44 minute read

AVEVA Launches New Pro gram for Industrial Channel Partners

Cyway Signs Distribution Agreement for Netskope in MEA Region

Cyway, a provider of identity-centric and cloud security solutions has announced that it has signed a distribution agreement with Netskope, thus expanding its footprint in the Middle East and Africa region. Netskope Security Cloud provides visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device.

Advertisement

Koshy Oommen, Director of Operations at Cyway, commented, “Security technologies are gaining immense popularity as remote working is set as a new norm. Cloud-native applications require different rules and techniques for protection. Secure Access Service Edge (SASE) technology will take preference eliminating traditional perimeter appliance security and legacy solutions. Cyway looks at this partnership as an excellent opportunity to address cloud security transformational challenges from today’s dissolving perimeter.”

Arie de Groot, the Senior Director of Channels EMEA at Netskope, explained that Netskope is rapidly expanding its worldwide customer base. “Security is moving to the cloud. The complexity of perimeter security, the increase of cloud usage, and the ever-growing number of remote and mobile workers are the main drivers of our growth. The cloud cannot be secured with legacy network security methods. It requires a cloud-based platform hosted in a worldwide private network of data centres, always offering the fastest connections. With the opening of our data centre in the Middle East and our cooperation with Cyway, we see a tremendous opportunity to build a network of partners embracing our next generation solutions and to become the leading SASE provider in the Middle East.”

AVEVA Launches New Program for Industrial Channel Partners

AVEVA has launched AVEVA Select, a new program designed for partners to gain full access to AVEVA’s comprehensive software portfolio. The new AVEVA Select program is designed to help customers accelerate their digital transformation agendas by leveraging the breadth of the AVEVA software portfolio across its install base.

The AVEVA Partner Network today boasts over 5,000 members providing opportunities for Alliances, Systems Integrators, Distributors, Solution Providers and Technology Partners to participate in the AVEVA community. With programs designed to suit every product and solution specialization and industry, AVEVA Select aligns to both market and technology trends helping companies simplify design, optimize production, reduce energy and maximize performance. Its programs and support initiatives are designed to promote the variety and value of applications developed and delivered on the AVEVA platform worldwide.

With AVEVA Select, partners will be able access the entire AVEVA portfolio through the channel that they have known and trusted, often for as long as 30 years. The program will expand AVEVA’s reach to a wider distribution of industries, outside its previous core customer base of mid/downstream Oil & Gas, heavy chemical, power generation and distribution, to incorporate many other sectors including Food and Beverage (F&B), Consumer Packaged Goods (CPG), Smart Cities and Infrastructure, Mining, Paper and Pulp, Utilities, Water and Waste and Discrete industries (e.g. automotive, electronics). The expanded AVEVA Select customer base will be able to leverage their installed Monitor & Control (M&C) and Planning & Operations (P&O) solutions from AVEVA to address new challenges, create opportunities and improve the performance of their industrial operations. Members of the current AVEVA Partner Network community also see the launch of AVEVA Select as very timely for the community.

“The AVEVA Partner Network continues to grow as a hub for the latest thinking on performance management of manufacturing operations and today it is utilized for the sharing of best practices with the partner community as well as harnessing their collective insights to help solve some of the world’s most complex industrial manufacturing issues. The launch of the new AVEVA Select Program comes at a time when industrial customer demand for digital transformation is growing exponentially and it will create new opportunities for the customer base,” commented Bob D’Agostino, President of AVEVA Select North.

“With the new AVEVA Select Program we can confidently grow the partner network from strength to strength by offering real value for our strategic technology partners, distributors, systems integrators and many more, enabling our network members to work better together to help their customers create increased business value. I am excited to be part of this journey which will undoubtably extend the capabilities of the AVEVA offering to a new and previously untapped partner audience,” said Jason Bass, President of AVEVA Select Central.

Mindware Signs Distribution Deal with Acer

Mindware has announced that it has signed a commercial distribution agreement across the Middle East with Acer. This will include the vendor’s commercial and education portfolio including Windows based laptops, Chromebook devices, accessories, projectors, Enduro and ConceptD devices. The main focus will be on the Travelmate Series, specifically designed both for the corporate world and the public sector. Mindware will drive the market penetration of these devices by mobilizing its extensive channel network across the region.

As part of the strategy to engage more closely with the enterprise sector, vendor and distributor will work hand-in-hand to educate the market on the latest commercial and education focused best practices and technologies. Providing an insight into the partnership, Nicholas Argyrides, General Manager – Gulf at Mindware stated, “The work from home and e-learning trends have fuelled demand for laptops and smart devices. For remote workers to maintain high productivity levels, devices need to have good processing power, portability, and durability combined with business features and advanced connectivity options. On the education front, teaching staff and students need to have access to modern, purpose-built devices and apps that support the new blended learning model.”

“Acer Middle East is a company that understands these imperatives and are playing a vital role in the transformation taking place in the digital workplace and the education field. Devices like the TravelMate have never been easier to work away from the office. Their wide range of robust, easy-to-use and manage Windows and Chromebook devices enables digital learning at the highest technical level. The devices facilitate collaboration and cooperation between teachers and students. We are very optimistic about the rapid uptake of these products as companies and educational institutions realize the tremendous benefits that these devices will bring to employees and students,” continued Argyrides.

Acer Middle East has achieved great success in the education market with a 92% market share in Chrome OS devices for Q1’ 2020 in UAE, as per latest statistics from research and consulting firm Futuresource Consulting. In 2019, Acer Middle East achieved the number one position in the region with 71% Market Share.

“As Acer Middle East looks to capitalize on the digital transformation taking place in both the education and commercial sector across the ME region, we are very pleased to partner with Mindware, a company that we believe shares our vision and drive. The focus is on small and medium businesses and the K12 education space. Mindware is the perfect partner to expand Acer’s brand awareness and loyalty amongst a focused partner base. With the support of Mindware and their reseller network, we look to replicate in this region the resounding success that our Chromebooks have experienced thus far in the Middle East,” concluded Peter Lacey, Commercial Head, Middle East at Acer.

Abu Dhabi Municipality Selects Huawei as Digitalisation Partner

Abu Dhabi Municipality has selected Huawei as a partner to guide its digital transformation journey, in line with the UAE leadership’s vision to streamline services and experiences through cutting edge technology aiming at a sustainable and globally competitive economy. Through its partnership with Huawei, Abu Dhabi Municipality has deployed a custom configuration of cutting-edge solutions, sustainably designed to meet the society’s digital needs today and in the future. Key products driving Abu Dhabi Municipality’s digital transformation include Huawei All Flash Storage, and a Tier 4 Data Center – the most reliable solutions designed by Huawei for the mission-critical services of enterprises. Together, these solutions will build a robust ecosystem to store and protect all data, while enhancing the overall experience for Abu Dhabi Municipality employees and customers.

Abu Dhabi Municipality is working towards implementing Smart solutions and advanced technologies that will contribute to the Emirate’s Strategic Plans and enable the digital transformation of Abu Dhabi through collaboration and fast Access to services and information. The addition of a Huawei data center to its digital ecosystem will enable Abu Dhabi Municipality to increase productivity and better serve its customers, ensuring business continuity with greater reliability and proficiency. Huawei’s Tier 4 Data Center delivers high availability and high efficiency, with convenient, centralized maintenance and a modular design that decreases deployment time by 50 percent.

Ahamd Abdulsamad Alhammadi – Acting Director of the technical planning department, Abu Dhabi Municipality, said, “Our digitalization journey with Huawei this far has transformed our operations, building more resilience and convenience throughout the Municipality. We are guided in our digitalization by the vision of the UAE’s leadership to enhance our community through technology. With state-of-the-art solutions and impeccable customer service, Huawei has proved the ideal partner for us, and we are pleased to continue working with them.”

Dongyue Ouyang, Managing Director of Enterprise Business Group, Huawei UAE, said, “While digital transformation brings enormous benefits in terms of cutting costs, increasing agility, and driving productivity, going digital isn’t easy. There is a whole host of elements that organizations need to be able to manage in a more centralized way, whether it’s incorporating all sorts of new technology, integrating mountains of data in all forms, or adapting end-to-end business processes and structures to the changes these bring."

Philips Middle East and Turkey Gets New CEO

Royal Philips has announced the appointment of Vincenzo Ventricelli as Chief Executive Officer for the company’s operations in the Middle East and Turkey, based in Dubai, effective September 1st. Vincenzo Ventricelli joined Philips Italy in 1996 and has ever since held several positions in sales and marketing in different locations such as Italy, Central and Eastern Europe, and the Middle East. He moved to Vienna in 2004 to work in the Marketing Department and proceeded to take the position of Marketing Director for Central & Eastern Europe in 2006.

In 2008, Ventricelli was appointed as Marketing Director, Philips Consumer Lifestyle Middle East, Turkey & Africa – based in Dubai. He took over the role of Senior Sales Director for Middle East and Turkey (MET) in 2011. He became Market Leader for Middle East and Turkey for Philips Personal Health in 2015. Over the last three years, Ventricelli led the Health Systems business in MET with significant achievements. During his time as the leader of Health Systems, he built a strong team and developed the Strategic Account Management (SAM) approach, as well as accelerated Health Systems transformation into a solutions business. Ventricelli holds a Bachelor’s degree in Business Administration from Bocconi University of Milan.

“Having been a part of Philips for over 20 years, it has been exhilarating to grow and develop its identity. I’m excited to take up my new role with the promise of Philip’s vision to make the world healthier and more sustainable through innovation. I’m committed to work closely with our customers and partners in creating meaningful solutions that can make a difference to the healthcare community and eventually achieve our aim of improving the lives of 3 billion people a year by 2030. In addition to delivering added value to the local health systems, my target is to continue driving the company’s strategic objectives and growth across the region,” said Vincenzo Ventricelli, Chief Executive Officer Philips Middle East and Turkey. Özlem Fidancı, the former Chief Executive Officer of Philips Middle East & Turkey joined Philips Turkey in 1998. After serving several commercial and management roles in Singapore as well as in Middle East & Turkey, Fidancı became the Vice President and General Manager at Philips Consumer Products in Middle East, Turkey and Africa (META) and later became the Senior Vice President in Health Systems for Middle East and Turkey in 2015. Between January 2018 and August 2020, Fidancı fulfilled her role as the CEO of Philips MET and was responsible for overlooking a total of 16 countries. Ozlem Fidancı has now been appointed as Head of Global Markets of Philips’ Domestic Appliances business, based in Amsterdam, effective September 1st.

Huawei Appoints New President for Cloud and AI Business Group in the Middle East

With demand in the region increasing for cloud and artificial intelligence (AI) technologies, Huawei—a leading global provider of information and communications technology (ICT) infrastructure and smart devices—has appointed a new regional president for its Cloud and AI Business Group as the company restructures its offerings in these fields.

Li Shi assumes the role of President of the Huawei Cloud and AI Business Group in the Middle East region effective immediately. Under his leadership, the group seeks to help governments and local industries to tap into the power of digitalization while creating more intelligent and safer societies.

Based in Dubai, UAE, Shi will oversee the expansion of the group’s regional product and solution portfolio along with partner ecosystems that will create ultimate service experiences by utilizing Huawei’s global capabilities. The executive will further seek to deliver comprehensive terminal-edge-cloud solutions and services to more of Huawei’s customers and strategic partners, all with respect to data sovereignty that can support the digital economy and smart society of countries across the Middle East.

Shi has nearly 15 years of international experience with Huawei. He was most recently the CEO of Huawei UAE and had also previously held executive positions for Huawei in other Gulf and Levant countries. Charles Yang, President of Huawei Middle East, said: “The innovations behind AI and cloud computing are advancing by leaps and bounds, and will soon pave the way to a digital Middle East in which all things are connected. Governments and enterprises are reinforcing their investments in these two fields. Under Li Shi’s leadership, I am confident that Huawei’s Cloud and AI Business Group will bring the value of ubiquitous computing to even more communities across the Middle East.”

Li Shi, President for the Cloud and AI Business Group in the Middle East, added: “Nearly every industry in the region has been re-booting for the digital age. Cloud and AI technologies will accelerate this transformation over the next decade. By offering new cloud services with our partners, enabling deeper AI research and development, and introducing new supercomputing capabilities to the region, our team will reinforce Huawei’s unrivalled end-to-end capabilities in the ICT domain while inspiring innovation in organizations of all shapes and sizes.”

Established earlier this year, Huawei’s Cloud and AI Business Group in the Middle East is an evolution of the company’s Cloud Business Department. Under the slogan “Cloud Everywhere”, the restructuring enables a more focused approach to developing and deploying solutions that will form the bedrock of the digital world.

Fortinet Appoints New Regional Channel Director for Middle East

partner community to better serve our customers.”

Fortinet,a global leader in broad, integrated and automated cybersecurity solutions, has appointed Shane Grennan as its Regional Channel Director for Enterprise and Alliance partners in the Middle East.

Grennan will report to Alain Penel, Regional Vice President for the Middle East. In this role, Grennan will direct and oversee Fortinet’ 3000+ partners and alliance community in the region.

He is responsible for setting the vision and strategy for Fortinet’s engagement with its largest regional, GSI, OT and Cloud partners in the region and ensuring the execution of this strategy.

“Cybersecurity has never been more crucial than it is in today’s ‘new normal’ business environment. Fortinet continues to help its customers address their most persistent cybersecurity challenges, and our enterprise and alliance partners are key in this journey,” said Alain Penel, Regional Vice President – Middle East, at Fortinet.

“As Fortinet continues to grow in the Middle East, Grennan’s appointment bolsters our regional channel team and allows us to continuously increase value for our partners through mutual commitment and focus on our joint customers. Grennan has a proven record of rapid and sustained growth, creating and leading high performance teams. We are certain that he will continue to support our enterprise and alliance The current shift to remote work as a result of COVID-19 have forced new learnings in business agility and has paved the way for a new wave of advanced cybersecurity threats.

Partners are increasingly being relied on by customers across industries to provide simplified, value added, strategic support, as they increase their investments in cybersecurity. Grennan’s direction and support will help partners transform their engagement levels to meet customer’s needs.

“I am excited to join Fortinet at a time when channel partners play a key role in helping organizations maintain business continuity,” said Grennan. “Fortinet believes that simplicity in cybersecurity can help deliver maximum benefits and we strive to bring that to customers with our partners using the Fortinet Security Fabric. My top priority is to work together with partners to understand their focus and help them transform with Fortinet at a new level. It will deliver a better customer transformation experience and enhance Fortinet’s overall solution and service offering.”

Prior to returning to Fortinet, Grennan was Regional Director at Cylance Inc, for the UK, Ireland & Emerging (SS Africa, Israel, CEE) at Cylance Inc, where he led the company's growth efforts in the region.

Grennan was previously Regional Sales Director UK&I at Fortinet where he built the Ireland/Scotland region to be one of the most successful in the EMEA region. Under his leadership the region has developed a base of loyal and highly capable partners, as well as leading customers in all sectors.

Prior to joining Fortinet, he held a variety of positions in Cisco and Nortel Networks. Grennan is an experienced Bachelor of Engineering and previously a Systems Engineer who worked in Europe and Asia for various networking vendors.

Equinix Gets New Managing Director for MENA Region

Equinix has announced the appointment of Kamel Al-Tawil as its new Managing Director for the Middle East and North Africa. In his role, Al-Tawil will oversee and continue to grow Equinix’s business portfolio in the region, defining the evolving strategy for the local markets. The new MENA lead brings a wealth of experience to the role, having worked with major corporations like NCR, EMC and Oracle, where he served in multiple senior leadership positions—most recently as Vice President of Business Applications. Al-Tawil has led large-scale projects across business functions and companies, leveraging leading business and technology practices to deliver effective and efficient ways of working, whilst driving ongoing scale and growth.

The appointment further strengthens Equinix’s developing business in the MENA region, as the company supports organizations with deploying interconnection and other digital strategies to unlock growth in new markets, diversify and improve business and financial performance. The Middle East has proven to be an exciting market of growth for cloud adoption, with cloud becoming a key component of the region’s digital transformation.

According to the International Data Corporation (IDC), investments in digital transformation and innovation will account for 30% of all IT spending in the Middle East, Turkey, and Africa (META) by 2024, up from 18% in 2018. Indeed, Equinix’s 2019-20 Global Tech Trends Survey, found over two-thirds (67%) of UAE IT decision-makers view digitizing their IT infrastructure as a priority. 7 out of 10 (72%) IT decision-makers surveyed in the UAE consider moving infrastructure to the digital edge a priority for their organization’s technology strategy. “Having worked in the IT industry for 25 years, I am familiar with Equinix’s business and the critical role interconnection can play in digitizing businesses for success in today’s environment. I am looking forward to continuing Equinix’s expansion in the MENA region, helping organizations in their digital transformation journeys as they look to innovate and grow. We will continue to engage and collaborate with the world’s leading clouds, networks and service providers, supporting companies across the digital economy,” said Kamel Al-Tawil, Managing Director for Middle East and North Africa, Equinix.

THE EVOLVING THREAT LANDSCAPE

Arabian Reseller speaks to industry experts about how the security threat landscape is evolving in this region, especially under the current business climate

Companies in every industry and of all sizes are finding themselves under an increasing barrage of cyberattacks. At the same time, the threat landscape is evolving, becoming more sophisticated and doing so at a faster pace than many organisations are able to keep up with. The days are gone where a firewall alone was sufficient protection against a cybercriminal or group. The proliferation of connected devices, alongside flexible working practices and complex partner ecosystems have made the boundaries of an organisation ebb and flow. Threat actors with malicious intent are taking advan- tage of at an eye-wateringly large cost to businesses. There are a number of threats which are evolving more quickly than others, but what are the ones that businesses need to be especially aware of today?

Attacks Are Getting Tactical and Targeted

While COVID-19 continues to drive cybersecurity trends as a whole, it has also inspired new attacks capitalising on our desire for news, assistance or guidelines that could help keep us safe. While global malware dips, new and measured attacks, including ransomware, pivot the cyber war in the first half of 2020. Amid the disruption, a few key takeaways emerge: Malware is down, but changing and spreading. It’s worth noting, however, that less malware doesn’t necessarily mean a safer world. Mohamed Abdallah, the Regional Director for Middle East, Turkey and Africa at SonicWall, explains,

“Across all categories of malware, SonicWall researchers have noted that attacks are both more tactical and more targeted than ever, giving them a greater chance of success. The malware that we are seeing is evolving to be sneakier and more malicious. As detection tools are refined, hackers are increasingly turning to fileless malware attacks that operate in memory and take advantage of legitimate tools such as Microsoft Windows Powershell.” According to Abdallah, ransomware is up, particularly in the U.S. (+109%). “Office files continue to be leveraged for malicious agenda. SonicWall Capture Advanced Threat Protection (ATP) with Real-Time Deep Memory Inspection is catching more attacks than ever. Malware targeting Internet of Things (IoT) devices has risen to 20.2 million, up 50% from this time last year. Cybercriminals are increasingly targeting the massive influx of employees working from home. And intrusion attempts are up 19%, to 2.3 trillion.” Mobile phones are also becoming a focal point for nation states and rogue hacking groups. Traditionally, attackers have been targeting mobile phones for taking data, performing surveillance on the users, and its location services. “We've seen the transition by attackers to using the mobile phone as the penetration vector into the organizational network. That being said, there hasn't been an influx of new techniques introduced into the industry for penetration — we primarily see phishing emails at the top of most threat actors’ lists,” says Israel Barak, the Chief Information Security Officer at Cybereason. Cyber crime actors continue to prey on victims using COVID-19 themed attacks. “Recently, we've seen attackers use fake apps that claim to offer continuous monitoring of the infection rates in a city or country. Or in one instance, a scam was being run with employees at one company receiving text messages appearing to come from the company's administrators with an update on what the company is doing in response to the pandemic. Employees will click on the links contained in the text messages leading them to fraudulent websites,” adds Barak. According to Derek Manky, the Chief of Security Insights and Global Threat Alliances, at Fortinet, the potential attack surface of organizations continues to expand, and the speed and sophistication of cyberattacks continue to make defending the network ever more challenging. “With IT teams on constant alert, and much of their time spent putting out fires, it can be difficult for organizations to pause and look at the big picture. Most breaches today are driven by cybercriminals who steal sensitive information to sell on the Dark Web, or encrypt systems and ask for a ransom,” he says. Manky further adds that as a result, hacking has become much more sophisticated and lethal. For example, more than half of all attacks are managed by cybercrime organizations that are better organized than most companies. “They approach their work like any business, except that their revenue streams are stolen data and extortion. Their new Cybercrime-as-a-Service ecosystem is one of the biggest reasons why the cybercrime industry grows dramatically and generates more than one trillion dollars in revenue every year,” he says. Last year, various states in the Middle East including UAE, Saudi Arabia, Oman, Jordan, and Tur- key attracted a large number of inbound attacks. “Cyberattack patterns remain more or less the same for this year, but we are see- ing a surge of new attacks that are designed to exploit the uncertainty and anxiety around the COVID-19 pandemic. With the spread of pandemic, many enterprises have adopted remote working. While the security analysts are working on scaling up organization-wide security frameworks to maintain users’ trust and handle multiple remote endpoints, cloud integrity, online identity verification, data security and more, hackers are nefariously exploiting the remote work platform to launch attacks,” says Subhalakshmi Ganapathy, Product Evangelist, ManageEngine. Starting from the key loggers, stealers, remote access trojans (RAT) to sophisticated advanced persistent threats (APTs) like Chafer APT, and living off the land tactics, attackers are employing every technique to break the defensive security of enterprises. Hackers are using newer forms of existing malware (such as Emotet) and new malware strains to beat cyber defense systems. During the COVID-19 pandemic crisis, the global community faced and is still facing new challenges that we could never anticipate. “Lockdowns made most businesses operate remotely through the business’ network. Through that, we witnessed a heavy reliance on remote access systems which is making businesses more susceptible to malware, ransomware and phishing attacks. This has created a challenge for businesses due to the data theft, ransomware attacks, and data breaches they have faced during COVID-19,” explains Tamer Odeh, Regional Director at SentinelOne in the Middle East. The threat landscape today has largely stabilized. With a few exceptions, the most prominent threats and their delivery methods have been consistent for the past couple of years. “It consists of nation-state attackers, highly skilled cybercrime organizations, and low-skill opportunistic groups and individuals. The nation-state attackers are the most difficult to defend against, if it's even pos- sible. They are extremely highly skilled, endlessly patient and enjoy limitless resources,” asserts John Shier, Senior Security Advisor, Sophos. “We can however learn from their past tactics and tooling which ultimately end up in the hands of organized cybercrime. This group is almost exclusively financially motivated and is responsible for a

majority of the threats we encounter. Many of them are highly skilled and well-funded. They are continually looking for the next edge in defeating our defenses. Both tech and humans. They operate botnets and create most of the malware in the wild. The low-skilled, opportunistic criminals contribute to the rest of the noise and distraction in the threat landscape. They rely mostly on automation and older, over-used, and detectable tools,” he continues. Today’s digital environment is ever-changing. Different types of assets constantly enter and exit the enterprise, and some are ephemeral – lasting mere seconds or minutes. Another element adding to what is already a complex situation is security teams being tasked to secure operational technology (OT). “According to a commissioned study conducted by Forrester Consulting, on behalf of Tenable, 61% of Saudi organizations who had suffered a business-impacting cyber attack in the last 12 months said these attacks involved their operational technology (OT) systems,” says Maher Jadallah, Regional Director - Middle East, Tenable. According to Jadallah, in tandem, the number of vulnerabilities present in hardware and software is also rising, with the severity of each increasing. The result is security teams with hundreds of vulnerabilities to sift through and, even if prioritizing by criticality, still have far more than they can possibly handle. “Another trend that we see increas- ing is organizations opening up their networks and systems to third party suppliers in an effort to improve functionality and collaboration. The ramification is that, if a supplier is breached, the attacker might be able to traverse across to other con- nected networks and systems. This may cause direct operational and reputational harm to all persons and companies connected to the infected provider. Network segmentation and the isolation of privileged accounts can minimise damage caused by a third party supplier breach,” adds Jadallah.

Cyber Threats Moving Beyond Ransomeware

Although ransomware attacks remain popular among cyber criminals, there are still lots of other attack vectors these adversaries are using to compromise enterprises and stronghold them. “What we have been seeing as a result of the current pandemic are a few things,” adds Christopher Hills, the Deputy CTO of BeyondTrust. “Enterprises that are having to embrace remote working are now faced with a flood of Helpdesk Tickets. As a result, some enterprises are relaxing policies on endpoints and giving employees more administrator rights to help relieve some of the helpdesk tickets. This, in some cases, is causing an uptick in anxiety levels.” Hills further adds that a BYOD (Bring Your Own Device) approach for corporate resource access is another cause for concern. “More personal devices connecting to these corporate resources means more pressure on IT teams to control Anti-Virus, OS Patch Level, and other software, to ensure they are secure and without vulnerabilities that could allow cyber criminals to compromise these personal assets and use them as a conduit to gain access to the corporate resources,” he says. Manky further adds, “One of the most lethal combinations is a sophisticated attack that targets humans when they are in a state of fear, uncertainty, and doubt. The current COVID-19 pandemic is a great example. The internet enables most people to do their own research, and sophisticated attackers are ahead of the curve. They have anticipated the generic behavior of individuals and prepared their campaigns for the events around us by stuffing the internet, and our in boxes, with disinformation, malicious files, and links to infected web pages” According to Manky, “Ironically, we now live in a world where human viruses and cyber viruses cross attack paths. This is extremely effective, generating a lot of money while causing a tremendous amount of physical and monetary damage. It

Mohamed Abdallah, Regional Director - META, SonicWall

Israel Barak, CISO, Cybereason

Derek Manky, Chief - Security Insights and Global Threat Alliances, Fortinet

Subhalakshmi Ganapathy, Product Evangelist, ManageEngine

is very likely that we will see more game-changing vulnerabilities like Spectre, Meltdown, BlueBorne, and Broadpwn. Without true visibility and control over everything in their infrastructure, organizations will miss these threats when they breach their networks.” Haider Pasha, Senior Director and Chief Security Officer at Palo Alto Networks, Middle East and Africa (MEA), says, “Given that more of the workforce is working remotely, we anticipate an increase in attackers targeting home routers and IoT devices, especially since 98% of all IoT device traffic is unencrypted. For better precaution, consumers should ensure their physical router is not using the default password and must create a unique password for both their routers and all physical devices. Moreover, as some economies may go into recessions with unemployment numbers on the rise in some sectors, some individuals might turn to cybercrime – which typically happens in economic downturns.”

Preparing to Face Cyber Threats

Cybersecurity criminals are preying on the landscape and opportunity. They know that now more than ever, people, businesses and corporations are all having to adjust to working more “remotely.” This is opening up new avenues for attack that they might not have previously considered. “It seems that banking institutions are the bigger targets, and while the Emotet Malware has become popular again since first emerging in 2014, we are seeing cybercrimi- nals step up their attacks on Wire Transfers. Cyber Criminals are tactically attacking Wire Transfers and doing various things to inter- cept these transfers for their per- sonal gain,” explains Hills. “The key to success is to remain proactive, not reactive. Continue maturing policies, procedures, software, and solutions. Think about compromise to your organization or enterprise from a cyber criminal’s perspective and focus on those areas first.” Know yourself and know your enemy is the best advice. “Know yourself is understanding how your business operate on all levels, from the operational to the executive, knowing how systems interact, how people interact and building your defenses around these specific interactions between company assets. Knowing your enemy is also crucial, threat evolve almost every other day and staying on top of the latest developments will surely make you more aware and capable of fighting off these threats when they target you,” Manky adds. Attacks are evolving. They no longer have goals that concentrate on stealing financial information or bringing the business to a standstill using resource abuse techniques. “The goals are changing and so are the motives. Previously, the hackers were predominantly financially motivated. Now, most of the attacks have political and espionage motives. They are harvesting email or user account credentials so that they can target the cybersecurity posture of the company rather than exploiting loopholes and vulnerabilities. The damage in such cases is unimaginable,” adds Ganapathy. Despite the growing frequency of attacks and increasing board-level awareness of common threats, many organizations are still failing to implement effective cyber defence strategies. Training is often inadequate and end-user awareness, often poor. “A new approach is required. One that puts people at the heart of cyber defence – ensuring employees are not just able to spot and deter attacks but are acutely aware of their role in keeping our organizations safe,” says Emile Abou Saleh, Regional Director, Middle East and Africa at Proofpoint. According to Odeh, AI can helps us overcome this challenge faster and handles issues that are new to us in a more informed manner. “Whether organizations are mostly working from home or starting to go back to offices, the need for AI-powered technology that helps improve cybersecurity teams is essential. In order to

Tamer Odeh, Regional Director, SentinelOne

John Shier, Senior Security Advisor, Sophos

Maher Jadallah, Regional Director - Middle East, Tenable

Haider Pasha, Senior Director and CSO, MEA, Palo Alto Networks

defend businesses that embrace digital transformation and adopt IoT, cloud and more, organizations need dynamic artificial intelligence-driven (AI) next-generation endpoint protection platforms that defend every endpoint against all types of attacks, at every stage in the threat lifecycle without the need for human intervention,” he says.

Handling Security Challenges

Businesses spend countless dollars each year trying to protect themselves from various attack vectors that cyber criminals will use to breach them. According to Hills, what is interesting is that each company will have a unique approach depending on three major factors – Risk Tolerance, Risk Acceptance and Risk Appetite. “Having these items clearly defined and documented, is a great step. These should be the foundation of your security framework. Once these are documented, you can better approach the question of, “Am I prepared for the compromise.” If you can’t answer that question with a “Yes,” then you still have work to do,” he adds. Hills adds that as a company, BeyondTrust tries to be as transparent as possible with its customers, by both sharing its experience and market trends, which drive decisions. “As a company, we continue to improve and mature our overall security posture, processes and programs. We continue to evaluate the cyber landscape and collabo- rate with our partners to enhance and mature our integrations so that our overall offering can lend itself better to suit each and every customer’s unique security re- quirements,” he says. Meanwhile, Abdallah says that his company has recently introduced the new Boundless Cybersecurity model, designed to help organizations navigate a hyper-distributed IT reality where everyone is remote, everyone is mobile, and everyone is less secure. “By knowing the unknown, providing real-time visibility and leveraging breakthrough economics, SonicWall enables businesses to close the cybersecurity business gap and guard against the growing ranks of opportunistic cyber attackers. By gaining a fuller understanding about where we find ourselves in 2020, we can move as safely and resolutely as possible toward the future, whatever it has in store,” he explains. The good guys or defenders are constantly facing cyber risks and attacks from well-funded and motivated hackers. “Our advice to customers, partners and the wider industry includes three things. You need to increase employee awareness of COVID-19 related scams. We understand that employees are more susceptible today to scams. Provide more training and awareness on some of the common techniques. And notify staff on how you as an employer will contact them in time of need — they should only use agreed upon forms of communications,” says Barak. “As employers maintain work from home policies, there continues to be a massive increase in the use of personal mobile and company owned mobile devices. We help our customers and partners build a higher fence so that the phone is better protected by scanning and detecting malicious content that is delivered to the device, via channels such as text messages, instant messages, phishing emails and the like,” says Barak. “We also need to adopt a post breach mindset and realize that sometimes attacks will be successful. We need to have the infrastructure to protect in real time, and correlate the differ- ent parts of the attack — i.e. this attack started on a mobile phone and then moved into the corporate network — and then have the abil- ity to remove the threat from the network.” Pasha advises his customers and partners on various tactics related to being mindful about their security practices. “For customers, we strongly advise to think before you click on any links, and one should

Gopan Sivasankaran, Senior Manager, Solutioning META, Secureworks

Emile Abou Saleh, Regional Director, MEA, Proofpoint

Rohit Bhargava, Practice Head - Could & Security, Cloud Box Technologies

Christopher Hills, Deputy CTO, BeyondTrust

confirm that emails are from a trusted source. We also advise to be cautious about what to share on social platforms, as it is quite easy to unlock accounts by using personal details such as hometown or birthdays if available on public domains,” he says. “It is always advised to implement security measures as early as possible, stay alert and be aware of your security and privacy settings – for example, do not use the same password across multiple accounts. Our advice to enterprises is educate your workforce by running phishing simulations and social engineering training for employees. We must also be mindful on limiting audit access and using multi-factor authentication.” Irrespective of the means of attack – email, cloud applications, the web, social media – today’s threats target people, not infrastructure. So, while technical solutions and controls remain crucial in building a robust cyber defence, they are just one aspect of a broad and deep barrier against the latest threats. “It is therefore crucial to have in place an approach that puts people at the heart of cyber defence – ensuring employees are not just able to spot and deter attacks but are acutely aware of their role in keeping our organisations safe. This is only possible when their training goes beyond general awareness of common threats and they have a better understanding of how their behaviour can be the difference between a successful attempt and a successful attack,” explains Abou Saleh. According to Gopan Sivasankaran, the Senior Manager, Solution- ing META at Secureworks, user education is extremely important considering the entry vectors. “Also, it’s vital for organizations to adopt security solutions that take a deliberate and highly targeted approach to machine learning and other data science techniques, which is exactly what Secureworks does. By pairing incident response experience and threat research with supervised and unsupervised machine and deep learning algorithms, the Red Cloak TDR analytics software can detect unknown threats by identifying behavioural clues. The algorithms are trained on data from our entire customer base, which further increases the accuracy of the software,” says Sivasankaran. Security awareness and training is the most important skill these days. Not just for IT teams, but across the organization. “It is important that all of us remain aware of what is going on and understand our PC environment better. At some point in time, experts may be needed to identify and isolate issues. Having a security policy is like having a life insurance. You need it, or else the risk of being a prey is far greater,” says Rohit Bhargava, Practice Head - Could & Security, Cloud Box Technologies. Bhargava further adds that as Microsoft stopped supporting certain OS versions, it is important to protect information assets having a latest OS and authentic applications in PCs. “Social engineering hacks are paving their way and it is imperative to have a stronger password protection policy to ensure personal information is not accessible to attackers. We always recommend that our SMB and enterprise clients create IT policies that highlight security awareness, offer security health checks and look for local partners with local expertise to offer managed protection and service to ensure higher levels of protec- tion,” he says. Shier says that doing security right is difficult. “That's why we always say there's no 'silver bullet' in security. A good start, however, is building a solid security founda- tion. This includes having the right people, processes and tools in place to give you a fighting chance. A robust security culture ensures everyone is 'on duty' when it comes to protecting the enterprise. Clear, easy-to-follow, and conservative processes will prevent simple mistakes from harming your business. Using the very latest prevention and protection technologies will defend your organization against attackers when the first two fail. Taken together, these three are just a starting point on the never-ending road to a mature security program,” he says. Organisations should focus on the basics first to stop the majority of threats they will face. This means complete and live visibility into the entirety of their attack surface — be they IT or OT, traditional on-prem or in the cloud — as the first step toward reducing overall cyber risk. “Security solutions must ingest threat data, such as in-the-wild exploitation of a specific vulnerability, then use that information to discern which vulnerabilities should be addressed immediately in order to seal off attack entry points,” adds Jadallah. “Once basic asset management and vulnerability management is in place, you can then monitor the environment for anything that deviates from the norm - be it network anomalies or policy violations, or changes to the actual runtime configuration of a device like a Programmable Logic Controller (PLC) in an OT installation in a factory or plant.” While it might seem like a luxury, taking the time to stop and think about the actor behind these attacks is vital. Enterprises need to start looking at cyberattacks and other security threats from the adversary’s perspective to un- derstand which attacks are more attractive and lucrative for the actors and to know how best to protect against them. For the businesses that don’t understand the threat landscape is evolving, problems will persist and they will fall further behind attack- ers. Organisations need to act now to ensure their cybersecurity strategies, and those of the enterprises within their supply chain, are up to date and able to respond to new forms of attacks quickly. Only then can they be safe against the ever-evolving threat landscape.

Four Reasons to Invest in Entry-Level Cloud Talent

Written by Kevin Kelly, director of Education Programs, AWS Training and Certification

According to Global Knowledge, nearly 80 percent of IT decision-makers say their teams lack the skills they need. And this challenge is particularly acute when it comes to cloud computing. In fact, a report from 451 Research indicates that cloud skills gaps have nearly doubled in the past three years, with 90 percent of organizations reporting shortages. These statistics will come as no surprise to business leaders around the world who are struggling to find talented developers, architects, and business leaders to help them make the most of the cloud. There are simply not enough highly-experienced applicants to meet the demand. How does an industry suddenly create a large number of highly-qualified cloud professionals with 15-plus years of experience? It doesn’t. Instead, businesses need to rethink who they hire and how they train and retain them. Rather than chasing and competing for a limited number of highly-experienced professionals, employers should surround their most experienced employees with highly motivated, entry-level talent with strong foundational cloud skills. Cloud providers, governments, and training organizations are working hard to populate the global IT ecosystem with entry-level cloud talent. Tens of thousands of individuals have already received hands-on cloud training, and many are eager to start their cloud careers in towns and cities around the world. Here are four reasons why you should hire them.

1. Entry-level talent is often “cloud-native,” principled, and ready to learn.

Today’s entry-level cloud talent won’t come with a decade of on-the-job experience, but they won’t come on board with a decade’s worth of legacy thinking either. Rather than needing to unlearn old habits and ways of working on now-defunct technologies, these individuals can help your company challenge outdated approaches and embrace change in the digital age. Many individuals who are just starting their cloud careers are also digital natives. This new generation grew up with mobile devices, they understand voice-enabled technologies, and they know how to work virtually. They think differently about data and devices, likely espousing modern and innovative notions about technology and what it can do. Just imagine what such energy and high standards could do for your teams of solutions architects and developers.

2. Get the best out of your employees.

How can you get the best out of your most valuable employees? Give them a team to train, mentor, and work with. Building teams comprised of individuals with various levels of experience will help ensure that they are complementing and learning from one another. Those new to the cloud will be able to grow their skills in a supportive environment, with mentorship from someone you trust who has ample experience. By surrounding your experienced cloud talent with skilled, entry-level talent, you’ll also free them up to take on the more high-value aspects of their projects. Their team can do some of the building, and they can focus on more complex tasks, strategy, and design. You may even find that giving your tenured employees tasks more closely aligned to their abilities might help them stick around longer. In a 2020 survey by Deloitte, respondents who said their companies use their skills effectively are more likely to say they plan to stay with their current employer. But remember, in order to get the best out of both your entry-level and most experienced employees, you’ll also need to make sure you are supporting their development. According to Global Knowledge, only 59 percent of IT decision-makers approved training in 2019. “The absence of training support is puzzling,” the report explains, “considering a lack of training investment is a leading cause of skills gaps.” Make sure you give your team the support and resources they need—so that your company can keep the skills it needs.

3. Investing in entry-level talent will save you time, money, and resources.

Skills gaps are more than just an inconvenience; the financial and business repercussions can be grave. The IDC anticipates that in 2020, 90 percent of all organizations will have adjusted project plans, delayed product/service releases, incurred costs or lost revenue because of lack of IT skills. By hiring entry-level talent, you can bridge your IT skills gap, helping your company achieve its business objectives and meet demands on time. “It’s become more important to hire and grow junior individuals because it’s difficult to hire really experienced people at small-company money. So we like to grow our talent,” Jon Topper, CEO of Scale Factory in London, UK told us. His company, which has hired a graduate from our AWS re/Start program, focuses on hiring individuals with strong foundational cloud skills and an interest in developing their careers in the cloud. Rather than hiring for hard-to-find technical skills alone, they hire with an eye toward base knowledge, technical aptitude, potential, and enthusiasm. Research suggests that investing in your employees can help with your company’s retention rates. According to a 2018 LinkedIn Learning report, 94 percent of employees say that they would stay at a company longer if it invested in their career development.

4. Your team of diverse talent will be smarter and more stable.

Having a mix of talent and experience across your organization can also help create stability. If you have one or two highly experienced individuals, what happens when one of them leaves? You can help ensure business continuity and financial stability by building strong, supported, and resilient teams—teams that don’t depend on a small number of irreplaceable employees. Hiring individuals with a range of skills, backgrounds, and experience will also have a positive impact on business decision-making and innovation. Research shows that diverse teams are smarter and more innovative.

Turning scarcity into opportunity

The scarcity of highly experienced cloud talent is a major concern for many businesses. But this scarcity is also an invitation to hire, train, and retain talent differently. Companies large and small can tackle the current skills shortage by building and investing in diverse, resilient teams with a mix of experience levels. Rather than searching for hard-to-find—and difficult to keep—tenured individuals alone, companies should also invest in entry-level talent with strong foundational cloud skills. Around the world, individuals are emerging from universities, training programs, and internships with hands-on experience in the cloud and an eagerness to launch their careers. Some of them will even hold industry-recognized cloud certifications. And they are key to bridging the skills gap and helping your business thrive.

The Realities of Ransomware: Extortion Goes Social in 2020

John Shier, senior security advisor at Sophos explains the growing threat of ransomware that threatens to publish companies’ private data

The early days of ransomware were very much transactional. You received an unsolicited email, clicked on a link or opened an attachment, and your computer eventually ran the ransomware binary which encrypted all of your user-generated files. The process of recovery was fairly straightforward. You either recovered your files from backup (after doing a full re-image) or you sent Bit- coins to the criminals in exchange for the decryption key. In time, the criminals added the ability to communicate with them and things got a little more personal. These communications were mostly under the auspices of support. Not only could the criminals increase their reputation as ‘trustworthy’ merchants, but it also gave some individuals the ability to negotiate payment terms. In October 2019, the ransomware scene gave us a glimpse of things to come. A group calling themselves ‘Shadow Kill Hackers’ attacked the city of Johannesburg, claim- ing to have stolen data from the city’s compromised systems. The difference here is that the at- tackers didn’t encrypt any files. In this purely social attack, the criminals threatened to release financial and personal data of Johannesburg’s citizens if payment (4 BTC) was not made by the deadline. The city rebuffed the ransom demand and the attackers were silent. It took less than one month for this new tactic to catch the attention of more serious ransomware gangs. The criminals behind Maze ransomware began incorporating this tactic of steal and share as additional extortion pressure in their ransomware operations. The first such incident occurred in November 2019 when the Maze crew released a portion of a victims’ stolen data in a show of force and added social pressure for the company’s lack of payment. Since then we’ve seen the Maze operators continue this behaviour and other prominent ransomware gangs have joined them. Today it isn’t uncommon to hear of a ransomware victim being extorted into paying a ransom under threat of data exposure. We’ve seen some criminals use their total access to an organization’s compromised systems to pit employees against their own executives and IT department by threatening to release stolen employee data if the company did not engage with the criminals and negotiate payment. While it’s still too early to deter- mine if this form of social pressure will be more profitable than more traditional methods, it has heralded a new era in ransom- ware where social pressure and shaming is being used to increase the attackers’ bottom line.

This article is from: