that they need.

With Nutanix, channel autonomy is achievable as the company’s technologies remove all the complexities and makes it easy to design, right size, implement, configure and upgrade the solutions. As a result, a number of large channel organisations in Saudi that are primarily focused on the public sector, have created

specialist teams that are trained and certified on Nutanix technologies and are investing in building their capabilities in order to become self-sufficient.

Nutanix Enterprise Cloud Platform is the industry’s leading hyperconverged infrastructure solution that natively converges compute, virtualisation and storage into a resilient, software-defined solution with rich machine intelligence. Nutanix delivers cost savings and predictable scalability for even the most intensive workloads with a simple scale-out architecture. The advanced architecture of the Nutanix platform enables high availability across all system components to an unlimited number of simultaneous users.

The modular building-block design of Nutanix Enterprise Cloud Platform enables

government agencies to start with small deployments and grow incrementally into very large installations. Nutanix reduces business disruption costs. Non-disruptive upgrades and all-inclusive software remove numerous points of failure, reducing the need for maintenance and the likelihood of outages.

SANS Institute officially opens its 21st annual Holiday Hack Challenge to recover five rings

The SANS Institute has officially opened its 21st annual Holiday Hack Challenge! Participants can join Santa to save the holiday season from treachery by recovering five precious rings, each ring representing a different quest to defeat cybersecurity obstacles and change the course of the future. This free, hands-on cybersecurity challenge is open to all skill levels and ages, where players will have their skills tested by a holiday supervillain with the potential to win prizes ranging from cybersecurity goodies to the grand prize of a free SANS online training course.

More than 17,000 players participated in 2021, and this year’s Holiday Hack Challenge is expected to reach even more cybersecurity professionals and students. The collaborative virtual game allows players to create customised avatars and join up with teammates, friends, and players worldwide in this one-of-a-kind shared virtual experience to explore the North Pole while advancing their cybersecurity skills across cloud security, forensics, offensive and defensive security, and more.

The Holiday Hack Challenge takes place along with KringleCon 2022, a virtual conference hosted at the North Pole, featuring a series of fascinating talks from cybersecurity experts discussing the latest information security topics. Some talks will also contain hints to help players build skills to solve this year’s Holiday Hack challenges. Both events take place from December to early January.

US Govt’s Department of Defence shortlists

AWS, Google, Microsoft, Oracle for $9B Joint Warfighting Cloud Capability

The Department of Defence has shortlisted AWS, Google, Microsoft, Oracle, for its enterprise cloud contract. The four hyper scalers will bid for projects within the Joint Warfighting Cloud Capability, which has an overall ceiling of $9 billion.

Joint Warfighting Cloud Capability will serve as the department’s enterprise cloud capability and is being managed by Defence Information Systems Agency. It will be part of the Pentagon’s new way of fighting, dubbed Joint All-Domain Command and Control. The Joint All-Domain Command and Control will operate across continental United States to the tactical edge.

The purpose of this contract is to provide the Department of Defence with enterprise-wide, globally available cloud services across all security domains and classification levels, from the strategic level to the tactical edge. The Joint Warfighting Cloud Capability will allow mission owners to acquire authorised commercial cloud offerings directly from the Cloud Service Providers contract awardees. Joint Warfighting Cloud Capability is a multiple award contract.

The work will be performed in Reston, Virginia. The estimated completion date is June 8, 2028. Washington Headquarters Services, Arlington, Virginia, is the contracting activity. The data levels are expected to be unclassified, secret and top-secret levels.

AWS

Amazon Web Services is awarded a hybrid, firm-fixed-price and

time-and-materials, indefinite-delivery, indefinite-quantity contract with a ceiling of $9,000,000,000. No funds will be obligated at the time of award; funds will be obligated on individual orders as they are issued.

Google

Google Support Services is awarded a hybrid, firm-fixed-price and time-and-materials, indefinite-delivery, indefinite-quantity contract with a ceiling of $9,000,000,000. No funds are being obligated at the time of award; funds will be obligated on individual orders as they are issued.

Microsoft

Microsoft Corp is awarded a hybrid, firm-fixed-price and time-andmaterials, indefinite-delivery, indefinite-quantity contract with a ceiling of $9,000,000,000. No funds will be obligated at the time of award; funds will be obligated on individual orders as they are issued.

Oracle

Oracle America, is awarded a hybrid, firm-fixed-price and timeand-materials, indefinite-delivery, indefinite-quantity contract with a ceiling of $9,000,000,000. No funds will be obligated at the time of award; funds will be obligated on individual orders as they are issued.

CIOs tasked with accelerating time to value on digital investments says Gartner’s Miriam Burt

In a down or deteriorating economy, conventional wisdom calls for reducing costs, including IT costs. However, a July 2022 Gartner survey of more than 200 CFOs found that 69% plan to increase their spend on digital technologies, while the 2023 Gartner CIO and Technology Executive Survey found that CIOs are being tasked with accelerating time to value on digital investments.

“Companies will use digital technology primarily to reshape their revenue stream, adding new products and services, changing the cash flow of existing products and services, as well as changing the value proposition of existing products and services,” said Miriam Burt, Managing VP Analyst at Gartner. “This trend has fed the shift from buying technology to building, composing and assembling technology to meet specific business drivers with agility. This shift is foundational to the growth of cloud over on-premises for new IT spending.

“However, as organisations look to also realise operations efficiency, cost reductions and/or cost avoidance during the current economic uncertainty, more traditional back-office and operational needs of departments outside IT are being added to the digital transformation project list.”

IT spending

IT spending in the Middle East and North Africa region is forecast to total $178.1 billion in 2023 growing 3.1% from 2022, according to Gartner. Worldwide IT spending is projected to total $4.6 trillion in 2023, an increase of 5.1% from 2022, according to the latest forecast by Gartner.

Demand for IT in 2023 is expected to be strong as enterprises push forward with digital business initiatives in response to economic turmoil.

“Enterprise IT spending will be robust as CEOs and CFOs, rather than cutting IT budgets, are increasing spending on digital business initiatives,” said Burt. “Economic turbulence will change the context for technology investments, increasing spending in some areas and accelerating declines in others, but it is not projected to materially impact the overall level of enterprise technology spending.

“However, inflation has cut into consumer purchasing power in almost every country around the world. Consumer purchasing power has been reduced to the point that many consumers are now deferring 2022 device purchases until 2023, driving spending on devices down 8.4% in 2022 and 0.6% in 2023.”

The technologies that are being maintained versus those that are driving the business are evident by their projected growth rates in 2023. There is sufficient spending within datacentre markets to maintain existing on-premises datacentres, but new spending continues to shift to cloud options, as evidenced by the 11.3% projected growth for global software spending in 2023.

In MENA, all segments will grow in 2023. Software segment is forecast to record the highest growth in MENA in 2023. MENA CIOs will follow the spending trend of their global peers by being cautious about the spending yet will not cut down on investing in tech for future resilience and to reduce business risk.

Attacks using Microsoft SQL Server increased 56% YoY in September 2022

incidents were analysed in Kaspersky’s new Managed Detection and Response report.

Microsoft SQL Server is used worldwide by corporations, medium and small businesses for database management. Kaspersky researchers found an increase in attacks that utilise Microsoft SQL Server’s processes. In September 2022, the number of SQL servers hit amounted to more than 3,000 units, growing by 56% compared to the same period last year. These attacks were successfully detected by Kaspersky Endpoint Security for Business and Managed Detection and Response.

The number of these attacks have been increasing gradually over the past year and have stayed above 3000 since April 2022, except for a slight decrease in July and August.

Attacks using Microsoft SQL Server increased by 56% in September 2022 compared to the same period last year. Perpetrators are still

using

In the new report, devoted to the most interesting Managed Detection and Response incidents, Kaspersky experts describe is an attack employing Microsoft SQL Server jobs – a sequence of commands executed by the server agent.

SentinelOne is only XDR vendor to participate in every MITRE evaluation EDR, Identity, Deception, MDR

SentinelOne, an autonomous cybersecurity platform company, was recognised in the MITRE Engenuity ATT&CK Evaluation for Managed Services for its Vigilance MDR. This achievement follows three consecutive years of top performance in MITRE ATT&CK Enterprise Evaluations and MITRE ATT&CK Deception evaluation. SentinelOne is the only XDR vendor to participate in every MITRE evaluation spanning EDR, Identity, Deception, and now MDR – and consistently deliver top results. Integrated within Singularity XDR, SentinelOne is fully committed to MITRE’s frameworks as the de facto language of cybersecurity, supporting organisations in programmatic risk reduction.

The MITRE Engenuity ATT&CK Evaluation for Managed Services evaluated vendors’ ability to analyse and describe adversary behaviour from OilRig, also known as APT 34. The evaluation highlighted the importance of MDR services in providing faster threat mitigation to reduce attacker dwell time, showcasing SentinelOne Vigilance MDR’s:

SentinelOne Vigilance was able to not only

correctly attribute the attack to OilRig, but provide additional insight including a summary of the adversary and the group’s evolution over time, commonly exploited tools by the adver-

sary, and all of their known associated TTPs.

With a frictionless MDR and DFIR experience, SentinelOne Vigilance seamlessly provided insight into the “how” and the “why” – including malware and data exfiltration technique analysis and reverse engineering of malware samples – to significantly accelerate overall investigation and response.

SentinelOne Vigilance accurately tracked and detected – using patented Storyline technology – the adversary from the moment they infiltrated the simulated environment. With protection policies enabled, this attack would have been autonomously stopped in its tracks.

Earlier this year, SentinelOne received the most comprehensive MITRE ATT&CK analytic coverage in the inaugural MITRE Engenuity ATT&CK Deception Evaluation. SentinelOne was one of the first endpoint companies to correlate alerts in-product with the MITRE ATT&CK framework, embrace the MITRE ATT&CK Endpoint Protection Product Evaluation, and incorporate the MITRE ATT&CK framework as the new threat hunting standard within Singularity XDR’s console.

Under Vehicle Surveillance System from ISS used to protect 2022 FIFA World Cup stadiums in Qatar

and a large, on-site technical team, ISS installed 40 UVSS units at vehicle checkpoints for the eight World Cup stadiums in and around Doha along with three logistics areas and a fan zone to safeguard visitors and make the screening process safer, faster and more efficient.

The UVSS units, which are portable and can be easily installed and dismantled with minimal damage to roadways, enable security personnel to scan the undercarriage of vehicles for foreign objects, such as explosives or contraband, in as little as three seconds, thereby eliminating the need for time-consuming, manual searches. Powered by NVIDA GPUs, the units can also be connected to ISS’s industry-leading license plate recognition, LPR technology to keep track of vehicles entering and leaving the venues.

Intelligent Security Systems, ISS, a global provider of video intelligence and data awareness solutions, announced that its SecurOS UVSS, Under Vehicle Surveillance System solution was deployed to protect stadiums and other venues

throughout Qatar that are hosting matches and events as part of the 2022 FIFA World Cup.

In partnership with the Supreme Committee for Delivery and Legacy, Qatar-based systems integrator Gulf Networks Security Solutions

Additional features, such as visual and magnetic suspicion maps as well as sliding zoom and 3D magnifying glass – all of which are unique to the SecurOS UVSS offering – enable users to quickly find any potential threats that might be lurking underneath a vehicle.

Veeam Backup for Salesforce eliminates risk of losing data, metadata due to human error

Veeam Software, announced it has launched the NEW Veeam Backup for Salesforce on Salesforce AppExchange which eliminates the risk of losing Salesforce data and metadata due to human error, integration issues and other data loss scenarios.

This new solution from Veeam, enables organisations to deploy a backup environment either on-premises or in the cloud, providing access and control of Salesforce data and metadata. It also provides powerful, rapid-recovery capabilities for IT departments and Salesforce administrators, including granular and bulk data recovery of Salesforce records, hierarchies,

fields, files and metadata. This new offering builds on the success of Veeam Backup for Microsoft 365, extending Veeam’s enterprisegrade platform to another industry-leading SaaS environment.

Whether a mistake with a script, data loader or an integration issue, the simple and easyto-use user interface, UI of Veeam Backup for Salesforce helps users resolve issues and retrieve data in just a few clicks — without executing additional backups, running long, full-backup comparisons or causing duplicates.

Majority of IT professionals acknowledge that the most important reason to protect Salesforce data is the potential for a bad import or ingest of data.

IFZA partners with Wio Bank to provide digital banking services and financial solutions

IFZA Dubai, the UAE’s international Free Zone entered into a partnership agreement with Wio Bank, the region’s first platform bank, to pro-

vide IFZA Free Zone companies with quick and convenient access to digital banking services and financial solutions.

Through this partnership, IFZA Free Zone companies will be able to conveniently and efficiently open a business account using Wio Business, the first digital banking app from Wio Bank. Martin G. Pedersen, Chairman of IFZA Dubai signed the agreement with Mr. Prateek Vahie, Chief Commercial Officer at Wio Bank.

In a recent study conducted by IFZA, 50% of the respondents cited opening a bank account as one of the biggest challenges when setting up a business, due to lengthy application processes, difficulty in compliance or lack of information. Recognising the challenges entrepreneurs face, IFZA’s priority remains to support its Professional Partners and Licensees through bespoke services that aim to make doing business as easy as possible.

Using a unique link, IFZA Licensees can sign up for Wio Business and access easy and user-friendly digital banking solutions. IFZA registered businesses will be able to seamlessly open a fully digital corporate bank account within just a few days and without having to visit a physical location.

Moro Hub establishes largest solar-powered datacentre aspiring to be net-zero facility

The largest solar-powered datacentre is 16,031.925 m², 172.566 ft² 29.448 in² and was achieved by Data Hub Integrated Solutions MORO in Dubai, UAE on 2 November 2022. Moro Hub is a wholly owned subsidiary of Digital DEWA and cascades the sustainability agenda of DEWA into its operations & services to the client. In line with the above, Moro Hub aspired to build a net-zero energy facility, Datacentre to host its national and global clients serving their carbon neutral mandate.

Rackspace to help Abu Dhabi Global Market leverage cloud and develop business data platform

Abu Dhabi Global Market, an international financial centre located in UAE’s capital emirate announced a partnership with Rackspace Technology, to collaborate on a number of strategic technology initiatives.

As a long standing global leading service

provider in multicloud computing, technology advisory and managed services, Rackspace Technology will support ADGM in its journey to leverage cloud computing and develop a comprehensive business data platform. Cloud migration will enable ADGM to drive cost

efficiencies and agility in IT operations as well as providing a modern, secure technology footprint for deployment of enhanced business services.

The ADGM unified data platform initiative will develop a central repository for all business data, enabling enhanced business insight and improved decision making, as well as enabling the foundation for advanced analytics and AI.

Supply chain attacks in critical infrastructure are complex with long lifecycles says Ben Miller, Dragos

Dragos, global vendor in cybersecurity for industrial control systems, operational technology environments, participated in the Global Cybersecurity Forum, held in Riyadh recently. The two-day event attracted cybersecurity experts and leaders from all over the world.

Ben Miller, who represented Dragos as its Vice President of Services, spoke on the concluding day of the forum, about the threat of supply chain and third-party attacks. In his session, titled, “Pervasive and Insecure,” he discussed supply chain risk in critical infrastructure, examining the complex reality of third-party and supply chain attacks and sharing perspectives on the unseen vulnerabilities and how to address them.

Miller highlighted the complex nature of supply chain attacks, which potentially contain widespread vulnerabilities in the OT and industrial control systems. He outlined Dragos’

specific focus on the Saudi Arabia’s supply chain risk in critical infrastructure including refineries and water treatment plants, as “Energy and water are specific focuses of ours in the region as they are critical not just to the economy but also to every person who lives here,” he said.

A global expert in industrial cybersecurity himself, Miller joined other renowned thought leaders in the field, including: Dr. Albert Antwi-Boasiako, Directory-General of the Cyber Security Authority, Ghana; Mary O’Brien, General Manager, IBM Security; Lothar Renner from Cisco Security; and Dr. Victoria Coates, Former Senior Advisor to the US Secretary of Energy.

Dragos is looking forward to working in tandem with the government of Saudi Arabia to help critical infrastructure in the region strengthen security. Dragos has its regional headquarters at the Saudi Information Technology Company, SITE in Riyadh.

ManageEngine surveys democratisation of IT and ability to influence business decisions in enterprises

ManageEngine, the enterprise IT management division of Zoho Corporation, announced results from its IT at work: 2022 and beyond study. This newly released data, involving IT decision makers and business decision makers, examines the democratisation of IT and the ability of IT teams to influence business decisions in large and enterprise-sized organisations in the UAE.

According to the study, there is increased collaboration between IT and other teams within organisations, which may have contributed to non-IT employees possessing more knowledge about IT now than they did before 2020. IT structures within organisations are being increasingly decentralised, and non-IT departments now enjoy autonomy when it comes to technology decisions.

However, any concerns over the role of IT teams being diminished are dispelled as the study found that they are pivotal in building tomorrow’s enterprises. Around 76% of ITDMs expect IT to play a greater role in setting the organisation’s overall strategy in the next 5 years. This is 11% higher than the global average.

The success of the IT team in playing its role has a significant bearing on the organisation’s success, with over 91% of all respondents pointing to a direct correlation between both. Furthermore, IT professionals are increasingly expected to be innovators, with more than nine in ten, 91% respondents agreeing that IT

UAE based The Continental Group partners with Turtlefin for SaaS based insurance solution

Founder & Managing Director, The Continental Brokers, Amreesh Kher, Chief Partnership Distribution Officer, Turtlefin and Anselm Mendes, Executive Director, Sales & IT, The Continental Brokers.

Turtlefin, India’s Insurtech platform, announced a partnership with The Continental Group, one of the leading insurance intermediaries and financial services solutions providers in the UAE. Turtlefin will provide its leading SaaS platform modules, enabling The Continental Group’s distribution teams to access relevant information and seamlessly customise proposals for their clients.

Through this strategic partnership, Turtlefin will onboard new insurers on their cutting-edge platform to provide seamless access to the users of The Continental Group. This will lead to increased insurer participation bringing in more choices to clients to make the right decision on their insurance needs. The solution will bring significant operational efficiencies through the automation of proposal journeys, management reporting and dashboards, which will be accessible from a single source rather than multiple dependencies.

is more responsible for business innovation than ever before.

Key findings from the study

l The vast majority, 90% of respondents report that collaboration between IT teams and other departments has increased during the past two years.

l More than four-fifths, 84% of respondents agree that non-IT employees in their organisation are more knowledgeable about IT now than they were before 2020.

l Around 44% of organisations have already decentralised their IT structure, with another 49% currently attempting to do so.

l Nearly all, 98% BDMs say their department has autonomy when it comes to making technology decisions. This autonomy relates to not only purchasing software, 64%, and devices, 47%, but also to hiring tech talent, 62% .

l Around 91% of all respondents say AI and ML technologies will play a significant role in strengthening their organisation’s IT security framework.

Turtlefin develops distinctive, tailored technological solutions that provide real value for institutional clients and allows their sales teams to offer insurance as a solution in an educated and effective way. TurtleFin’s solutions will enable financial experts at The Continental Group to enhance their distribution capabilities with applications like Digital Prospecting, Learning and Skilling on the Go and paperless transactions.

Egypt’s digital payment infrastructure developer, e-finance partners with IBM for Power E1080 servers

With a renewed focus by clients on improving sustainability, IBM Power10 E1080 servers deliver 33% lower energy consumption for the same workload when compared to the earlier Power E980 generation, and 52% lower energy consumption when comparing the previous generation of Power E880C servers, thus maximising reliability in a sustainable way.

e-finance, Egypt’s national developer of digital payment infrastructures, announced its collaboration with IBM to grow its digital payment services and enable clients to securely make payments across hybrid cloud environments. Through this collaboration, e-finance is leveraging the latest IBM Power servers, to upgrade its current infrastructure as a service and streamline business processes to optimise performance.

Currently, many of the e-finance offerings are running on IBM Power10 servers, including

electronic payment systems, government POS management systems, the card management and electronic payment system for “Khales” and more.

Designed to help clients operate in a secured, frictionless hybrid cloud experience across their IT infrastructure, the IBM Power E1080 servers will allow e-finance to deliver end-toend encryption, scale business-critical applications, and accommodate high-performance transactional workloads through its flexible and secured infrastructure offering.

As part of the collaboration, IBM will also provide e-finance with IBM FlashSystems and IBM Software-Defined Storage, SDS, introducing streamlined administration and operational complexity across on-premises, hybrid cloud, virtualised and containerised environments. By providing advanced compression features that will allow data to be stored on significantly less desks than traditional modules, e-finance will be able to host its customer’s data and workloads more efficiently, reducing its datacentres and floor space footprints by up to 40% and its energy consumption by 50%.

Muscat added to AWS’ list of Local Zones providing low latency services to Oman

Amazon Web Services, announced launch of a new AWS Local Zones location in Muscat, Oman. AWS Local Zones are a type of infrastructure deployment that places AWS compute, storage, database, and other services near large population, industry, and information technology, IT centres—enabling customers to deploy applications that require single-digit millisecond latency to end users or on-premises datacentres.

Customers can run workloads with low latency requirements on AWS Local Zones while seamlessly connecting to the rest of their workloads running in AWS Regions. AWS now has 25 AWS Local Zones around the world, with announced plans to launch 27 more AWS Local Zones globally.

For applications that require single-digit millisecond latency or have to remain within a geographic boundary for regulatory reasons, the location of cloud infrastructure matters. Most customer workloads run in an AWS Region, a geographic location where AWS clusters datacentres to serve customers. However, when a Region is not close enough to meet low latency or data residency requirements, customers

need AWS infrastructure closer to their data source or end users.

Organisations have traditionally maintained these location-sensitive workloads on premises or in managed datacentres that require customers to procure, operate, and maintain their own IT infrastructure, and use different sets of APIs and tools for their on-premises and AWS environments.

The launch of a new AWS Local Zones location in Muscat gives customers the ability to

easily deploy applications located close to end users in the metro area. Having AWS Local Zones close to large population centres in metro areas enables customers to achieve the low latency required for use cases like online gaming, live streaming, and augmented and virtual reality. They can also offer customers operating in regulated sectors like health care, financial services, and public sector the option to keep data within a geographic boundary.

Saudi’s Ministry of Communications and Huawei to build superfast broadband infrastructure

Under the terms of the agreement, the Ministry and Huawei will collaborate to realise a ’10Gbps Society’, seeking to build a superfast broadband infrastructure to support the digital transformation goals of Saudi Vision 2030. These improvements will also enhance the competitiveness of Saudi ICT infrastructure globally. Towards this end, Huawei will leverage its global expertise and success stories to support the MCIT in finalising the business case and designing the required regulations to accelerate the 10Gbps society goal. An initial 10GB district pilot will be launched in 2023.

The Saudi Ministry of Communications and Information Technology and Huawei signed a memorandum of understanding to enhance cooperation in the field of communications and information technology. The MoU was signed in Riyadh on the side-lines of the historic visit of His Excellency President of China Xi Jinping to the Saudi Arabia of Saudi Arabia, by Eng. Bassam Al-Bassam, Deputy Minister

for Telecom and Infrastructure Saudi Arabia, and Eric Yang, CEO of Huawei Saudi Arabia. The event was attended by HE Eng. Khalid AlFalih, Minister of Investment, HE. Eng. Haytham Alohli, Vice Minister, Minister of Communications and Information Technology, Steven Yi, the President of Huawei Middle East and Central Asia region, and several officials from both parties.

Saudi Arabia recognises ICT talent development as a key pillar of its Vision 2030. The MoU establishes a joint framework to launch a Huawei scholarship training program to train university students, including visits to Huawei headquarters to experience the company’s technology first-hand. This initiative extends existing Huawei skills development programs in Saudi Arabia, including the ICT Academy and Seeds for the Future.

Saudi’s Arab National Bank using Confluent to integrate with 65% fintechs and offer new services

Confluent, announced that Arab National Bank, one of the largest banks in the Middle East, has successfully leveraged the Confluent Data Streaming Platform to unlock the power of its operational and customer data. This is enabling the bank to introduce innovative new services that enhance customer experiences, and proactively collaborate with the Saudi Arabia’s new breed of agile FinTech companies.

As a wave of digitalisation has been sweeping the banking sector in Saudi Arabia, a recent YouGov survey reports the vast majority, 91% of Saudi residents now prefer online banking to traditional alternatives. Consequently, in the first quarter of 2022, the Saudi Central Bank revealed that 13 bank branches and 81 ATMs were closed across the Saudi Arabia. Recognising these rapidly evolving customer preferences, Arab National Bank embarked on its digital transformation journey several years ago and recently partnered with Confluent to capitalise on new opportunities for growth.

Equally important has been the Bank’s ability to create compelling new offerings for Its customers. One of these has been a service that simplifies and streamlines savings by analysing transactions in real-time, and automatically transferring funds to a customer’s current

account based on their predefined savings criteria.

Arab National Bank is also utilising the realtime transaction insights made possible by Confluent’s data streaming solution to implement a new loyalty program.

ANNUAL TRENDS FORECASTS PREDICTIONS

Top industry executives share technology predictions and forecasts for the year ahead.

NEW EMPHASIS ON LOCATION OF PEOPLE, ASSETS, APPS

A focus will be placed on location of work activity and assets, identity of people and machines, real-time applications being used and by whom or what.

Tight control of network performance is no longer sufficient. Being able to identify and troubleshoot application response time and performance issues rapidly and remotely will be essential to ensure a seamless end user digital experience no matter where users connect.

Identifying the clustering of similar error symptoms across a fullstack network is leading to orchestrated workflows that will more readily give IT organisations the option to allow solutions to automatically remediate an issue.

By end 2023, 20% organisations will have adopted NaaS strategy

With tightening economic conditions, IT requires flexibility in how network infrastructure is acquired, deployed, and operated to enable network teams to deliver business outcomes rather than just managing devices. Migration to a network-as-a-service, NaaS framework enables IT to accelerate network modernisation yet stay within budget, IT resource, and schedule constraints.

In addition, adopting a NaaS strategy will help organisations meet sustainability objectives since leading NaaS suppliers have adopted carbon-neutral and recycling manufacturing strategies.

Built-in security replaces bolt-on

Reducing cybersecurity risk has become a core operational concern. Transformation to a more automated security architecture is an IT imperative. No longer can organisations bolt-on perimeter firewalls around the network to protect against threats and vulnerabilities. Security must be built-in to every aspect of the network infrastructure from Wi-Fi Access Points to LAN, campus and datacentre switches, WAN gateways, and extending into the cloud.

Location services enable new business models

Challenging skilled labour markets and recurring supply chain issues will force companies to become more efficient, productive, and resourceful. Pivoting towards achieving situational awareness of assets, inventories, work in process, workers, customers, contractors, and supply chains will enable better control of costs, resources, quality, and intellectual property. This will require merging information technology, IT, Internet of Things, IoT, and operational technology, OT data with contextual information about the environment.

IT will consolidate operations onto a single network

More diverse digital technology, IoT is being deployed by enterprises to improve user experiences and to streamline IT operations. At the same time, employees and customers expect a better integrated real life, digital experience no

matter what the enterprises’ business model is.

These dynamics have added complexity to both the network and security and have made managing the infrastructure more complex. IT will look to a single centralised management system with visibility across the network and the ability to configure edge-to-cloud QoS and security policies.

SLA measurements will be based on user experience

IT must optimise their networks to meet hybrid working requirements. Businesses will have dedicated teams whose priority is to ensure a seamless end user digital experience for employees and customers. Adapting to a client-based view rather than a network view requires complete endto-end visibility and application-level insights to know if the quality of experience is meeting end user expectations or not.

AIOps shifts to automated remediation

With AI, cloud adoption, and access to vast amounts of data now common in enterprise-class network management solutions, automation takes centre stage. Identifying the clustering of similar error symptoms across a full-stack network is leading to orchestrated workflows that will more readily give IT organisations the option to allow solutions to automatically remediate an issue.

The need to streamline IT efficiency and do more with less is driving human-assisted workflows, which will enable administrators to examine recommended changes and their impact, and then enable remediation of ongoing occurrences into production. ë

Tight control of network performance is no longer sufficient

FROM ANALYTICS TO INTELLIGENT INSIGHTS

The focus will move from analytics to insights they deliver in specific use cases, telling you something is wrong, and helping you decide what action to take.

There are multiple technology trends that we believe will affect the security sector in 2023.

Actionable insights

The increasing application of AI and machine learning have seen a focus on the opportunity for advanced analytics in recent years. Moving forward, the shift in focus will move from the analytics themselves, to the actionable insights they deliver in specific use cases. It’s less about telling you something is wrong, and more about helping you decide what action to take.

A key driver for employing analytics to deliver actionable insights is the huge increase in data being generated by surveillance cameras, along with other sensors integrated into a solution. The data, and metadata being created would be impossible for human operators to interpret and act upon quickly enough, even with huge and costly increases in resources.

The use of analytics can drive real-time actions which support safety, security, and operational efficiency. From prompts to call emergency services in the case of incidents, to redirecting traffic in cities to alleviate jams, to redeploying staff in busy retail outlets, to saving energy in buildings through more efficient lighting and heating, analytics are recommending, prompting, and even starting to take the actions that support human operators.

Hybrid architectures

It is now commonly accepted that a hybrid technology architecture is best-suited for security systems, mixing on-premise servers, cloudbased compute, and powerful edge devices.

No one architecture fits all scenarios, however. But here lies the solution: first assess what needs to be addressed in your specific use case, and then define the hybrid solution that will meet your needs. A number of factors need to be considered.

Undoubtedly the advantages of advanced analytics embedded in surveillance cameras on the edge of the network are clear to see. Analysis of the highest-quality images the instant they are captured gives organisations the best chance to react in real-time. Equally, the data generated by surveillance cameras is now useful beyond the real-time view. Analysis of trends over time can deliver insights leading to operational efficiencies. This analysis often demands the processing power found in on-premise servers or the cloud.

What is essential is not to tie yourself to a single architecture. Remain open, give yourself the flexibility to create the hybrid architecture best suited to your specific needs.

Beyond security

Surveillance cameras have become powerful sensors. The quality of video information they

capture, in all conditions, has increased year-on-year for decades. They also create metadata – information about the video data – which adds another layer of detail and value.

This of course improves and enhances their ability to support safety and operational efficiency use cases in addition to security. The opportunity now exists to combine the data created by surveillance cameras with that from other sensors – monitoring temperature, noise, air and water quality, vibration, weather, and more - creating an advanced datadriven sensory network.

Regulatory focus

The technology sector as a whole and specific technologies are coming under more regulatory and policy maker scrutiny. We still believe that the focus should always be on regulation of the use cases for technology, not technology itself, and will always comply with local, regional, and international regulation. But it can be a complicated picture.

The European Commission is one of the most active in looking to regulate technology in an ongoing effort to protect the privacy and rights of citizens. Its proposed AI Act, part of the Commission’s European AI Strategy, aims to assign specific risk categories to uses of AI and would be the first legal framework on AI. Like the Commission’s AI Liability Directive, the AI Act will no doubt be the subject much debate before it becomes law. ë

What is essential is not to tie yourself to a single architecture

SECURITY WORSE IN METAVERSE THAN SOCIAL MEDIA

Everything wrong from a security perspective with social platforms will become worse in metaverse and how are people going to be protected from digital compromise.

Callsign has predicted 2023 will be another year of fraud with emerging fraud vectors causing a further erosion of digital trust in banks, telecoms, social media, ecommerce platforms and other digital providers.

Despite fraudsters running rampant across all industries with a large scam playbook, 2023 will see a new population of people who have never fallen victim to fraud before. These could be people moving into environments where security is lax or those who are the subject of sophisticated and personalised attacks.

Dormant account takeovers become mule accounts

Dormant accounts occur when consumers do not access or close their online accounts for an extended period of time. These dormant accounts are exactly what fraudsters seek to utilise to launder funds obtained through unlawful activities.

These dormant accounts are then used for illegal purposes by recruiting mules through deceptive social media posts and adverts, phishing, and easy money scams.

Fraudsters manipulate mules by asking them to receive money and make purchases or send funds to other accounts. Bank accounts that suddenly switch from being inactive to active do raise red flags, but it is the account holder who will be punished if caught rather than the perpetrator in most cases.

Rise of Buy Now, Pay Later fraud

The Buy Now, Pay Later, model has become increasingly popular in the Middle East. Buy Now, Pay Later, companies around the region share similar characteristics, such as offering convenience, interest-free payments, encouraging purchases, flexible repayments, and quick account opening approval. Nonetheless, they are all vulnerable to fraud in the retail sector.

In the race to attract customers and win market share, some BNPL companies have forgone standard security protocols to the extent that crypto exchanges have better controls as a whole. 2023 will begin to see BNPL exposed to friendly and refund frauds, accounts opened with stolen credentials, bot attacks and more.

Deep fake technology growth

Scammers are already using Deep Fake technology to convince consumers to buy products through impersonation, visual identification, and other means. Sadly, we predict deep fake technology fraud will escalate partly because there are few tools on the market that can identify, counter, and stop these frauds. The technology is rapidly evolving, and the prediction is that it will be used to defraud the public on a scale similar to other sophisticated frauds.

Dodgy identity in Metaverse

Web 3.0’s seamless connectivity across platforms, hardware, and networks has the potential to enable people to connect, collaborate, and interact for learning, socialising, and conducting business in the metaverse. Unfortunately, it has all the potential to mirror the current online world, which is rife with fraud and fakes.

Everything wrong from a security perspective with social platforms today will be considerably worse in the metaverse of tomorrow. If the metaverse is open to all-in-one giant decentralised world, how are people going to be protected from digital compromise? ë

will see a new population of people who have never fallen victim to fraud before

YEAR OF NEWMULTI-CLOUD FRAMEWORKS

We will see a big move toward new multi-cloud frameworks such as Sovereign Clouds, Local Zone Clouds, Zero-Carbon Clouds, and other novel cloud offerings.

In 2023, the economic climate will continue to be shaped by reducing costs and increasing efficiency. As deglobalisation and issues around data sovereignty accelerate, in the year ahead we will see a noticeable shift in how companies leverage multi-cloud architectures.

While 89% of enterprises are adopting a multicloud strategy for a variety of reasons, geopolitical, technical, provider diversification, the benefits come additional complexity in connecting, securing, and observing a multi-cloud environment.

We will see a big move toward new multi-cloud frameworks such as Sovereign Clouds, Local Zone Clouds, Zero-Carbon Clouds, and other novel cloud offerings. This will create a path toward more private and edge cloud applications and services ushering in a new multi-cloud operating model.

Enterprises and logistics providers will increasingly utilise IoT to bring full visibility into their supply chains in 2023. IoT and other technologies will not only play a larger role in bringing resiliency and efficiency into supply chains but will also improve cybersecurity and IT, OT network management.

As a result, enterprises and logistics providers will reconfigure supply chains around predictive and prescriptive models including smart contracts and distributed ledgers. This is a major transition toward more sustainable business practices and circular supply chains.

In 2023, we will see multiple, highly publicised instances of artificial intelligence used by some individuals and organisations to achieve unethical and socially destructive objectives. Industry, governments, academia, and NGOs will come together to begin hammering out a framework for governing AI in an ethical and responsible manner to mitigate potential harm.

This framework will be based on principles such as Transparency, Fairness, Accountability, Privacy, Security, and Reliability and will ultimately be applied to model creation and the selection of training data as defining principles of AI systems.

Transmitting keys is a fundamental risk to security, as they can be harvested and decrypted later. Quantum Key Distribution, QKD is poised to be particularly impactful because it avoids any distribution of the keys over an insecure channel. In 2023, in preparation for a postquantum world, we will see a macrotrend emerge with adoption of QKD in datacentres, IoT, autonomous systems, and 6G.

As modern cloud-native applications are becoming drivers of business, protecting the underlying application environment is critical. In 2023, developers will get more and more support from various development tools that speed up development cycles and allow them to manage and secure distributed application architectures with an emphasis on

delivering exceptional, secure digital experiences.

We will also see continued movement toward tools that allow security experts to collaborate seamlessly on these outcomes.

The problem with monitoring has always been too much data with too little context and business correlation. The evolution of application monitoring toward full stack observability will increasingly provide a view relative to business context.

When applied systematically, this will drastically speed up response and optimise business operations in real time. In 2023, business context will become widely recognised as an integral part of monitoring and visibility outcomes.

Net Zero will drive common standards to meet sustainability goals with advancements in Power Over Ethernet, PoE design and hardware to transform datacentres for a more sustainable future. Networking and APIs will become more advanced within datacentre platform management to monitor, track, and change the use of energy.

IT vendors and equipment partners will be more transparent in their reuse of hardware, circularity to move the needle with the sustainability processes. ë

Logistics

CLOUD COMPLIANCE, DEATH OF PASSWORD LIKELY IN 2023

Everything wrong from a security perspective with social platforms will become worse in metaverse and how are people going to be protected from digital compromise.

Over the last several years, ransomware, data breaches, and other cyber campaigns have been hugely disruptive and cost organisations and governments millions. In response, the Biden administration issued an executive order in May of 2021 to implement a Zero Trust security architecture across the federal government. While recent reports from the US Government Accountability Office, GAO show some agencies are on track, others appear to be falling behind.

When governments need to move quickly and cut across organisational boundaries, they often appoint a czar to take charge of a particular program and see it through to implementation or execution.

The challenge however is that in many organisations, responsibility for networking and security live in different parts of the organisation and

these groups often rely on different vendors in their respective areas. Breaking down the silos between security and networking teams and choosing the right tools, products, and vendors to align with desired business outcomes is critical to implement zero trust in larger enterprises. Some of the biggest highlights from 2022 include:

l Google was the #1 most popular service of the year according to Cloudflare data. The search giant beat out Facebook, #2, Apple and TikTok, tied at #3 and YouTube, #5.

l Facebook was the most popular social media service of 2022, followed by TikTok in the #2 position. Instagram, #3 overtook Twitter, #4 in the Social Media category: the photo and video sharing app knocked Twitter from 3rd place in August.

l Worldwide Internet traffic surged in late November as the FIFA World Cup got under

If resistance is encountered, the zerotrust czar should have the backing of senior leadership

way and holiday shoppers made Black Friday the busiest day online in 2022.

l In 2022, more phishing emails originated from the United States than the next 22 countries combined.

l Iran shut down the Internet more than any other country with 60 observed Internet blackouts this year, accounting for one third of all Internet shutdowns that Cloudflare analysed.

Cloud will carry compliance

Companies must now understand and comply with this patchwork of regulations as they do business globally. How can organisations hope to stay current and build compliance into their applications and IT systems?

Majority of cloud services will soon come with compliance features built in. The cloud itself should take the compliance burden off companies. Developers shouldn’t be required to know exactly how and where their data can be legally stored or processed. The burden of compliance should largely be handled by the cloud services and tools developers are building with.

Networking services should route traffic efficiently and securely while complying with all data sovereignty laws. Storage services should inherently comply with data residency regulations. And processing should adhere to relevant data localisation standards.

Death of the password

Username and password authentication even when combined with common forms of multi-factor authentication is just not enough anymore. Enterprises can enable stronger FIDO2-compliant security keys along with zero trust access today.

But the best way to protect most users and their credentials may be to remove the burden on the end user altogether. The FIDO alliance envisions passwordless sign-in everywhere. Logins will use your face or fingerprint instead of the old username-password combo. A FIDO sign-in credential, sometimes called a passkey, will make it easier on users and harder on the attackers.

If there is no password to steal, hackers will not be able to harvest credentials to carry out their attacks. Many websites and applications will adopt passwordless login using the FIDO Alliance passkey standard beginning in 2023.

Remote browsers

Browser Isolation is a clever piece of technol-

ogy that essentially provides security through physical isolation. This technique creates a gap between a user’s web browser and the endpoint device thereby protecting the device, and the enterprise network from exploits and attacks. Remote browser isolation takes this a step further by moving the browser to a remote service in the cloud. Cloud-based remote browsing isolates the end-user device from the enterprise’s network while fully enabling IT control and compliance solutions.

Some say in this remote browsing model that the browser is the device. Instead of BYOD, it might be appropriate to call this BYOB or Bring

Your Own Browser. Most companies are looking to better balance the security and privacy needs of the company with the user experience and convenience for employees. Remote browser isolation will be embraced broadly as IT leaders become more aware of the benefit and just how well it works.

Chief Zero Trust Officer

As pressure to implement zero trust intensifies, a role analogous to a Chief Zero Trust Officer will emerge within some large organisations. This person will be the zero-trust czar for the enterprise and will be the individual responsible for driving a company on its zero-trust journey. Their job will be to bring together siloed organisations and vendors and ensure that all teams and departments are aligned and working toward the same goal.

If resistance is encountered, the zero-trust czar should have the backing of senior leadership, CIO, CISO, CEO, Board of Directors to make decisions quickly and cut across organisational boundaries to keep the process moving ahead. Whether the very bold title of Chief Zero Trust Officer becomes reality or not, an empowered individual with a clear mandate and a singular focus may just be the key to getting zero trust across the finish line in 2023.

Remote browser isolation will be embraced broadly as IT leaders become more aware of the benefit and just how well it works

SHIFT TO SAAS FRAGMENTS IDENTITY MANAGEMENT

The big shift to SaaS has fragmented more than a decade’s worth of work to simplify and consolidate corporate Identity and Access Management.

The big shift to SaaS has fragmented more than a decade’s worth of work to simplify and consolidate corporate Identity and Access Management, IAM systems. What’s more, many new SaaS applications do not integrate with organisations’ existing single sign-on, SSO solutions, yet organisations continue to accelerate adoption of new SaaS software, even without the security controls of SSO. Adversaries will focus on finding these weaker access points, new SaaS applications to gain access to corporate and personal data, unless IT and Security departments manage to get IAM back under control.

Deepfakes continuing

In recent years, we have seen the increased success of blended attacks that combine social engineering tactics with malicious links, for example. With end users becoming more aware of social engineering, we can expect more sophisticated attackers will increasingly turn to deepfakes to trick end users into clicking on malicious links, downloading infected files, and the like.

Fifth generation ransomware

A recent report by Cybereason found that 73% of organisations suffered at least one ransomware attack in 2022, compared with just 55% in 2021. As the world reaches saturation of ransomware, adversaries will explore new methods to get money from the same victims. This will be the fifth generation of ransomware.

Ransomware will test cloud

Cloud storage can give organisations a significant data protection advantage, along with more flexible recovery options. But as ransomware moves from the endpoint to target cloud-only spaces, it creates new risks for organisations, especially those that accelerated cloud adoption during the pandemic and lost sight of where sensitive data lives and who has access to it. This creates weaker credential management, leaving room for ransomware to infiltrate.

Cyberattacks are transferable

The typical cyberattack moves from hacker to device, but 2023 may bring the first cyberattack that jumps between smart devices, including smart cars. We have not seen the in-smart environment replication just yet, but with the pace of innovation, a smart car attack could be riding shotgun to the vehicle next to you.

Critical national infrastructure

As both direct and indirect cyber warfare domains grow, so too does the potential for a substantial cyberattack, most likely in an area such as the energy space. This risk is most presently in EMEA, but it’s certainly top of mind among cybersecurity and national defence experts globally.

DAY

VP Europe Middle East and Africa, Field CISO, Cybereason.

73% of organisations suffered at least one ransomware attack in 2022, compared with just 55% in 2021

Burnout will impact cyber resilience

Security teams around the world have been working long hours from home, adapting their organisation’s security posture to support all the shifts in key business systems. In an industry that is still facing a massive skills shortage, we should not be surprised if burnout impacts security teams’ ability to maintain the round-the-clock coverage required to respond to a crisis in a timely fashion.

Defenders don’t have to face an uphill fight in the battle to fend off cyberattacks. The cybersecurity industry as a whole should re-examine its threat posture and adjust its readiness footing by seeking out the right partners and implementing best practices. ë

WEB3 AND METAVERSE INSEPARABLY LINKED TO EACH OTHER

Metaverse can create huge potential for privacy violations and data breaches that can compromise an individual, decentralised identity will play a role in ensuring safety.

Whether people realise it or not, we spend the majority of our time in the cloud. Managing and tracking everything across multiple cloud environments makes proper management and cost control very complex. Do you even know all of the workloads, VMs, containers, keys, crypto you have? What clouds it is located in? Who has access to it? Are lifecycle management policies in place across data, employees and departments? Do you have a handle on what is stored where? Do you have a handle on your overall costs?

The IT sector continues to experience a skills and resources gap. And, as enterprises add more cloud environments, compliance becomes a challenge. Automation can help manage users, machines applications and data across these cloud environments more efficiently and cost-effectively.

Metaverse and Web3

Web3 and the metaverse are inseparably linked to each other, and both are still in their early stages of development. As the technology behind them continues to grow in scale, governments are taking the opportunity to develop their own metaverse economies, and this will become more mainstream in 2023.

In 2023 Trusted Identity will be at the core of making this goal a reality. While the Metaverse can pose huge potential for privacy violations and data breaches that can compromise an individual’s personally identifiable information, PII, decentralised identity will play a key role in ensuring its safety.

With more companies hopping on the Metaverse and Web3 in 2023, decentralised identity will enable digital identities for individuals and corporations without handing over control of their data to third parties. Users will have

control of their identities and can enter different worlds in the metaverse and interact with various companies or entities by establishing trust using verifiable credentials to prove their identity without handing over personal data.

Post-quantum readiness

Quantum computers pose an inevitable threat to digital security. We are about to enter an era where the available computing power can and will break conventional cryptography.

The migration to quantum-safe algorithms is much more involved than one might think and will take years to achieve. This will take detailed and careful work that is time consuming and requires specific skills. And, with the skills and resources challenge in the tech and cybersecurity space, this will be tricky to navigate for organisations.

Threat actors are harvesting data today to decrypt later, organisations should be working today to adopt quantum-safe protocols to ensure they cannot. We are now seeing multiple sources making the call for organisations to migrate to quantum-safe algorithms immediately. Mastercard has already announced it has launched a contactless card for the quantum computing era.

Security posture is board-level priority

It is not just the IT team that needs to be aware

of and involved in enterprise security posture anymore. As the threat landscape grows and continues to evolve, boards are increasingly concerned and want to hold leadership accountable for the security of sensitive data. C-suite performance and compensation will become tied to cyber risk profile regardless of functional domain. Increasingly CISO, CIO is an integral part, leader of strategic decisionmaking process.

Chief Risk Officer buyer

Key decision makers and influencers are changing. Those involved in buying decisions to secure core business, enterprise infrastructure is expanding and shifting from what would have been considered the traditional key decision makers. Most of these buying groups will avoid engaging with a vendor until they already know that vendor has a solution that meets their requirements. This is one reason we are seeing an emergence of the Chief Risk Officer buyer persona.

Digital payments

The global transformation of banking and payments has only accelerated over the past few years, and between web trends and a global pandemic, the industry has seen disruption from all angles. Contactless payment methods have become a go-to payment method for consumers around the globe.

In 2023, consumer banking will be all about digital interactions first, but this digital experience needs to have security at its foundation. ‘The Great Payment’s Campaign’, a recent global study by Entrust, revealed that 94% of respondents in UAE and 91% of respondents in Saudi Arabia said they were concerned about the potential of banking or credit fraud as banking and credit become more digital.

Cloud marketplaces

This is the consumerisation of IT. People want to shop for cloud solutions much like they do in their personal lives because they are looking to speed up and simplify the buying journey.

Vendor consolidation

Business leaders are looking at using as few vendors as possible to simplify vendor management and mitigate costs. There is data from Gartner’s 2021 IT Security trends on number of security vendors at the average organisation, and the desire to consolidate. A 2022 Gartner survey of CISOs found 75% are pursuing a vendor consolidation strategy, up from 29% in 2020.

CISO, CIO are an integral part of strategic decision-making process

BIGGEST CYBER ATTACKS OF THE PAST YEAR

They have targeted governments, hospitals, cryptocurrency and other organisations with impunity, with the average cost of data breach at $4.4 million.

The past year has seen the global economy lurch from one crisis to another. As the pandemic began to recede in many regions, what replaced it has been rising energy bills, soaring inflation and a resulting cost-of-living crisis. Ultimately, these developments have opened the door to new opportunities for financially-motivated and state-backed threat actors.

They have targeted governments, hospitals, cryptocurrency firms and many other organisations with impunity. The cost of a data breach now stands at nearly $4.4 million – and as long as threat actors continue to achieve successes like those below, we can expect it to rise even higher for 2023.

Here are ten worst cyber-incidents of the year, be it for the damage they wrought, level of sophistication or geopolitical fallout.

Ukraine under cyberattack

Ukraine’s critical infrastructure has found itself, yet again, in the crosshairs of threat actors. Early into Russia’s invasion, ESET researchers worked closely with CERT-UA on remediating an attack that targeted the country’s grid and involved destructive malware that Sandworm had attempted to deploy against high-voltage electrical substations.

$618 mn

On February 23rd, ESET telemetry picked up HermeticWiper on hundreds of machines in several organisations in Ukraine. The following day, a second destructive, data-wiping attack against a Ukrainian governmental network started, this time delivering IsaacWiper.

Internet down

Barely an hour before the invasion, a major cyberattack against commercial satellite internet company Viasat disrupted broadband internet service for thousands of people in Ukraine and even elsewhere in Europe, leaving behind thousands of bricked modems. The attack, which exploited a misconfigured VPN device to gain access to the satellite network’s management section, is believed to have been intended to impair the communication capabilities of the Ukrainian command during the first hours of the invasion. Its effects were felt far beyond Ukraine’s borders, however.

Conti in Costa Rica

A major player on the cybercrime underground this year was ransomware-as-a-service, RaaS group Conti. One of its most audacious raids was against the small South American nation of Costa Rica, where a national emergency was declared after the government branded a crippling attack an act of cyber terrorism. The group has since disappeared, although its members are likely to simply have moved on to other projects or rebranded wholesale, as RaaS outfits generally due to avoid scrutiny from law enforcers and governments.

International Red Cross

Medibank

All of the Australian health insurance giant’s four million customers has personal data accessed by ransomware actors in an attack which may end up costing the firm $35 million. Those responsible are believed to be linked to infamous ransomware-as-a-service, RaaS outfit REvil, aka Sodinokibi with compromised privileged credentials responsible for initial access. Those impacted now face a potential barrage of follow-on identity fraud attempts.

Other actors

A CISA alert from September explained that Iran-affiliated threat actors compromised a US municipal government and an aerospace company, among other targets, by exploiting the infamous Log4Shell bug for ransomware campaigns, which isn’t all that common for state-backed entities. Also, intriguing was a US government compromise in November that was also blamed on Iran. An unnamed Federal Civilian Executive Branch, FCEB organisation was breached and cryptomining malware deployed.

Ronin Network was created by Vietnamese blockchain game developer Sky Mavis to function as an Ethereum sidechain for its Axie Infinity game. In March it emerged that hackers managed to use hijacked private keys to forge withdrawals to the tune of 173,600 Ethereum, $592 million and $25.5 million from the Ronin bridge, in two transactions.

The malware – which ESET named Industroyer after an infamous piece of malware used by the group to cut power in Ukraine in 2016 – was used in combination with a new version of the destructive CaddyWiper variant, most likely to hide the group’s tracks, slow down incident response and prevent operators of the energy company from regaining control of the ICS consoles.

More wipers

CaddyWiper was far from the only destructive data wiper discovered in Ukraine just before or in the first few weeks of Russia’s invasion.

In January, the ICRC reported a major breach that compromised the personal details of over 515,000 highly vulnerable victims. Stolen from a Swiss contractor, the data included details of individuals separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention. It was subsequently blamed on an unnamed nation state and occurred when an unpatched system was exploited.

Uber

The ride-hailing giant was famously breached back in 2016 when details on 57 million users were stolen. In September it was reported that a hacker, potentially a member of Lapsus$, had compromised email and cloud systems, code repositories, an internal Slack account and HackerOne tickets. The actor targeted an Uber external contractor, most likely grabbing their corporate password from the dark web.

The resulting $618 million theft, at March prices, was the largest ever from a crypto firm. Infamous North Korean group Lazarus has since been linked to the raid. The hermit nation has been traced in the past to thefts worth billions of dollars, used to fund its nuclear and missile programs.

Lapsus$ burst onto the scene during 2022, as an extortion group using high-profile data thefts to force payment from its corporate victims. These have included Microsoft, Samsung, Nvidia, Ubisoft, Okta and Vodafone. Among its many methods are bribery of insiders at firms and their contractors.

Although the group had been relatively silent for a while, it re-emerged at the end of the year after hacking Grand Theft Auto developer Rockstar Games. Several alleged members of the group have been arrested in the UK and Brazil.

Whatever happens in 2023, some of the cautionary tales from these 10 major incidents should stand everybody, including CISOs, in good stead. ë

The resulting

theft was the largest ever from a crypto firm and North Korean group Lazarus has since been linked to the raid

SECURITY PROFESSIONALS LOOKING TO IMPROVE PHYSICAL SECURITY

Security leaders are re-evaluating their technology stack seeking solutions that help streamline tasks, automate processes, and enhance team efficiency.

In the Genetec 2022 State of Physical Security Report, 50% of respondents said their physical security team experienced human resource challenges last year. For 2023, security leaders are re-evaluating their technology stack seeking solutions that help streamline tasks, automate processes, and enhance team efficiency.

Unifying video surveillance, access control, automatic license plate recognition, communications technology, and other valuable functions can make an operator’s job easier and reduce costs and training. Built-in analytics or decision support features can further streamline operations.

The report also showed that 67% of organisations are planning to invest in access control system, ACS modernisation in 2023, putting it at the top of the physical security tech investment list. Modern ACS include built-in cyber defences and health monitoring tools, and higher levels of automation.

Upgrading to a modern, open ACS will help organisations eliminate the weak points of legacy systems and better defend against cybersecurity threats, as well as enable new capabilities like mobile credentials, biometrics, and cloud-connected controllers and services, to implement over time.

Hybrid-cloud deployments are gaining traction, with some organisations opting to conserve security devices and infrastructure investments that are not cloud-ready, and others having bandwidth limitations or the need to keep some data processing and storage on site.

As businesses rationalise costs, concerns, and approach to cloud migration, we can expect an increase in demand for ready-to-deploy hybrid-cloud appliances. This infrastructure will support edge-computing workloads and make existing devices cloud-compatible, and help centralise access to systems and data across many sites.

Research by Genetec shows that 36% of IT and security professionals are looking to invest in cybersecurity-related tools to improve physical security in 2023. While a more holistic, automated approach to defending against threats will take precedence, so too will proactive security architecture planning and procurement.

These measures may include:

l replacing legacy equipment before succumbing to end-point failures to better mitigate risks

l using intelligent maintenance tracking tools and metrics to improve forecasting

l relying on external expertise to adapt security architecture planning as supply chain lags

l standardizing on solutions built with cybersecurity and privacy in mind to enhance resilience across the partner ecosystem

This take-charge mindset will help organisations better defend against cyberattacks and become an essential factor in preserving business resilience and continuity.

Other notable trends Genetec anticipates impacting the industry in 2023 are the extraction of physical security data pushing digital transformation forward, growing collaboration and convergence of IT and physical security teams, and the continuation of remote work driving increased need for space utilisation data.

These predictions are informed by a Genetec report including insights from 3,700 security leaders worldwide. ë

67% organisations planning to invest in access control system modernisation in 2023, putting it at the top of the physical security investment list

MOST SUSTAINABLE TECHNOLOGY COMPANY BY 2030

HP’s climate goals and sustainability commitments highlight progress it is making to drive a net zero carbon economy, reducing its environmental footprint.

In the upcoming year, although global economies will continue to face multiple macroeconomic headwinds, recession, inflation and tightened financial conditions, there will also be growth opportunities in certain markets, especially in emerging markets who are more experienced with volatility.

HP has set a bold goal to become the most sustainable and just technology company by 2030. Our climate goals and sustainability commitments highlight the progress we are making to drive a net zero carbon, fully regenerative economy, reduce our overall environmental footprint, and strengthen our business for the long term to create the most sustainable portfolio of products and solutions in the industry.

In fact, consumers are beginning to build brand loyalty through social activism - 80% believe that brands should help make people’s lives better and 75% millennials and Gen Z will only engage with brands that protect the earth. Gen Z and millennials are the new workforce who demand devices that will correspond to their values.

During the pandemic the global supply chain was disrupted and different economy sectors, not only IT, faced huge delays in product supply. With this issue being finally solved, we see enterprises’ huge focus on protecting their data in the hybrid work environment.

Hybrid work will continue to dominate. Hence, employees will further demand powerful, light, cybersecure devices with good quality video cameras for communication purposes. Peripherals like wireless headsets with noise cancelation will be of great demand. 81% of companies are upgrading conference rooms and 75% of people are setting up formal home offices.

Gaming will continue to be a growing market segment onboarding newcomers and empowering existing gamers. Gaming is much more than a solitary pastime – it is a way for people to connect socially, compete and progress their passions. It is a lifestyle. Professional and enthusiast gamers want devices with the best possible specs to excel and play an active role in the gaming community. As fellow gamers, we create for every type of gamer, empowering them to get deeper into the game, to play to progress and game with purpose.

In 2023, the print industry will continue to implement automation into its entire workflows, starting with investments in smart devices, the integration of software with existing production environments, increased digital efficiency via advanced digital tools – as cloud computing, artificial intelligence, IoT, AR and VR - and leveraging the growth of e-commerce to automate production end-to-end.

At HP, any device purchase is a security decision. For the past 20 years at HP Labs, Security Lab has dedicated itself to raising the bar in endpoint security, advancing the state of the art with leading security innovation and driving industry standards from inventing and standardising modern Trusted Computing, to designing resilient, self-healing hardware and leading in IoT and printer security innovation.

81% companies are upgrading conference rooms

In partnership with HP Wolf Security, HP’s Security Lab continues to drive research for the future - from traditional IT systems, like PCs and printers, to emerging compute architectures at the edge, to digital manufacturing systems and 3D printers - we pursue cybersecurity research that aims to ensure peace of mind in the face of cyber-threats.

In today’s increasingly distributed, interconnected, and mobile ecosystem, endpoints are the front line in cyber defence. IT decision makers of large enterprises as well as of SMB companies want their users to work productive and cybersecure. Having the right security is foundational to move quickly and safely into the future. ë

NO MORE BOLT-ON AND AFTERTHOUGHT IN SERVICES

Regardless of the model, and how service is designed and delivered, the success depends on consistent, positive customer experience, end to end

Companies are pressured to continue to develop superior service offers to differentiate their brands, increase margins and secure customer loyalty, while at the same time seeking to embrace the circular economy and under pressure to demonstrate progress against increasingly ambitious ESG goals.

Service supports sustainability

Facts support the idea that service and maintenance support sustainability: keeping products and assets running for their maximum viable lifetime has a positive impact on sustainability. Even in times of recession, the service sector remains inherently resilient; consumers and businesses alike want to retain products and equipment for longer.

The key service tenets within the 9R circular

economy framework - refurbish, repair, remanufacture and recycle – sit squarely within any ESG corporate remit. The first two eliminate the need for new manufacturing production, and the attendant consumption of resources, and the last two minimise waste and landfill.

A leading consumer goods supplier has calculated that for every three refrigerators they repair, the environmental savings made equate to taking a combustion-engine car off the road.

When managing 65,000 product repairs a week, that’s a significant saving.

The move towards electric vehicles in field service operations is also challenging. With the need to ensure sufficient battery capacity, routing and scheduling needs to factor in availability of charge points, the schedule, and range. Excess van stock, including obsolete and excess stock and even colder weather can also significantly reduce range.

Real time connectivity to assets enables asset performance management and ultimately asset optimisation

ANNUAL TRENDS

Predictive service

The use of predictive intelligence will become even more far reaching. Everything from when a device might be likely to fail, to the parts that might be needed, to skill proficiency and therefore time-to-fix when allocating different engineers, is all within the scope of predictive adoption.

Two factors underpin successfully adopting these competences: the first is the availability of data. And the second is the presence of effective Artificial Intelligence, AI and machine learning capabilities to interpret the findings, detect anomalies and create predictive service insights. Increasingly, we can expect AI insights and analyses to augment and support human engineers.

For example, based on the analysis of historic fault patterns, symptoms and resolutions, AI can suggest the most likely parts an engineer will require as standard to secure a fix.

Insightful service is effectively data-driven prescriptive diagnosis combined with intelligent service. At the same time, this real time connectivity to assets and devices also enables asset performance management, and ultimately asset optimisation, both directly linked to customer experience and a successful delivered service first business model.

EX

Customer experience, CX, has hogged the spotlight now for several years. Post pandemic, things have changed. Now, facing a global skills shortage and The Great Resignation, the service sector is also rapidly recognising the importance of the employee experience, EX.

A staggering 40% of field workers are due to retire within the next ten years. Unless we can attract new talent, this invaluable knowledge and insight will be lost. Ignoring the need to create an AI-powered intelligent knowledgebase could well prove a costly oversight.

80% of the global workforce –some 2.7 billion people – are employed on the front line, deskless. The pandemic taught us just how important some of these workers are and, in many cases, how poorly equipped they are. In the absence of a consumer UX-style mobilefirst strategy by many employers, with simple and efficient onboarding, they remain woefully forgotten and, in many cases, disconnected.

If organisations want to retain and engage with this workforce, they need to emulate the focus and experience given to more traditional desk-based staff, both office-based and remote.

A shift to a mobile-first focus, and embrac-

MARK BREWER VP Service Industries, IFS

ing concepts such as gamification, turns mobile devices in the field into a powerful and pervasive technician-enablement platform – and a compelling way to attract and retain new talent. Over the coming year we can expect to see EX increasingly becoming an equal citizen to CX.

Short and long cycle

There is a difference between high volume, break-fix service regimes for products, and servicing major high value asset investments, where service or modernisation programmes may span many months or years. Historically, companies have deployed separate distinct workforces to fulfil short-cycle break-fix

requirements versus the long-cycle service planning required for strategic assets and projects.

However, these boundaries are beginning to blur, with a shift towards a multidisciplined blended workforce. The skills shortage means companies want to develop multi-skilled technicians who can perform both a 30-minute fix and also a day-long full asset overhaul.

There’s also a transition from the traditional fixed periodic maintenance model to condition and usage-based service. But managing schedules and maintenance plans for multiple geographically dispersed assets in this way is complex.

Since the pandemic, remote service is no longer a bolt on and is now an integral part of any service offering. Now a service model in its own right, remote monitoring and diagnostics are increasingly working hand-in-hand with remote, virtual assistance.

Regardless of the model, and how service is designed and delivered, the success depends on delivering a consistent, positive customer experience – end to end: whether that’s when calling to book an engineer, using online resources, rescheduling an appointment, or being guided on the phone. Nothing should present itself to a customer as a bolt-on or afterthought. ë

Over the coming year we can expect to see EX increasingly becoming an equal citizen to CX

MILITARY STYLE CYBER SECURITY CONFLICTS

February 24, 2022 saw a massive wave of pseudoransomware and wiper attacks indiscriminately affecting Ukrainian entities.

2022 was marked by a 20th century-style military conflict – that definitely brought uncertainty and some serious risks. A number of cyber-events took place during the conflict turned to be very significant. Significant signs and spikes in cyberwarfare in the days and weeks pre-dating military conflict were seen. February 24, 2022 saw a massive wave of pseudo-ransomware and wiper attacks indiscriminately affecting Ukrainian entities. Some were highly sophisticated, but the volume

of wiper and ransomware attacks quickly subsided after the initial wave, with a limited number of notable incidents subsequently reported. Ideologically-motivated groups that presented themselves in the original wave of attacks appear to be inactive now.

On February 24, Europeans relying on the ViaSat-owned satellite faced major internet access disruptions. This cyber-event started around 4h UTC, less than two hours after the Russian Federation publicly announced the beginning of a special military operation

in Ukraine. The ViaSat sabotage once again demonstrates cyberattacks are a basic building block for modern armed conflicts and may directly support key milestones in military operations.

As the conflict has evolved, there is no evidence that the cyberattacks were part of coordinated military actions on either side. However, there are some main characteristics that defined the 2022 cyber confrontation:

Hacktivists and DDoS attacks

The conflict in Ukraine has created a breeding ground for new cyberwarfare activity from various groups including cybercriminals and hacktivists, rushing to support their favourite side. Some groups such as the IT Army of Ukraine or Killnet have been officially supported by governments and their Telegram channels include hundreds of thousands of subscribers.

While the attacks performed by hacktivists had relatively low complexity, the experts witnessed a spike in DDoS activity during summer period – both in number of attacks and their duration: in 2022, an average DDoS attack lasted 18.5 hours – almost 40 times longer compared to 2021, approx. 28 minutes.

Hack and leak

The more sophisticated attacks attempted to hijack media attention with hack-and-leak operations, and have been on the rise since the beginning of the conflict. Such attacks involve breaching an organisation and publishing its internal data online, often via a dedicated website. This is significantly more difficult than a simple defacing operation, since not all machines contain internal data worth releasing.

Weaponizing open-source software

As the conflict drags on, popular open-source packages can be used as a protest or attack platform by developers or hackers alike. The impact from such attacks can extend wider than the open-source software itself, propagating in other packages that automatically rely on the trojanised code.

Balkanisation

Following the start of the Ukraine conflict in February 2022, many western companies are exiting the Russian market and leaving their users in a delicate position when it comes to receiving security updates or support – and the security updates are probably the top issue when vendors end support for products or leave the market.

From February 24 onwards, we have been puzzled with a question, if cyberspace is a true reflection of the conflict in Ukraine, it represents the pinnacle of a real, modern cyberwar. By going through all the events that followed military operations in cyberspace, we witnessed an absence of coordination between cyber and kinetic means, and in many ways downgraded cyber-offense to a subordinate role.

Metaverse

New social media will bring more privacy risks. We would like to believe that the near future will see a new revolutionary phenomenon in the world of social networks. Perhaps this will happen already in VR, but rather in AR. As soon as a new trendy app appears, so do risks for its users. Privacy most probably will be a major concern, too, as many start-ups neglect to configure their applications in accordance with privacy protection best practices. This attitude may lead to a high risk of personal data compromise and cyberbullying in the new social media, however trendy and convenient it may be.

Right now, we are only taking the first steps toward complete immersion in virtual reality, already using metaverses for entertainment

while testing industrial and business applications of this new technology. Although so far, there are only a few metaverse platforms, they already have revealed risks that future users will face. As the metaverse experience is universal and does not obey regional data protection laws, such as GDPR, this might create complex conflicts between the requirements of the regulations regarding data breach notification.

Virtual abuse and sexual assault will spill over into metaverses. We have already seen cases of avatar rape and abuse, despite efforts to build a protection mechanism into metaverses. As there are no specific regulation or moderation rules, this scary trend is likely to follow us into 2023.

Personal data

As usage of mental health apps increases, the risk of this sensitive data being accidentally leaked or obtained by a third party through a hacked account will also grow. Armed with details on the victim’s mental state, the attacker is likely to launch an extremely precise social engineering attack. Now, imagine that the target is a key employee of a company.

We are likely to see stories of targeted attacks involving data on the mental health of corporate executives. And, if you add here data, such as facial expressions and eye movement, that sensors in VR headsets collect, the leakage of that data may prove disastrous. ë

There is no evidence that cyberattacks were part of coordinated military actions on either side

HOLOGRAPHIC MEETINGS, CHANGING PC SHAPES, LIE AHEAD

Technologies that can bring teams together, working across several continents, will grow in importance in the hybrid, remote workplaces of the future.

Smarter, more integrated technology is already transforming everything from the devices in our hands to how we collaborate with colleagues or even buy groceries. As artificial intelligence and edge computing proliferate, bringing power and efficiency to countless industries and activities, we see

tremendous change happening. But what will 2023, and beyond bring? What surprises are ahead for our rapidly advancing relationship with technology?

Holographic meetings

In our new hybrid world of work, technology will step up to create meetings where ‘holo-

graphic’ attendees feel nearly as real as being there in the flesh. Technologies that can bring teams together, even if they are working across several continents, will grow in importance in the hybrid, remote, and increasingly global workplaces of the future.

For presentations, product launches or meetings with other organisations, augmented and mixed reality will offer a new way for organisations to make an impact, with life-size ‘holograms’ who can interact with virtual objects, for example, to show off a new prototype, or to explore a ‘digital twin’ of a real-world object.

Lenovo’s concept Cyber Space technology shows off how this ‘phygital’ approach, blending the physical and digital might work, with a special coated glass which is semi-transparent and semi-reflective, and which allows people behind it to physically interact with life-sized objects.

Metaverse

The metaverse is going to edge closer to reality – but it will not be about cartoon avatars and games. Instead, metaverse technology will be

driven by the world of work, not play.

We are probably at an equivalent stage to the mid-90s World Wide Web in terms of the evolution of the metaverse, and big leaps are just around the corner. Teams will learn to collaborate, share and work in immersive spaces – what we refer to as the Enterprise Metaverse –and that will drive adoption of the technology. Rather than games such as flight simulators, it will be ‘job simulators’ – immersive training –which drives the adoption of the metaverse.

The ThinkReality VRX is a next-level VR headset for immersive training, collaboration, and 3D design. Solutions such as Lenovo’s ThinkReality VRX headset are coming to market to enable workers to collaborate together in virtual reality and enabling rapid, cost-effective training programmes.

At Lenovo, we believe that the future of the metaverse is collaborative and truly open, where ideas and technology are easily shared, rather than being restricted inside ‘walled gardens’ controlled by one company.

Multi-access edge computing

In the future, intelligent cameras will manage traffic in ‘smart cities’, cutting pollution, congestion, and road accidents – and edge computing servers will enable everything from holographic teaching to augmented reality shopping.

Why edge computing? Multi-access edge computing, means that requests are processed within the smart city itself, rather than having to travel to some far-away data centre, meaning that queries can be answered within milliseconds. In Barcelona, a pilot scheme is showing the power of edge computing, with 3,000 Lenovo servers across the city enabling internet-of-things devices and cameras to deliver data where it is needed.

In the future, edge computing could even help cities hit pollution targets by controlling traffic lights so cars drive in a more fuel-efficient way.

Hybrid work

The way we work has changed forever, and in tomorrow’s new hybrid workspace, the way companies use technology will change – with a shift towards technologies such as smart sensors, and a move to renting everything from hardware to the office experience itself. This will cut overheads for new businesses, enabling young companies to scale more rapidly and flexibly.

This shift is already underway, with a Lenovo survey of 500 CTOs finding that 43% said

their company’s technology architecture was ‘improved’ and elements such as smart devices, 76% and smart internet-of-things, 70% surging in importance in the past year.

Businesses will shift towards a more fluid model where the entire office experience and related solutions and services can be provided by a third party. Lenovo now offers a managed employee experience where companies can rent a workplace solution, rather than just hardware or software – including, for example IT infrastructure and support and performance analytics as well as cloud and data infrastructure services.

Smart shops

Artificial intelligence will increasingly shape the world around us and accelerate daily activities such as shopping.

In the near future, AI servers may analyse multiple video feeds from cameras in the aisles of shops to watch for large quantities of items

being removed at the same time, and monitoring deliveries to the store to ensure that inventory stays high. This will enable shops to keep track of goods more efficiently, more rapidly adjust to supply and demand, and improve profit margins – and ensure customers get what they paid for.

When customers ‘click and buy’, AI cameras will keep a watchful eye to ensure they get what they ordered, cutting out an irritating part of the modern, self-checkout shopping experience.

Shape changers

Screen size remains valuable in an age of multitasking and devices designed to shoot and edit videos, stream content, play games, and every other activity packed into our portable devices. In the future, the phones in our pockets might actually be a lot smaller – a reversal of the trend long-seen in smartphones – but ‘extend’ or ‘unfold’ to become larger when we need to use them. An unassuming, familiar device can switch into productivity mode with the touch of a button.

When users need more screen space, for work, or just to unwind with a movie or a game, the concept device expands from a 5-inch display to 6.5-inch, as big as market-leading devices.

Lenovo’s Rollable PC proof of concept shows a flexible display that rolls out on command on a motor for a larger screen size, while maintaining its thin and light form.

The Lenovo Glasses T1 is a wearable private display for on-the-go content consumption. And for those who need portability, privacy, and extended screen space, don’t be surprised if you see more people wearing their screens.

Augmented and mixed reality will offer a new way for organisations to make an impact, with life-size holograms

General Manager, Lenovo Gulf.

MANAGING MULTIPLE CLOUDS IS SIGNIFICANT CHALLENGE

It is difficult finding talent that can work skilfully within one cloud and creating teams skilled in managing multiple clouds will become a significant challenge.

The multicloud will increase in importance as more services move from on-premises to the cloud. According to research firm Gartner, it’s expected that on-premises versus cloud spend will flip by 2025. While this continued migration to the cloud is not surprising, cloud adoption will continue to accelerate in 2023 because of supply-chain issues requiring buyers to look beyond on premises hardware to ease procurement challenges and the need to pursue aggressive sustainability objectives.

The rapid adoption of multiple clouds is even more interesting. In fact, 89% of companies are using multiple clouds to manage IT services, operations, and infrastructure. This seems to be a place some companies have landed out of necessity, or even by accident, as they worked to mitigate supply-chain issues by linking to multiple cloud providers who could each help them drive innovation and ensure security, scalability, and flexibility outside their data centre.

This has brought about unnecessary complexity that companies will look to address through the adoption of common services across clouds.

Skills gap

More companies adopting multiple clouds means the skills gap will move from fierce competition between employers to retain top talent. It is difficult finding talent that can work skilfully within one cloud. Creating teams skilled in managing multiple

clouds becomes a significant challenge and can take extended periods to develop.

Companies need teams that can innovate and build. If employees are only spending time on operations, they cannot innovate. This need will only intensify, and companies will need to become more comfortable in hiring for potential over talent, and be willing to provide the team members with the training they need to succeed.

Sustainability

Sustainability will only become more important to IT buyers, and they will require more data to support claims from their vendors. Vendors will need to show they are working toward, and achieving greater sustainability throughout their value chains and delivering product features that enable their sustainability.

They will have to work harder to increase energy efficiency with their facilities and on-premises equipment and provide improved methods for data categorisation that enable buyers to look across their entire data estates and tier data, which is particularly effective in the cloud.

When we consider that 68% of data is used once and then never again, we can see how moving this unused data to the cloud, where it can be tiered and moved to cold storage, is beneficial for the planet. It has been interesting to see the level of sustainability specifications and feature granularity that buyers now demand when making purchasing decisions.

Quantum computing

Quantum hybrid computing will start to move from ideation toward practical application, problems such as elements of AI will be broken out and passed over to quantum systems for processing, we will start to see a blend of traditional HPC and Quantum to solve some of these most complex issues. This will also force us to better address cybersecurity. Companies need to think about data encryption now more than ever.

Criminals are increasingly sophisticated, and companies need to be equally sophisticated when it comes to their security measures. While this will not happen overnight, the wheels have been set in motion for quantum to be a threat to encryption on sensitive data.

Normal computers, even high-powered computers, would take decades to break these encryption algorithms. Quantum hybrid will be able to break existing encryption protocols in less than a decade so new encryption protocols and algorithms can be developed sooner. Companies would look to quantum to address more complex computing challenges.

Enterprise Kubernetes

As more business-critical and data-rich apps get containerised and run on Kubernetes, they will need a richer set of data services for protection, mobility, compliance, and governance. Stateful applications will become ubiquitous with advanced data management needs, ransomware protection, and disaster tolerance.

A key trend for 2023 and beyond is to create lots of clusters and use tooling to manage 100s – 1000s of clusters at scale. The intention is to transition away from managing clusters as pets, a few large clusters hosting all applications and using K8s as a true cluster operating system where the cluster is the computer. Kubernetes at its core is also a cluster commoditisation technology making it easy to create, run, and operate clusters at scale.

Cyber resilience

The current challenges in terms of health, economy and war mean that cyber-resilience is more crucial than ever before. Businesses and organisations will rely more than ever on IT resources to provide round-the-clock protection and quick recovery for their data. This is because the question is no longer whether they will be attacked, but rather when and how often, so we need to address the problem head-on and a small number of small and mediumsize companies are still not prepared.

Previously, a business’ cyber defence strategy focussed on anticipation of the attack, but today it is more about reacting during the attack and quick recovery after it. Detection, protection and remediation will be the watchwords of cybersecurity in 2023. ë

89% of companies are using multiple clouds to manage IT services, operations, infrastructure

CYBER RISK IS BUSINESS RISK

Good

Mimecast, has released its latest State of Ransomware Readiness 2 report, revealing that ransomware has become a primary threat to organisations worldwide, with Middle Eastern companies not spared from the devastating impact of ransomware attacks.

The report found that 59% of cybersecurity leaders in the UAE have seen the number of cybersecurity attacks increase or stay the same over the past year, with 39% saying they’ve experienced significant downtime due to a ransomware attack.

Mimecast’s State of Ransomware Readiness 2 report is based on insights from 1100 cybersecurity decision-makers in Australia, France, Canada, Germany, the Netherlands, the Nordics, Singapore, South Africa, the UAE, UK and US.

Business and security leaders see ransomware attacks as virtually inevitable. Seventy-five percent of businesses in the UAE reported they experienced a ransomware attack in the past year, ahead of a global average of 64%. The consequences can be devastating: a third of UAE cybersecurity teams have experienced an increase in the number of absences due to burnout following an attack, while 23% have seen changes in the C-suite due to a successful ransomware attack.

The report further found that 44% of UAE organisations have experienced a loss in revenue due to a ransomware attack in the past twelve months. This may partly explain why nearly half, 46% of cybersecurity professionals in the UAE are considering leaving their role in the next two years due to stress or burnout, with 73% of cybersecurity leaders in the region saying their role gets more stressful every year.

The research also found that 94% of global cybersecurity leaders believe more budget is required to combat ransomware, with 24% of UAE organisations seeking an increase of 11% to 20% in their annual cybersecurity budgets.

Cybersecurity leaders need to focus on proactively reducing the chances of a ransomware attack causing disruption. Organisations need integrated security tools to improve threat detection capabilities and relieve pressure on busy security teams. Good fundamental security practices must be in place to reduce vulnerabilities, and security teams need to evaluate crisis planning to understand the real consequences of an attack.

It is also essential that leaders acknowledge that cyber risk is business risk, and not leave the financial and personnel resource burden to only IT teams. ë

fundamental security practices must be in place to reduce vulnerabilities, and security teams need to evaluate crisis planning to understand the real consequences of an attack.

67% of businesses in UAE reported they experienced a ransomware attack in the past year

BUSINESSES TO USE MORE THAN ONE CYBERSECURITY VENDOR

There is demand from security teams for integration and collaboration between vendors and for vendors to boost value by demonstrating ability to extract value.

As the vast quantity of cyber-security products covering various attack surfaces and use cases continues to rise, businesses will likely investigate opportunities to consolidate when and where possible. However, consolidation within security is not as simple as buying more products from the same vendor or migrating everything to one data-lake. Instead, a greater emphasis will be placed on holistic workflows, unified agents, and cross-product synergies that can deliver greater value.

Even though consolidation is expected to be a key focus for 2023, businesses are likely to use more than just one vendor. We have already witnessed an increasing demand from security teams for more integration and collaboration between vendors. We expect this demand for integration to create a need for vendors to boost their own value by being able to demonstrate their ability to extract value from the existing value stack.

In a world of ever-evolving cyber threats, the unfortunate reality remains that a recession is only likely to further incentivise cybercriminals to develop new assault tactics and strategies. The complexity of our rapidly expanding interconnected world and swiftly expanding threat landscape necessitates increased visibility and monitoring of performance and security across a variety of platforms, geographies, and service providers.

The economic turmoil will pressure businesses to reduce costs and be more effective. With budgets reducing and the threat of newer and more efficient cyberattacks on the rise, we expect a greater emphasis to be placed on efficiency and performance. We believe cloud computing will become more important in the coming year, with businesses increasingly migrating their data to the cloud. However, this brings with it additional threats. In order to safeguard their data, IT decision-makers will seek vendors that can ensure comprehensive end-through-end network visibility into the entire service delivery stack.

As the world gets better at defending endpoints, threat actors will need to improve their game in order to penetrate more difficult targets, and social engineering will continue to be a preferred vector of attack.

Cloud-computing is quite literally the future of the digital business world. With an unstable economic crisis looming, enterprises and organisations are likely to prioritise cloud solutions to help them cut costs and improve efficiency.

As the world continues to migrate to scalable online services, malware is sure to follow. Botnets have been expanding and evolving faster than ever and is expected to become one of the biggest threats to corporate security in 2023

NETSCOUT is committed to leveraging its threat intelligence and

customising solutions for clients, in addition to serving as a reliable partner on their journey to achieving comprehensive network security, ensuring the availability, performance, and security of digital business services. The patented Smart Data technology and continuous monitoring were designed to penetrate the numerous layers of services, applications, and hybrid cloud servers that make up the digital architectures of today. ë

Cloud-computing is the future of the digital business world

PREPARING FOR A QUANTUM WORLD

Guidelines were made available for quantum-resistant algorithms, and this means organisations need to start thinking about cryptography challenges.

2023 is set to feature an astonishing landscape of change for organisations across the Middle East. Organisations will start to prepare for a quantum world in 2023. During 2022, guidelines and standards were made available for quantum-resistant algorithms, and this means organisations need to start thinking about things like post-quantum cryptography challenges.

While it’s a way off, regulatory groups like NIST and ENISA are urging organisations to start their programmes now to make sure they are prepared.

Our collective attitudes towards the industrial metaverse will begin to shift in 2023. Instead of being seen as something esoteric, we will see wider recognition that its key components—the digital shop floor, used interchangeably as a digital twin by some in combination with supply chain automation and optimisation through AI, ML models—are real and relevant, bringing new cybersecurity challenges with it. And with this new attitude toward the industrial metaverse comes the opportunity to drive a deep technological shift as a business change initiative.

Phishing is a social engineering technique. You need to find someone with their guard down and convince them that you are legitimate, and they should either give you their password or otherwise authorise you to access their accounts.

Multi-Factor Authentication has long been touted as a solution to the phishing problem, but what it really does is force attackers to change tactics. Between easy-to-deploy reverse proxy phishing tools and techniques for abusing OAuth workflows to sidestep MFA and gain direct access to cloud apps, we expect to see an increase in sophistication in targeted phishing attacks to bypass MFA.

Attacks involving data encryption and theft of confidential information are on the rise. There is a growing trend that we believe will intensify in 2023, where we have two extremes. On one side, we have the infamous Ransomware-as-a-Service, in which attackers focus on both encryption and theft of sensitive data.

On the other side, we have extortion groups, like LAPSUS$ and RansomHouse, which breach companies only to exfiltrate sensitive data, without encrypting any files. We believe 2023 will be filled with attacks sourced from RaaS groups and from extortion groups, perhaps even intensifying an Extortion-as-a-Service model.

There has been a significant increase in software supply chain attacks in recent years. As we discover more vulnerabilities in application source code, especially among open-source software, we expect this type of attack to continue growing. This calls to attention a need for organisations to strengthen their measures and strategies for software supply chain security. ë

Attacks involving data encryption and theft of confidential information are on the rise

CHANGE DRIVEN BY LESSONS OF RECENT PAST

From supply chains to the choice of Opex over Capex, the year ahead will encompass change driven by the lessons of the recent past.

While the Gulf region is undergoing steady recovery, the past few years of turmoil have forced executives to inspect every aspect of their operations. Supply-chain issues, despite some encouraging improvements, continue to cast a shadow in some industries. Inflation rates are creeping ever upwards.

In the UK, improvement is expected around mid2023, whereas in some quarters in the US, inflation is feared to be a longer-term problem. While in Gulf countries the highest inflation rates are around half those in the US and Europe, we expect all these factors and more to keep regional business leaders on their toes in 2023.

Energy costs will be of significant concern and the entire C-suite will start to take an interest in economics as external issues continue to impact budgets and operations. From supply chains to the choice of Opex over Capex, the year ahead will encompass change driven by the lessons of the recent past.

While historically large enterprises have worked with different cloud providers for different use cases, this creates cloud lock-in which customers are sick and tired of. Next year we will see an increase in customers building cloud neutrality into their design to avoid this lock-in even if it’s only to prepare for the future.

To do so, companies will rely heavily on containerising applications, making them portable across private, public and hybrid cloud infrastructure, regardless of the cloud providers at play. There will also be a push to consolidate management of applications through Kubernetes platforms with all the flexibility, speed, cost effectiveness and security needed to ensure success in a cloud neutral environment.

Realistically, the CFO will dictate the agenda over the next twelve months, and likely beyond. C-suite officers rarely take their eye off the bottom line, but next year will see them staring at it more intently, which obviously means the CFO will steer budgets even more than usual. In the technology sector, we will hear plenty more conversations about TCO and in-year ROI. And, given the spend control that they offer, I think that means a more concerted move towards subscription services for many organisations.

Many finance teams favour a general Capex-before-Opex approach. Writing off depreciation for physical assets like IT hardware is a helpful mechanism for improving the health of corporate books, after all— especially for cash-rich companies.

But unpredictable energy and infrastructure costs mean fixed-cost subscriptions look very appealing, especially when coupled with the fact that new services can be brought on without massive initial invest-

ments. And those subscription services that can deliver savings, not just in year one but well into year two and beyond, could sway CFOs and budget holders in 2023.

With sustainability being a priority for many organisations, efficient technologies which use less energy and have a better carbon footprint will be on many board’s agenda. Today’s businesses are much more environmentally conscious, but volatile energy costs have forced the issue in many countries around the world and in the next year we will see green and sustainability credentials at the tip of the spear in conversations between vendors, service providers and customers.

Many groups within organisations will develop a much greater understanding of sustainability metrics and methodologies and will start applying them when making technology choices. ë

Subscription services that can deliver savings, not just in year one but year two and beyond, could sway CFOs

INTELLIGENT DIGITAL INVESTMENTS CAN BE DEFLATIONARY

Business leaders are shifting investment to technologies that will deliver outcomes faster and 95% CEOs are pursuing a digital-first strategy according to IDC.

Organisations are facing an incredibly complex and volatile macro environment – and as they manage in this environment of uncertainty, decision making and business strategy is being put under the magnifying glass. A focus on business transformation for efficiency and ROI – more than what is new will be top of mind for the coming year.

As the world is gripped by soaring inflation, intelligent digital investments can be a huge deflationary force. Business leaders are already shifting investment focus to technologies that will deliver outcomes faster. Going into 2023, technology will become increasingly central to business success - in fact, 95% of CEOs are already pursuing a digital-first strategy according to IDC’s CEO survey, as digital companies deliver revenue growth far faster than nondigital ones.

Business transformation also requires talent transformation, and employers will continually need to upskill their employees to get to grips with the technologies that will drive success.

Boosting digital skills as part of digital transformation is a win-win for organisations as closing the digital skills gap could add $11.5 trillion to global GDP by 2028, according to the World Economic Forum.

In crisis, everyone looks around for reassurance. Businesses look around for ways of getting through the crisis and becoming immune to the next one. Resilience has been the word of the day for countless months. It remains so because of the aftershocks of the pandemic — supply-chain issues and inflation being just two examples.

AI-powered analytics does not just allow realtime insights into the efficiency of processes and the profitability of business models; it clears the way for predictive analyses that show a path to long-term success.

When technology stacks include mechanisms for extracting meaningful, useful data from structured and unstructured sources and categorizing it for presentation and review, decision makers get access to valuable knowledge.

In 2023, we expect to see an innovation cycle,

as the positive ROI from these technologies encourages yet more investment.

In 2023, we should expect regional business leaders to demand more ROI on technology investments. Inflation rates may be lower in the GCC than they are in the Americas or Europe, but they are still of concern. The right digital investments could have a corrective impact on the bottom line.

2023 will be primarily focused on companies continuing to implement technologies that will enable them to prioritise business agility. This year, we will see that investment in solutions to address emerging ESG challenges will continue to be a business priority, as well as a focus on implementing technologies that will continue to transform the way we work to retain talent and continue on the path of growth.

In addition, the focus on introducing new technologies, such as the metaverse, will continue to grow, to help cultivate and maintain employee engagement in an increasingly challenging and hybrid macro-environment. ë

PRIORITY FOR SECURITY MUST MATCH CLOUD ADOPTION

It is imperative that security is prioritised as organisations continue to adopt cloud services and includes threat-based protections and risk-based mitigations.

Sophos has published findings of a new survey, The Reality of SMB Cloud Security in 2022. The survey found that, among Infrastructure as a Service, IaaS users, 56% experienced an increase in the volume of attacks on their organisation when compared to the previous year, and 67% were hit by ransomware. In addition, 59% experienced an increase in complexity of attacks.

For many of these users, a lack of visibility into their infrastructure, unpatched vulnerabilities and resource misconfigurations make them susceptible to various types of attacks, including ransomware. Of those surveyed, only 37% track and detect resource misconfigurations and only 43% routinely scan IaaS resources for software vulnerabilities.

What is more, 65% of cloud users reported not having visibility of all resources and their configurations, and only 33% said their organisation has the resources to continuously detect, investigate and remove threats in their IaaS infrastructure.

It is imperative that security is prioritised as organisations continue to adopt cloud services. This includes implementing traditional threat-based protections, as well as risk-based mitigations. Unpatched vulnerabilities and misconfigured resources are both preventable mistakes and avoidable risks that make life easier for attackers.

Most attackers are not unstoppable criminal masterminds, but rather opportunistic cyberthugs looking for an easy payday. However, the survey also found that more advanced IaaS users are twice as likely to report a decrease in attack impact than beginners, suggesting the appropriate defence mechanisms can go a long way in deterring threat actors. ë

65% of cloud users reported not having visibility of resources and configurations

ANTICIPATE BREACH OF SAAS PROVIDER IN 2023

Given the adoption rates of SaaS applications, the shared responsibility model and limited monitoring, this attack surface is ripe for compromise.

Challenging macroeconomic conditions will cause companies to re-evaluate traditional IT cybersecurity spending, however these same companies will prioritise and proportionally increase security spending on their much more critical Operational Technology systems. The consequences of high-profile events like Colonial Pipeline have demonstrated that the risk to OT is higher and boardroom cybersecurity discussions almost always include securing OT. Nation states will begin to target cloud service provider, CSP managed services as companies migrate more of their attack surface to these managed services. Cloud adoption continues

to rapidly rise, in fact, CSP managed service market is projected to grow to $117.65 billion by 2028, a 14.5% spike from 2020. While there are numerous benefits to cloud adoption and outsourcing cloud services to an MSP, the opportunities for exposure increases significantly, which attackers will without a doubt capitalise on.

We can anticipate a significant breach of a SaaS provider in 2023. Given the adoption rates of SaaS applications, the shared responsibility model and limited monitoring, this attack surface is ripe for compromise.

Extortion will be an increasingly disruptive force to enterprises in all industries in 2023. In the past year, we have seen threat actors of all

Nation states will begin to target cloud service provide managed services

motivations moving to extortion-only attacks and forgoing the more complex tactics like data-encrypting malware, ransomware. The notoriety and success of extortion groups like Lapsus$ means that other groups will continue to mimic their tactics. ë

GEOPOLITICS, HACKTIVISM, OPPOSING POLITICS WILL DRIVE CYBERATTACKS

As stress continues to weigh on the global economy, organisations should expect increased activity from threat actors looking to advance their own agenda.

WWe started 2022 with an industry-widevulnerability in Log4J, which was closely followed by cyber and physical war targeting Ukraine. We are closing the year observing hacktivists taking matters into their own hands, new actors in operation, and a changed but increasingly active ransomware landscape.

Forecasts from the Trellix Advanced Research Centre anticipate spikes in geopolitically motivated attacks across Asia and Europe, hacktivism fuelled by tensions from opposing political parties, and vulnerabilities in core software supply chains.

l Geopolitical factors will continue to be a high motivation for misinformation campaigns and cyberattacks timed with kinetic military activity.

l As groups of loosely organised individuals fuelled by propaganda align for a common cause, they will ramp up their use of cyber tools to voice their anger and cause disruption across the globe.

l Both threat actors and security researchers will heighten their study of underlying software frameworks and libraries resulting in an increase in breaches related to software supply chain issues.

l Teens and young adults will engage at increasing levels in cybercrime – everything from large-scale attacks on enterprises and governments to low-level crimes that target family, friends, peers, and strangers.

l The outsourcing of malware creation and operation, diversification of malware development, and use of leaked source code will make attribution of cyberthreats to specific threat actors increasingly challenging.

l A significant rise in advanced cyberactors causing disruptions to critical infrastructure in vulnerable targets will be observed.

l Weaponised phishing attacks will increase across commonly used business communication services and apps, like Microsoft Teams, Slack, and others.

l The advanced capabilities of consumer and enterprise IoT devices will be leveraged by hackers to mine cryptocurrencies.

l The compromise of satellites and other space assets will increase and become more public in 2023.

l There will be a huge jump in reverse-vishing, or voice phishing attacks, with less tech-aware users being the primary target.

l More domain privilege escalation vulnerabilities will be discov-

There will be a huge jump in reverse-vishing, or voice phishing attacks

ered as well as more real-world attacks against Microsoft Windows with the explicit goal of complete network takeover.

As stress continues to weigh on the global economy, as we head into the new year, organisations should expect increased activity from threat actors looking to advance their own agenda, whether for political or financial gain.

Analysing current trends is necessary but being predictive in cybersecurity is vital. While organisations focus on near-term threats, we advise all to look beyond the horizon to ensure a proactive posture. Global political events and the adoption of new technology will breed novel threats from more innovative threat actors. ë

CYBER WARFARE REMAINS A REAL THREAT

Leaders of organisations will start to pay attention, investing more in the incident response and speed to limit the blast radius of such a cyber weapon.

Organisations will face more unknown cyber threats targeting onpremises systems, cloud infrastructure, and SaaS applications. The skills shortage is worsening too, causing analysts to becoming overloaded and burnt-out. Combined, this is creating a perfect storm, leaving organisations more vulnerable to a breach.

Organisations must adopt an effective detection and response strategy that reduces the burden on analysts, prioritising the most high-risk alerts. This means using tools that can identify the suspicious behaviours that an adversary will exhibit as part of an unfolding attack, flagging up these signals so organisations can stop an attack before it becomes a breach.

Supply chain attacks will continue but hackers will look beyond the ‘usual suspects’ to cause havoc. Attackers will continue to cause maximum disruption in the form of supply chain attacks, but instead of targeting key suppliers, they will look beyond the ‘usual suspects’ to gain access into networks. For instance, this could include legal or accounting firms.

A holistic approach may help turn the tables on the matter: supply chain means partnership, partnership means collaboration and supporting each other. Only as a ‘mesh’ interconnected structure with consistent resiliency can companies thrive in the digital economy. This includes ensuring that they review the security policies of all those in the chain.

Traditional restoration procedures following a ransomware attack are both costly and time consuming for organisations; this is why in 2023 we will see organisations look to automation, via infrastructure as code, to reduce downtime.

Through infrastructure as code, organisations can develop scripts that enable key infrastructure to self-heal so they can automatically return to action. Ultimately rebuilding broken infrastructure from scratch is a far quicker process than restoring as a result of automation.

With identity attacks on the rise, in 2023 attackers will continue to take advantage of vulnerable MFA methods. As companies continue to roll out MFA, attackers will continue to take advantage, either by flooding end users with requests to brute-force their way in, or by skilled phishing campaigns. End users will be the ones directly targeted by attackers.

This means not just organisations, but also consumers will need to be more aware than ever of the risks to their digital identities. Meanwhile, organisations must ensure they have tools in place to detect suspicious login activity and stop it in its tracks.

Advances in quantum computing will force the hand of security leaders in 2023 to start thinking about this sensitive encrypted data in a post-quantum

world. However, this approach will also grab the attention of attackers, and instead of bypassing encrypted data that was previously safeguarded, they will attempt to grab the data and keep it stored for sale or to be later decrypted.

Defenders should not rest on the laurels of encryption and start to take note of what NIST is doing in post quantum encryption this year for action in the coming years.

As an industry that is no stranger to burnout and stress, cybersecurity companies will have to ensure they can demonstrate they are an attractive outfit to work for. This is in order to fend off competition from tech companies that can often offer lucrative salaries and superior work-life balance. To achieve this, cybersecurity companies must adopt a more forward-thinking approach, this could include offering flexible working arrangements, performance incentives and health and wellness policies.

Increased analyst fatigue and resignation will see the tides turn away from protecting the castle walls to detection and response. Attackers are continuing to breach the castle walls, creating fatigue and eventual resignations amongst cybersecurity professionals. Instead of working on preventing these attacks from happening and to prevent employee burnout, we will see a needed shift to focus on reducing the impact of an attack.

This means building resilience within the organisation covering people, process and technology and focusing on early detection and sound response as opposed to protection and prevention.

Cyber warfare will remain a real threat in 2023, from a broader use of known TTPs to an unknown equity of zero days just waiting for the strategically right moment to deploy against one’s foes. Leaders of private and public sector organisations will start to really pay attention, investing more in the incident response and speed at which vulnerabilities are being handled in the coming year to limit the blast radius of such a cyber weapon. Posture, detection, and quick response will be paramount this coming year.

Labels should state clear facts about the privacy and information security parameters of the product and organisation. One key piece of information on labels should be how long a company will support its software, because a physical device may outlast the time a product is supported.

Regional SOCs need to introduce AI into their security mix. AI that eliminates the noise found in most of today’s IT environments, Neuhaus added. The right data, analysed the right way, will open the door to a new era of visibility and control for security teams. In this Attack Signal Intelligence framework, cyber actors’ tactics, techniques, and procedures become more obvious and allow security professionals to be more effective threat hunters.

Cybersecurity companies can offer flexible working arrangements, performance incentives, health and wellness policies

Supply chain means partnership, partnership means collaboration and supporting each other

CROSS-CLOUD DATA MOBILITY TO BECOME MAINSTREAM

As organisations work to address interoperability challenges and gain more control in the cloud, cross-cloud data mobility will become mainstream in 2023.

The UAE is a global hub for digital transformation and is leading the charge when it comes to public cloud adoption globally. Yet, as each new solution is introduced into an organisation’s technology stack, it adds more complexity and if not managed properly, cost.

According to Veritas research, 99% of UAE organisations are overspending on cloud and are going over their allocated cloud budgets by an average of 45%. As the amount of data continues to grow year over year, so does the cost of storing it in the cloud, which is becoming harder to justify. Though most companies have realised advanced business strategies through cloud adoption, CEOs and boards will increasingly demand transparency surrounding the ROI of cloud spend.

With many economists predicting a continued downturn next year, we expect scrutiny on IT spending to intensify further in 2023, which will put pressure on IT leaders to justify their cloud budgets while identifying new ways to reduce data volumes. This could lead to more effective data storage and management strategies, such as deduplication techniques to ensure reduced storage consumption.

According to recent research, the average UAE business currently using three different public cloud providers to meet their storage needs. While there are countless benefits to a multi-cloud strategy, such as flexibility and agility, interoperability continues to be a challenge for data managers – not only is it expensive to move data from cloud to cloud, but when clouds do not work together seamlessly, this creates

ANNUAL TRENDS

Over the last 24 months, Kubernetes has become mainstream. Containers are now being adopted in mission critical environments, meaning that the application environment and the underlying data in these environments now needs protection. Over a third of UAE organisations, 32% have already deployed Kubernetes for mission critical applications but this is often being driven at the project level, with 51% of Kubernetes adoption decisions being made without significant influence from the CIO or IT leadership team.

Yet now, ownership of these containers and the protection of them has become more complex, creating silos and confusion over if it’s the backup admin or the DevOps admin that’s responsible. At the same time, organisations are struggling to identify which containers to back up and how to do so, which will likely lead to more investment in training to help close the Kubernetes skills gap. In 2023, IT departments will continue to navigate how to adequately protect and backup their Kubernetes environments.

Channel adapts to reality of 2023

According to recent data, 89% of global cloud decision makers have a multi-cloud strategy. And although businesses can now track, manage and provision cloud data in once place with cloud data management tools, they are still having to manage relationships with multiple cloud providers, which can be time consuming and complex.

In 2023, organisations will be looking to offload this responsibility to channel partners to help simplify the process and have one person to turn to for all things multi-cloud. Partners are poised to play a critical role as trusted advisors, helping their customers successfully evolve and adapt on their multi-cloud journeys by enabling them to modernise workloads while minimising costs.

The role of sourcing available equipment and solutions will become much more important for resellers in 2023. In order to be successful, they will need to be able to offer practical, affordable and, most importantly, available alternatives to their customers while helping them thoughtfully navigate their on-prem and multi-cloud environments. This will mean getting to grips with the appliances and cloud-based offerings from their vendors and ensuring constant communications with them about their stock levels.

silos within an organisation and can introduce major security vulnerabilities.

To keep up with the pace of cloud offerings and achieve business-driven cloud goals, businesses will start leveraging AI, ML and autonomous solutions to help mitigate the challenges of siloed workloads and enhance cloud interoperability through data portability. As organisations work to address interoperability challenges and gain more control in the cloud, cross-cloud data mobility will become more mainstream in 2023.

Gartner predicts that by 2025, more than 50% of enterprise-managed data will be created and processed outside the datacentre or cloud. As more data processing moves to the edge, it complicates IT architecture and increases the attack surface. Enterprises often do not apply the same level of protection to the edge as they do in the datacentre or the cloud, often due to skills and staffing shortages.

To fully protect the enterprise, each of these edge devices needs to be protected and backed up. On top of that, organisations need to determine what data coming from edge devices is critical versus non-critical to maintain storage and protection costs, understanding the added scrutiny on IT budgets.

Value-added services have historically been the key to profit making for most resellers, but the relentless march towards SaaS takes a bigger bite out of the market each year. As traditional businesses continue to decline – 28 companies dropped out of the Fortune Global 2000 this year – they are being replaced by younger companies born in the cloud and who are more inclined to SaaS adoption. As this trend continues in 2023, resellers will need to provide more strategic services beyond just ongoing management as the march towards SaaS continues.

With increased demand to provide organisations with managed data protection, MSPs will look to increase efficiency by deploying autonomous solutions that leverage AI, ML to deliver data management that is self-healing and self-optimising while eliminating some of the manual day-to-day tasks.

In 2023, look for MSPs to help fill the cybersecurity talent shortage by implementing autonomous data management solutions to ensure their customers’ data is always available and resilient from ransomware and other cyber threats. ë

99% of UAE organisations are overspending on cloud and going over cloud budgets by an average of 45%

source code published on GitHub by a thirdparty contractor.

TOP FIVE CHALLENGES FOR ENTERPRISE CYBERSECURITY TEAMS

There will be five key challenges in this year: investing in responsive technology, lateral movement, API attacks, rise in deepfakes, and cyber warfare.

This year has been a headline year for critical data breaches and cyberattacks, overshadowing defence milestones achieved by security teams across the globe. While businesses have been updating response tactics in line with the surge in cybercriminal activity, it is clear that organ-

isations are still struggling to adequately protect their assets from thieving hands.

In the last 12 months alone, we have seen cybercriminals successfully targeting major organisations across a variety of industries, including Toyota which suffered a data breach after a third party was able to access a company server with credentials that they obtained from

Cisco also confirmed a cyberattack after an employee’s credentials were compromised and the attacker was observed leveraging machine accounts for privileged authentication and lateral movement across the environment.

These breaches facilitated by lateral movement strategies, mass phishing expeditions, and sophisticated ransomware have substantially undermined network security resulting in reputational damage for many businesses and ultimately losses of customer trust.

As we reflect on the year past, while it is important to acknowledge the many successes of security teams, it is also crucial to take learnings from these high-profile breaches to avoid history repeating itself.

Cybersecurity professionals are actively deploying new techniques, such as virtual patching to respond to incidents and counter cybercriminal activity. Although today’s threat actors possess an impressive portfolio of evasion tactics, the research unveiled that the majority of cybercriminals are inside the target environment only hours, 43% or minutes, 26% before an investigation occurs.

As threat response time is critical to network

defence, meeting sophisticated threat actors at their level is mission-critical to protecting systems. Using innovative tactics to update response techniques is the first point of call in stopping malicious intent before it escalatesand one to focus on moving into 2023.

Instances of lateral movement within an environment present an ever-expanding battleground for security teams as it lays the foundation for one-quarter of all attacks reported in VMware research. These infiltration techniques have been overlooked and underestimated by organisations this year.

In April and May this year alone, nearly half of intrusions contained a lateral movement event, with most involving the use of remote access tools or the use of existing services, such as the Remote Desktop Protocol, or PsExec.

In 2023, we expect cybercriminals will continue to utilise remote desktop protocol to disguise themselves as system administrators. As we head into the new year, CISOs must prioritise the integration of EDR and NDR to defend datacentres, access points, and critical infrastructure that hackers can infect once they infiltrate external barriers.

Next year, we will continue to see the evolution of initial access tactics as cybercriminals attempt to gain a foothold in organisations. A main goal of such access is to carry out aggressive API attacks against modern infrastructure and exploit workload vulnerabilities within an environment.

Most of the traffic within those modern applications is often unsupervised API traffic, fuelling lateral movement as cybercriminals continue to use evasive techniques once inside the environment to divert detection on VDIs, VMs, and traditional applications. These initial access techniques will be increasingly attractive to malicious actors aware of organisations’ monitoring limitations and will hunt for vulnerabilities.

This year, deepfake attacks soared. We have seen deepfakes move from the entertainment sphere to business and enterprises. In fact, two thirds, 66% of businesses have reported witnessing a deepfake attack in the past 12 months. The technology leaves security teams battling false information and identity fraud designed to compromise an organisation’s integrity and reputation. Deepfake attacks, identified in email, mobile messaging, voice recording, and social media are pliable enough to grow into the scammers weapon of choice.

Next year, we will see the number of deepfakes continue to soar. Businesses must take proactive steps to mitigate the risk of falling

victim to deepfake-based scams via investments in detection software and employee training to ensure they are able to detect deepfakes.

Critical infrastructure is facing a year of vulnerability as cybercrime toolkits will undoubtedly develop behind borders. The majority, 65% of respondents to VMware’s Global Incident Response Threat Report stated an increase in cyberattacks tied to Russia’s invasion of Ukraine. Russia’s digital offensive has revealed a new era of warfare, designed to corrupt key industry services bringing infrastructure, such as power grids, to a standstill.

Ukraine’s threat response readiness is vital to its defence, and cyber tactics will undoubtedly grow into a central component of modern armed conflict. Cyber warfare therefore highlights that vigilance is the crux of effective cybersecurity strategy.

We may be heading into a new year, but the primary goal of cybercriminals stays the same: gain the keys to the kingdom, steal credentials, move laterally, acquire data, and then monetise it. To improve defence efficiency moving forward, security teams must focus on workloads holistically, inspect in-band traffic, integrate NDR with endpoint detection and response EDR, embrace Zero Trust principles, and conduct continuous threat hunting.

Only with this comprehensive rulebook will organisations empower security teams to face the challenges ahead. ë

66% businesses reported witnessing a deepfake attack in the past 12 months

In April and May this year, nearly half of intrusions contained a lateral movement event

Infoblox’s Threat Intelligence Group develops scoring algorithm for domains and nameservers

Ranking and comparing cyber threats can be very complicated, especially given the shifting landscape of cybersecurity from day to day. Therefore, having a robust, quantifiable, and repeatable process for scoring large amounts of data can be invaluable as defenders prioritise their limited resources for securing systems and analysing their traffic and alerts.

While there have been a number of attempts at creating such an algorithm, with the most recent notable attempt by Spamhaus, most fall short of producing scores that can be interpreted by a wide variety of audiences and can be easily used to provide meaningful comparisons.

In response to this need, researchers from Infoblox’s Threat Intelligence Group developed a new, generic scoring algorithm that can be applied to data such as top-level domains and nameservers.

To introduce the algorithm and demonstrate its usefulness, Infoblox researchers applied it to the past six months of anonymised DNS data from the company’s resolvers to determine the

reputation, or risk, associated with com, net, and other top-level domains that appeared in the traffic. With high confidence, the researchers classified ten as high-risk, meaning that these TLDs were more likely to contain malicious domains than other TLDs were: bid, cam,

cfd, click, icu, ml, quest, rest, top, and ws.

The new reputation-scoring algorithm uses only two pieces of information: the total number of observations and the number of observations meeting a specific criterion. When the algorithm is applied to TLDs to generate risk scores, the values are the total number of observed domains in the TLD and the number of observed malicious domains in the TLD. Using these two values, the algorithm produces a score from zero to ten: that is, [0:10].

A score of 5 is interpreted as the normal, expected score and is classified as moderate risk. The scores of 4 and 6 are close enough that they are also classified as moderate risk. Scores below 5 have a lower-than-average score, i.e., a lower-than-average percentage of malicious domains, while scores above 5 have a higherthan-average score, i.e., a higher-than-average percentage of malicious domains .

Equinix and VMware launch distributed VMware Cloud on Equinix Metal

Equinix and VMware announced an expanded global relationship to deliver new digital infrastructure and multi-cloud services. Together, the companies unveiled VMware Cloud on Equinix Metal, a new distributed cloud service that will deliver a more performant, secure, and cost-effective cloud option to support enterprise applications.

The service will combine VMware-managed and supported cloud infrastructure as a Service with Equinix’s interconnected, global Bare Metal as a Service offering. The service will extend customers’ cloud environments into distributed metro locations to satisfy businesscritical performance demands at the edge while enabling them to preserve the integrity of enterprise workloads.

VMware Cloud on Equinix Metal will be ideal for distributed cloud use cases including smart cities, video analytics, game development, real-time financial market trading, retail POS, and a variety of use cases using IoT and ML/ Inference. The service will include VMware

Cloud for consistent multicloud infrastructure and operations and Equinix Metal, an automated bare metal and interconnection offering delivered as a service across Equinix’s global International Business Exchange, IBX footprint. VMware Cloud on Equinix Metal will provide private, low-latency access to both private and public cloud environments—as well as thousands of IT and network providers—via Equinix Fabric interconnection.

This built-in private connectivity will deliver multicloud flexibility and choice with instantaneous connectivity to all public cloud services. Customers will be able to purchase the VMware Cloud software as a service from VMware and the Bare Metal as a Service capacity from Equinix.

Over nearly a decade, Equinix and VMware have delivered solutions that meet business demands for fast, more secure, and consistent multicloud infrastructure. Thousands of mutual customers are accelerating their enterprise cloud transformation by running VMware

workloads in Equinix datacentres around the world. Equinix owns and operates a network of more than 240 datacentres in 71 major metro areas around the world and serves as a transit hub, enabling secure network connections across private and public clouds.

Synology announces new 4-bay DiskStation DS923+ for small business and home office

Synology announced the new 4-bay Synology DiskStation DS923+, the latest in its Plus line of all-in-one storage devices for home office and small business users.

Powered by the versatile Synology DiskStation Manager operating system, the DS923+ delivers comprehensive solutions to protect and manage business data, easily collaborate on documents, access files remotely, and monitor physical assets, all within a compact desktop format. It offers consistent performance out of the box, with the option to easily upgrade networking and further boost data transfer speeds through network cards.

The DS923+ can function as the primary storage and data protection solution for homes and small offices, or as an edge node for multi-site deployments. Capable of storing over 50 TB across its compact 4-bay setup, it can easily be scaled to accommodate over 120 TB across 9 drives with a DX517 expansion unit.

Users can further boost performance by upgrading to 10GbE networking and by adding M.2 NVMe SSD drives through the built-in PCIe slot to enable fast caching or create additional all-flash storage pools.

For teams working remotely and businesses operating across multiple locations, site-to-site file syncing enables content mirroring between Synology devices. Synology Drive delivers intuitive file management and sharing, combining convenient remote file access with the privacy and 100% data ownership of on-premises storage.

The DS923+ allows users to make use of high-performance local storage while simultaneously reducing footprint using hybrid cloud technology. Synology Hybrid Share efficiently stores cold data in the cloud and

keeps frequently accessed files cached on the device for access at LAN speed.

Ensuring that critical or sensitive data is always protected against modern cybersecurity threats is essential to avoid irreversible loss of valuable information. Synology’s Active Backup Suite allows IT infrastructure, such as Windows and Linux systems, Hyper-V/VMware VMs, and Microsoft 365/Google Workspace accounts, to be safely backed up onto the DS923+ and easily restored when needed.

For increased redundancy, backups and point-in-time snapshots of data stored on the NAS can also be created and sent offsite to another server or cloud service.

The device can also serve as a full-fledged video management system with full local data ownership. Synology’s Surveillance Station is a powerful VMS that is currently implemented in and protecting over 500,000 sites. Flexible ONVIF support and more than 8,300 validated IP cameras make deployment simple and easily suited to each location’s requirements.

Surveillance Station makes it easy to set up and manage up to 40 cameras with a modern and customisable interface. For larger or multiple building environments, the option to overlay floor plans and Google Maps or OpenStreetMap maps is available for maximum situational awareness. Important footage can be retained for increased resiliency with support for recording server backup, multi-device management, and even end-to-end encrypted, simultaneous dual recording to the Synology C2 cloud.

The Synology DS923+ is available starting today through Synology partners and resellers worldwide.

Toshiba releases 20TB, 10-disk helium-sealed HDD for cloud and datacentre workloads

Toshiba announced launch of MG10 Series in the MEA region, a massive capacity 20TB HDD with conventional magnetic recording. The 20TB MG10 Series has a 10-disk heliumsealed design that leverages Toshiba’s innovative Flux Control Microwave Assisted Magnetic Recording technology to boost storage capabilities.

With 11.1% more capacity than Toshiba’s prior 18TB model, 20TB MG10 Series are compatible with the widest range of applications and operating systems, and are adapted to mixed random and sequential read and write workloads in both cloud-scale and traditional data-centre use cases. The drive features 7,200rpm performance, a 550TB per year workload rating, and a choice of SATA and SAS interfaces—all in a power-efficient helium-sealed, industry-standard 3.5-inch form factor.

The 20TB MG10 Series further illustrates Toshiba’s commitment to advancing HDD design to meet evolving needs for storage devices in cloud-scale servers and object and file storage infrastructure. With its improved power efficiency and increased capacity, the 20TB MG10 Series helps cloud-scale infrastructure to advance storage density, thereby reducing capex and improving total cost of ownership, TCO . As data growth continues at an explosive pace, the advanced 20TB MG10 Series with FC-MAMR™ technology will help cloudscale service providers and storage solution designers to achieve higher storage densities for cloud, hybrid-cloud and on-premises rack-scale storage.

20TB MG10 Series will be available in the region from Jan 2023.

Autumn update of IFS Cloud includes streamlined Manufacturing Execution System, tracking emissions

IFS, the global cloud enterprise software company, announced latest enhancements to its cloud-based solution, IFS Cloud. The Autumn 2022 release, part of a twice-annual release cycle of the software, contains numerous enhancements, designed to help customers accelerate their automation efforts; connect operations globally across sites, functions, people, and assets, and achieve their environmental social and governance, ESG goals.

Central to the new release are enhancements that will support end-to-end process automation, and advanced analytics capabilities. The heightened automation in this release will help organisations transform operations, work efficiently, and liberate staff. Key new features include a cash planning analysis model enabling customers to improve cash management and reduce risk and a streamlined Manufacturing Execution System, designed to improve production quality control and performance.

The Autumn release of IFS Cloud also includes enhanced analytics capabilities, which will allow customers to gain a faster understanding of key challenges across the business, transform operations, work more efficiently, and increase productivity. It also provides sim-

pler, more intelligent analytics for faster timeto-insight, and improved predictive capabilities to support planning and reduce downtime.

The new release also includes capabilities that will help global companies connect operations across sites, functions, people, and assets,

helping them serve customers faster, reduce downtime, and meet compliance requirements. Highlights include a new capability to manage and visualise operations across multiple currency rates and the ability to set and manage absence limits based on each country’s absence requirements, providing HR teams with a full absence view from multiple countries.

The latest enhancements contain many features aimed at making it easier and faster for customers to collect, manage and record key data that provides visibility into their environmental performance. Key enhancements in this area include new functionality to track indirect greenhouse gas emissions. This will help organisations to better assess their overall carbon footprint in accordance with the Greenhouse Gas Protocol, while also providing the ability to help company and project teams connect and extract data from various sources to assess their performance in Scope 1 and 2 of the Sustainability Hub.

IFS’s twice-annual release cycle, of which the Autumn 2022 update is the latest example, allows customers to constantly evolve their solution without the need for major upgrades or migrations, clearing their road to focus on business transformation.

Forcepoint Data Visibility providing clear views of unstructured data reducing data loss

Global security leader Forcepoint announced the worldwide availability of Forcepoint Data Visibility powered by Getvisibility, which provides clear views of all unstructured data to reduce the risk of data loss, data breaches and non-compliance. The combination of panoramic data visibility, AI models for highly accurate and efficient classification, continuous monitoring, and precise control delivers greater automation to Forcepoint’s complete data security solution.

Forcepoint Data Visibility provides fast, actionable discovery, classification and monitoring. Forcepoint applies AI-based self-learning models to increase the efficiency and accuracy of finding, categorising and classifying data everywhere it is stored. Organisations can utilise Forcepoint Data Visibility to locate and catalogue data, and then leverage Forcepoint’s enterprise data security suite to prevent data exfiltration – where it becomes most valuable to attackers

Workers Launchpad Funding Programme supporting start-ups on Cloudflare Workers reaches $2B

Cloudflare, helping to build a better Internet, announced the Workers Launchpad Funding Programme has grown to $2 billion for potential investment in start-ups building on Cloudflare Workers, an increase of 14 partners and $750 million in less than two months. Cloudflare is also introducing the first cohort of start-ups participating in the program, featuring 25 companies from 10 countries.

The Cloudflare Workers Launchpad funding program initially launched in September 2022 to provide up to $1.25 billion of financing to start-ups building applications on Cloudflare Workers, a highly-scalable serverless computing platform that allows developers to build or augment apps without configuring or maintaining infrastructure. In the days and weeks following, Cloudflare received a surge in interest globally from venture capitalists interested in joining the program. Cloudflare has now welcomed 14 additional venture capital partners into the program, adding regional expertise in Australia and Latin America to the pool of partners.

Introducing the Workers Launchpad’s Fall 2022 Cohort Additionally, Cloudflare is announcing the Fall 2022 cohort of 25 entre-

preneurs from around the world, chosen from hundreds of applicants from over 30 countries. Cohort finalists include Apyfy, working on data privacy, and Grafbase, accelerating backend software development.

The cohort includes startups from Belgium, Canada, France, Germany, India, Netherlands, Portugal, Singapore, the United Saudi Arabia, and the United States. The cohort will have the opportunity to pitch VC partners for investment, receive technical advice and support, participate in a virtual boot camp featuring

sessions led by Cloudflare leaders and VC partners, and showcase their businesses during a Demo Day.

Earlier this week, Cloudflare shared that 1 million developers are building and maintaining enterprise-ready applications with Cloudflare. With Workers features like Pages, Durable Objects, R2 and D1, and application services like rate limiting, load balancing, bot management and more, Cloudflare provides the tools to make building and maintaining applications cheaper, faster, and easier for developers.

HPE releasing Cray EX, Cray XD supercomputers with smaller form factor and lower price point

Hewlett Packard Enterprise announced it is making supercomputing accessible for more enterprises to harness insights, solve problems and innovate faster by delivering its worldleading, energy-efficient supercomputers in a smaller form factor and at a lower price point.

The expanded portfolio includes new HPE Cray EX and HPE Cray XD supercomputers, which are based on HPE’s exascale innovation that delivers end-to-end, purpose-built technologies in compute, accelerated compute,

interconnect, storage, software, and flexible power and cooling options. The supercomputers provide significant performance and AI-at-scale capabilities to tackle demanding, data-intensive workloads, speed up AI and machine learning initiatives, and accelerate innovation to deliver products and services to market faster.

HPE is introducing the following new supercomputers that government and enterprises can benefit from:

HPE Cray EX2500 supercomputers – Offer the same architecture as the HPE Cray EX4000 supercomputer, which enables the world’s first and fastest exascale-class system, but 24% smaller to fit inside an enterprise datacentre. This new form factor approach features 100% directliquid cooling to improve energy efficiency, and enables a cost-effective solution for larger enterprises that want greater performance at-scale but in a smaller implementation and lower carbon footprint.

HPE Cray XD2000 and XD6500 supercomputers – Offer highly dense, purpose-built servers that were created by integrating the HPE and Cray portfolios to provide maximum performance for advanced workloads including modelling, simulation and AI. The new HPE Cray XD supercomputers are compatible with traditional enterprise datacentres as they provide customers with the flexibility and broad range of options to customise technologies across CPUs, accelerators, storage, interconnect, and power and cooling options, depending on workload needs.

The new HPE Cray EX2500 and HPE Cray XD2000 and XD6500 supercomputers will support the latest CPUs, GPUs and accelerators to provide advanced compute and accelerated compute capabilities to support demanding workloads. The HPE Cray EX2500 supercomputer will support the 4th Generation AMD EPYC processors and 4th Generation Xeon Scalable processors.

Huawei launches SD-WAN and Wi-Fi 7 Series products for first time in Saudi Arabia

Huawei has launched SD-WAN and Wi-Fi 7 Series products and innovations for the first time in Saudi Arabia. Under the theme of Intelligent Cloud Network, Unleashing Digital Productivity, the Huawei IP Club aims to build an open, free, friendly thought-sharing platform for network technical supervisors, engineers, industry analysts, and key opinion leaders. At IP Club, people will be joined by the best minds in the industry to engage in thought-provoking conversations about future network technology trends, share perspectives on digital transformation, and chart the way forward.

SD-WAN is an important market segment in the datacom field with numerous applications. Most vendors in the industry mainly focus on routing devices for branch interconnection. Huawei

SD-WAN is an end-to-end solution that integrates branch interconnection routers, campus switches, Wi-Fi access, and a unified network management platform. Further, Huawei is the leading vendor implementing converged LAN-WAN management, including branch network provisioning, deployment, and unified O&M, significantly improving management efficiency and O&M experience.

Through IP club activities, Huawei experts can guide customers through the numerous benefits of the Huawei SD-WAN solution. With the solution already deployed across industries, Huawei SD-WAN was named a 2022 Gartner Peer Insights Customers’ Choice for WAN Edge Infrastructure, the third year in a row that it has earned such recognition.

Huawei, IEEE-UAE Section release joint white paper on Autonomous Driving Networks

Huawei and IEEE-UAE Section have released a joint white paper on Autonomous Driving Networks at the Huawei Connect conference in Dubai. The white paper aims to provide an informative point of reference for ADNs architecture for industry players and customers.

There is still a long way to go before true ADN is achieved. To help reach this goal, in addition to working on standards and technologies, all stakeholders need to continuously deepen the ADN evaluation system to drive network upgrades towards automation and intelligence and evolve across generations.

The new L3.5 ADN datacentre white paper sets an industry standard for the future. Datacentre complexity is one of network managers’ most pressing challenges today. The white paper demonstrates that automation can overcome these bottlenecks at scale and enable organisations to achieve true digital transformation.

The white paper illustrates the five levels of ADN, the key capabilities of ADN, and the ADN system’s architecture. As such, the L3.5 ADN offers a network digital map for applications, which can measure service quality in real time and locate the root causes of application exceptions with just one click. This shortens the troubleshooting time from days to minutes, guaranteeing optimal service experience.

Huawei Level 3, L3 datacentre autonomous driving network has

achieved high-level automation in datacentre network to overcome these challenges. Being industry’s first Level 3.5 Data Center Autonomous Driving Network Solution implements high-level automation capabilities such as unified management, flexible orchestration and collaboration, and simulation in multi-cloud and multi-vendor networks, in addition to interconnecting with customer’s IT management systems to achieve end to end automation.

Microsoft MEA announces regional launch of Viva Sales that helps sellers focus on selling

Microsoft Middle East and Africa announced the regional launch of seller experience business application, Viva Sales. The product was announced during Microsoft’s Customer Experience Reimagined event, which brought Microsoft customers from across the UAE and the wider MEA region together to unpack the latest trends and best practices shaping Customer Experience.

Viva Sales helps sellers focus on selling and removes the time spent on manual data entry. The tool leverages artificial intelligence to automatically capture insights from across Microsoft 365 and Teams so sellers don’t have to enter data manually, and simultaneously delivers AI-driven recommendations and reminders to sellers – all while staying in the flow of work. It streamlines the seller experience by surfacing insights with the right context within tools salespeople already use, saving sellers time and providing the organisation with a more complete view of the customer.

Viva Sales provides a level of customer engage-

ment data that was not available previously. As sellers are working, they can tag customers in Outlook, Teams or Office applications like Excel, and Viva Sales will automatically capture it as a customer record, layered with all relevant

data about the customer. This data can easily be shared with team members while collaborating in Office and Teams without retyping or looking it up in a CRM.

Powered by data and AI, Viva Sales recommends next steps to progress a customer through the sales funnel, prioritises work and next steps, and enables sellers to access full history and customer interaction materials. Viva Sales also provides AI-driven recommendations to enable sellers to enhance their customer engagement — optimising follow-through with next best steps, actionable reminders, and recommendations to accelerate and close more sales.

Viva Sales builds on last year’s launch of Microsoft Viva, an integrated employee experience platform that brings together communications, knowledge, learning, goals and insights to empower every person and team to be their best from anywhere. The launch of Viva Sales represents Microsoft’s first role-based Viva application.

Tech Mahindra launches Cloud BlazeTech to help enterprises improve migration time by 30%

operation and self-healing governance model, Cloud BlazeTech supports bi-modal infrastructure transformation and helps enterprises to accelerate to a cloud-native world. In addition, the platform has integrations with hyperscaler hybrid cloud platforms to provide industryspecific pre-build cloud-native solutions that drive faster business outcomes. By adopting the Cloud BlazeTech platform, enterprises will achieve 25-30% cost savings and a 30% improvement in migration time.

Tech Mahindra, announced the launch of Cloud BlazeTech, an integrated, sector-agnostic platform, to maximise business value for cloudpowered enterprises globally. The organisation

will continue to invest in cloud services & hyperscaler relationships to boost digital transformation for enterprises.

Integrated cloud migration, cloud-native

Tech Mahindra will leverage its existing partnerships with major public and private cloud service providers to extend its unique solution to global customers. Its dedicated cloud services, solutions, and framework has helped 250+ F100 & F500 customers in their cloud transformation journey, including some of the world’s largest Cloud transformation projects for CME & enterprise verticals. Tech Mahindra will continue to invest in its cloud talent, build new solutions and focus on expanding relationships with all partners & hyperscalers.

Sophos announces availability of MDR, Sophos marketplace, $1M Breach Protection Warranty

agnostic telemetry from third-party security technologies into its MDR offering, providing unprecedented visibility and detection across diverse operating environments. Sophos also introduced the Sophos Marketplace and $1 million Sophos Breach Protection Warranty.

and technologies. Telemetry is automatically consolidated, correlated and prioritised with insights from the Sophos Adaptive Cybersecurity Ecosystem and the Sophos X-Ops threat intelligence unit.

Sophos announced general availability of Sophos Managed Detection and Response with new industry-first threat detection and response capabilities. Sophos is the first endpoint security provider to integrate vendor

Sophos launched the Sophos Marketplace, an open ecosystem of more than 75 technology integrations, including Amazon Web Services, AWS, Check Point, CrowdStrike, Darktrace, Fortinet, Google, Microsoft, Okta, Palo Alto Networks, Rapid7, and many others. Expanded visibility across these integrations and diverse operating environments enables Sophos MDR experts to better detect and remediate attacks with speed and precision, regardless of customers’ existing security solutions.

In addition to Sophos MDR, Sophos Marketplace provides third-party integrations for Sophos’ portfolio of services, products

Sophos stands behind its MDR customers with the new Sophos Breach Protection Warranty that covers up to $1 million in response expenses for organisations protected by Sophos MDR Complete, Sophos’ most comprehensive MDR offering. Underwritten solely by Sophos, the warranty covers endpoints – both Windows and Mac devices – and servers, and unlike competitive offerings, there are no warranty tiers or duration limitations for active customers. This Sophos Breach Protection Warranty is automatically included with all purchases and renewals of Sophos MDR Complete annual subscriptions through Sophos’ global reseller partner network.

SEC _ RITY IS NOT COMPLETE WITHOUT U!

IMPLEMENTING DATABASE AS-A-SERVICE FOR KUBERNETES

Uodern applications need to be fast, available, and secure. They are composed of many microservices, often supported by multiple data services. Managing each of these data services in a dynamic, Kubernetes world is complex, time-consuming and leaves little time for innovation.

Managing stateful applications on Kubernetes in production is difficult. According to a Pure Storage survey, the most important customer requirements are:

l Backup & Restore, 55%

l Data Mobility, 49%

l Capacity Management, 49%

l High Availability, 48%

l Multi-cloud, 45%

l Encryption, 43%

l Disaster Recovery, 43%

Most applications use some type of database, queue, or key-value store to manage state. However, when it comes to running these data services in containers, problems multiply because containers and popular schedulers like Kubernetes are not designed to handle the issues associated with databases.

Containerised database issues

Some of the issues encountered with containerised databases:

l When a container dies, it can lose data if persistence is not set up correctly.

l Popular schedulers are not designed for stateful services and provide only limited functionality.

l App-level replication requires domain-specific knowledge for each database.

Adding to the complexity of containerised database management is that modern applications built with microservices require access to SQL and

NoSQL databases like MySQL, PostgreSQL, Cassandra, and Couchbase, and to streaming, search, and AI, ML pipelines like Elasticsearch, and Kafka. Managing so many types of data services is complex, but this complexity is magnified by the number of database instances used to manage and scale across disparate test, dev, and production environments, availability zones, and clouds.

A traditional approach to managing these data services relies on scripting and numerous repetitive and manual activities, resulting in significant effort to ensure databases remain online and support mission-critical applications. These highly manual activities are prone to human error and excessive downtime, and cannot be easily automated with existing infrastructure automation tools.

While Kubernetes provides some support for such automation, running data services on Kubernetes remains complex. DevOps teams today struggle to manage the numerous data services deployed on Kubernetes across the enterprise, as each has its own set of complex requirements around performance, high availability, data protection, data security, and more. Instead of delivering new features and applications to market, DevOps teams instead spend much of their time firefighting deployments and managing the operations of these data services.

Database as-a-Service platform

What DevOps teams need is an as-a-service experience that delivers reliable, performant data services for their apps running on Kubernetes, without the vendor lock-in that accompanies some database-as-a-service, DBaaS platforms hosted by cloud service providers. Developers need access to reliable data services for their apps and an as-a-service offering means they consume, but don’t manage, the database.

A solution for this challenge is a single data

management layer for all stateful services, no matter where they run. With such a DBaaS platform, running data services on Kubernetes is dramatically simpler.

Such an integrated platform enables enterprises to run automatically managed data services, on any cloud, at a low cost. They can get the benefits of database-as-a-service, without the lock-in. The platform automates the management of data services, leaving more time for innovation.

This type of SaaS platform is designed for managing databases on-premises or in the cloud. It allows automating many routine database management and administration tasks. With an effective DBaaS platform, small teams can support many users, providing reliable operations and an easy, self-service user experience.

Kubernetes workloads

Traditional tools for backup and recovery are not granular enough to deal with the complexity of backing up containers and distributed Kubernetes workloads. Built from the ground up for Kubernetes, the backup feature of a DBaaS platform delivers enterprise-grade application and data protection with fast recovery with the improved granularity needed to protect your data at the application level.

Developers get an app-defined control plane that enables apps to run across multiple machines and provides application consistency for distributed databases. It tightly integrates with Kubernetes and provides Namespace awareness.

A software-defined container storage plat-

form delivers persistent storage and data services for containers and microservices. It abstracts away the complexity of underlying storage infrastructure to provide a single unified storage layer for cloud-native applications. With a single click, developers are able to deploy an enterprise-grade, production data service that supports backup, restore, high availability, data recovery, data security, automated capacity management, and data migration.

With DBaaS platform for Kubernetes, databases and other stateful services can be deployed and managed on any Kubernetes cluster with a single click, giving enterprises the advantages of a managed database offering without the drawbacks of vendor lock-in. A specialised DBaaS platform makes running data services on Kubernetes dramatically simpler, freeing up DevOps teams for more valueadded activity and innovation. ë

DevOps teams struggle to manage the numerous data services deployed on Kubernetes across the enterprise

While Kubernetes provides support for automation, running data services on Kubernetes remains complex

MOVING FROM OBSERVABILITY TO UNIFIED OBSERVABILITY

If we are to achieve diversity amongst developers and help ease the talent crisis, we need to completely break these down so that true inclusion can be achieved.

Unified observability: An Emergent Trend in 2022, Now Set to be an IT Essential in 2023

As IT professionals, it is all too common for us to hear buzzwords peppered into conversations as frequently as possible. While many ultimately fall out of the favour, those that truly represent a shift in the way the industry operates earn their rightful place in the industry vernacular. One such phenomenon has been unified observability, prompted by the need for organisations to win back control over increasingly complex and distributed IT environments.

Historically, observability, the predecessor to this term, has been seen through the lens of its ability to help DevOps teams combat the challenges they face in complicated, highly distributed cloud-native environments. But this is changing; observability is becoming a function that helps teams identify and solve wider problems across application monitoring, testing, and management within these environments. As a result, unified observability has emerged as the broader definition that fits this expanded set of challenges.

Implementing unified observability can be challenging, particularly for large, global organisations. Take a company with 10,000 employees, for example, all of whom will expect a robust, reliable digital experience. However, they will often be working in swiftly changing hybrid working environments – each one with their own laptop configurations and Wi-Fi setups – and expecting the same digital experience they would receive on-premises.

This all comes before factoring in potentially hundreds of thousands of customers. Their unknown mix of legacy on-premises, cloud applications and shadow IT work together to make the observability quandary even more complex.

In these scenarios, a successful unified observability approach is one that can cut through siloes and locales, collecting information from all data sources with full fidelity.

Tools, effectiveness

A recent survey commissioned by Riverbed and undertaken by IDC found that 90% of all IT teams are using observability tools to gain visibility and effectively manage their current mix of geographies, applications, and networking requirements. Around half of those teams use six separate observability tools, resulting in tens of thousands of alerts per day –far more than any IT team can feasibly attempt to address. The amount of data these tools produce, alongside the vast number of alarms, makes it difficult to ensure that all important information is collected.

This challenge is further compounded by teams that use limited or outdated tools. Almost two thirds of the IDC survey’s respondents said their organisations used tools that concentrated only upon the company’s complex layers of hardware configurations, cloud-based services, and legacy on-premises applications. The survey also revealed that 61% of IT teams feel this narrow view impeded productivity and collaboration.

This is where unified observability has found its footing. Smart IT teams are now using a single unified observability tool to unify telemetry from across domains and devices with full fidelity, rather than sampling and capturing only some of the data which can lead to significant gaps. This would be analogous to a company only capturing a fraction of customer complaints received on Black Friday. This would leave them unaware of the full range of problems, unable to solve issues, and with a huge number of customers leaving the store.

The problem is not just that low sample rates are bad – they do not tell the whole story, which can lead analysis in the wrong direction.

Reducing noise

Increasingly, teams are joining unified observability with the power of artificial intelligence, AI and machine learning, ML. Together they can quickly provide context for anomalies and uncover leads that create actionable insights.

The huge number of alerts can often leave IT teams feeling alert fatigue.

61% of IT teams feel a narrow view impeded productivity and collaboration

Sorting through the noise to find the particular root cause of a delay can be time consuming and difficult, particularly when also contending with the constant flow of data from full telemetry. Previously, resource-intensive war rooms would be used to solve these problems, but they were often inefficient, leading to more fingerpointing than solutions.

Alternatively, there would be a senior level employee who would be the expert at spotting the individual problems. However, it was a waste of resources to have such a skilled employee troubleshooting problems across IT siloes. And if they were to leave, the company would have no way of replicating their results.

With unified observability, IT teams have fewer tickets and alerts to deal with – maximising their efficiency and improving job satisfaction. Its ability to cut across siloes also helps teams to work collaboratively to solve problems. With the current talent shortage plaguing the IT sector, unified observability is a key tool that can alleviate some of the burden IT teams face on a day-to-day basis.

Streamline processes

AI and ML allows all IT staff to use runbooks to automate tasks. It is common for organisations to have documented runbooks that can be used to manually resolve particular problems. But, with unified observability, teams can create workflow engines that automate processes and simplify finding solutions. These engines can also be customised, allowing teams to configure them until they are sure positive outcomes are delivered.

In fact, libraries of preconfigured solutions can be customised to provide automated actions for frequently encountered issues, allowing more senior IT staff to spend their time on higher-level tasks.

SALMAN ALI Senior Manager Solution Engineering, META, Riverbed Technology

Maximising productivity

The recent IDC survey sponsored by Riverbed also found that three quarters, 75% of teams find it difficult to gain insight from their range of siloed observability tools. With unified observability, IT teams can analyse the full breadth of their organisation’s data to create actionable insights.

In turn, these insights ensure end-users receive a valuable digital experience, where operations run smoothly and safely, keeping employees happy and productive. And, in the

background, automated remediation improves agility, maximises return on investment, and optimises services.

The large number of organisations using observability demonstrates a widespread understanding of the importance of monitoring infrastructure in modern business. It is a critical practice that helps to provide frictionless digital experiences to both customers and employees. Despite this, many organisations are still using multiple outdated tools that cannot provide the scope of data provided, and therefore lead to an incomplete view of network performance and low end-user satisfaction.

To combat this, more and more companies are moving towards unified observability to minimise toolsets. The result is IT teams that can maximise their ability to find actionable insights, vastly improving productivity across the entire organisation. ë

This challenge is further compounded by teams that use limited or outdated tools

Implementing unified observability can be challenging, particularly for large, global organisations

What’s trending

Nozomi strengthens MEA team with Usamah Ridwan, Jayson Pieterse, Wagdy Mostafa, Osamah Al-Fardan

Nozomi expanded its regional team with appointment of three senior executives. Based in Saudi Arabia, Usamah Ridwan joins Nozomi Networks as Regional Sales Director, Jayson Pieterse takes up the role of Regional Sales Director – South Africa and Africa based in Johannesburg, while Wagdy Mostafa has been appointed as Regional Sales Director for Egypt, based in Cairo. As part of its expansion drive, Nozomi Networks also hired Osamah Al-Fardan as Senior Cybersecurity Architect.

With over 18 years of experience, Usamah Ridwan has supported customers with best-practice implementations across a variety of industries. At Nozomi Networks, he will be responsible for helping large industrial organisations and national critical infrastructures secure and monitor their OT and IoT networks, enabling and assisting prospective, as well as existing, customers. He will also provide customers with best-practice security strategies to mitigate evolving threats and will drive Nozomi Network’s expansion in Saudi Arabia, Kuwait, Bahrain and Iraq’s Energy and Industrial sectors.

Prior to joining Nozomi Networks, Usamah worked in key roles at Lenovo Saudi, HP Saudi, Detecon Al Saudia, and Cisco. He holds a BSc degree in Computer Engineering from the King Fahd University of Petroleum and Minerals and has significant knowledge and experience in the Oil and Gas sector.

Most recently at FireEye and Advanced Security, Camguard Group, Jayson Pieterse brings a decade of experience to Nozomi Networks. His qualifications include CompTIA Security+ and CISSP, Certified Information Systems Security Professional. As part of his role, he will support customers across South Africa and Africa with risk and vulnerability assessments from a physical and cyber perspective, whilst offering up potent mitigation solutions and strategies that are ideal for their bespoke requirements.

Suhail Jiwani, Sheena Chandra, Citalouise Geiggar join executive team at Kelvin

Kelvin, the collaborative control software company delivering industrial intelligence, has bolstered its executive leadership team with strategic hires and internal promotion. The company announced that Suhail Jiwani has been promoted to Chief Technology Officer; Sheena Chandra has been appointed Chief Strategy and Business Development Officer; and Citalouise Geiggar has been appointed Vice President of Marketing. The strategic appointments represent a key element of Kevin’s strategy to capitalise on the momentum to serve and broaden its customer base.

In his new role, Suhail serves as the executive technology leader for Kelvin’s engineering and product division. With deep industry and technology expertise, and over 16 years of experience, Suhail is driving the acceleration of technological innovation in Kelvin’s next growth stage to best serve our customer’s needs. He oversees all product and solutions development requirements phases, including system design, implementation, and continuing engineering. Suhail’s vision is to deliver innovative, first-class technology that helps industrial organisations reach their net zero goals.

Before joining Kelvin, he was Chief Product Officer at Honeywell, managing their software portfolio for Connected Industrials. With a BTech in Electronics Engineering and specialisation in Machine Learning from Stanford University, Suhail is a subject matter expert and a leader in their digital transformation journey.

Sheena joins Kelvin from AWS to take the executive role of Chief Strategy & Business Development Officer. She has over 20 years of experience developing strategic partnerships, business development, and go-to-market motion from her background with Microsoft, AWS, and Databricks.

Larissa Crandall joins Veeam from Gigamon as Vice President Global Channel and Alliances

Veeam Software, announced appointment of Larissa Crandall as Vice President of Global Channel and Alliances. Most recently, the Vice President of Global Channel and Alliances at Gigamon, Crandall is an industry leader that will guide Veeam’s investments in a global partner and alliance ecosystem that ensures customers’ data is protected across multiple environments, whether cloud, virtual, physical, SaaS or Kubernetes.

Crandall has spent her entire career in the channel working for security, networking and cloud vendors. The foundation of her career was spent working for Connection, a large solution provider leading enterprise, commercial and public sector teams. She joins Veeam after four years at Gigamon where she led the global channel and alliances organisation to record channel contribution growth, developed the partner program and was an integral part of the partner-first strategy.

Crandall also helped launch the creation of the Gigamon Playbook, built and executed creative demand generation, training and enablement programs, as well as the development of GTM solutions to accelerate revenue.

Joe Billante moves from eBay and joins Barracuda as Chief Financial Officer

Barracuda announced Joe Billante as its new Chief Financial Officer. Billante brings more than 20 years of executive leadership and finance experience to Barracuda, and has successfully led companies through business transformations, international expansion, and accelerated growth. Billante joins Barracuda most recently from eBay where he spent the last 13 years in several business, finance, and analytics executive leadership roles. Before eBay, he spent 11 years at General Electric in a number of finance roles including CFO for a $1B international division of GE Healthcare.

CleverTap, the World’s #1 Retention Cloud announced appointment of Samer Saad as the Regional Sales Director for its META Region and will be based out of Dubai. Samer has over a decade of experience in building and scaling sales teams across the MEA region. He joins from Appsflyer, where he was the Regional Manager for the MEA region and has led partnership sales and agency roles across Criteo and Yahoo!. As CleverTap increases its focus into META Region, it has ensured the local presence of all sub functions that are needed locally to scale the business, and Samer will lead the mandate to scale the growth charter.