Security Review - March 2022 by Rysha Media

king c a j i H ssion

GISEC GLOBAL 2022 SPECIAL EDITION

Powering a Cyber-Safe, Interconnected World

-th an-in M d n a

SQL Inj

ttacks A e l d e-Mid

k c a t t A ection

Scrip Cross-Site

ting (XSS)

Virus Malware &

ks Spear Phishing Attac

Credential Reuse

Denial of Service (DoS)

Phishing

Ransomware

Volume 2 | Issue 1

MARCH - MAY 2022 WWW.SECURITYREVIEWMAG.COM

1-, 2- or 3-Pack Model# MX5500 MX5501 MX5502 . MX5503

Atlas Pro 6

Whole Home Mesh WiFi 6 Dual-Band System Powered by

New Launch

Covers homes with up to

4-5 bedrooms 90+ Devices AX5400 up to 5.4 Gbps

A better WiFi has arrived Simultaneous video calls, gaming and high-speed data capacity

Key Features

More WiFi Channels Dynamic Frequency Selection (DFS) reduces interference from neighboring networks.

Mesh WiFi 6 delivers true gigabit speeds—up to 5.4 Gbps with 6-stream connectivity—throughout your entire home inside & out. 160 MHz Capable Access to 160 MHz channels—the least congested on the 5GHz band—unleashes WiFi 6’s incredibly fast connectivity, allowing workfrom-home, online learning, streaming & gaming devices to operate simultaneously without reduced bandwidth.

Industry-Leading Technology The Qualcomm™ Immersive Home 216 Platform transforms home & business WiFi to wired-like stability and speed. Easy Setup and Control It’s simple to set up and lets you manage your network or prioritise devices from anywhere, all with the free Linksys app.

Easily Control your Network, Anytime, from Anywhere Multi-site cloud managed Wireless Access Points purpose built for business networks.

IN-WALL 1300AC WiFi 5 MU-MIMO Cloud Managed Wireless Access Point

Outdoor 1300AC WiFi 5 MU-MIMO Cloud Managed Wireless Access Point

LAPAC1300CW

LAPAC1300CE

Dual-Band 802.11AC Wave 2 MU-MIMO (2.4GHz + 5GHz) 3 Gigabit Ethernet Ports 802.3af PoE and 802.3at PoE+ Compliant 802.3af PoE Passthrough (requires 802.3at PoE+ Input) Two-Factor Authentication for Cloud Account Login Reduce time on-site with Zero Touch Provisioning Limited Lifetime Cloud Management

Dual-Band 802.11AC Wave 2 MU-MIMO (2.4GHz + 5GHz) 2x2:2 for AC1300 Speeds (400Mbps + 867Mbps) Four (4) Removable Antennas (SMA) IP67 Rated for Outdoor Applications 802.3af/at PoE or PoE+ Support Limited Lifetime Cloud Management TAA Compliant linksys.com/ae/for-business

>>>

NEWS & VIEWS

CONTENTS

06. Google to Acquire Mandiant for $5.4 Billion 07. Juniper Networks Announces Expansion of Partner Channel 08. CyberKnight Brings Observability and Visibility into the Spotlight at GISEC 2022

09. Genetec Simplifies the Move to Hybrid Cloud with New Streamvault Edge 10. Cisco Study Finds Privacy is Now Mission Critical for Organisations Worldwide 11. Rackspace Technology Expands Strategic Partnership with Cloudflare 16. ColorTokens to Focus on MicroSegmentation-Led Zero Trust Security

17. Lookout to Show Off its SSE Platform

21. SANS to Host Capture-the-Flag 22. Delinea to Show Off Privileged Access Management Solutions 23. Reinforcing Collaboration Between Members of the Cybersecurity Ecosystem 24. Cyber Preparedness Amid An Ongoing Global Crisis

26. A Checklist for Implementing Cyber Protection for MSPs

28. Cyber-Readiness in the Face of an Escalated Gray Zone 29. Cyber Warfare: How the Digital World Became a Battlefield 30. 2,500 Years of Threat Intelligence and Its Value Continues to Grow

31. The Need for a Zero Trust Edge Strategy 33. Cloud Application Delivery: It’s Still a Work in Progress for Many

// SECURITY REVIEW | MARCH-MAY 2022

34 4

EDITORIAL

A part of the Arabian Reseller Network

MARCH - MAY 2022 EDITOR-IN-CHIEF

Chris N. Fernando chris@ryshamedia.com SALES AND MARKETING

Ranbir Sen ranbir@ryshamedia.com ASSISTANT EDITOR

>>>

Edward Frank edward@ryshamedia.com

Chris Fernando

The State of Cybersecurity in the Middle East and Africa Region The continuing success of digitisation initiatives among the countries of the Middle East brings with it an added and growing exposure to the risk of cyber attacks. These attacks — by other states and by increasingly sophisticated criminal rings from around the world — have the potential to derail the progress of digitization, and threaten the benefits delivered through it. Although digitisation holds the potential for rich rewards, it also brings with it significant risks from an ever-evolving host of cyber threats perpetrated by cyber criminals, nation states, and cyber hacktivists. These actors have the motivation, capability, and intent to exploit the vulnerabilities created by a nation’s dependence on digital technologies for commerce and government services. This sustained barrage of cyber attacks and exploitation could undermine the confidence the government, the business sector, and civil society have in digitisation, derailing its progress and thereby threatening the attainment of its promised benefits. According to Mordor Intelligence, the cybersecurity market in the Middle East and Africa was valued at $1903.59 million in 2020, and it is expected to reach $2893.40 million by 2026

and register a CAGR of 7.92% during the forecast period of 2021-2026. The increased sophistication of cyberattacks across heavy industries to result in financial and reputational losses, stringent government regulations, and cyberattacks due to the proliferation of digitalisation are anticipated to be the major market drivers. The need to adopt necessary steps in advance for securing the overall security posture and technological advancements in cloud and IoT has bolstered potential use cases across verticals. An event such as GISEC Global 2022, comes in at the right moment, when companies in the Middle East, in particular the GCC, accelerate their digital transformation and cyber security efforts to protect their customers. The event also offers huge opportunities for vendors and their channel partners to tap into the growing demand for cyber security solutions in the region. The Middle East and Africa region will continue to see an importance in cyber security due to its growth in digital and wider digital transformation – even before the 2020 pandemic that made much of us go virtual and digital.

COPY EDITOR

Priyan Sampath priyan@ryshamedia.com SENIOR WRITER

Nisha Seth info@ryshamedia.com WRITER

Vishal Jagani info@ryshamedia.com GRAPHICS DESIGNER

John Christy info@ryshamedia.com

EDITORIAL DIRECTOR

Prarthana Mary prarthana@ryshamedia.com DIGITAL TEAM

Context Media LLP, Chennai, India. info@contextgroup.net www.securityreviewmag.com

C O N TA C T I N F O R M AT I O N Rysha Media LLC, Sharjah Media City (SHAMS), Al Messaned, Al Bataeh, Sharjah, UAE. sales@ryshamedia.com www.ryshamedia.com ALL RIGHT RESERVED While the publisher has made all efforts to ensure the accuracy of information in the magazine, they will not be held responsible for any errors whatsoever.

Cover Design by Ranbir Sen Copyright @2022

NEWS tomers across their cloud and on-premise environments.

Google to Acquire Mandiant for $5.4 Billion Google has announced that it has signed a definitive agreement to acquire Mandiant for $23.00 per share, in an all-cash transaction valued at approximately $5.4 billion, inclusive of Mandiant’s net cash. Upon the close of the acquisition, Mandiant will join Google Cloud. “Today, organizations are facing cybersecurity challenges that have accelerated in frequency, severity, and diversity, creating a global security imperative. To address these risks, enterprises need to be able to detect and respond to adversaries quickly; analyze and automate threat intelligence to scale threat detection across organizations; orchestrate and automate remediation; validate their protection against known threats, and visualize their IT environment in order to identify and simulate new threats. The cloud represents a new way to change the security paradigm by helping organizations address and protect themselves against entire classes of cyber threats, while also rapidly accelerating digital transformation,” the company said in a press statement. The acquisition of Mandiant will complement Google Cloud’s existing strengths in security. Google Cloud offers customers a robust set of services including pioneering capabilities such as BeyondCorp Enterprise for Zero Trust and VirusTotal for malicious content and software vulnerabilities; Chronicle’s planet-scale security analytics and automation coupled with services such as Security Command Center to help organizations detect and protect themselves from cyber threats; as well as expertise from Google Cloud’s Cybersecurity Action Team. With the addition of Mandiant, Google Cloud will enhance these offerings to deliver an end-to-end security operations suite with even greater capabilities to support cus-

// SECURITY REVIEW | MARCH-MAY 2022

As a recognized leader in a strategic security advisory and incident response services, Mandiant brings real-time and in-depth threat intelligence gained on the frontlines of cybersecurity with the largest organizations in the world. Combined with Google Cloud’s cloud-native security offerings, the acquisition will help enterprises globally stay protected at every stage of the security lifecycle: •

Advisory Services: Mandiant’s proven global expertise in providing a comprehensive incident response, strategic readiness, and technical assurance helps customers mitigate threats and reduce business risk before, during, and after an incident. • Threat Detection and Intelligence: Mandiant’s experience detecting and responding to advanced adversaries offers customers actionable insights into the threats that matter right now. • Automation and Response Tools: Security operations tools within Google Cloud’s Chronicle, Siemplify solutions, and Mandiant’s Automated Defense help customers analyze, prioritize and streamline threat response and leverage Mandiant’s expertise as a virtual extension of their teams. • Testing and Validation: Mandiant Security Validation helps customers continuously validate and measure the effectiveness of cybersecurity controls across cloud and on-premise environments, and complements Google Cloud’s Security Command Center to help ensure strong risk management. • Managed Defense: Mandiant’s managed detection and response service acts as a seamless extension of customers’ security teams, delivering continuous monitoring, event triage and threat hunting that’s agnostic to customers’ endpoint and network tooling. “Organizations around the world are facing unprecedented cybersecurity challenges as the sophistication and severity of attacks that were previously used to target major governments are now being used to target companies in every industry,” said Thomas Kurian, CEO, Google Cloud. “We look forward to welcoming Mandiant to Google Cloud to further enhance our security operations suite and advisory services, and help customers address their most important security challenges.”

Safe Security Board Welcomes Cybersecurity Veteran Safe Security has announced the appointment of Michael Johnson, a veteran US government and commercial industry Chief Information Officer (CIO) and Chief Information Security Officer (CISO), to its Board of Directors. Johnson has been advising Safe Security since December 2020 and joined the Board of Directors of the company on November 10, 2021. “We are delighted to welcome Michael, a veteran in cybersecurity to the Safe Security Board,” said Saket Modi, Co-founder & CEO of Safe Security. “Michael’s experience in managing cybersecurity for government and large organizations in the US is indispensable. His expertise in building and executing cybersecurity strategies, coupled with his deep understanding of cyber is extremely valuable for us as we grow and expand to achieve our mission to become the defacto industry standard to measure, manage and mitigate cyber risk.” Johnson currently serves as CISO, Meta Financial Technologies, Meta Platforms, Inc., and previously served in multiple cybersecurity roles leading large, complex, and dynamic information-intensive global enterprises, including as the Senior Vice President and CISO at Capital One, the CIO for the U.S. Department of Energy, and in other key roles in the Executive Office of the President (the White House), the U.S. Department of Homeland Security, and the Office of the Director of National Intelligence. Commenting on his appointment, Johnson said, “Cyber represents an existential risk to trust-based, digital organizations, and as cyber threats continue to grow in frequency and sophistication, managing cyber risk is critical. It is incumbent on all business risk executives and stakeholders – to include board directors, corporate and C-suite executives, business leaders, technologists, auditors, regulators, etc. – to assess, prioritize, and manage security risk. A contextual and real-time quantification of cyber risk is an absolute imperative to ensure proactive and predictive cybersecurity. I am excited to continue to help Safe Security standardize quantitative cyber risk management and communication for organizations around the world.”

Orange Business Services Juniper Networks Announces Expansion of and Fortinet Partner on Partner Channel SASE Juniper Networks is expanding the fo- differentiated, seamless quality Orange Business Services and Fortinet are partnering to deliver a disruptive approach to Secure Access Service Edge (SASE) by integrating Fortinet’s Security-driven Networking technologies into the Orange telco cloud infrastructure. This reinforces the security and networking convergence while optimising performance regardless of the user’s location. Unlike other SASE service delivery offers on the market, this seamless approach – with built-in integration and automation – ensures real-time service updates and an unparalleled user experience. Digital acceleration, the move to “work from anywhere,” and the adoption of cloud connectivity have altered how network infrastructures and security need to be constructed. SASE converges networking and security in the cloud, supporting dynamic, secure internet access as part of a “work-from-anywhere” strategy to connect everyone and everything using cloud-based applications. SASE extends security capabilities, allowing all types of enterprises to take advantage of zero-trust network access and firewall-as-aservice, for example, regardless of location. This next chapter in the Orange-Fortinet partnership, which has also yielded Flexible SD-WAN based on Fortinet Secure SD-WAN, provides the foundation for cloud-native transformations at scale for improved business agility and resilience. The result is a fully controlled end-to-end globally available SASE solution that bridges the gap between the user and the application. It delivers a secure and managed service from the Orange telco cloud infrastructure, boosted by cybersecurity expertise and capabilities with Orange Cyberdefense. “Digital acceleration and the shift to supporting ‘work from anywhere’ is driving the hybrid convergence of networking and security to enable zero-trust across all edges. Expanding upon our longstanding relationship with Orange, we’re pleased to further integrate our Security-driven Networking technology into the Orange infrastructure to enable a converged networking and security solution, unmatched in terms of visibility, management capabilities, resilience, and user experience,” explains John Maddison, EVP of products and CMO, Fortinet.

cus of its partner channel to encompass managed service providers (MSPs). The company’s new Unified Managed Services Program (UMSP) will give MSPs of all sizes, as Juniper partners, tailored, high-performance, secure solutions across the LAN, campus and WAN, supported by Juniper’s Experience-First Networking.

There is increasing demand in the burgeoning subscription economy for many organisations to turn to ‘as-a-service’ business models. Resellers across the IT sector, particularly in networking, are moving from simply selling products and solutions, toward providing a packaged offering consisting of managed solutions, tools, and technologies – a full service that gives customers the technical support and advice they need, as well as an outstanding experience. According to Gartner, Inc., on-premises NaaS is expected to be adopted by 15 percent of all enterprises by the end of 2024. It is clear that providers should prepare to offer and scale NaaS with tools that enable operational simplicity and profitability. Juniper’s UMSP meets the demands of this evolving landscape by providing partners with a branded, differentiated solutions catalogue that can be further bolstered with Juniper Support Insights, which gives IT and network operations teams actionable operational health insights across their entire network. This is further strengthened by industry-recognised solutions that deliver Experience-First Networking and AIOps, driven by Juniper Mist AI, for rich actionable data insights, flexible automation, simplified deployments, and self-driving tools that help ensure increased recurring revenues for partners and a growing customer base. Sander Groot, Head of Channels EMEA & CALA, said, “Customer demand for differentiated service experience across every industry continues to increase exponentially, across every industry, as their users’ demand evolves – and the UMSP is a key element of Juniper’s response to this. MSPs have a unique role to play in the market, between vendor and customer, particularly when it comes to agility and focus on business outcomes. Juniper wants to empower MSPs to provide customers with the

of experience that their users expect and deserve. MSPs have begun to join our program across EMEA and I look forward to partnering with them and others to build success throughout 2022 and beyond.” Detailed client-to-cloud network visibility and proactive remediation, enabled by the AI-based Marvis Virtual Network Assistant, will help MSPs to deliver outstanding user experiences for customers. Partners will be offered onboarding help, service-creation tools and access to managed service specialists for faster time-to-revenue. There are four available technology tracks: Branch Security The comprehensive Juniper Connected Security portfolio enables network visibility, intelligence and policy enforcement with next-generation firewalls for on-premises and cloud environments, advanced threat prevention, verified threat intelligence feeds and analytics. Access Juniper’s Access solutions (Juniper Networks was named a Leader in the 2021 Gartner Magic Quadrant for Enterprise Wired and Wireless LAN Infrastructure) allow MSPs to deliver innovative network services at scale by combining AI with the agility and reliability of a microservices cloud. End-to-end, AI-driven automation, insights, and actions allow MSPs to optimise end-user experiences from client-to-cloud. Location Services MSPs can provide accurate, real-time navigation and asset-finding services for their customers using detailed Wi-Fi and virtual Bluetooth Low Energy (vBLE) analytics based on location. Personalisation and data analytics capabilities enable turn-by-turn navigation applications, asset-finding services, and proximity alerts while reducing operational costs with intelligent automation. SD-WAN Juniper Session Smart SD-WAN optimises Partners’ operational experience and the user experiences of enterprise customers. Juniper’s approach uses AI and Juniper Mist Cloud Architecture to provide proactive insights and automation that take the complexity out of network operations and support.

NEWS

VMware Enhances End-toEnd Security Offering for Cloud-Native Workloads VMware has unveiled new container runtime security capabilities that build upon strong end-to-end security offering to help customers better secure modern applications at scale. VMware’s portfolio of security solutions for modern applications spans the entire application lifecycle and leverages the company’s deep expertise in workloads, security, and Kubernetes.

CyberKnight Brings Observability and Visibility into the Spotlight at eCrime Congress and GISEC 2022 CyberKnight has announced its participation as the Principal Sponsor at the 13th annual e-Crime & Cybersecurity Congress in Dubai on March 7, as well as one of the largest exhibitors at GISEC 2022 on March 21-23. CyberKnight will highlight to regional IT Security leaders, the importance of observability and visibility while addressing today’s cybersecurity challenges. At the events, CyberKnight will also showcase its Zero Trust Security methodology – The ZTX Framework, alongside market-leading international cybersecurity vendors. At the eCrime Congress, CyberKnight will be joined by:

as well as our participating vendors, who we will be supporting with one of the largest footprints at the event. We look forward to seeing our strategic customers and partners at the show,” added Vivek Gupta, Co-Founder, and COO at CyberKnight. The technologies that will be represented by CyberKnight at GISEC include: • • •

• •

Checkmarx: Unified Application Security SolarWinds: IT Management and Remote Monitoring

•

“Due to the onslaught of ransomware and targeted attacks impacting customer operations in the region over the last couple of years, CyberKnight’s theme for GISEC this year is ‘Business Interrupted: Insight into navigating the precarious cybersecurity landscape’. With our technology partners, we will be showcasing how observability and visibility are fundamental to a Zero Trust Security strategy,” commented Avinash Advani, the Founder, and CEO at CyberKnight.

• • • • •

“GISEC is the largest IT Security event in the Middle East and covers key topics which matter most to CISOs and Security decision-makers including trends such as the metaverse, crypto, dark web, and cyberwarfare. As a trusted cybersecurity advisor to enterprises and government organizations in the region, being present at the show is essential for us

•

// SECURITY REVIEW | MARCH-MAY 2022

• • •

Crowdstrike – EDR, EPP, Threat Intelligence & IR Armis – Agentless IoT & OT Device Security Lookout – Mobile Threat Defense & Mobile App Security, CASB, SASE, and Zero Trust Network Access (ZTNA) Netwrix – Data Access Governance, AD Security, File Integrity Monitoring Illumio – Zero Trust Microsegmentation Appgate – Zero Trust Remote Access Cyware – SOAR + TIP RedSeal – Cyber Risk Modelling PhishRod – Security Awareness, Training Platform & Phishing Simulation IronNet – Network Detection and Response Immersive Labs – Cyber Skills Development & Training Platform Utimaco – Hardware Security Modules (HSMs) and Key Management HelpSystems – Data Classification, Email Security, Managed File Transfer, VA/PT SolarWinds – IT Management and Remote Monitoring Seceon – aiSIEM / aiXDR BlueCat – Secure DNS, DHCP, IP Address Management

Containerized applications present unique runtime security challenges, including how to only allow legitimate traffic in, how to enable least-privileged communications between services and defend against the lateral movement of attackers, and how to validate that the workload itself is operating within the expected guardrails. VMware provides customers with a robust end-to-end security offering that addresses these challenges at the edge, in the microservices network layer, and in the workload itself. This gives organizations greater visibility and control over both their overall security posture as well as the compliance of their containerized applications for improved protection from development to production. “At VMware, we aspire to be the best in the world at protecting applications from within,” said Tom Gillis, senior vice president and general manager, Networking and Advanced Security Business Group, VMware. “Protecting the runtime is the foundation of securing the inner workings of a modern application. With the introduction of container runtime protection, our end-to-end security offering is now tightly integrated across the entire application lifecycle, protects all east-west traffic, and brings a new level of distributed visibility and security to APIs.” As threat actors increasingly launch attacks targeting containers, 97 percent of technology leaders surveyed by VMware say they have concerns about Kubernetes security, and 1 in 5 cite securing containerized workloads at runtime as their biggest concern. To help customers stay one step ahead of attackers, VMware is adding container runtime protection capabilities to enhance its end-to-end security offering for cloud-native workloads. These capabilities build upon the VMware Carbon Black Container solution released in April 2021.

Genetec Simplifies the Move to Hybrid Cloud with New Streamvault Edge Genetec has announced that it will unveil Streamvault Edge at ISC West (Genetec booth #13062). The Edge is an innovative new line of connected appliances that enables the easy transition to a hybrid-cloud infrastructure and marks the beginning of a new edge platform strategy for Genetec. Ideally suited for multi-site operations such as banking, retail, or businesses with remote or unmanned sites, Streamvault Edge enables organizations to modernize their security infrastructure while leveraging existing legacy sensor infrastructure. The Edge enables the gradual migration of security systems to a hybrid architecture without disrupting operations. The appliance is also a low-maintenance, easy-to-install edge device that makes the commissioning, deployment, and management of connected remote sites simple and straightforward without the need for specialized IT expertise. At its initial launch, Streamvault Edge will focus on delivering a hybrid cloud architecture for enterprise-grade video surveillance, with more security and IoT devices to be supported in the coming months. “This is just the beginning of a new edge platform strategy, and a more efficient way of delivering our solutions to customers,” said Christian Morin, Vice President Product Engineering and Chief Security Officer at Genetec, Inc. “We are starting with video, but Streamvault Edge will soon evolve to power a broader range of capabilities from access control to advanced operations technologies.” A connected Linux-based appliance, Streamvault Edge has little to no impact on IT resources and can be easily installed and configured by non-specialized technicians. It offers the simplicity of the cloud for easy connectivity, configuration/deployment, scalability, maintenance, and updates, regardless of where sensor data is archived. For systems integrators, Streamvault Edge offers an ideal solution to help modernize existing installations and extend the useful life of legacy equipment while future-proofing new infrastructure. Streamvault Edge will be available worldwide from the Genetec network of authorized partners.

New Supply Chain Vulnerabilities Impact Medical and IoT Devices, Says Forescout Forescout’s Vedere Labs, in partnership with CyberMDX, have discovered a set of seven new vulnerabilities affecting PTC’s Axeda agent, which we are collectively calling Access:7. Three of the vulnerabilities were rated critical by CISA, as they could enable hackers to remotely execute malicious code and take full control of devices, access sensitive data, or alter configurations in impacted devices. The Axeda solution enables device manufacturers to remotely access and manage connected devices. The affected agent is most popular in healthcare but is also present in other industries, such as financial services and manufacturing. A detailed list of 150+ potentially affected devices from 100+ vendors highlights the significance of the vulnerabilities. The list contains several medical imaging and laboratory devices. IoT devices use a wide variety of operating systems, hardware, and software. Typically, IoT manufacturers do not allow customers to install software, including security agents, on their devices. In the case of Access:7, PTC depends on IoT manufacturers to install the Axeda agent before their IoT devices are sold to customers in what is typically called an original equipment manufacturer (OEM) approach. All versions of the Axeda Agent below 6.9.3 are affected, and Axeda has released patches for all the vulnerabilities. According to Forescout, using anonymized customer data in the Vedere Labs Global Cyber Intelligence Dashboard, it has seen more than 2,000 unique devices running Axeda on their networks. “By examining these sources, we could learn about the potential impact of the vulnerabilities,” Forescout said. Forescout says that a majority of the impacted vendors are in the healthcare sector (55%), followed by IoT (24%), IT (8%), financial services (5%), and manufacturing (4%). The company also adds that more than one-half (54%) of the customers with devices running Axeda is in the healthcare sector.

When the distribution of medical device types running Axeda is taken into consideration, the agent was found to be more popular in imaging (36%) and lab (31%) machines than in any other type. Axeda was developed as a cloud platform for IoT devices; therefore, it is found in a variety of applications beyond healthcare. Vulnerable devices used in other industries include ATMs, vending machines, cash management systems, label printers, barcode scanning systems, SCADA systems, asset monitoring and tracking solutions, IoT gateways, and machines such as industrial cutters. Complete protection against Access:7 requires patching devices running the vulnerable versions of the Axeda components. PTC has released its official patches, and device manufacturers using this software should provide their own updates to customers. For network operators, Forescout, recommends the following: •

•

Discover and inventory devices running Axeda. A constantly updated list of affected device models can be found here. Enforce segmentation controls and proper network hygiene to mitigate the risk from vulnerable devices. Restrict external communication paths and isolate or contain vulnerable devices in zones if they cannot be patched or until they can be patched. In particular, consider blocking one or more of the vulnerable ports listed below for use on any of the affected devices in your organization. The port numbers are listed with their default values; however, they may be configured differently by manufacturers. Monitor progressive patches released by affected device manufacturers and devise a remediation plan for your vulnerable asset inventory, balancing business risk and business continuity requirements. Monitor all network traffic for malicious packets that try to exploit these vulnerabilities. Block known malicious traffic or at least alert network operators of its presence.

NEWS

Bulwark to Show Off AllRound IT Security Products and Services Offering at GISEC 2022 Located in Hall 6, stand C-49, Bulwark will highlight its end-to-end security solutions and customer-centric distribution strategies during the show. The pioneering Value-Added Distributor would join hands with its strong cybersecurity specialized vendor portfolio for GISEC 2022.

Cisco Study Finds Privacy is Now Mission Critical for Organisations Worldwide Cisco published its 2022 Data Privacy Benchmark Study, an annual global review of privacy corporate practices, on the impact of privacy on organizations and their views towards data privacy. The 2022 report found that privacy is mission-critical, as 90 percent consider privacy a business imperative. The survey showed privacy investment continues to rise and organizations see a high return on investments from privacy spending. Privacy has become a true business imperative and a critical component of customer trust for organizations around the world. For the second year in a row, 90 percent of the respondents said they would not buy from an organization that does not properly protect its data, and 91 percent indicated that external privacy certifications are important in their buying process. “The study shows that privacy is increasingly becoming a fundamental responsibility for security professionals. This year, findings show that aligning privacy with security generates financial and other benefits,” said Fady Younes, Cybersecurity Director – Cisco Middle East and Africa. “Privacy continues to rise in importance for organizations, regardless of their size or location,” Younes added. Privacy’s Return on Investment (ROI) remains high for the third straight year, with increased benefits for small to medium size organizations. More than 60 percent of respondents felt they were getting significant business value from privacy, especially when it comes to reducing sales delays, mitigating losses from data breaches, enabling innovation, achieving efficiency, building trust with customers, and making their company more attractive.

// SECURITY REVIEW | MARCH-MAY 2022

Respondents estimate their ROI to be 1.8 times spending on average. While this continues to be very attractive, it is slightly less than last year (1.9 times spending). This could be due to ongoing needs in responding to the pandemic, adapting to new legislation, uncertainty over international data transfers, and increasing requests for data localization. Privacy legislation continues to be very well received around the world even though complying with these laws often involves significant effort and cost (e.g., cataloging data, maintaining records of processing activities, implementing controls – privacy by design, responding to user requests). Eighty-three percent of all corporate respondents said privacy laws have had a positive impact, and only 3 percent indicated the laws have had a negative impact. As governments and organizations continue to demand further data protection, they are putting in place data localization requirements. Ninety-two percent of survey respondents said this has become an important issue for their organizations. But it comes at a price – across all geographies, 88 percent said that localization requirements are adding significant cost to their operation. Finally, when it comes to using data, 92 percent of survey respondents recognize that their organization has a responsibility to only use data in a responsible manner. And nearly as many (87 percent) believe they already have processes in place to ensure automated decision-making is done in accordance with customer expectations.

The company will be offering the latest technologies and new product launches spanning Digital Risk Protection, Hardware Security Modules, Encryption, Smart-ID/PKI Solutions, Web Application Vulnerability Scanner, Data Classification, Data Loss Prevention, Secure Managed File Transfer, Encrypted Flash Drives & Disc Drives, Email Security & Archival, PIM/PAM, Secure Remote Access/Workspace Virtualization, Insider Threat Prevention, Employee Monitoring, Enterprise Mobile Management solutions, Cyber Skills Development / Training platform, SIEM in addition to their other security technologies at the event. “Bulwark, being a cybersecurity-focused VAD operating for more than two decades, GISEC is a great platform for demonstrating our product portfolio to targeted partners & customers in the region. With the region’s huge demand for cyber security, we look forward to receiving excellent & evoking responses from our vendors, partners & customers during the event,” says Jose Thomas Menacherry, Managing Director, Bulwark. The company claims that value addition has been at the very core of Bulwark’s operations since its inception in 1999, making the company grow from strength to strength. Bulwark today has an established network of over 500 resellers throughout UAE, Saudi Arabia, Qatar, Oman, Bahrain, Kuwait, Jordan, Egypt, Lebanon and other ME countries, and the Indian sub-continent region. The company has recently opened its office ‘Bulwark Saudi’ in Riyadh for providing better services to partners and customers in Saudi Arabia.

Rackspace Technology Expands Strategic Partnership with Cloudflare Rackspace Technology has announced an expanded strategic partnership with Cloudflare to offer expert services for Cloudflare Zero Trust, to help businesses reach their cloud-centric goals faster, support remote workers, and provide a Secure Access Service Edge (SASE) for their cloud applications, data, users, and devices. Rackspace Technology is offering managed services for Cloudflare Zero Trust through the Rackspace Elastic Engineering for Security portfolio which is available to customers globally. “We want to forge partnerships that really bring best-in-class cloud solutions to our customers. Our cloud-first delivery model supports businesses globally as they transform their networks, modernize applications, and now to help adopt zero trust security architectures,” said Gary Alterson, Vice President of Security Services for Rackspace Technology. “We are partnering to evolve our service models with Rackspace Elastic Engineering support for Cloudflare Zero Trust to meet the demands of our customers for expert guidance on zero trust cloud architectures.” The Rackspace Technology Elastic Engineering for Security service provides consultative services to help businesses of all sizes around the globe gain access to Rackspace Technology security experts who are available on-demand to help businesses customize, optimize, and manage their Cloudflare security platform. By adding Cloudflare Zero Trust into our Rackspace Security Service portfolio, Rackspace Technology can provide customers with a modernized SASE architecture that can grow rapidly with direct alignment to our customers’ strategic cloud initiatives. Broad adoption of zero trust architectures is taking place across the world, as a critical component to secure cloud architectures. In fact, a recent Rackspace Technology Survey of Global IT Leaders revealed 49% of organizations believe that adoption of zero trust security practices can help tackle their most prevalent cybersecurity challenges with network, platform, and web application attacks.

ServiceNow Broadens Lightstep Portfolio with Introduction of Incident Response Product ServiceNow has announced that Lightstep is extending beyond observability and creating a differentiated portfolio for app development with the general availability of Lightstep Incident Response, helping make organizations’ digital products and services more reliable and resilient. Lightstep Incident Response will enable developers and site reliability engineers (SRE) to reduce downtime by arming them with the service context and automation they need to effectively respond to incidents, such as a software bug, power outage, or down the network. “What we’re hearing from developers and SREs is that eliminating ‘context switch’ – flipping between observability, on-call, collaboration, and incident management tools – would reduce human errors and speed up response times,” said Rohit Jainendra, vice president and general manager of emerging businesses at ServiceNow. “With Lightstep Incident Response, we are providing teams with a single platform that orchestrates on-call escalation, alert grouping, incident analysis, and remediation, while seamlessly integrating with collaboration and incident management tools to eliminate ‘context switch’ and resolve incidents with speed.” ServiceNow acquired Lightstep in 2021 to extend the benefits of observability across business functions and enable enterprises to increase their cloud-native capabilities. The company plans to extend Lightstep’s capabilities beyond observability, with the mission of becoming an end-to-end platform for app development organizations. The general availability of Lightstep Incident Response marks the first major step on that mission. Lightstep Incident Response manages an organization’s on-call rotations by synchronizing everyone’s schedule onto a shared calendar, with specific tags that indicate who needs to be looped in based on the nature of the incident and the service that is impacted. From there, collaborators are invited to a dedicated channel based on

prebuilt collaboration integrations for quick remediation. Additionally, they can create automation that self-triage and self-remediate problems should they reoccur. Lightstep Incident Response seamlessly integrates with leading monitoring, observability, and collaboration tools, including LogicMonitor, Postman, Sumo Logic, Zoom, and more, streamlining the incident response process. For ServiceNow customers, Lightstep Incident Response natively integrates with the Now Platform, allowing users to quickly respond to or escalate incidents to the right team all on one platform and connecting incident response to core operations – putting the entire power of their organization behind the end-customer experience. “Combining real-time observability and incident response gives on-call engineers powerful insight into the changes that matter and the ability to act quickly,” said Ben Sigelman, general manager of Lightstep and co-creator of OpenTelemetry. “With the introduction of Lightstep Incident Response, we are delivering the all-in-one solution for developers and SREs to act with the speed and efficiency necessary to maintain exceptional experiences for customers using their applications and services. In combination with OpenTelemetry, a Cloud Native Computing Foundation sandbox project founded in part by Lightstep, organizations will now have the data platform, workflows, and an open standards approach necessary to successfully operate highly-distributed cloud-native services.” Lightstep Incident Response is offered as free and paid versions and introduces an innovative usage-based pricing model based on the number of active services being managed. Customers don’t pay by the seat and only pay for what they use. This allows the entire team to participate in the incident response process and drive a culture of service ownership. Customers can get started immediately with a 30-day free trial.

GISEC 2022

CRITICAL CONSIDERATIONS FOR MODERN ENDPOINT SECURITY AGAINST TODAY’S ATTACKS Roland Daccache, the Systems Engineering Manager for MEA at CrowdStrike, says priroritised decision making is needed in order to achieve the required level of resilience in today’s ever-evolving threat landscape

Are you participating in GISEC 2022 and what is your theme of participation at the event? Yes, we will be participating at GISEC this year. Our theme of participation will be “Critical Considerations for Modern Endpoint Security Against Today’s Attacks”. What is the general agenda / planned list of activities at the event? Apart from our activities at the event, we will also be hosting an exclusive CIO dinner during GISEC 2022.

such as firewalls and proxies, and a larger focus on detection and response technologies across endpoints, cloud workloads, and the modern application stack. Will you be running any offline/ online engagements alongside the event? We have a speaking session at the CyberKnight stand at C35, and a we have dark stage speaking slot for 20 mins.

What according to you are the challenges faced by CISOs and Cybersecurity experts today? From a CISO perspective, and depending on the size of the organization, the main struggles are between lack of resources and budget for SMBs and misappropriation of resources and tools in larger enterprises. Therefore, priroritised decision-making is needed in order to achieve the required level of resilience in today’s ever-evolving threat landscape. This includes less emphasis on traditional hygiene layers spending

// SECURITY REVIEW | MARCH-MAY 2022

CHECK POINT TO SHOW OFF CLOUDGUARD, HARMONY, AND QUANTUM Ram Narayanan, the Country Manager for the Middle East at Check Point Software Technologies, speaks about his company’s participation at GISEC 2022 Are you participating in GISEC 2022? Check Point Software is committed to supporting and being part of global platforms such as GISEC to showcase expertise and reach out to our customers. GISEC 2022 provides an opportunity to network with channel partners to seek new ways of collaborating to provide solutions to their customers & meet directly with prospect customers and showcase our solutions. We are participating at GISEC 2022 with a silver sponsorship and will be exhibiting in D18 – Hall 7. What is your theme of participation at the event? GISEC is one of the most anticipated events in the region which provides an enormous platform to showcase our transformation and signal our new thinking and energy and capitalize on new business development. We will emphasize our new strategic directions towards the best and brightest thinking around our solution highlights through our new mantra ‘You Deserve the best Security’ and showcase our Infinity portfolio of solutions which includes our three main pillars, Check Point CloudGuard, Check Point Harmony, and Check Point Quantum. Apart from hosting visitors at our booth, we will also be presenting an expert session on the Dark Stage during the event. What is the general agenda / planned list of activities at the event? GISEC 2022 is going to be busy. We have a booth in Hall 7 – D18, we will be hosting visitors at the booth and showcasing our solution highlights.

•

We plan to introduce Demo Point to our channel partners and end customers where they get to explore our Quantum (Network), CloudGuard (Cloud) & Harmony (User and Access) security products. This is a personalized demo and would be coordinated by one of our security experts With digital transformation initiatives gaining traction and more cloud adoption we will have our cloud security architects engaging with customers onsite and showcase how to address cloud security at scale and speed We will be discussing and showcasing our hyperscale architecture – Maestro solution and engaging with prospects how it can be relevant to their environment and address some of their use cases We are planning to showcase the findings from Check Point Research in the dark stage session and how prevention first strategy can help to mitigate the risks

What according to you are the challenges faced by CISOs and Cybersecurity experts today? The last couple of years has been far from ordinary, both for cybersecurity and business in general. The COVID-19 pandemic has permanently changed how business is done, and cybercriminals have adapted to these changes, tailoring their tactics to the new reality. Every year, certain threats grow rapidly as cybercriminals focus their efforts on a particularly effective or lucrative attack

technique, such as ransomware or cryptojacking. However, one of the most worrying trends in 2021 was the growth of cybercrime across the board. In 2021, the total number of cyberattacks increased by 50% year over year globally and by 71% in the UAE. Many companies are still supporting a mostly or wholly remote workforce, and cloud adoption continues to grow. CISOs and cybersecurity experts are continuously facing the challenges of sophisticated attacks that target every part of the IT infrastructure, especially where it is the weakest. Defending against modern cyber threat campaigns requires the ability to respond quickly and correctly to rapidly-evolving attacks that can strike anywhere within an organization’s IT infrastructure. Will you be running any offline/online engagements alongside the event? Check Point Software has been using online platforms and organizing webinars throughout the year. During GISEC we look forward to maximizing the in-person interaction and hosting our customers. We plan to organise an evening roundtable with our executives, top customers, and prospects following the discussions and activities during the event.

GISEC 2022

FORTINET TO PARTICIPATE ALONG WITH ITS DISTRIBUTOR EXCLUSIVE NETWORKS Alain Penel, the Regional Vice President for the Middle East at Fortinet, says, one of the most challenging jobs CISO faces is preparing for the next round of threats

What is your theme of participation at the event? Fortinet will be participating at the show along with our distributor – Exclusive Networks and will be present in Hall 6 Booth # B60. The expanding attack surface, increasingly sophisticated cyber threats, and network security complexity create challenges for organizations in every industry. They should look into a security platform based on a cybersecurity mesh architecture with security solutions that are designed to work together. Broad reach, native integration, and advanced, artificial intelligence-based automation are the key attributes of the mesh approach. They are precisely the core attributes of the Fortinet Security Fabric, which will be in the spotlight in this edition. In addition, Fortinet is providing the convergence of security and networking by delivering industry-first innovations such as Secure SD-WAN. Fortinet Secure SD-WAN is powered by the industry’s first custom-built SD-WAN ASIC, which improves security posture effectiveness and user experience while making it the most cost-effective solution on the market.

// SECURITY REVIEW | MARCH-MAY 2022

In addition, Fortinet Secure SDWAN is powered by a single operating system, FortiOS, and a single management console. Running all security, networking, and connectivity functions on a single OS improves efficiency across all WAN and cloud edges.

steal or destroy data, and extort money. According to the Threat Predictions report from FortiGuard Labs, CISOs can expect to see continued growth in ransomware as well as a growing volume of attacks due to the expanding Crime-as-aService market.

Last but not least, Cloud will remain a key topic this year. Today’s organizations rely heavily on cloud applications in order to be at the forefront of digital innovations and to keep their users connected and their businesses thriving. They need to implement an integrated platform approach to address the various issues that highly distributed cloud environments may introduce. Adaptive Cloud Security platforms make this possible by protecting workloads and applications both in on-premises data centers, as well as in any cloud environment — with built-in multilayer security for all cloud-based applications.

This spike in new attacks will soon include Linux platforms with more botnet malware being written for Linux platforms. This expands the attack surface further, out to the network edge. Indeed, we expect to see more activity targeting edge devices traditionally overlooked by cybercriminals such as satellites. And we also expect to see more cybercriminals targeting Operational Technology (OT) systems.

What according to you are the challenges faced by CISOs and Cybersecurity experts today? One of the most challenging jobs every CISO faces is preparing for the next round of threats designed to disrupt their business, compromise critical devices and systems,

COLORTOKENS TO FOCUS ON MICROSEGMENTATION-LED ZERO TRUST SECURITY Nader Baghdadi, the Senior Regional Director for the Middle East – Sales & Strategic Partnerships for ColorTokens, says that his company will augment its capability by helping organizations tackle top security priorities for businesses Are you participating in GISEC 2022? Yes, we are very excited to be a part of the largest security forum in the Middle East. ColorTokens will be at the event with Citrus and other partners to help address the pressing needs of security for organizations in the Middle East. What is your theme of participation at the event? We are leading the conversation with what we do best. Micro-segmentation-led Zero Trust security. As a leader in deploying Zero Trust security at critical points, ColorTokens offers an easy-to-deploy, cloud-delivered platform that goes far beyond the perimeter. Our solutions simplify, accelerate and automate the micro-segmentation and Zero Trust journey, to secure businesses, from endpoint to cloud. Furthermore, we take immense pride to state that we are the only company that delivers Zero Trust segmentation across the spectrum i.e., data center, cloud, containers, users, and devices What is the general agenda / planned list of activities at the event? We recently entered the Middle East region with aspirational goals that we are confident we’ll reach. Our priority is to align with organizations and display who we are and how we can help them with their security challenges. We are bringing the best of our organization to booth #D35 with Citrus Consulting

Services. We have exciting product demonstrations and product information and goodies to welcome conversations at the booth. Citrus is a technology consultancy firm that helps private, public, and governmental organizations across the Middle East and Africa take the next step in their digital transformation journey. They complement their tailored, integrated expertise with a vibrant ecosystem of digital innovators to deliver better, faster, and more enduring outcomes. ColorTokens will augment its capability by helping organizations tackle top security priorities for businesses. Our solutions reduce the complexity of defining and enforcing security controls in an increasingly complex digital world. Our award-winning Xtended ZeroTrust Platform integrates seamlessly with existing security tools in organizations to protect their network against ransomware attacks, unauthorized lateral movement, and zero-day attacks. What according to you are the challenges faced by CISOs and Cybersecurity experts today? Digital transformation has led to applications, services, and data distributed across data centres and the cloud. Traditional security approaches like VPNs no longer work as they cannot enforce granular, identity-based access, thereby exposing large attack surfaces to malicious actors.

We live in an ‘API Economy’. The world is getting increasingly interconnected with each other. You may never know whether something connecting and seeking data from the application is genuine or not. With the advent of 5G and IoT devices, the threat landscape will grow hundreds of folds. Gone are the days when securing the enterprise from the rest of the world by deploying firewalls and intrusion detection systems would suffice. The security perimeter is no longer tied around a data center. To add to this, we have existing data security gaps, localization, compliance, and working with legacy systems. Most organizations are not sure how to build a security model around the existing complex infrastructure while planning for the hyperconnected future. And this becomes a key challenge for CISOs to address. How can they simplify and accelerate their security while scaling for the future? Will you be running any offline/ online engagements alongside the event? We will be following up on the conversations in a round table setting after the event to meet with industry practitioners looking to move their security plans forward. We will also provide interested prospects with the information that helps them make their decisions better through digital channels.

GISEC 2022

SECTRIO TO FOCUS ON SECURING THE OT-IOT-IT CONVERGENCE Kiran Zachariah, the Vice President for Digital Security at Sectrio, says there is a clear need to reassess the security posture and implement new controls

Are you participating in GISEC 2022? Yes, we are participating at GISEC 2022 and are excited to take our solutions, products, and our Threat Intelligence Platform to businesses in the region. This will be our second event in the region after the rebranding exercise. What is your theme of participation at the event? Our focus for this year is purely on securing the OT-IoT-IT convergence. What is the general agenda / planned list of activities at the event? We will be showcasing our platform and are planning a lot of activities to engage with businesses and prospects within the region.

there is no compromise on the health and safety of the employees and ensuring there is no impact on production. Compliance with IEC 62443 is being mandated by regulators to ensure the ICS infrastructure is well protected and CISO is looking for risk assessments to understand their status quo. Will you be running any offline/ online engagements alongside the event? Yes, we are exploring to engage prospects by inviting them to an additional closed-door event.

What according to you are the challenges faced by CISOs and Cybersecurity experts today? We see a clear trend of organizations adopting digitization by means of connecting their commercial business functions and their plants, which were traditionally air-gapped. This exposes new attack surfaces and there is a clear need to reassess the security posture and implement new controls to ensure

// SECURITY REVIEW | MARCH-MAY 2022

LOOKOUT TO SHOW OFF ITS SSE PLATFORM Bahaa Hudairi, the Regional Sales Director for META at Lookout, says organisations have left doors open in the collaboration tools and other cloud technologies Are you participating in GISEC 2022? Yes – at GISEC, Lookout can be found at the CyberKnight’s Stand at C35. What is your theme of participation at the event? Our goal for GISEC is to showcase how SSE technologies can protect an organizations’ entire data path from endpoint to cloud. When it comes to protecting against ransomware, data leakage, insider threats, compromised accounts, and unknown devices, we are in the fight to win it. That is our core principle and our primary message at GISEC 2022. What is the general agenda / planned list of activities at the event? We will use GISEC as a platform to showcase the Lookout SSE platform. The Lookout SSE solution enables organizations to secure their data while supporting a modern, anywhere anytime workforce with consistent cloud-delivered security policies regardless of where data is stored. In addition to integrating Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), and Secure Web Gateway (SWG) into a single platform, Lookout SSE integrates policy and data security enforcements deeply across web,

SaaS, and private applications. These include User and Entity Behavior Analytics (UEBA), Data Loss Prevention (DLP), and Enterprise Digital Rights Management (EDRM).

Also, Software-as-a-service (SaaS) applications and infrastructure-as-a-service (IaaS) platforms are both at risk from the regional rise in threat-actor activity seen during the pandemic.

As a result, the Lookout SSE solution delivers an easy-to-use unified user interface across SWG, CASB, and ZTNA that simplifies policy and reporting workflows.

Because of the widespread privileged access traditionally found among users in today’s organizations, a ransomware criminal does not need to look long for an inroad.

Lookout SSE consolidates CASB, ZTNA, and SWG with Endpoint Security into a unified platform that reduces cost and complexity while simplifying management of security and access across all endpoints, clouds, and on-premises infrastructures.

Organizations have also left doors open in the collaboration tools and other cloud technologies they used to deliver business continuity during the COVID-19 outbreak.

By analyzing telemetry data from users, endpoints, and the data they’re accessing, Lookout dynamically enforces policies with varying degrees of granularity. What according to you are the challenges faced by CISOs and Cybersecurity experts today? Apps and data are increasingly residing in the cloud, and users expect seamless access from anywhere on any device. But security controls have been deployed with disparate on-premises tools that are anchored to data centers. As a result, most organizations have lost control of their data security as they migrate to the cloud.

Will you be running any offline/ online engagements alongside the event? At GISEC, Lookout will speak on the X-Labs Stage about how to “Achieve Enhanced Cloud Security and Protect Against Ransomware”.

GISEC 2022

VIRSEC TO SHOW OFF DETERMINISTIC PROTECTION PLATFORM AND VIRSEC SECURITY PLATFORM Rahil Ghaffar, the Regional Director for the Middle East and Africa at Virsec, says the company plans to continually invest in the region to further strengthen its progress Are you participating in GISEC 2022? Yes, Virsec is looking forward to participating in GISEC 2022 this year. What is your theme of participation at the event? As one of the largest and most awaited cybersecurity conferences in the Arab region, we want to show our growth at GISEC 2022, and how our growth supports that of our customers. In this line, we will be showcasing our recently launched Deterministic Protection Platform (DPP). DPP is the next evolution of our company’s flagship and award-winning Virsec Security Platform (VSP), the first solution that could eradicate threats to the software workload at runtime in real-time. DPP not only ensures better protection against all known and unknown threats to software workloads, but it also reduces threat actor dwell time from minutes to milliseconds, with true protection and runtime observability. Another theme is awareness – we aim to provide our customers and partners with the knowledge of true runtime protection, and the need for it, allowing them to understand how DPP by Virsec makes security response obsolete by improving the protection that conventional, probabilistic solutions currently offer. What is the general agenda / planned list of activities at the event? Virsec is growing in the Middle East-

// SECURITY REVIEW | MARCH-MAY 2022

ern market and plans to continually invest in the region to further strengthen our progress and provide the best-in-class cybersecurity to customers. With this in mind, our agenda for GISEC is ideally to interact and engage with more Channel Partners offering the value proposition and demonstrate how Virsec can strengthen and elevate their security offerings. We also look forward to engaging with Top Level Executives, as well as clients and customers, sharing our thought leadership message around the need for deterministic protection at runtime to secure their software and critical infrastructure. We are also greatly anticipating our CEO, Dave Furneaux, and Bobby Gupta, Senior Vice President and MD of International Business, who will attend GISEC this year, where they will be interacting with key customers at the exhibition, as well as driving media engagements. What according to you are the challenges faced by CISOs and Cybersecurity experts today? We all have seen a huge surge of increasingly sophisticated cyberattacks during the pandemic, and the rate at which they continue to occur is relentless and only seems to grow by the day. Challenges faced at this point are typically in need of a solution that not only protects the known negatives, but also unknown Zero-day attacks. Ultimately, solutions should be able to protect both known and unknown vulnerabilities

from being exploited. However, we must keep in mind that there are other associated factors that influence this, such as current solution(s) often resulting in false positives and the need for constant human intervention to detect and protect businesses. Human error is one of the major causes of breaches, especially considering the present day when stress levels are at an extreme high with too much information from too many sources. To avoid and solve this, there needs to be a complete shift in the approach when dealing with such sophisticated attacks. We need a solution that does not only detect, but also automatically protect, and with extreme precision – without human intervention. Will you be running any offline/ online engagements alongside the event? We aim to engage with customers, clients, and partners pre-and post event over networking sessions. Our senior management, experts, and executives will be available at stand D-55 to interact with visitors and professionals at the event, to discuss the evolving threat landscape, and demonstrate how Virsec’s solutions, namely DPP, can equip organizations with the skills required to overcome and prevent these cyberthreats from impacting their business.

QUALYS TO OFFER 30-DAY TRIALS OF ITS INNOVATIVE SOLUTIONS Hadi Jaafarawi, the Managing Director for the Middle East at Qualys, says visitors to the Qualys booth will get a chance to speak with our technical experts about our full solution portfolio Are you participating in GISEC 2022? Yes – we will be at GISEC at stand C47 What is your theme of participation at the event? Our theme for GISEC 2022 is “Securing Your Digital Transformation with Cybersecurity Automation” What is the general agenda / planned list of activities at the event? At GISEC 2022, we will showcase our latest innovations and offer 30-day trials to interested delegates. A key message for us this year will be the benefits of automation within the cybersecurity function. Visitors to the Qualys booth will get a chance to speak with our technical experts about our full solution portfolio, including: •

•

Qualys Cybersecurity Asset Management (CSAM) — an asset management solution that enables security teams to reduce the ‘threat debt’ by continuously inventorying assets, applying business criticality and risk context, detecting security gaps like unauthorized or EOL software, and responding with appropriate actions to mitigate risk. Qualys Vulnerability Management Detection and Response (VMDR) — a single-console platform for the discovery,

•

assessment, prioritization, and patching of critical vulnerabilities in real-time, across global hybrid-IT landscapes. This year, we will be highlighting VMDR’s recently added Advanced Remediation capability, which allows organizations to fix asset misconfigurations, patch operating systems, and third-party applications, and deploy custom software. Qualys Context XDR — the industry’s first context-aware XDR solution that combines rich asset inventory and vulnerability context, network, and endpoint telemetry from Qualys sensors, along with high-quality threat intelligence and third-party log data to identify threats quickly and reduce alert fatigue.

What according to you are the challenges faced by CISOs and Cybersecurity experts today? Regional media outlets have catalogued a sharp surge in cyberattacks since the beginning of the COVID-19 pandemic. In the first half of 2021, malware attacks across the Middle East were up almost 17% on the year-earlier period. Kuwait, Bahrain, Egypt, and Qatar were among the hardest hit and Oman alone saw a 67% increase in incidents. As organisations continue to accelerate their digital transforma-

tion journeys, they must adapt their threat postures to cover newly adopted technologies and methodologies such as containers, DevOps, mobility, IoT, OT, and cloud, while maintaining their traditional data centers. Will you be running any offline/ online engagements alongside the event? Tarek Naja, security architect for the Middle East at Qualys will give a talk on GISEC’s Dark Stage focused on Azure Active Directory Hacking. The session will cover the main methods used by threat actors to perform reconnaissance, get a foothold, maintain access, escalate privileges, and pivot between on-prem and the cloud.

GISEC 2022

TENABLE TO DISCUSS THE EVER-EVOLVING SECURITY THREAT LANDSCAPE Maher Jadallah, the Senior Director for the Middle East and North Africa at Tenable, says discovering and prioritising vulnerabilities in a cloud environment is only half the battle Are you participating in GISEC 2022? Yes, we will be exhibiting at the Gulf Information Security Expo & Conference (GISEC), taking place at the Dubai World Trade Center from 21 – 23 March 2022. Our stand is B45. What is your theme of participation at the event? Cloud adoption has exploded, particularly to accommodate a hybrid workforce. However, discovering and prioritising vulnerabilities in a cloud environment is only half the battle. Organisations need to shift left with cloud security to find and remediate vulnerabilities before they reach production. When we look at how attacks play out, in the vast majority of cases, bad actors typically go after the low hanging fruit in networks — known but unpatched vulnerabilities. Having exploited a vulnerability to gain a toe-hold into the organisation, attackers will pivot focus to Active Directory and the identity infrastructure to escalate privileges and move laterally, with an aim to target further vulnerabilities, install malware and exfiltrate data. At GISEC, our focus will be helping organisations understand these security risks to their business. What is the general agenda / planned list of activities at the event? Tenable’s senior leaders and cybersecurity experts will be available to

// SECURITY REVIEW | MARCH-MAY 2022

meet and discuss the current cyber threat landscape, including the common Active Directory misconfigurations organisations need to address to reduce their risk, with demonstrations of Tenable’s security solutions. In addition, Bernard Montel – Tenable’s Technical Director and Security Strategist, will be presenting a session discussing how ransomware attacks against critical infrastructures, and in particular in the healthcare sector, are on the rise. He will cover how to identify attack paths targeting Active Directory, by focusing, as an example, on the Healthcare sector among the Critical Infrastructures. We will also understand how to insert Active Directory monitoring and protection into a global Risk Based Vulnerability Management program. What according to you are the challenges faced by CISOs and Cybersecurity experts today? Successful cyber breaches typically start by exploiting a known vulnerability followed by attacks on Active Directory to escalate privileges, move laterally, install malware and exfiltrate data affecting IT systems and operational technology. Unfortunately, most organisations struggle with Active Directory security due to misconfigurations piling up as domains increase in complexity, leaving security teams unable to find and fix flaws before they become business-impacting issues.

Will you be running any offline/ online engagements alongside the event? Over the three days we will be running a number of educational sessions from the booth, including a full overview of our platform. Tenable’s powerful combination of risk-based vulnerability management and Active Directory security solutions help prevent threat actors from getting a toe-hold in the corporate environment, stopping attacks before they can begin.

SANS TO HOST CAPTURE-THE-FLAG Ned Baltagi, the Managing Director for the Middle East and Africa at SANS Institute, says the company’s theme of participation at the event will be around workforce development Are you participating in GISEC 2022? Yes, we are – SANS has been participating for the last 3 years now and we are looking forward to being a part of GISEC once more. What is your theme of participation at the event? The overall theme for our participation this year will be around workforce development and how SANS can help organizations train, recruit and retain their cybersecurity staff. We have many products to offer organizations to help them provide their staff with the best possible training experience. There are many options for organizations, small to large, to choose from to help them progress. From our core training courses to our Capture-the-Flag events (CTFs), security awareness products, knowledge assessments, NetWars tournaments, and even Cyber Training academies, we will be bringing a vast range to GISEC 2022. What is the general agenda / planned list of activities at the event? We would like to showcase our larger product portfolio, inform visitors that SANS is more than just our core training courses,

and highlight that we offer cybersecurity training solutions for all organisations. There will also be the opportunity to participate in one of our Capture-the-Flag events, and visitors to our stand will have the ability to see and experience one of our many training courses through our Live Online training format. What according to you are the challenges faced by CISOs and Cybersecurity experts today? There are two main challenges at the moment. One is to ensure you are adequately protected against the latest threats coming from nation-state actors such as Russia. SANS has put together a resource center that helps you understand exactly what is happening right now and how you can protect yourself and your organisation. The second is the ever-growing skills gap and need for talented and trained personnel. With a growing shortage of people available on the job market, it is becoming increasingly challenging for organisations to find the right talent for the right jobs. Our SANS Immersion Academies or Assessments, support organ-

isations in finding hidden talent within the existing workforce. We also help governments set up special programs to help identify, find, and train people who are unaware that they had an inclination towards and a talent for cybersecurity. Will you be running any offline/ online engagements alongside the event? Yes, we will host our own SANS Capture-the-Flag during the days of GISEC.

GISEC 2022

DELINEA TO SHOW OFF PRIVILEGED ACCESS MANAGEMENT SOLUTIONS Mark De Simone, the Regional Director for MEA at Delinea, says the company aims to strengthen its ties with its channel community and raise brand awareness Are you participating in GISEC 2022? This year’s edition of GISEC is especially important to our company as just last month we debuted as Delinea, formed through the merger of established Privileged Access Management (PAM) leaders Thycotic and Centrify. The show will be the first in-person event in the UAE that offers us the ability to raise awareness about our new brand and its mission of providing security that’s invisible to the user, while simultaneously providing IT and security teams with the control they require. At Delinea, our go-to-market strategy for the Middle East is channel-driven, and our partners are a fundamental part of our value chain. To highlight the emphasis Delinea places on empowering its channel, we are co-participating at GISEC with our regional distributor, Shifra. What is your theme of participation at the event? Our message to attendees of the show is clear and concise – with Delinea, ‘Privileged access just got more accessible’. Businesses today are faced with the challenge of IT environments that are growing in complexity, which is exacerbated by threats that are increasing in both volume and sophistication. Legacy PAM solutions are not designed for these hybrid environments, are too complex, and cannot solve current privilege management challenges. Delinea addresses this with PAM

// SECURITY REVIEW | MARCH-MAY 2022

solutions that deliver seamless security by helping delineate the boundaries of access so users get the access they want while IT gets the control it needs. Our cloud-ready, enterprise-grade PAM solutions put privileged access at the centre of cybersecurity strategies. What is the general agenda / planned list of activities at the event? Over the three days of the event, top executives from our regional team will be present to engage with customers and prospects to understand the challenges they face, and present comprehensive ways in which by working with us, they can secure their critical data, devices, code, and cloud infrastructure to help reduce risk, ensure compliance and simplify security. We will showcase a number of our solutions at GISEC, including live demos of our Privileged Account and Session Management (PASM), Privilege Elevation and Delegation Management (PEDM), and Remote Access portfolios. Ultimately, by participating at GISEC, we aim to strengthen our ties with our channel, raise brand awareness, and establish Delinea as a leading provider of seamless cybersecurity solutions to regional enterprises. What according to you are the challenges faced by CISOs and Cybersecurity experts today? With recent changes to workforce dynamics, the balance between pro-

ductivity and security is now teetering on the brink. As a result, CISOs and cybersecurity experts are now having to re-evaluate risk and move back to more strategic decision-making. But as they do so, they are having to face increasingly sophisticated environments and more challenging requirements for securing an expanded threatscape. Delinea believes the opposite of complex isn’t simple – it’s seamless. We focus on empowering cybersecurity teams with solutions that are powerful and feature-rich, yet easy to operate and manage while giving users the digital freedom they want to do their jobs. Will you be running any offline/ online engagements alongside the event? In the runup to GISEC, and through the three days of the event, we will promote our participation on social media. Organisations can turn to our official social channels to learn about the solutions we will be highlighting at the show, and the use cases and business challenges we can help them solve with our technologies. We are also offering customers and prospects the ability to plan and maximise their attendance by pre-booking one-on-one meetings with members of our team in advance of the show.

REINFORCING COLLABORATION BETWEEN MEMBERS OF THE CYBERSECURITY ECOSYSTEM Toni El Inati, the RVP Sales for META and CEE at Barracuda Networks, says that there is a real shift underway, moving from volumetric to targeted attacks Are you participating in GISEC 2022? As GISEC is one of the region’s most important cybersecurity events of the year, top executives from our leadership, sales and channel teams will be present at the show this year. Just this year, we announced our partnership with Finesse, and we now are participating together with them to showcase to customers how Finesse’s expertise in digital transformation, complemented by the power and simplicity of Barracuda’s cybersecurity solutions portfolio, can enable them to reduce cybersecurity risk on their digital journeys. What is your theme of participation at the event? Recent Barracuda research has shown that 72% of organisations have been breached through web applications. With applications becoming a primary interface between consumers and the businesses they engage with, securing these critical interfaces is paramount. At the same time, businesses have been plagued by ransomware and other email-driven exploits, with our latest data showing that nearly one in every ten social engineering attacks is a Business Email Compromise. There is a real shift underway, moving from volumetric to targeted attacks, from malware to social engineering, from single hackers to

organized criminal enterprises profiting from attacks that begin with a single phishing email. For these reasons, the theme of our participation at GISEC 2022 will centre around demonstrating to attendees how we can enable them in effectively ‘Securing Applications and Email’. What is the general agenda / planned list of activities at the event? We will be collaborating with our new partner Finesse to raise awareness of our partnership through our participation at GISEC. Given that we have new cybersecurity professionals who have recently joined our regional team, we will utilise the show as an opportunity to introduce them to existing customers and partners. Large trade shows such as GISEC centre around creating awareness and reinforcing collaboration between members of the cybersecurity ecosystem. We are eager to engage with all stakeholders to get a deeper understanding of the latest market requirements and developments. In the end, what we hope to accomplish is meaningful engagements that enable us to collaborate with a wider number of customers and partners. What according to you are the challenges faced by CISOs and Cybersecurity experts today? The key challenges CISOs face with security solutions – complex-

ity, cost, management overheads, and the negative impact they could potentially have on end-user experience and productivity – are all avoidable. This was the premise on which Barracuda was started as our mission was to make robust email security available to all businesses. We have since expanded on this and today, our mission is to protect and support our customers for life. In line with this, Barracuda provides over 200,000 customers with easy, comprehensive, and affordable solutions for email protection, application, cloud security, network security, and data protection. Will you be running any offline/ online engagements alongside the event? We recently announced the regional availability of our Barracuda Cloudto-Cloud Backup solution from Microsoft’s local cloud data centres. This solution delivers a fast search and restore experience for Office 365 data, including Teams, Exchange Online, SharePoint, and OneDrive. Compared with traditional backup and recovery solutions, it is a cloudfirst solution that provides scale and resiliency, fast performance, and wide global coverage to protect Office 365 data born in the cloud. As this is one of the solutions we will be showcasing at GISEC, in the run-up to the event, we have been running digital campaigns together with Microsoft to promote the same.

COVER STORY

CYBER PREPAREDNESS AMID AN ONGOING GLOBAL CRISIS Amid the escalation of the Ukraine crisis, industry experts suggest we could expect an increase in cyber threats. In this article, we spoke to industry experts about the type of threats to expect, the threat actors, and possible ways to contain such threats The ongoing stand-off between Russia and Ukraine has rattled global political and business leaders, who fear that the invasion will inflict damage the world over. Earlier this year, multiple Ukrainian websites were hit by a cyber strike that left a warning to “be afraid and expect the worst”, as Russia had amassed troops near Ukraine’s borders. Cyber Threats Expected While we are now coming to terms with the idea of a new conflict in a sensitive region of the world, tanks, troops, planes, bullets, and bombs are not the only weapons of war. Cyber attacks are more than just an annoyance. “When weaponized, cyber-attacks can cost lives as well, and maybe uncontrollable when unleashed in mass during an armed conflict. They can devastate a target and allies, but have the unfortunate consequence of affecting civilians as well, even if they are not within the theater of conflict,” explains Morey Haber, the Chief Security Officer at BeyondTrust.

// SECURITY REVIEW | MARCH-MAY 2022

“An escalation in attacks on critical infrastructure providers and government agencies and suppliers are likely to increase. Expect an increase in RansomOps, where the execution of the ransomware itself is just the initial piece of a much longer attack chain,” says Sam Curry, the Chief Security Officer at Cybereason. “RansomOps take a low and slow approach, infiltrating the network and spending time moving laterally and conducting reconnaissance to identify and exfiltrate valuable data. Threat actors might be in a network for days or even weeks.” In addition, says Curry, supply chain attacks will be leveraged and adopted by more cybercriminal groups in the months ahead. “Companies that act as suppliers or providers need to be more vigilant and overall organizations need to be aware of the potential risk posed throughout the supply chain,” he adds. According to Kiran Zachariah – VP -Digital Security at Sectrio, his company has seen a

significant rise in the number of cyberattacks logged by their global honeypot network in the past few weeks. “Further, we have also seen a 77 percent rise in attacks on manufacturing and oil and gas. We have also seen an increase in the activity levels of certain state-backed hacker groups in Eastern Europe. The quality of phishing kits that we are intercepting now has improved remarkably in 2022 indicating a significant R&D push from the hackers. Even if these trends are not linked to the Ukraine crisis, there is still a significant deterioration in the global threat environment and that is a clear cause of concern,” adds Zachariah. John Hultquist, VP of Intelligence Analysis at Mandiant, is of the opinion that information operations are a regular feature of Russian and Belarusian cyber activity. “Such actors leverage a variety of tactics to achieve their aims, including but not limited to the use of social media campaigns involving coordinated and inauthentic activity, as well as the

compromise of entities in hack-and-leak operations or for use in disseminating fabricated content to promote desired narratives,” adds Hultquist. “Disruptive and destructive cyberattacks take many forms, from distributed denial-of-service attacks to complex attacks on critical infrastructure. Like its peers, Russia leverages this capability in times of crisis.” Regional Impact Cybersecurity experts say the attacks could be a precursor to more serious cyber assaults on Ukraine and its allies. Russia is determined to prevent Ukraine from joining the NATO security alliance. “The crisis in Ukraine has already proven to be a catalyst for the additional aggressive cyber activity that will likely increase as the situation deteriorates. At Mandiant, we have been anticipating this activity, and we are concerned that, unlike the recent defacements and destructive attacks, future activity will not be restricted to Ukrainian targets or the public sector,” says Hultquist. “Time will tell on how far the threats expand beyond Ukraine, but we can assume that Russian, Chinese, North Korean, and Iranian state-sponsored hackers are regularly testing the resiliency of their enemies and that includes the U.S., countries in the Middle East and the Asia Pacific,” adds Curry. “Overall, there is always a trade-off in hacking other nations — certainly some benefits, but some drawbacks as well, and a whole lot of risk.” Zachariah adds, “In the Middle East, we have traditionally seen sectors such as oil and gas, manufacturing and utilities bear the brunt of cyberattacks from sophisticated hackers. Some of the attacks on these sectors were copycat attacks wherein hackers imitated the tactics and breach methods used by hackers in Eastern Europe.” He further says, whether you are an ally of Ukraine or not, you will still face cyber threats from a range of actors who have various objectives to achieve such as ransom, customer data, or simply revenge. “Even if a spillover of attacks is likely or otherwise, there are enough groups targeting the region. So we have enough reasons to be vigilant and stand guard. From the global trends we are analyzing, it is clear that hackers are continuing to use the widespread disruption caused by the pandemic to exploit weakness and gaps in the overall cybersecurity posture of businesses here as well,” Zachariah explains. According to Curry, looking back to last year and the Colonial Pipeline attack in the United States, what had probably seemed logical to

DarkSide became a nasty surprise. “Waking the lion is not a good idea. This is, however, the game of nations; and it now has a cyber component to go along with diplomacy, intelligence, military, and economic measures,” he explains. Identifying the Attackers According to Zachariah, the groups have already been exposed. “But what is interesting is the level of obfuscation that is at play which is again a part of their much-used playbook. At least one APT group, in this case, managed to use the infrastructure of another country to target a third country,” he says. “Early indications suggest that both sides are ramping up their attack strategies for some form of cyber warfare during this conflict,” explains Haber. “The question becomes, based on modern commercial attacks, what do weaponized versions really look like and how much potential damage could they really do versus just holding a computer hostage with ransomware. From this author’s perspective, the damage could be just as bad as physical bombs, all initiated based on a piece of malicious software. Now that is one prediction I hope doesn’t come true.” Meanwhile, Hultquist says that Russian cyber espionage actors such as UNC2452, Turla, and APT28, which are tied to the Russian intelligence services, have almost certainly already received tasking to provide intelligence around the crisis. “These actors already frequently target government, military, diplomatic, and related targets worldwide for intelligence that benefits Russia’s foreign policy decision making,” he says. Ultimately, cyber capabilities are a means for states to compete for political, economic, and military advantage without the violence and irreversible damage that is likely to escalate to open conflict. While information operations and cyberattacks such as the 2016 US election operations and the NotPetya incident can have serious political and economic consequences, Russia may favour them because they can reasonably expect that these operations will not lead to a major escalation in the conflict.” Keeping Threats at Bay To reduce risk and improve its resiliency against cyber threats, every organization should regularly test its infrastructure for weak points by conducting threat assessments and deploying appropriate incident response plans. “In addition, follow security hygiene best practices that include timely patch management, offsite data backups, and security awareness training,” adds Curry. Companies should investigate and verify remote and on-site access modes, mechanisms and confirm that passwords are not

shared (within or outside the organization) and that all passwords used are unique. In addition, they also need to ensure that all systems are patched and updated. “Furthermore, examine your infrastructure for inherent or acquired vulnerabilities. Conduct a deep vulnerability scan. Gather visibility into the footprint of your operations and supply chain and request all stakeholders to conduct self-assessment checks as per the NIST CSF to ensure that all systems are hardened and secure,” says Zachariah. “Organisations should also deploy multi-layer prevention capabilities on all enterprise endpoints across their networks. Organisations should also implement extended detection and remediation solutions across their environments, for visibility, to end advanced attacks before they can gain a footing in their networks,” explains Curry. “In addition, you need to ensure that all perimeter and non-perimeter-based defenses are working well. Stress-test your incident response plan and reexamine your roles and responsibilities matrix to ensure all roles and individuals are well aligned. Communicate the need for heightened security across the organization,” asserts Zachariah. “We would recommend practical and scalable methods that can help protect organizations from not only destructive attacks, but potential incidents where a threat actor is attempting to perform reconnaissance, escalate privileges, laterally move, maintain access, and achieve their mission,” says Hultquist. According to Haber, companies, and users should also ensure that only approved applications are allowed to execute in their environments and any program that does not meet minimum security requirements is explicitly denied. “All access outside of trusted network zones should be monitored, proxied, regulated, and controlled to prevent a presence by threat actors,” says Haber. “Any business, government, or individual that has an interest in this potential conflict — and candidly it should be everyone — there are a few things we should all do to protect against these cyber weapons of war,” says Haber. “Assess all of your assets, cloud, and on-premise, and prioritize remediation of all critical findings that can be exploited without user intervention during a cyber attack. Once vulnerabilities have been prioritized, remediate (patch) them in a timely fashion. Remove all unnecessary privileged accounts and ensure that credentials, passwords, and secrets are not shared and are unique across all assets.”

WHITEPAPER

// SECURITY REVIEW | MARCH-MAY 2022

Legacy protection technologies lack integration. Cyberthreats are on the rise. Breaches happen more often and on more devices. When it comes to cybercrime, today's small and midsize businesses (SMBs) are an eacy target. Budgets and staffing are limited and finding the right skilled people is difficult. Many opt to rely on a managed service provider (MSP) to administer their IT needs and keep their workloads and systems secure.

combat today’s threats. And, while there are many cybersecurity frameworks, such as NIST, COBIT, and CIS, available to provide industry standards and best practices for organisations to manage their cybersecurity risks, they are complicated. By integrating cybersecurity and data protection — the IT discipline of cyber protection3 according to IDC — organisations become more resilient. Cyber protection integrates backup, disaster recovery, AI-based anti-malware, remote assistance, and cybersecurity into a single, fast, efficient, and reliable tool. With the five stages below, you can proactively protect data from today’s advanced threats.

However, since the cyberthreat landscape is always evolving, many MSPs also struggle to stay ahead of new threats. In fact, cybercriminals have successfully attacked the platforms that service providers use to run their businesses to gain access to both the MSPs’ data and their clients’.

•

A backup and restore strategy alone is no longer sufficient to keep data safe.s The objective of new ransomware strains is to delete backup files, agents, and security software. Backup without integrated cybersecurity capabilities is not enough.

• • •

A new approach is needed — one that efficiently integrates cybersecurity, data protection, and endpoint protection management. Integration enables strict control and interlocked automation that legacy solutions lack but are required to

•

Prevention — Proactively protect your data, systems, and applications by preventing attacks from happening in the first place Detection — Detect issues and threats before they pose a risk to any environment Response — Enable quick action to minimize risk Recovery — Quickly and safely restore data from known, accurate backups in the event it gets compromised Forensics — Mitigate future risks by collecting and performing forensic investigations

EXPERT SPEAK

CYBER-READINESS IN THE FACE OF AN ESCALATED GRAY ZONE Organizations worldwide should remain on high alert for cyberattacks as the risk of major cyber-spillover from the crisis in Ukraine continues to loom large, writes Andrew Lee, Director of Government Affairs at ESET

Contests between states in the socalled gray zone between war and peace have been increasing for some time in cyberspace. In Ukraine, cyberattacks have been recorded more frequently over the past few years, with high-profile attacks against its electrical power infrastructure in 2015 by BlackEnergy and in 2016 by Industroyer. In 2017, the notorious NotPetya faux ransomware attack also struck Ukraine, which started by planting a backdoor on the update server of a popular Ukrainian accounting software provider that then sent a malicious update to customers and wiped out computers in Ukraine, even ripping through the systems of the Chernobyl Nuclear Power Plant. Many foreign companies with business relationships in Ukraine, and hence connected to Ukrainian networks, were also affected. The global impact of NotPetya was estimated to be more than US$10 billion. This is a useful reminder that even though attacks might start off as targeted, there is a significant risk of collateral damage. Asymmetric warfare With the recent escalation of the gray zone conflict in Ukraine, cyberattacks have escalated in tandem, firmly becoming part of 21st-century asymmetric warfare in which unequally matched adversaries adopt unconventional strategies and tactics to secure their objectives. Since it is likely that geopolitical tensions will remain high for some time, countries whose governments are actively supporting either Ukraine or

// SECURITY REVIEW | MARCH-MAY 2022

Russia will likely also be targeted with cyberattacks intended to disrupt, cause damage, and steal information. We already see hacker groups choosing sides and entering the cyber-battlefield guided by their sympathies. Complexity is further mounting given that a large tranche of sanctions has been introduced, presenting the specter of retaliatory cyberattacks on high value targets such as critical infrastructure, public sector bodies, and leading businesses, for instance, financial institutions. Another rich target for cyberattacks is the supply chain, both physical and digital. In the digital realm, a number of recent vulnerabilities demonstrated the impact that a compromise along the supply chain can have on organizations downstream. Many of the risks seen with NotPetya in 2017 could manifest in a far worse form today. We’ve already seen massive damage done to businesses and institutions via the abuse of IT management tools like SolarWinds Orion, Kaseya Virtual System Administrator, and Centreon, and email services like Microsoft Exchange. With an aim to avoid impacts at these scales, several national cybersecurity teams, such as the National Cyber Security Centre in the UK, have issued warnings and advice on actions to take when facing heightened cyber threats. Such advice transcends borders and should be considered essential to protect against cyberattacks and mitigate risks and impacts. Even companies that seem far from the geopolitical

game are at risk, apparently less interesting enterprises might just be the ideal training camp for future larger-scale attacks. Preparing for cyberattacks Suffering a cyberattack can be highly stressful and confusing, so preparation is paramount. It is important to avoid panic, and this is best achieved by training staff and conducting regular reviews of security policies and measures. Building business continuity and disaster recovery plans based on a concrete understanding of what needs to be done and in what order is key to success. Remember, threats will continue to evolve in volume and sophistication – remain vigilant. Be honest about your organization’s risk exposure. Does your organization’s mission, product, or service support critical infrastructure or key governmental processes? Is it part of a supply chain supporting key services? If the answer is no, it is still a good idea to develop a plan. If the answer is yes, evaluate your needs with a professional body. Security partnerships Businesses and institutions with concerns should consider private sector and government partnerships to address the growing cyber threats. This requires a sustained team effort but is well worth it. Security teams at your organization should consider charting a course with a reputable security vendor that ensures systems are properly configured and that IT admins and staff is all addressing the security of their digital processes and tools.

CYBER WARFARE: HOW THE DIGITAL WORLD BECAME A BATTLEFIELD

With the Russia-Ukraine war in full swing, cybersecurity experts point to a cyber front that had been forming online long before Russian troops crossed the border. Even in the months leading up to the outbreak of war, Ukrainian websites were attacked and altered to display threatening messages about the coming invasion. “In response to Russian warfare actions, the hacking collective Anonymous launched a series of attacks against Russia, with the country’s state media being the main target. So we can see cyber warfare in action with new types of malware flooding both countries, thousands of sites crashing under DDoS (distributed denial-of-service) attacks, and hacktivism thriving on both sides of barricades,” says Daniel Markuson, a cybersecurity expert at NordVPN. The methods of cyberwarfare In the past decade, the amount of time people spend online has risen drastically. Research by NordVPN has shown that Americans spend around 21 years of their lives online. With our lives so dependent on the internet, cyber wars can cause very real damage. Some of the goals online “soldiers” are trying to pursue include: Sabotage and terrorism The intent of many cyberwarfare actions is to sabotage and cause indiscriminate damage. From taking a site offline with a DDoS attack to defacing webpages with political messages, cyber terrorists launch multiple operations every year. One event that had the most impact happened in Turkey when Iranian hackers managed to knock out the power

grid for around twelve hours, affecting more than 40 million people. Espionage While cyber espionage also occurs between corporations, with competitors vying for patents and sensitive information, it’s an essential strategy for governments engaging in covert warfare. Chinese intelligence services are regularly named as the culprits in such operations, although they consistently deny the accusations. Civilian activism (hacktivism) The growing trend of hacktivism has seen civilian cyber activists take on governments and authorities around the world. One example of hacktivism is Anonymous, a group that has claimed responsibility for assaults on government agencies in the US. In 2022, Anonymous began a targeted cyber campaign against Russia after it invaded Ukraine in an attempt to disrupt government systems and combat Russian propaganda. Propaganda and disinformation In 2020, 81 countries were found to have used some form of social media manipulation. This type of manipulation was usually ordered by government agencies, political parties, or politicians. Such campaigns, which largely involve the spread of fake news, tended to focus on three key goals – distract or divert conversations away from important issues, increase polarization between religious, political, or social groups, and suppress fundamental human rights, such as the right to freedom of expression or freedom of information. The future of cyber-warfare

“Governments, corporations, and the public need to understand this emerging landscape and protect themselves by taking care of their physical security as well as cybersecurity. From the mass cyberattacks of 2008’s Russo-Georgian War to the cyber onslaught faced by Ukraine today, this is the new battleground for both civil and international conflicts,” Daniel Markuson says. Markuson predicts that in the future, cyberwar will become the primary theater of war for global superpowers. He also thinks that terrorist cells may focus their efforts on targeting civilian infrastructure and other high-risk networks: terrorists would be even harder to detect and could launch attacks anywhere in the world. Lastly, Markuson thinks that activism will become more virtual and allow citizens to hold large governmental authorities to account. A regular person can’t do much to fight in a cyberwar or to protect themselves from the consequences. However, educating yourself, paying attention to the reliability of sources of information, and maintaining a critical attitude to everything you read online could help increase your awareness and feel less affected by propaganda.

EXPERT SPEAK

2,500 YEARS OF THREAT INTELLIGENCE AND ITS VALUE CONTINUES TO GROW Written by Firas Ghanem, Regional Director for the Middle East and Pakistan at ThreatQuotient Military general and philosopher Sun Tzu once led the largest armies in the world and authored The Art of War, still considered a masterpiece of tactical warfare and very relevant as we wage our battles against evolving cyberattacks. That’s because even though threat intelligence is a relatively new discipline in our cyber defense processes, it has actually been around for more than 2,500 years. Threat intelligence was central to Sun Tzu’s winning strategies and it is foundational to our success today as our security approaches continue to evolve, most recently with Extended Detection and Response (XDR) solutions. Most cybersecurity professionals are familiar with this widely referenced quote by Sun Tzu, “If you know others and know yourself, you will not be beaten in one hundred battles. If you do not know others but know yourself, you will win one and lose one. If you do not know others and do not know yourself, you will be beaten in every single battle.” According to Sun Tzu, the first step in awareness is information gathering. This includes information about yourself – your assets, priorities, strengths, and vulnerabilities. You must also know your enemy – who and where they are, their size, the types of weapons they use, their motivation, and their tactics and techniques. This information drives basic decisions – is this a threat or not, should we fight or flee, and what actions should we take? Then comes the most important step – calculations. As Sun Tzu said, “The general who wins a battle makes many calculations before and during the battle. The general who loses makes hardly any calculations. This is why many calculations lead to victory and few calculations lead to defeat.” We should not act on the basis of raw data, but rather on information gained by examining the data for relevance, priority and other situational information, which on the battlefield includes terrain and weather conditions. The goal is to apply context to data, so you have the right

// SECURITY REVIEW | MARCH-MAY 2022

information at the right place and time.

•

Ultimately, you want to be able to operationalize the data and take the right action. So, the platform must translate that curated, prioritized data for export, allowing for data flow across the infrastructure to quickly activate defense technologies and teams. Closing the loop, the platform also captures and stores data from the response for learning and improvement. And remember, all of this happens at speed and scale, so automation is key — allowing you to act efficiently for the comprehensive response.

Use data from all sources: Integration is a core competency to enable XDR because organizations are not starting with a clean slate but have dozens of technologies, feeds, and third-party data sources across departments and teams. Allowing for strong integration and interoperability with all systems and data sources, internal and external, enables you to leverage threat data. Displaying a wealth of contextualized data via a common work surface enables teams to apply it to understand the threats they are facing to reach the goal of extended detection and response across the infrastructure and across all attack vectors. Use data to focus efforts: Prioritization should be automated but under the control of the security team. Filtering out noise (false positives and information that is irrelevant) using parameters you set ensures prioritization is based on risk to your organization. Analysts can focus on threats that matter most instead of spending time chasing ghosts. Feedback and results should be continuously captured, stored, and used to improve security operations. Use data to drive response: The most effective way to empower teams is to apply automation to repetitive, low-risk, time-consuming tasks, and recognize that the need for human analysis remains. Irregular, high-impact, times-sensitive investigations are best led by a human analyst with automation simply augmenting the work. A balance between human and machine ensures that teams always have the best tool for the job, and a data-driven approach to both improve the speed and thoroughness of the work.

Threat intelligence best practices to enable XDR For organizations considering XDR, or that have already embraced XDR, the following best practices will help you leverage threat intelligence to derive more value.

XDR is gaining a lot of traction. But in order for it to deliver as promised, we need to heed Sun Tzu and start with a data-driven approach. Threat intelligence was critical to success on the battlefield then, and it is critical to success on the cyber battlefield today.

Parallels with The Art of War and the XDR process Relating this process to XDR, we see close parallels. Gathering information from different disparate internal and external sources and domains is the “extended” part. The distribution or dissemination of information across your security infrastructure is the “detection and response” part. Finally, calculations involve converting raw data into relevant intelligence and this is the basis for responding efficiently and effectively to a given situation. To accomplish this, what’s needed is a data-driven security operations platform that allows you to extend capacity to consume and manage data, be it internal or external, structured or unstructured. A lot of valuable data you get from third parties is trapped within their technologies, so the platform must be based on an open architecture, where integrations are broad and deep to help you unlock that valuable resource as well. Having aggregated and normalized all that data, the platform then must be able to correlate the data and apply context so you can prioritize and filter out noise.

•

THE NEED FOR A ZERO TRUST EDGE STRATEGY Written by John Maddison, EVP Products & Solutions at Fortinet Today’s hybrid workers require access to distributed applications deployed in the datacenter, multi-cloud environments, and SaaS locations. Digital acceleration involves adopting and implementing new technologies and practices to improve business agility and employee productivity. But it is also redefining the network edge—especially in today’s Workfrom-Anywhere world where users move between on-premises locations, interconnected branch locations, home offices, and temporary locations during travel—thereby expanding the attack surface and exposing the business to new, advanced threats. Unfortunately, most traditional network architectures were built using disparate and statically deployed point products that provide implicit access to all applications. However, such an approach is no longer effective at providing secure access to critical resources at scale, especially as users, devices, and applications are in constant motion. And the inevitable rerouting of traffic to fixed security points for inspection severely impacts user experience, especially when those tools cannot adequately examine the encrypted application, data, and video streams. Far too often, the default response in many organizations has been to bypass security to not impact critical business operations. And the result has been disastrous, with ransomware, phishing, botnet, and other criminal activity now at an all-time high. What’s needed is a secure Digital Acceleration strategy that ensures that new technologies can be adopted and new, highly dynamic edges can be established without compromising the protection of critical data or the security of users and devices. Zero-trust is based on the principle that every device or user is potentially compromised, and therefore every access request must be authorized and continuously verify. And even then, users and devices can only access those resources required to do their job and nothing more. This same approach is now being applied to the remote edges of the network, a strategy known as the “Zero Trust Edge.” This new zero-trust approach to securing the expanding edges of today’s networks helps ensure that

Security-Driven Networking – the critical convergence of security and networking – is everywhere. This enables security to seamlessly adapt to dynamic changes to the underlying network infrastructure, including connectivity, while providing explicit access to applications based on user identity and context.

•

Security-Driven Networking from Fortinet Forrester recently described a solution they have dubbed the “All-In-One Zero Trust Edge” in the Now Tech Report published in December 2021. In that report, they described the future of next-generation networking infrastructure as bringing together networking and security in any combination of cloud, software, and hardware components, securely interweaving users, data, and resources using essential zero-trust principles. Fortinet is recognized in this report. We believe that’s because we uniquely bring together all components needed to converge networking and security and can then deploy them on premises and in the cloud, including SDWAN, NGFW and ZTNA. This ensures that we can deliver consistent convergence and zero implicit trust everywhere. We call this Security-Driven Networking.

•

What is a Zero Trust Edge Solution? Fortinet’s Security-Driven Networking innovations deliver the industry’s most complete Zero Trust Edge solution: •

SD-WAN: Providing better path and user-experience to applications and services usingSD-WAN is foundational for any Zero Trust Edge solution. Fortinet was the first vendor to blend advanced security and connectivity into a unified solution. Our Secure SD-WAN solution securely interconnects all offices to every datacenter, multi-cloud, and SaaS environment. And in addition to reliable connectivity and cloud on-ramp, it includes a full suite of advanced security, enables dynamic segmentation to prevent lateral threat movement for East-West protection, and maintains superior user experience through digital experience monitor-

•

ing. Hybrid Convergence of Networking and Security: Zero Trust Edge must also support today’s highly dynamic networks. Legacy security solutions struggle to provide consistent policy distribution, orchestration, and enforcement when the underlying network is in constant motion. Integrating security and networking into a unified system is essential for deploying consistent security everywhere, both for on-premises and remote users. Fortinet is the only vendor to deliver networking and security convergence powered by the same operating system (FortiOS) to offer seamless policy distribution and orchestration. We also provide the industry’s highest security performance using our purpose-built security ASICs, enabling the inspection of encrypted traffic, including streaming video, without impacting user experience. Secure Remote Access: Cloud-delivered security that securely connects all remote users is essential to any Zero Trust Edge solution. Comprehensive web security from the cloud must provide multiple layers of defense with AI-driven web filtering, video filtering, DNS filtering, IP Reputation, Anti-botnet service including the ability to address data loss prevention and protect mobile users with in-line CASB integration. ZTNA Everywhere: Finally, Zero Trust Network Access (ZTNA) is essential for securing access to the critical applications and resources today’s hybrid workforce demands. However, protecting a hybrid workforce that may be in the office one day, working from home the next, and traveling another requires a ZTNA solution that is available everywhere users or devices are located. Unlike traditional VPN, ZTNA provides explicit access to users per application based on identity and context. Fortinet is the only vendor with a ZTNA solution designed to protect access from any edge, not just a few edges.

EXPERT SPEAK

SEVEN TRENDS THAT CAN HELP MAKE THE MODERN ENTERPRISE SECURE AND AGILE Sajith Kumar, General Manager – Enterprise from Cloud Box Technologies summarizes possible technology and strategic measures in 2022 that can help transform security for the enterprise For the Boards of global and regional organizations, cybersecurity and managing digital transformation alongside, are promising to be amongst the most challenging. While Boards are doing a lot to bridge the gap between themselves and the CISO and the security organization, here are some other technology and strategic measures that can help make the enterprise more agile and secure.

er networks.

Trend #1 The big policy reset What is the biggest and most immediate change required in an organization’s security policies? It is the fact that majority of its employees are no longer employees but more like remote workers. Or in other words, remote workers are now the workers and remote work is now the organization’s work. In other words, enterprises need to reset their entire security policies and tools to be able to manage risks from this new organizational reality.

Trend #4 Just who is an employee? As workers move across the enterprises’ security fabric, their security access levels need to keep changing. More importantly so should their identity-based security, with zero-trust being a dominant requirement. While zero-trust identity access is not new, it gains renewed importance in the face of hybrid worker access as well integration of disparate networks driven by digital transformation.

Trend #2 Managing workers How will security be deployed for the modern hybrid organization, where workers are switching between multiple modes of working. At times they will be onsite inside the office firewall, at other times mobile and on the move, and at other times working from home. All the while accessing the wireless networks, Internet or private VPNs. How will an organization’s security architecture continuously adjust for its workers as they move across its fabric? Today’s enterprises are being turned inside out with these challenges of managing workers requiring multiple modes and levels of security access. All organizations will need to have a defensive posture and well-defined security policies and risks with regard to onsite, remote, and mobile workers. One of the approaches is to develop and deploy a cybersecurity mesh, which enables a distributed enterprise to deploy and extend security where it is required the most. Trend #3 Managing enterprise assets Other than the pandemic, digital transformation is also responsible for connecting industrial, operational, IT assets that are distributed across the fabric of the organization. These assets could be located at the edge, inside the network, at the core, and even inside oth-

// SECURITY REVIEW | MARCH-MAY 2022

Gateways and middleware are now effectively and efficiently connecting disparate networks inside enterprises that were not feasible a decade ago. To manage all these challenges, security needs to be flexible, agile, scalable and yet robust enough to deliver for workers and protect for the organization.

Social engineering to gain identity access is a dominant activity for sophisticated global threat actors. Hence, identity management techniques and practices need to be further elevated in terms of importance. Along with human identities, we also have machine and robot identities, that are adding additional complexities in the overall identity access management operations. Digital technologies such as robotic process automation are driving automation of processes and each of these automated process or Bots requires a sign-on into the network and application stacks. APIs are another vulnerable hot spot where access is granted to users across multiple applications via APIs. To better manage digital transformation, enterprises need to relook at their end-to-end identity credentials across all humans, Bots, devices. Trend #5 Board improves communication Boards are now alerted to address the challenges thrown up by ransomware, advanced persistent threats, and other supply chain malware that are having disastrous effects on some global businesses. Board members have been in the spotlight for being unable to speak the same language as CISOs and therefore unable to bridge the gaps from top to bottom. Now they are forming dedicated committees headed by security experts and

selected board members to bridge the gap and address the challenge. With this initiative, CISOs can expect much better information flow with the Board, as well as much deeper conversations about security spending, policies, proactiveness, risks and governance, strategy. Trend #6 Proliferation of vendors An ongoing challenge that continues into the next year is the complexity of security tools that are being managed by CISOs and IT managers. Global surveys by research firm Gartner have found that 78% of CISOs are managing 16 or more tools across their cybersecurity vendor portfolio. While 12% of CISOs are managing more than 46 tools. The harsh reality is that cybersecurity organisations have far too many tools, from far too many vendors, leading to complex management routines, continuously high demand on skills, and increasing security headcount. Under these circumstances, CISOs need to begin extended vendor consolidation activities, realising that such activities take time and there is no short-term solution while heading in this direction. Another reality check is that reduction of capex spending may not be a direct, realisable benefit, but rather reduction of indirect costs and increase in operational efficiency are more achievable and realisable targets. Trend #7 Testing and validation New tools are being added to the portfolio of solutions that can be used to validate an organization’s security vulnerabilities. One such area is breach and attack simulations that do continuous testing and validation of security controls and test the ability to withstand external threats. It also highlights risks to high-value assets such as highly confidential data. Another area that is developing is the ability to protect data while it is being read and used, in comparison to protecting data in motion or at rest. This enhanced security allows secure data processing, secure sharing, and cross-border transfers without risks.

CLOUD APPLICATION DELIVERY: IT’S STILL A WORK IN PROGRESS FOR MANY Written by Amr Alashaal, Regional VP – Middle East at A10 Networks For digital business, transformation, and resiliency, success depends on application performance. Organizations must deliver the best possible experiences for employees and customers while driving innovation and ensuring security. To meet these interrelated objectives, many enterprises are migrating application delivery to hybrid/multi-cloud environments and related techniques to achieve the kind of agility and resiliency formerly only found in public cloud providers. In a recent survey, The State of Cloud Application Delivery, A10 Networks, and Gatepoint Research asked senior technology decision-makers about their experiences delivering applications in the cloud, and what today’s organizations need to achieve the digital resiliency on which their businesses depend. Given the critical role of application delivery performance in digital business success, the fact that only 34 percent of companies are highly satisfied with their application delivery controller (ADC) solution should raise eyebrows. Modern Business runs on Hybrid Cloud and Multi-cloud Application Delivery It’s important to state the key role of application reliability and performance for today’s organizations. To compete effectively and grow in modern digital markets, businesses must meet high customer expectations for a great experience. Hybrid workplace strategies and work-from-home policies make it all the more critical to deliver a consistently high-quality experience wherever people work. Rising cyber threats and an expanding attack surface call for a heightened focus on security. And agility is a must to support innovation and keep pace with fast-moving markets. To address these needs, organizations increasingly host their applications in hybrid cloud and multi-cloud environments. According to the survey, while most respondents continue to host applications on-premises, 85 percent use public cloud platforms—usually more than one—and 43 percent use private clouds. This approach offers several potential benefits. A more diverse application infrastructure al-

lows greater flexibility to host each application on the optimal platform, in the optimal location, to ensure availability and responsiveness. By tapping into scalable resources on-demand, companies can adapt more quickly to changing business needs and IT strategies and shifting customer demand. Moving to more economical and flexible licensing and pay-as-you-go models can free up funds for innovation. And with the right tools, organizations can achieve better visibility into end-to-end application security and performance than they could in a traditional on-premises data center. Nonetheless, as seen in the low rate of satisfaction reported in the survey, many organizations are hampered by application delivery technologies that fail to meet their requirements. How Underperforming ADCs Undermine the Promise of the Cloud Ensuring application delivery performance in a hybrid cloud and multi-cloud environment hinges on several key ADC functions. Global server load balancing (GSLB) is essential, as organizations need to go beyond traditional disaster recovery requirements to optimize traffic and ensure availability across multiple data centers and clouds. With the vast majority of internet traffic now encrypted, TLS/SSL offload makes it possible to perform TLS/SSL encryption and decryption without straining server resources or creating bottlenecks. Application acceleration and optimization capabilities, including application analytics, fast root-cause analysis, and performance feedback for developers, are invaluable for delivering an outstanding, and consistent, customer experience while keeping employees fully productive and engaged. However, application delivery solutions currently in place often fall short of these requirements. Fully half of the survey respondents reported ongoing struggles with legacy application delivery technology. Nearly a third face challenges addressing application security threats. Over one in four experience application downtime and slow performance, and more than 20 percent face visibility and reporting chal-

lenges. To overcome these challenges and realize the full business benefits of their hybrid and multi-cloud strategy, these organizations will need to modernize their application delivery infrastructure. The Agenda for Hybrid Cloud and Multicloud App Delivery The gap between outdated application delivery solutions and modern requirements only continues to grow. With hybrid cloud and multi-cloud complexity rising, organizations need to be able to deploy and deliver applications more flexibly and efficiently, avoid being bogged down in manual tasks, and gain greater insight to ensure that fast-changing environments maintain performance and availability. These needs are reflected in the key objectives for the coming year cited by survey respondents. Forty-eight percent reported plans to increase agility with software/scale-out solutions for a faster response to shifting needs, while 47 percent intend to drive operational efficiency through the deployment of hybrid cloud automation, management, and analytics capabilities. Ensuring Digital Resiliency for Better Business Performance As companies evaluate their existing ADCs and consider future investments, their priorities are closely tied to bottom-line performance. To maximize ROI, they will need to be able to both increase revenue and control expenses. On the revenue side, better application performance will help them deliver outstanding experiences to win and retain customers in competitive markets, as well as keep their workforce engaged, productive, and satisfied. A modern application delivery approach is clearly needed to help organizations right-size investments by enabling more efficient management, reducing calls to customer support, averting costly and disruptive security breaches, providing agile software options, and leveraging new advanced observability.

EXPERT SPEAK

AN INCLUSIVE AND EQUITABLE GROWTH MATRIX Written by Vaishali Phatak, Head – Technical Learning Services and Global Head of Diversity and Inclusion, Tech Mahindra

A culture of equality has a powerful multiplier effect on innovation and growth. Gender diversity shouldn’t merely be considered an ethical imperative but a business priority to drive an all-inclusive growth agenda. I am of the firm belief that optimizing the capabilities and leveraging the strengths of women are and will always be a strategic differentiator for companies. Various studies, that have been carried out on the gender diversity front, have been equivocal of the fact that greater levels of gender diversity lead to a positive impact on corporate performance and economic growth. Additionally, greater gender diversity is also high on ESG and the Sustainable Development Goals. Over the past few decades, the gender diversity agenda at the workplace has been reverberating from all fronts. While companies have been working towards enhancing the gender balance, especially at corporate strategic levels, we still have a long way to go. The good news is that the green shoots of progress have started seeding lately at the boardroom level. According to a World Bank report, over the last couple of years, Saudi Arabia and the UAE have emerged as the region’s leaders in this effort. Along with Bahrain, they have introduced groundbreaking reforms that are allowing women to participate in economic activities. Looking at these reformative agendas, the rest of the Middle East and North Africa (MENA) region is also fast catching up to the cause and is all set to tap into the productivity of 50% of their populations. In order to offer equal op-

// SECURITY REVIEW | MARCH-MAY 2022

portunities to women in the corporate world, the GCC region is making significant efforts in the right direction in exploring opportunities for women to utilize their capabilities to achieve the developmental goals that they set for themselves.

strategy as well. Being ‘Intentionally Diverse and Naturally inclusive’ means inclusiveness in all aspects of diversity – gender, generations, abilities, cultural diversities, and nationalities. Diversity and Inclusion (D&I) at the workplace is an instrument for growth.

As a matter of fact, recent studies have revealed that in September 2020, the UAE became the first country in MENA to introduce paid parental leave for employees in the private sector. This historic reform was part of a broad package enacted by the UAE to support women’s labor force participation, which, at 57.5%, is one of the highest in the MENA region. The 2020 reform package builds on work the UAE has engaged in since 2019 to prioritize gender equality and women’s economic empowerment.

To celebrate the uniqueness of every individual an environment of inclusion and empowerment needs to be deliberately fostered, policies and practices need to be gender-agnostic and disability confident. If we go by historical insights, we will find women’s critical role in economic recovery following global crises. As the world continues to grapple with the impact of the Covid-19 pandemic, several legal reforms have been taking shape in the GCC region to enable women to contribute more effectively towards economic recovery.

The Kingdom of Saudi Arabia (KSA), which started this drive more recently, has set an ambitious target of 30% female participation in the labor force by 2030 as part of its National Vision 2030. In Saudi Arabia specifically, a June 2019 royal decree founded the Women’s Empowerment Committee, including representatives from a wide range of ministries with a strong mandate to achieve women’s empowerment through legal reforms. We must all acknowledge that the governments can’t drive this agenda alone.

Encouraging and supporting the implementation of gender-neutral laws will go a long way in ensuring sustainable growth. The pandemic has been a great eye-opener for companies around the world. We all must change our stance from “why do we need gender diversity” – to “why don’t we have gender diversity on board.” Now, it is up to us to decide whether we want to ignore these lessons or leverage them as opportunities to drive change. Now is the time for corporations to act and start introducing forward-thinking changes to the workplace.

The ONUS is upon us to create equal opportunities for female professionals across all industries. I am highly influenced by a famous saying, ‘If you do not intentionally include, you unintentionally exclude’. This fits in perfectly with the gender diversity norms in corporate

YOUR RELIABLE HARDWARE AND SOFTWARE SUPPLIER Senetic is a global provider of IT solutions for business and public organizations that need to build a collaboration-friendly digital ecosystem and want to ensure a smooth day-to-day operation.

Trusted brands Competitive prices 13 years of a global experience

Check offer Contact Us: 800 032 0575 +971 522039028 info@senetic.ae www.senetic.ae

Senetic Technologies L.L.C. Al Abraj Str., Crystal Tower | 11th Floor, Business Bay P.O. Box 55526 | Dubai, United Arab Emirates