Security Advisor Middle East | Issue 12 by Security Advisor Middle East

ISSUE 12 | DECEMBER 2016 www.securityadvisorme.com

Security outlook 2017 Cisco SOC in Krakow

Intel Security FOCUS 16

SECURE CONNECTIONS GULF AIR BOOSTS AND SAFEGUARDS WIRELESS NETWORK INFRASTRUCTURE

WE ENSURE YOUR BEST-KEPT CORPORATE SECRETS REMAIN JUST THAT.

Corporate cyber espionage threatens to compromise everything an enterprise stands for. The ability to intercept an attack can make all the difference between success and failure. At DarkMatter, the worldâ&#x20AC;&#x2122;s brightest minds are helping the regionâ&#x20AC;&#x2122;s largest companies stay ahead of evolving cyber threats. Whatever the scope, scale and sensitivity of your work, we offer the full spectrum of solutions to safeguard your crown jewels. Take your first step towards genius: contactus@darkmatter.ae

STRATEGIC INNOVATION PARTNER

STRATEGIC PARTNER

CONTENTS

FOUNDER, CPIMEDIA GROUP Dominic De Sousa (1959-2015) EDITORIAL Group Editor Jeevan Thankappan jeevan.thankappan@cpimediagroup.com +971 4 440 9129

Editor James Dartnell james.dartnell@cpimediagroup.com +971 4 440 9153

FIRST CLASS SECURITY

Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135

Gulf Air Director of IT Dr. Jassim Haji discusses how the company revamped and secured its wireless network infrastructure to meet growing business demands.

Deputy Editor Glesni Holland glesni.holland@cpimediagroup.com +971 4 440 9134 DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 375 5680 Designer Neha Kalvani neha.kalvani@cpimediagroup.com +971 4 440 9159 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9138 Sales Manager Merle Carrasco merle.carrasco@cpimediagroup.com +971 4 440 9147 CIRCULATION Circulation Manager Rajeesh M rajeesh.nair@cpimediagroup.com +971 4 440 9119 PRODUCTION Production Manager James P Tharian james.tharian@cpimediagroup.com +971 4 375 5673 Operations Manager Shweta Santosh shweta.santosh@cpimediagroup.com +971 4 440 9107 DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh Photographer Charls Thomas Maksym Poriechkin webmaster@cpimediagroup.com +971 4 440 9100 Published by

Registered at IMPZ PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Printwell Printing Press Regional partner of

© Copyright 2016 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.

SECURITY OUTLOOK 2017 We asked IT security experts for their predictions for 2017. If you thought 2016 was bad, fasten your seat belts – next year is going to be even worse.

16 18

INSIDE A SECURITY OPERATIONS CENTRE SAME visits Cisco’s Security Operations Centre in Krakow. SECURITY AT THE FOREFRONT Amit Yoran, President, RSA, on what enterprises should be doing to protect themselves against the tidal wave of security challenges.

THE DEFENCE HUB Yasser Zeineldin, CEO, eHosting DataFort and Jeff Ogden, Managing Director, eHDF Cyber Defense Centre, discuss CDC’s objectives and future plans for the region. TOGETHER IS POWER During its annual conference, FOCUS, held in Las Vegas last month, Intel Security announced new innovations and strategies for the coming year. AUTONOMOUS DRIVING HEADED FOR A PILE-UP DarkMatter Senior Vice President of Cyber Governance, Risk and Compliance Harshul Joshi on hardening cars against cyber sabotage.

NEWS

FIREEYE LAUNCHES HELIX FireEye has introduced Helix, a platform that unifies network, endpoint and third-party product Kevin Mandia, FireEye visibility with the FireEye iSIGHT Intelligence and Mandiant expertise. FireEye Helix is designed to reduce the time, effort, and cost associated with managing low quality or false alerts from traditional security offerings like next generation firewalls, endpoint, and intrusion prevention systems. FireEye Helix launches with a limited early adopter programme today, and will be generally available in late Q1 2017. “After more than two decades responding to the largest breaches in the world, it is clear that threats have evolved to actively exploit the detection and process failures in security operations that slow response,” said Kevin Mandia, CEO, FireEye. “FireEye Helix is a revolutionary approach that builds on our best in class detection solutions and investments in Mandiant, iSIGHT Partners, and Invotas; creating the first intelligence-led platform that enables simple, integrated, and automated security operations from the cloud or on-premise.”

53%

of UAE millennials have experienced online crime in 2016 Source: Norton by Symantec

12.2016

SAUDI GOVERNMENT AGENCIES HIT BY CYBER-ATTACKS

State-sponsored hackers have reportedly conducted a number of destructive attacks on organisations in Saudi Arabia in mid-November. The attackers, according to a Bloomberg report, have been targeting computer banks of several

government agencies including Saudi’s General Authority of Civil Aviation. The attackers used the same malware programme, known as Shamoon, that hit the Saudi Arabian oil company Aramco in 2012. The agency noted that the said damage to its networks was limited to some office systems and employee e-mails. Further reports have noted that that the Saudis were able to restore some lost data via back-ups, recovering faster than they did after the 2012 strike. Industry reports point to Iran as the culprit in the incident, however, investigations have yet to prove this claim. Air travel, airport operations and navigation systems weren’t disrupted by the attack, and only office administration systems were impacted by the breach, according to reports.

Kaspersky Lab announces executive appointments in META region Kaspersky Lab has announced the appointment of Amir Kanaan as Managing Director in the Middle East, as well as the promotion of Kevin Mandia, FireEye Aman Manzoor to the new role of Head of Consumer Sales in META (Middle East, Turkey and Africa). “We see great business perspectives for growth in the region, and aim to double sales in the META region by the end of 2020. I’m sure that our strong regional team can achieve this goal by establishing new customer and partner relationships

and promoting new offerings for enterprise and SMB organisations,” said Maxim Frolov, Managing Director for the Middle East, Turkey and Africa, Kaspersky Lab. Amir Kanaan has more than 15 years of sales and managerial experience in the field of IT Security. As Managing Director in the Middle East at Kaspersky Lab, he is responsible for strengthening the company’s position as a market leader and growing Kaspersky Lab’s business in the region. Meanwhile, Aman Manzoor in his role as Head of Consumer Sales in Middle East, Turkey and Africa will be promoting all Kaspersky Lab solutions for home users on the fast developing META market.

www.securityadvisorme.com

GEMALTO ADVANCES SECURE COMMUNICATIONS FOR FINANCIAL SERVICES Gemalto has announced the integration of its SafeNet Hardware Security Modules (HSM) with Symphony Communication Services’ secure cloudbased communications platform. Available through Symphony’s app ecosystem, the SafeNet HSM protects the cryptographic root of trust for secure and confidential communications for highly-regulated organisations using the Symphony platform. “Symphony delivers a secure compliant productivity and collaboration platform whose entire ecosystem—from content owners, to trading platforms, to finserv companies—depends on the best security available,” said Frederic Stemmelin, Vice President of Business Development, Symphony. “Gemalto’s

Dubai set to host eSecurityDen 2017 According eSecurityDen, making the right decision is becoming increasing complex and Jeremy Boorer, demanding for eSecurityDen the CIO’s of regional organisations. With a demonstration led format, the one-day eSecurityDen 2017 conference aims to provide a platform for cybersecurity solution providers to connect with senior management across the GCC region, showcase their abilities and develop long-term business relationships. “Ultimately our aim is to connect the latest most innovative solution providers with the right professional people who have the challenges they can help with. This will empower

www.securityadvisorme.com

state-of-the-art encryption technology meets the modern standard of security that our platform demands.” The Gemalto SafeNet HSM, according to the company, is a dedicated crypto processor that securely manages, processes and stores cryptographic keys inside of a hardened, tamper-resistant device. Symphony’s customers can deploy a SafeNet Network HSM in their data center or purchase Cloud HSM in an Amazon Web Services (AWS) cloud environment or through Google Cloud Platform, using it to manage and secure encryption keys and cryptographic operations in order to protect communications and maintain compliance.

CIO’s and CEO’s with the right tools and critical information to safeguard their brands and assets within a span of eight hours thus saving precious time and resources”, said Jeremy Boorer, Advisory Board member for eSecurityDen and spokesperson for eSecurityDen 2017 Dubai. Boorer further explained that to stay ahead of the increasing sophistication and pace of cyberattacks as well as combat threats happening at several levels, organisations need to look at cybersecurity as a part of overall risk management and the involvement of CEO’s and board members is the demand of the hour. eSecurityDen 2017 speakers and exhibitors get an opportunity to take the centre stage and demonstrate how they can solve specific industry issues and this will be the biggest advantage for the providers as well as our delegates as they can get real sector specific insights into the range of solutions that are solving challenges for their counterparts globally.

OVER 2 MILLION UAE CONSUMERS AFFECTED BY CYBERCRIME IN 2016 Norton by Symantec has released the findings from its annual Norton Cyber Security Insights Report, revealing 2.53 million consumers in the UAE have been victims of online crime in the past year as hackers take advantage of consumer complacency. The report shows that despite spending more than AED 5.2 billion ($1.4 billion) and an average of 31.5 hours per victim dealing with the consequences, UAE consumers affected by cybercrime in the past year are the most likely to continue engaging in risky online behaviour, leaving themselves vulnerable to further attacks. The report, a survey of nearly 21,000 consumers globally, including 883 in the UAE, sheds a light on the impact of cybercrime and reveals that while consumer awareness of cybercrime is growing. Millennials in the UAE are the most commonly affected by online crime, with 53 percent having experienced it within the past year. Men (52 percent), and frequent travelers (50 percent) were also likely to report higher incidents of cybercrime. Consumer complacency and risky online behaviours are helping hackers reap rewards from their efforts as they continue to hone their craft and adapt scams. “Our findings show that people are growing increasingly aware of the need to protect their personal information online, but aren’t motivated to take adequate precautions to stay safe,” said Tamim Taufiq, Head of Norton Middle East. “While consumers remain complacent, hackers are refining their skills and adapting their scams to further take advantage of people, making the need for consumers to take some action increasingly important.”

12.2016

FEATURE

SECURITY OUTLOOK 2017 We asked IT security experts for their predictions for 2017. If you thought 2016 was bad, fasten your seat belts â&#x20AC;&#x201C; next year is going to be even worse.

12.2016

www.securityadvisorme.com

FEATURE

hat kind of technology trends will impact security in 2017?

Matthew Gardiner, Senior Product Marketing Manager of Mimecast Companies are now faced with an unprecedented mix of reward and risk as they migrate to the cloud with a vast majority of execs committed to their cloud transformations. Email is usually the first platform organizations move into the cloud. It’s the business application that IT departments are most comfortable relegating to a third party to maintain. Yet it’s also the ultimate Killer App, a vital conduit – and repository – for business-critical and strategic information. Whether cloudbased or on premises, email data is crucial for closing sales, negotiating, and brainstorming. It’s no wonder that email has also emerged as the single biggest threat vector for attacks on corporate information and we believe that we will continue to see this continue in 2017.

Scott Manson, Cyber Security Leader for Middle East and Turkey, Cisco The Internet of Things and other emerging technologies are going to require even more security. IoT in both the consumer and B2B market will continue to accelerate, connecting data, things, processes and people. Intelligent systems will grow rapidly in 2017, as more applications and products are made available. Wearable devices will continue to grow and mesh with healthcare and big data. Security in the IoT environment is www.securityadvisorme.com

12.2016

FEATURE

will naturally become more challenging and complicated. Inadequate security will be a critical barrier to large-scale deployment of IoT systems and broad customer adoption of IoT applications. Simply extending existing IT security architectures to the IoT will not be sufficient. The IoT world requires new security approaches, creating fertile ground for innovative and disruptive thinking and solutions.

proving to be game changers, unleashing a deluge of disruption across industries. And with these technology trends making inroads into enterprise deployments, it is likely that they will impact security in the coming year.

Ghareeb Saad, Senior Security Researcher, Global Research & Analysis Team, Middle East, Turkey and Africa, Kaspersky Lab Azeem Aleem, Director, Advanced Cyber Defense Practice, EMEA, RSA Another surging cybersecurity trend is attacks across industrial control systems. The shift from legacy systems towards process control networks with connectivity around enterprise and internet will create more extensive backdoors to exploit industrial control systems (ICS). Organizations will be oblivious to the device connectivity patterns inside and outside their ICS environment. Moreover, with attacks within ICS through cloud service providers progressing at a faster pace, calls for a dire need for intelligence correlations and reporting mechanisms through behavioral analytics around supervisory control and data acquisition (SCADA) attacks. In addition, artificial intelligence, big data and analytics, augmented and virtual reality, smart mobility and drones are few of the many emerging technology trends that are most likely to impact cybersecurity in the coming year.

There are a number of trends that we see. The main theme of 2017 is the growing ability of attackers to customize, hide, disguise or manipulate evidence and indicators – making it ever harder to spot and correctly identify them. We predict espionage campaigns, which can also be a serious threat to businesses, will look to target primarily mobiles, benefiting from the fact that the security industry can struggle to gain full access to mobile operating systems for forensic analysis. As Internet of Things (IoT) device manufacturers continue to develop devices that are not necessarily protected, which can then cause wide-scale problems, there is a risk that vigilante hackers could take matters into their own hands and disable as many devices as possible.

Kamel Heus, Regional Manager - MEA, Centrify

Ray Kafity, Vice President – META, Attivo Networks Emerging technologies such as industrial IoT, big data, artificial intelligence, machine learning, and mobility are 8

12.2016

The ‘identity’ is the new security perimeter as it is the common denominator for any activity involving access to critical resources. There will be an increase in adoption of multi-factor authentication for securing identities, as the password is no longer fit for purpose. We will also see organisations adopting the least-privilege model, where www.securityadvisorme.com

people will access resources on a need to know basis – this is one of the most important recommendations in security, which organisations are lagging behind in implementing. We will also see an increased adoption of hybrid cloud, where businesses need to find new ways to manage who has access to what data. The latest Shamoon attack in Saudi shows the vulnerability surrounding privileged accounts credentials.

concentrated in the region, coupled with a move towards smart government and smart services, the GCC will increasingly find itself in the crosshairs of cyberattackers. With every passing year, the adoption of the cloud by enterprises and the government alike is increasing. Likewise, IoT is gradually reaching a higher level of maturity. As mentioned before, these innovations have exponentially expanded the attack surface, putting strain on existing on cybersecurity resources.

What changes do you foresee in the threat landscape next year?

Mohammed Abukhater, Regional Director for the Middle East and North Africa at FireEye With the region becoming a hub for many key industries and seeing an increasing consolidation of wealth and assets, it’s bound to capture the attention of malicious players. In 2017, we expect the number of politically and financially motivated attacks to increase. Nation-state attacks will not abate anytime soon and are only likely to increase in intensity with the current geopolitical climate in the region. Ransomware will continue to be a menace to organizations in the GCC, being a more attractive and lucrative option for criminals with the proper skillsets and motivations. We expect to see credit and debit card fraud, illicit bank transfers, and ATM fraud.

Tareque Choudhury, Head of Security and BT Advise, Middle East and Africa, BT Global Services The threat landscape is one that is constantly evolving. With some of the highest levels of financial assets, energy resources and lucrative real estate investments www.securityadvisorme.com

Alain Penel, Regional Vice President – Middle East, Fortinet Increasing attacks targeting IoT devices is probably the safest prediction for 2017. With over 20 billion IoT devices online by 2020, versus one billion PCs, the math is pretty easy. And we are in the middle of a perfect storm around IoT: A huge M2M (machine-to-machine) attack surface, growing to over 20 billion connected devices, built using highly vulnerable code, and distributed by vendors with literally no security strategy. And of course, most of these devices are headless, which means we can’t add a security client or even effectively update their software or firmware. The move to cloud-based computing, storage, processing, and even infrastructure is accelerating. Naturally, this expands the potential attack surface. The weakest link in cloud security, however, is not in its architecture. It lies in the millions of remote devices accessing cloud resources. Cloud security depends on controlling who is let into the network and how much they are trusted. In this next year we expect to see attacks designed to compromise this trust model by exploiting endpoint devices, resulting in client side attacks that can effectively target and breach cloud providers. Businesses were initially slow to adopt cloud-based strategies precisely because they were concerned about the security of an environment they didn’t own or control. If the cloudbased environments and solutions they are now adopting are suddenly found to be untrustworthy, it could radically affect the current migration to the cloud and the resulting evolution of network infrastructures. 12.2016

EVENT

Safety matters Security Advisor recently gathered a collection of top CISOs from the region and beyond to the St Regis Hotel, Dubai, to host an in-depth roundtable discussion titled â&#x20AC;&#x2DC;Trusted Digital Relationshipsâ&#x20AC;&#x2122; in partnership with CA Technologies.

12.2016

www.securityadvisorme.com

A Technologies’ CTO and senior vice president, Nick Nikols, opened the proceedings by saying, “In today’s world where breaches are the norm, information is everywhere and people need access to it from anywhere.” He went on to describe how security is often considered as a secondary thought by many organisations, when it should be at the forefront of their strategic planning. Sandro Bucchianeri, group chief security officer, NBAD, was present as a guest speaker at the roundtable in order to give an end-user perspective to the discussion. He agreed with Nikols in maintaining that security is considered as a secondary thought. “Companies keep viewing security as a hindrance, rather than an enabler to ensuring you are secure,” he said. “Security is about enhancing the customers journey, and without customers, I do not have a job.” He added, “As a bank, the key for us is to accelerate the customer journey. The human race is very impatient, and everything we want has to happen now. The speed at which information can be accessed has become paramount in the delivery of services to customers. Despite them being one of our competitors, I do admire Emirates NBD and how quickly they manage to bring things to the market, particularly their fantastic digital platform.” The topic of acceleration and speed of transactions posed a common theme throughout the discussion. “People expect security to be perfect, but getting to 100 percent takes a very long time,” said Ahmed Ebrahim Al Ahmad, chief information officer, Nakheel. “I don’t www.securityadvisorme.com

assume there is bank that will compromise on security, but in other industries, I believe that risk can be indulged in slightly to speed up deliver of service.” Hariprasad Chede, CISO, National Bank of Fujairah, said, “Customers now expect transactions to be completed within one – maximum two – days. The only method to combat this is by using blockchain technology.” Bucchianeri then went on to discuss how the “whole point of blockchain” is being able to track transactions and see who sent them, but he maintains that “speed is everything.” He said, “I currently transfer money back to the UK, and it usually takes between three and five days, which is just too long. We have a current use case at NBAD with our branch in Oman and our branch in Egypt; what we’ve done with the blockchain on our side has meant that any remittance or transfer from Oman to Egypt is there in the time it takes to boil a kettle.” Blockchain is rapidly gaining traction in the Middle East region in alignment with the Smart Dubai vision to transform all government department transactions to blockchain by 2020. “How do we get there?” asked Rabih Daboussi, senior vice president, Sales, Marketing and Business Development, DarkMatter. “There is no easy answer right now, but it requires a lot of collaboration and innovation.” He added, “The issues that I’ve faced in my lifetime we continue to address with technology of the past. We need an innovative approach to how we move forward. We continue to put chains and locks around our security problems when we’re living in a world of sensors and devices.”

Tushar Vartak, head of information security, RAKBANK, said, “The most fundamental thing here is a transparent security approach, as that is how behavioural anomalies are detected. Recent attacks in phishing have not been limited to someone being able to capture your username and password; they have instead involved OTP and real-time malware. Device based authentication could be the solution to this.” The discussion then moved on to how during the orchestration process within an organisation, security was often remembered about at the end of the process due to IT staff being too focused on other aspects of the architecture. Roger Sels, CISO and vice president, IT security, DarkMatter, suggested that this could be tackled by creating standardised ‘building blocks’ in the architecture process. “But no matter how you combine the building blocks, we know that there are only certain ways to configure the blocks to suit industry standards whilst also remaining agile and secure,” he said. Bucchianeri maintained that identity-centric security was crucial in ensuring customer safety. “Identitycentric security makes my job as a CSO a whole lot easier,” he said. “If I know who you are, what it is you’re trying to access and where from, I can help. If this information is generic, I cannot help anyone as nothing can be traced back.” He added, “The most important thing for us as CSOs to understand when implementing technology is that you get what you pay for. Whilst it may be expensive, if you’re getting value and global experience from it as well as being able to protect your customer, it’s paramount.” 12.2016

Cloud and IoT Threats Predictions McAfee Labs Intel Security shares predictions about the evolution of cloud and IoT threats in 2017.

Decreased

Cloud Threats

13%

Increased greatly

Trust in the cloud will increase, leading to more sensitive data and processing in the cloud, leading to more interest in attacking the cloud.

Trust in the cloud has increased in the last 3 years No change

The cloud is growing rapidly

Increased somewhat

Attacks on the cloud are increasing

$87B 2015

129% increase Size of global public cloud market

DDoS attacks, Q2 2016 vs. Q2 2015: 129% increase in total DDoS attacks

$236B 20,000 2020

Account takeover attempts targeted more than 20,000 domains and subdomains in Q2 2016.

IoT threats IoT devices will swell in number. Most will have limited security, they will be difficult or impossible to update, and they will have access to significant systems and networks.

200B IoT device market growth

15B

devices

The IoT device market is exploding in size.

2015

devices

2020

IoT devices have limited security

70% Of IoT devices, along with their cloud and mobile application, enable an attacker to identify valid user accounts through account enumeration.

50%

70%

Through 2018, over 50% of IoT device manufacturers will not be able to address threats from weak authentication practices.

Of IoT devices use unencrypted network services.

IoT devices have access to significant systems and networks 66%

By 2018, 66% of networks will have had an IoT security breach.

620Gbps of traffic

KrebsOnSecurity was subject to a massive DDoS attack that generated 620Gbps of traffic, driven mainly by an IoT device botnet.

10%

By 2020, 10% of all attacks will target IoT systems.

Source: McAfee, Inc.

CASE STUDY

FIRST CLASS SECURITY In line with its strategic goal to bring fast and secure services to its customers Gulf Air Director of IT Dr. Jassim Haji discusses how the company revamped its wireless network infrastructure to meet growing business demands.

n the airline industry, safety and operational efficiencies are top priorities. As one of the region’s major airlines, Gulf Air also takes safety and efficient management of its network seriously. Founded in the early 1950s, the carrier is one of the oldest aviation companies in the region. In the 1970s, the government of Bahrain, the State of Qatar, the emirate of Abu Dhabi and the Sultanate of Oman purchased the majority share of the company, giving each government partial share in Gulf Air. For over five decades the company has thrived and grown its network, and in 2007 the government of Bahrain claimed full ownership of the organisation. Today, the airline flies to 41 destinations in 23 countries across Africa, Asia and Europe. As the airline continues to grows it has also been quick on the uptake when it

comes to new technology. “IT plays a vital role in Gulf Air’s operations and business strategies, and we consider it as one of the main drivers for success,” says Dr. Jassim Haji, Director of IT, Gulf Air. Over the last few years, Gulf Air has invested heavily in its IT initiatives especially on projects involving mobile and cloud technologies. “We utilise cloud technologies across various areas within the organisation, including business operations, Big Data, e-Learning, and airport connectivity,” says Dr. Haji. “We have a hybrid cloud solution that supports our internal platform as well as thirdparty applications that are instrumental in the wireless transfer of data to and from our aviation partners like IATA.” Moreover, the airline has also rolled out initiatives that have enabled them to provide services using mobile technologies. “Our strategy is centred around providing novel and agile services

We have always been proactive when it comes to our IT. That’s why, before any security incident occurs, we want to ensure that we are ready and we have best security solutions in place.”

12.2016

to our customers,” he says. “Our checkin agents make use of tablets to perform check-in activities for the passengers on-the-go. This kind of service helps to avoid space and counter limitations in airports, which expands the airport capacity, reduces waiting time and avoids flight delays. Aircraft engineers have also been provided with tablets containing technical manuals to conduct flight checks, maintenance and repair activities in the field.” To optimise their use of cloud applications and provide even better mobile services to their customers, Gulf Air initiated a project to revamp its wireless access management system. “Our network infrastructure is the backbone of our entire operation so boosting its performance and securing it is paramount for the business,” explains Dr. Haji. In January 2016, the team conducted a feasibility study where vendors were invited to propose different solutions for the new system. After an extensive selection process, Gulf Air worked alongside the chosen vendors to upgrade its wireless network while taking into consideration the airline’s current IT infrastructure and how it will be in compliance with its organisational policies and strategies. Moreover, it was also established to meet the requirements for ISO27001 and PCI DSS certifications. After six months of rigorous market research and evaluation, Gulf Air www.securityadvisorme.com

proceeded with the roll out of the solution until it was fully deployed in October this year. According to Dr Haji, the biggest bottleneck the company had in its wireless network was bandwidth and coverage. “Users in certain parts of the office, airport or hanger areas were not able to connect and perform their tasks seamlessly,” he explains. To address this, Gulf Air started off with the upgrade of its wireless solution to Cisco’s latest 802.11ac technology. “The solution from Cisco provided us with the ample bandwidth and throughput to support heavy operation applications that are used within the enterprise.” The improved connectivity also enabled Gulf Air to provide the required access across operations in its headquarters, the airport and its outstations. Apart from providing customers and employees with speedy and reliable connectivity, data security is another issue that Dr Haji and his team wanted to address through the project. “We have always been proactive when it comes to our IT. That’s why, before any security incident occurs, we want to ensure that we are ready and we have best security solutions in place,” he says. In this regard, the airline implemented solutions to secure its access points against intrusion attempts. “We have deployed mobile devices management (MDM) solutions to facilitate the services we have that are accessible via mobile devices.” The company also upgraded its Application Delivery Control from F5 Networks to accelerate web traffic and provide secured central access for Gulf Air’s outstations and relative airports. Additionally, the airline also deployed TrendMicro’s TippingPoint to filter www.securityadvisorme.com

the wireless traffic within the organisation and prevent possible attacks. “The wireless access management solution as a whole was built to establish controls to protect the transmission of sensitive information, authenticate and authorise users and block intruders,” says Dr Haji. “The upgrade has enabled us to protect all data transmitted via mobile devices.”

Because of Gulf Air’s strong relationships with Cisco, F5 and TippingPoint, Dr Haji highlights that they have not experienced any issues during the migration to the new system. “The support we received from vendors was excellent,” he says. “In addition, the implementation was carried out by welltrained and highly certified professionals within Gulf Air’s IT team.” Since the system is being utilised throughout the whole of Gulf Air’s operations, it has been customised to cater for different functions within the business. “We conducted several training sessions for the staff and other stakeholders of the company as to how they can best use the solution,” says Dr Haji. “It was definitely well-received by everyone within the organisation.” Furthermore, Dr Haji highlights that the implementation of the upgraded wireless access management system led to the further success of their Electronic Flight Bag (EFB) that was launched last year. “Traditionally, pilots would have to bring along a big stack of documents that includes flight plans, security checklists, flying hours reports and so on. This is mandated by the Civil Aviation Authority and International Civil Aviation Organisation (ICAO),” he explains. “We have managed to digitise this data and have provided our pilots with a tablet containing all of these documents. With the improved wireless access management system, accessing the EFB is now better and more secure than ever.” The system was built using Gulf Air’s hybrid cloud. Dr Haji says that the service has been provisioned over the Internet as a Platform-as-aService, and a few projects are already underway to further leverage its huge potential. 12.2016

EVENT

INSIDE A SECURITY OPERATIONS CENTRE

Cisco’s Security Operations Centre in Krakow is on the front line in the against security breaches. Security Advisor Middle East toured the facility for an overview how the services work and an insider look at some of the latest threats.

he Cisco Security Operations Center (SOC) in Krakow provides a broad range of managed security services for organisations operating on a global and regional scale in vertical markets such as finance, insurance, retail, healthcare, education and consulting. These services range from security device monitoring 16

12.2016

and management to comprehensive threat analytics and hosted security. The SOC in Krakow is one of three Security Operations Centres worldwide. The other two are located in the United States and Japan. This structure enables Cisco to provide a 24x7 service for customers, regardless of their time zone in a ‘follow the sun’ model. This means that as one SOC comes to the end of its working day, another SOC comes

online to provide customers an uninterrupted service. “The role of the SOC is to enable our customers to address cyber threats. The Krakow SOC operates the Cisco Active Threat Analytics (ATA) managed security service. It rapidly detects and responds to security threats by analysing customer network traffic, evaluating security telemetry and overlaying global intelligence received from Cisco’s Talos Security www.securityadvisorme.com

Intelligence and Research Group,” said Adam Philpott, Director of EMEAR, Cyber Security, Cisco. The SOC engineers provide both expert cyber threat monitoring and remote operations for security devices. Most organisations do not have the methodology or budgets needed to build, staff, and maintain sophisticated threat-monitoring and defense capabilities. This is where services like the ones offered by Cisco SOC come into play. The Cisco ATA service is also a ‘threat hunting’ service. It uses the network as a sensor to hunt down threats. It is constantly analysing what is happening on the network to spot anomalies. For example, if a server suddenly becomes four times more active than usual it could be a cybercriminal stealing data. THE CHALLENGE OF FALSE POSITIVES Cybercriminals find safety in numbers. In other words the more they can create things that could represent a threat, the harder they make it to find the threats that will do the real damage. To put this challenge in perspective, Cisco says the average large enterprise will experience 70,000 security events per week. Each of these needs to be checked out by a human being to decide if it resulted in a genuine breach. Some of these events are called False Positives because they don’t constitute a real threat. One Cisco customer for example, produced 5,000,000 security events in a year but these only resulted in 500 confirmed breaches. The cost to an organisation of checking False Positives can be significant. The Ponemon Institute estimates that this costs on average $1.3 million per annum in time lost. By combining the threat intelligence www.securityadvisorme.com

Cybersecurity has now become a boardroom concern, and lack of security hinders the innovation potential of digitisation. Organisations all over the world see digital transformation as a route to future success. - Adam Philpott, Director of EMEAR Cyber Security, Cisco

from Talos with advanced network analytics, it becomes much easier for Cisco experts to distinguish a breach from a false positive. Philpott says cybersecurity has now become a boardroom concern, and lack of security hinders the innovation potential of digitisation. “Organisations all over the world see digital transformation as a route to future success. However, according to a Cisco study, 71% of senior executives say cybersecurity risks and threats are hindering innovation in their organisation.” The multiple trends that contribute to the barriers to innovation include highly motivated and organised cybercriminals, and an explosion in the size of the threat landscape ensuring from technology trends such as IoT, mobility and the cloud. Philpott says point products for every point of weakness, from an increasing number of vendors, is also creating a complex security environment that is harder and more costly to manage and more prone to produce points of weakness. Because of all the issues that limit the ability to enable digital

transformation securely, Cisco believes it is time to adopt a new, holistic model for cybersecurity. Cisco’s goal is to create a ‘selfdefending’ network that operates on the basis of a ‘see it once and protect it everywhere’ model. Cisco says its unique value is its visibility in the network on a global scale and its ability to tie it all together – people, process, data and technology. The extended network connects everything and is the only place that can see everything, including networks, data centres, virtual environments, the cloud, mobile devices and endpoints. “If you can see everything then you have a chance of securing it. You cannot defend against that which you cannot see. The network is the only place that provides the visibility for leaders to take security, data protection and privacy decisions in the context of the needs of their core business. As a result, it is fair to say that the network is critical in providing a holistic response to cyber threats. It is also fair to say that Cisco – as the world’s largest networking company – has the best visibility of the threat landscape,” says Philpott. 12.2016

INTERVIEW

SECURITY AT THE FOREFRONT On the sidelines of the recently held RSA Conference in Abu Dhabi, Amit Yoran, President of RSA, spoke to Security Advisor ME about the evolving threat landscape and what enterprises should be doing to protect themselves against the tidal wave of security challenges. s security now boardroom level discussion? It is definitely the trend now. Boards of directors are getting briefs directly from CISOs and chief risk officers as to what is happening from a security strategy perspective. One of the questions we get frequently from CISOs is how they prepare for boardroom presentations and what are the sort of metrics they should use to guide the conversation with corporate leadership.

You have been talking about businessdriven security. Is that different from IT security? It is IT security, but what seems to be resonating with lots of folks in the market is that it is not just about IT security anymore. You have to guide the security conversation in a business context. If you go to a meeting with your board of directors you can’t start talking about specific exploits; what they want to know is the business impact of what is happening in the security environment, and what matters most to the business. Recently, you remarked that now we should plan to fail and minimise the impact. Does that mean the industry has failed to keep the bad guys out? I do think the industry has failed. When you look at the data, organisations are spending millions of dollars on security and hiring technical expertise, and yet 18

12.2016

they are getting compromised on a regular and consistent basis. Then you have a state of market failure. What we are trying to do is to help organisations evolve their thinking – you can’t protect everything all times so prioritise the things that matter most and minimise the business impact of breaches. The market failure is when organisations have been compromised for months or years, but failed to detect and respond to breaches. Is it possible to reduce the time to detect down to days or hours? One of the key points in the conversation around the time to detect is knowing your network and environment. You have to know what are the devices, technologies and architectures in your environment, and how they should be behaving. If you are able to understand your environment and have the right kind of visibility, you have much faster time to detection and remediation. We see that in our own customers – ones that know their environment are much more successful in detection and respond to incidents in minutes or hours. Do you think behavioural analytics will be a big component of security? There is a complete revolution going on this space. The traditional network behaviour analytics tools can’t work in today’s environment as they are mostly about TCP or port monitoring. What we are driving is a forensic level of visibility with analytics; knowing what exactly is happening in

not just the network layer, but user and application layer levels as well. How do you address the issue of false positives? It is a key problem. If you are a user getting thousands of alerts every single day, it becomes difficult to pinpoint what matters most. However, there are a couple of areas where we are seeing improvements in the battle against false positives. If you are just looking at network exploits or signature based attacks, you are going to see a high volume of false positives. The more tightly you can define your environment, and what you should or should not be seeing, the more you can drastically dial back on false positives. Another way to address this issue is to know what matters most. If you have so many things creating alarms and triggers, you have to figure out a way to minimise it. But from the resulting number of needles, how do you know which one to investigate first? The answer is, the one matters most to your organisation. Identity is the new attack vector now. Can existing security architectures address this attack surface? It is absolutely critical. In many advanced breaches, be it zero-day malware or phishing, in what we call the cyber kill chain in almost every case identity has been abused to access information. The security systems that still rely on username and password are broken by design. End of story. One of the areas where RSA is able to leverage our www.securityadvisorme.com

experience in multi-factor authentication is evolving our solutions offerings to be much more flexible in the new compute paradigm. It is no longer about just secure ID token where pin changes constantly. Now, we are offering the mobile phone based authentication, facial recognition, touch ID, among others. We are letting users choose the authentication method to gain access to systems they need access to. Now, behavioural-based continuous authentication is also becoming a big thing, where the system can tell the difference between typical behaviour and fraudulent behaviour. For high risk activities, they will make you step up and re-authenticate. This is not the future, we are doing this now for almost 400 million consumer online accounts where we are doing transaction monitoring based on the behavior profile of users. CISOs face the problem of product silos. Is it a good idea for enterprises to reduce the number of supplies they are working with? This is a key challenge area. We believe we are going to see a move towards integrated security suite type of solutions. Having said that, no customer is ever going to say they want only single-vendor solutions. What used to be the strength of best-of-breed vendor approach â&#x20AC;&#x201C; being laser focused on one area of security â&#x20AC;&#x201C; is evolving to a competitive disadvantage. When you look at advanced threats, it might come in through network exploits, malware, abusive identity, and if your security product is only looking at sandboxing malware you might see one attack vector, but not the whole attack campaign. So, the trend is leaning towards increased capabilities and having a much broader, and pervasive view of security that vendors like RSA can bring to the table than point solution vendors.

www.securityadvisorme.com

12.2016

EVENT

TOGETHER IS POWER Adelle Geronimo reports from FOCUS 16 in Las Vegas, where Intel Security shared insights on the evolving cybersecurity landscape in the digital economy, and announced new innovations and strategies for the coming year.

ntel Security brought together 3,500 security experts from around the globe to the Aria Resort and Casino in Las Vegas last month for its annual FOCUS conference. Chris Young, Senior Vice President and GM, Intel Security Group, kicked off the summit by highlighting that no longer is our current economy a physical one, but one of connected networks and systems where cybercriminals have put us on the defensive. “This new second economy has put us in a world where more than money is at stake and where private and public sectors are fighting against time and working to justify trust,” he said. He added that cybercriminals today are forcing cybersecurity companies 20

12.2016

to redraft the rules of engagement for defending the civilised world. “To effectively counteract them, we have to abandon old security playbooks to become more unpredictable and collaborative and make cyber defence a priority. Our strategic charter is simple, yet disruptive: integrate, automate and orchestrate the threat defence lifecycle to drive better security outcomes – ultimately reducing more risk, faster and with fewer resources.” The 2016 edition saw big announcements made by the cybersecurity company. First among which is its enhanced unified defence architecture designed to enable organisations with effective security in the s new digital economy. Built upon an open ecosystem that leverages a proven integration programme, Intel Security underlined

that its unified defence architecture is enabled by four protection systems – Dynamic Endpoint, Pervasive Data Protection, Data Center and Cloud Defense, and Intelligent Security Operations – that are intelligently integrated to multiply effectiveness. The second big reveal at the event is the new McAfee brand logo as its separation from Intel draws near. The company also announced the new tagline of the company – ‘Together is Power,’ when the transition is finalised in Q2 2017. According to Young, the move to become an independent company is part of its objective to become “largest pure-play cybersecurity company” in the world. “More than that, we aim to not only be the largest cybersecurity company in the world, we also promise not to rest until we are the best player www.securityadvisorme.com

in this space. The reason being over the last few years many of you have pushed us to do better and enable you with more capabilities to solver today’s cybersecurity challenges,” said Young. Intel acquired McAfee in 2011 for $7.7 billion to build security features directly into its silicon products. The soon-to-be McAfee CEO also underlined that the move is driven by three key reasons – focus, innovation and accelerated growth. “Firstly, we want to be 100 percent focused on cybersecurity at a company level. Everything we will do from then will be targeted at helping our customers solve their cybersecurity challenges,” explained Young. “Secondly, just like our company’s focus our innovations will be centred on cybersecurity as well. Lastly, our industry is moving faster than any www.securityadvisorme.com

other sub-segment of IT and so we have to grow more quickly than any other players in this space.” As a standalone organisation, Young noted that the company will have around 7,500 employees globally with $2 billion in revenue. “Moreover, as we take the name McAfee for the new company we’re looking forward to the future, and we’re not looking back. However, what won’t change with the ‘new McAfee,’ is our commitment to our strategies, products and partners.” Another key announcement made at the event is its OpenDXL initiative. Intel Security two years ago introduced McAfee DXL, a technology designed to enable instant communication between disparate security technologies from multiple vendors. Now, through an open source strategy and the beta release of a new software development

kit (SDK) for DXL, the platform is open and accessible to “white hats” from both organisations and technology providers. “Through the OpenDXL security leaders will gain the ability to attach to a shared real-time communication fabric and exchange security intelligence as well as collaborate to create strategies for the optimal execution of the threat defence lifecycle,” said Young. Further into the event, Young also highlighted that Intel Security, over the last year, has invested over $500 million in research and development. The company had also expanded its workforce and on-boarded more engineers and product managers. In addition, the firm also announced that it increased its investments in user experience and developed 18 new products and integrations. 12.2016

OPINION

BAD (INTERNET OF)

THINGS BY SANJAY SARMA AND JOSH SIEGEL, COMPUTERWORLD

Having seen first-hand the damage that can be caused by malicious IoT devices during the Dyn attack in October, organisations must now consider what can be done to keep these clever things from causing harm.

he Internet of things is a wondrous vision. Over the last few years, we have invited clever little IoT pixies into our homes, offices, factories and institutions. They watch out for us, perform 22

12.2016

services for us and generally impact our lives in good ways. But these clever things are not necessarily intelligent things. Just like young children, they need to be taught not to talk to strangers and not to believe everything they hear. They must learn to

understand the context of the world around them to know right from wrong. If we overload them with functionality, leave them too open or let them come in with malicious ideas latent under cute exteriors, they will do things you donâ&#x20AC;&#x2122;t want them to do. The consequences can be disastrous. www.securityadvisorme.com

In October, we saw first-hand the impact of giving some of these things a bit too much trust and responsibility. A switch in our IoT pixies’ subconscious flipped, and suddenly our favoured webcams and video recorders turned into an army intent on sending millions of simultaneous requests for information to a single Internet infrastructure company, Dyn. Dyn hosts the Domain Name System (DNS), and these devices were unknowingly executing a distributed denial-of-service (DDoS) attack. Because Dyn was flooded with incoming connections, it couldn’t tell legitimate requests from those created by the ad hoc army. Across the U.S., large swaths of the internet became unreachable. The attack on Dyn demonstrated a known vulnerability in the internet’s DNS system, but the more pressing issue it highlighted was that we exist in a world filled with insecure devices. The reality is, that webcam you bought last week may be ready to flip into attack mode upon receiving a few carefully curated bytes from the right sender. A week earlier, Johnson & Johnson had announced that its insulin devices were hackable. The list of digital vulnerabilities lurking within our homes, vehicles and factories goes on. So what can we take away from this situation? Here are our recommendations:

WATCH OUT FOR UNINTENDED CONSEQUENCES: The allure of enhanced convenience services is great, but so too is the potential for trouble. Linking an Amazon Echo to a smart door lock may seem like a good idea, but a burglar could shout from the window to unlock the door. As IoT enables new modalities for device and service interaction, remain vigilant and anticipate how unexpected use cases can undermine your goals. www.securityadvisorme.com

The attack on Dyn demonstrated a known vulnerability in the internet’s DNS system, but the more pressing issue it highlighted was that we exist in a world filled with insecure devices.

LET CLOUD THINGS HELP: As we noted, cleverness and intelligence are not the same thing. We can make clever devices intelligent by giving them big brothers and sisters in the cloud. These digital big siblings are worldlier, aware of more context information, savvier about desirable and undesirable interactions and better able to defend themselves. If we treat these big siblings as proxies for our pixies and communicate with them exclusively, we can take some of the vulnerabilities out of the equation. This is the same as the idea of digital twins, where a cloud “avatar” has more intelligence to complete advanced actions, like interfacing with other devices, while local devices limit their actions to the very minimum.

BUILD IN WATCHDOGS: While our IoT pixies may not have fully developed thinking, their big siblings do. These siblings can learn models for how the world normally behaves and how certain systems respond to input. This awareness lends itself to the creation of a “cognitive supervisor” capable of supervising the pixie, identifying when something isn’t quite right and notifying an adult. If a big brother notices his sister looks sick, he tells his parents. We need this same sort of human in the loop alerting and validation for IoT. Similarly, the big sibling may use its understanding of the pixie to evaluate

inputs prior to execution, creating a “cognitive firewall” of sorts. If a big sister knows her little brother will start bouncing off the walls after eating sugar, she may prevent him from eating a kingsize candy bar. Our digital siblings must be able to similarly prevent our IoT pixies from receiving bad data or malicious requests. Turn on a connected microwave for 100 minutes? No way.

BEWARE TROJAN HORSES: Consumers and industry must learn to preferentially select hardware and software from trusted vendors. Over time, the nascent field of security standardisation and certification for IoT device security will develop more fully. Consumers should exclusively use devices possessing stringent certifications and take care to address existing weak points where possible (e.g., by changing a device’s default password). While the attack on Dyn was scary, ultimately good will come from it. Heightened consumer awareness of system limitations, newly vigilant developers and novel architectures will help the IoT thrive. The resulting betterdesigned systems taking security, data privacy and ownership, interoperability, and resilience into account will ensure a bright future for all connected devices and services, so people can continue to reap the benefits from allowing good things into our lives. 12.2016

INTERVIEW

PROTECTION PATHWAYS On his recent visit to Dubai as part of Infoblox’s ‘Security and Cloud Road Tour, Craig Sanderson, Senior Director of Product Management, reflected on the ongoing security challenges faced by organisations globally.

hat do you think are the biggest challenges that organisations face when it comes to network security? We believe that one of the biggest challenges going forward will be around securing your DNS infrastructure. DNS has almost been the security industry’s dirty little secret; everyone knew it was vulnerable, as per the recent attack on the Dyn infrastructure. If I take out your DNS infrastructure, I take out your entire network; your website, your ability to communicate internally – it all goes away. It’s such a fundamental service, I think of it as the ‘life-blood’ of your network. Unfortunately, a lot of customers are ill-prepared when it comes to thinking about securing their infrastructure, and tend to rely on traditional security appliances without thinking holistically. However, I appreciate that there are so many operational challenges that actually taking a holistic approach to your security architecture is becoming increasingly difficult. 24

12.2016

How can Infoblox enable organisations to protect themselves from the rising flood of malware and cyberattacks that target networks? A Cisco report showed that 91 percent of malware relies on DNS. Before any of your existing security platforms see this malicious malware, the first box that will see it is probably your DNS server. By combining threat intelligence with the list of domains and IP addresses that we know are associated with malware, we can essentially block or redirect the attempt to connect with this infection. If a device does become infected, what tends to happen is further malware is then downloaded when a client connects to an infected site – but if we know that particular site is dangerous, we can block it. As the threat landscape continues to grow, how prevalent are DNS attacks in the market? What specific solutions do you have in place to combat these? Multiple reports are out there that recognise DNS as the most common attack vector. Our DNS-Firewall-as-

a-Service solution gives a unique visibility into what malware is doing. Malware uses DNS at every stage. I can turn a box that is just doing DNS into a visibility point, but that only works for devices that are working on premise. But what happens when I pick up my laptop and I’m not on the Infoblox network? A cloud DNSfirewall service – which we are planning to launch in early 2017 – will allow us to extend that protection. How has acquiring IID earlier this year impacted on the services Infoblox provides for its customers? It now means that we natively own threat intelligence that allows customers to be aware of the latest threats. We now own that in house. Previously, we bought that from someone else. The real value of IID is that it provides us with a threat intelligence platform; there isn’t one threat intelligence feed that will give you visibility of absolutely everything. Through the acquisition of IID, we have a platform to source multiple threat intelligence feeds. We also www.securityadvisorme.com

have a threat intelligence tool which helps customers understand what type of threat they’re actually dealing with. If they’ve been compromised, who’s after them? I spoke to one customer who said it had taken them 60 minutes to gather all of the information he needed to understand one incident; our platform can make your threat intelligence analyst three times more effective than he was previously as it reduces this process to 20 minutes. What we’re finding is that customers are getting quicker protection, and easier deployment of these threat intelligence services on our platform rather than on traditional security appliances. What advice would you give to CISOs in the region that seem to focus their security strategies around network perimeter? Can you discuss how perimeter defence has evolved over the last few years? If you just look at the nature of network architecture today and the way applications are deployed, the traditional network perimeter is long gone. There needs to be a shift in attitude from trying to defend that perimeter to understanding that we just need to have visibility to see what is going on across the entire architecture. DNS is a ubiquitous, visibility enforcement platform, which suggests that you don’t necessarily have to focus all of your efforts on traditional security appliances. It is a fundamental infrastructure; so why don’t you focus on turning that into an asset? That common denominator of fully understanding DNS is going to be the first step in our customer’s journey to realise that the bad guys are everywhere, even on the inside. www.securityadvisorme.com

12.2016

OPINION

10 SECURITY

PREDICTIONS FOR 2017 By Mohammed Al-Moneer, Regional Director, MENA, A10 Networks

he cyber landscape changes dramatically year after year. If you blink, you may miss something; whether that’s a noteworthy hack, a new attack vector or new solutions to protect your business. Sound cyber security means trying to stay one step ahead of threat actors. In the spirit of looking toward the future, I wanted to grab my crystal ball and take my best guess at what will be the big story lines in cyber security in 2017. 26

12.2016

IoT continues to pose a major threat. In late 2016, all eyes were on IoT-borne attacks. Threat actors were using Internet of Things devices to build botnets to launch massive distrubted denial of service (DDoS) attacks. In two instances, these botnets collected unsecured “smart” cameras. As IoT devices proliferate, and everything has a Web connection — refrigerators, medical devices, cameras, cars, tires, you name it — this problem will continue to grow unless proper precautions like twofactor authentication, strong password protection and others are taken.

Device manufactures must also change behaviour. They must scrap default passwords and either assign unique credentials to each device or apply modern password configuration techinques for the end user during setup.

DDoS attacks get even bigger. We recently saw some of the largest DDoS attacks on record, in some instances topping 1 Tbps. That’s absolutely massive, and it shows no sign of slowing. Through 2015, the largest attacks on record were in the 65 Gbps range. www.securityadvisorme.com

Going into 2017, we can expect to see DDoS attacks grow in size, further fueling the need for solutions tailored to protect against and mitigate these colossal attacks.

Predictive analytics gains ground. Math, machine learning and artificial intelligence will be baked more into security solutions. Security solutions will learn from the past, and essentially predict attack vectors and behvior based on that historical data. This means security solutions will be able to more accurately and intelligently identify and predict attacks by using event data and marrying it to real-world attacks.

Attack attempts on industrial control systems. Similar to the IoT attacks, it’s only due time until we see major industrial control system (ICS) attacks. Attacks on ecommerce stores, social media platforms and others have become so commonplace that we’ve almost grown cold to them. Bad guys will move onto bigger targets: dams, water treatment facilities and other critical systems to gain recognition.

Upstream providers become targets. The DDoS attack launched against DNS provider Dyn, which resulted in knocking out many major sites that use Dyn for DNS services, made headlines because it highlighted what can happen when threat actors target a service provider as opposed to just the end customers. These types of attacks on upstream providers causes a ripple effect that interrupts service not only for the provider, but all of their www.securityadvisorme.com

customers and users. The attack on Dyn set a dangerous presedent and will likely be emulated several times over in the coming year.

Physical security grows in importance. Cyber security is just one part of the puzzle. Strong physical security is also necessary. In 2017, companies will take notice, and will implement stronger physical security measures and policies to protect against internal threats and theft and unwanted devices coming in and infecting systems.

Automobiles become a target. With autonomous vehicles on the way and the massive success of sophisticated electric cars like Teslas, the automobile industry will become a much more attractive target for attackers. Taking control of an automobile isn’t fantasy, and it could be a real threat next year.

Point solutions no longer do the job. The days of Frankensteining together a set of security solutions has to stop. Instead of buying a single solution for each issue, businesses must trust security solutions from best-of-breed vendors and partnerships that answer a number of security needs. Why have 12 solutions when you can have three? In 2017, your security footprint will get smaller, but will be much more powerful.

The threat of ransomware grows. Ransomware was one of the fastest growing online threats in 2016, and it will become more serious and

Mohammed Al-Moneer, Regional Director, MENA at A10 Networks

more frequent in 2017. We’ve seen businesses and individuals pay thousands of dollars to free their data from the grip of threat actors. The growth of ransomware means we must be more diligent to protect against it by not clicking on anything suspicious. Remember: if it sounds too good to be true, it probably is.

Security teams are 24/7. The days of security teams working 9-to-5 are long gone. Now is the dawn of the 24/7 security team. As more security solutions become services-based, consumers and businesses will demand the security teams and their vendors be available around the clock. While monitoring tools do some of the work, threats don’t stop just because it’s midnight, and security teams need to be ready to do battle all day, every day. Those are 10 things we see happening in the cyber security space next year. 12.2016

OPINION

PREMIUM SECURITY By Jeff Erramouspe, GM and VP, Spanning by Dell EMC

12.2016

www.securityadvisorme.com

ith cybersecurity threats on the rise, companies are increasingly taking advantage of cybersecurity insurance. And while cyber insurance can be worth it, it’ll cost you. Last year, US insurers earned $1 billion in cyber premiums. You can minimise your premiums by showing your insurance company you’re actively mitigating cyber risks, which is a winwin: lower your risk and secure a more cost-effective insurance plan. Purchasing cyber insurance for the first time can be intimidating because every insurance vendor has unique offerings, but here are two best practices on how to approach cyber insurance to ensure it’s a good fit and cost-effective for your company: DO YOUR HOMEWORK- Determine what aspects of the cyber security framework are most important to your organisation, what your organisation/team will be responsible for, and what makes sense for your organisation to outsource to a cyber security insurance provider. IF YOU DON’T ASK, YOU’LL NEVER RECEIVE- Ask your prospective cyber security insurance providers what discounts are available to lower your premiums. Many providers will offer discounts if you can prove you have proper threat prevention, data security and data protection in place to lower your risk of, and time to recover from, a breach or other cybersecurity attack. Here are a few to ask about: • Are discounts available if we are using specific trusted services for business applications? • Are discounts available if we meet standards related to data security and protection? • Are discounts available if we have third party certification of our security processes and protocols? www.securityadvisorme.com

If your cyber insurance vendors do offer incentives or discounts for companies who meet high data security and protection standards, they will likely focus on specific processes and controls. Here are five best practices that are most effective in reducing cyber risk: BUILD A RISK-AWARE CULTURE Step one is accepting that every single employees is a risk due to actions such as opening a suspect email attachment, using an infected flash drive or failing to install a security patch on their laptop. Invest resources and time in educating your employees about cyber risks and the measures they can take to protect themselves and the company. DEFEND THE WORKPLACE- Ensure all devices connected to a network - from a laptop to a printer to a smart TV - are up to date with the latest security software and patch updates and follow all cyber security management and policy enforcement. REGULARLY BACK UP ALL YOUR DATA- Whether your data is onpremise or in the cloud, protect it with a backup and recovery solution to ensure timely restoration that meets or exceeds the expectations of your business. Today, companies are turning to cloud applications like G Suite, Salesforce and Office 365 in accelerating numbers, yet many are still unaware that SaaS providers are focused on ensuring they can recover data lost due to an issue on the service’s end—the providers are not in a position to recover data that was accidentally deleted via user error or maliciously deleted or locked via ransomware, hacking, malware, etc. Prevent data loss and downtime with automated SaaS data backup systems that deliver point-in-time restore.

Jeff Erramouspe, Dell EMC

SECURITY BY DESIGN- One of the biggest vulnerabilities in information systems - and wastes of money comes from implementing services first and adding security as an afterthought. Build security into your IT initiatives from the beginning and maintain regular tests to track conformance and compliance. CONTROL NETWORK ACCESS Companies that channel registered data through monitored access points will have a far easier time spotting and isolating malware. Ensure you have procedures in place to manage the access and permissions of your employees. If an employee leaves, you must have the control to revoke any access they have to company, client and vendor information. Taking these proactive steps will not only lower your cyber insurance premiums, but also improve your company’s cyber security position. Protection against today’s cyber threats is a team effort so make practicing good cyber health a priority for the entire company. While there’s no one way to achieve absolute security, there’s a lot you can do to safeguard against attacks, ensure timely identification, be ready to quickly recover, and ultimately keep the attacks from crippling your business if they do occur. 12.2016

OPINION

ACCOUNTABILITY TAKES THE STAGE With the growth and pervasiveness of online devices and digital tools, we reached a critical tipping point in 2016. The need for accountability at multiple levels is urgent and real and affects us all. If something isn’t done, there is a real risk of disrupting the emerging Digital Economy, writes Alain Penel, Regional VP-Middle East, Fortinet.

he rise of the digital economy is not just changing how organisations conduct business. The effects of this “fourth industrial revolution” are much more pervasive, and the speed of change is unprecedented beyond anything that has come before it. Slamming the brakes on a global economy in such a transition could be devastating. Vendors, governments, and consumers driving this change need to step up and be accountable for making sure that doesn’t happen. Cybersecurity is a strategic decision in all of these scenarios. It won’t be easy. 1. From smart to smarter: automated and human-like attacks will demand more intelligent defense Most malware is dumb. Sure, it might have evasion techniques built into it, and be good at hiding in the noise of a device or the network. But it is only programmed with a specific objective or set of objectives. A hacker simply points it at a target, and it either accomplishes its task or it doesn’t. Cybercriminals compensate for the binary nature of such malware in two ways; either through the timeintensive management of multiple tools 30

12.2016

to guide an attack to a specific target, or through volume. This is about to change. Threats are getting smarter and are increasingly able to operate autonomously. In the coming year we expect to see malware designed with adaptive, success-based learning to improve the success and efficacy of attacks. This new generation of malware will be situation-aware, meaning that it will understand the environment it is in and make calculated decisions about what to do next. In many ways, it will begin to behave like a human attacker: performing reconnaissance, identifying targets, choosing methods of attack, and intelligently evading detection. We will also see the growth of cross-platform autonomous malware designed to operate on and between a variety of mobile devices. Autonomous malware, including transformers, that are designed to proactively spread between platforms can have a devastating effect on our increasing reliance on connected devices to automate and perform everyday tasks. It will require highly integrated and intelligent security technologies that can see across platforms, correlate threat intelligence, and automatically synchronise a coordinated response.

2. IoT manufacturers will be held accountable for security breaches Increasing attacks targeting IoT devices is probably the safest prediction for 2017. With over 20 billion IoT devices online by 2020, versus one billion PCs, the math is pretty easy. Most of these IoT devices are headless, which means we can’t add a security client or even effectively update their software or firmware. We predict that attacks targeting IoT devices will become more sophisticated, and be designed to exploit the weaknesses in the IoT communications and data gathering chain. 3. 20 billion IoT and endpoint devices are the weakest link for attacking the cloud The move to cloud-based computing, storage, processing, and even infrastructure is accelerating. Naturally, this expands the potential attack surface. Most cloud providers have responded by designing their networks with Layer 2 and 3 security technologies to segment the cloud between tenants, control access, and protect the cloud providers’ internal network from their public offering. More sophisticated security tools, like Next Gen Firewalls and IPS solutions, can be added and paid for by the tenant. The weakest link in cloud security, however, is not in its architecture. It lies in the millions of remote devices accessing www.securityadvisorme.com

cloud resources. In this next year we expect to see attacks designed to compromise this trust model by exploiting endpoint devices, resulting in client side attacks that can effectively target and breach cloud providers. The cloud is also being used to provide ubiquitous access to applications, resources, and services. Using this same client-side exploit, we expect to see the injection of malware into cloud-based offerings by compromised endpoint clients, a process known as cloud poisoning. Businesses were initially slow to adopt cloud-based strategies precisely because they were concerned about the security of an environment they didn’t own or control. If the cloud-based environments and solutions they are now adopting are suddenly found to be untrustworthy, it could radically affect the current migration to the cloud and the resulting evolution of network infrastructures. 4. Attackers will begin to turn up the heat in smart cities We are seeing a move towards smart cities in order to drive sustainable economic development, better manage natural resources, and improve the quality of life for citizens. The interconnectedness of critical infrastructure, emergency services, traffic control, IoT devices (such as self-driving cars), and even things like voting, paying bills, and the delivery of goods and services will create unprecedented efficiencies in urban and even suburban environments. The potential attack surface in such an environment is massive. The potential for massive civil disruption should any of these integrated systems be compromised is high, and are likely to be a high-value target for cybercriminals, cybervandals and politically motivated hacktivists. We predict that as building automation and building management systems continue to grow over the next year that they will be targeted by hackers. We have already seen the compromise of the data of a large US retailer through the exploitation of its IP-enabled HVAC system. Like with the IoT DDoS attacks, these exploits will likely be blunt instrument attacks at first, such as simply shutting down a building’s systems. www.securityadvisorme.com

The need for accountability at multiple levels is urgent and real and affects us all. If something isn’t done, there is a real risk of disrupting the emerging Digital Economy. - Alain Penel, Regional VP-Middle East, Fortinet

But the potential for holding a building for ransom by locking the doors, shutting off elevators, rerouting traffic, or simply turning on the alarm system is significant. Once this happens, taking control of centralised systems deployed across a smart city is not too far over the horizon. 5. Ransomware was just the gateway malware Holding high value assets hostage in exchange for some sort of payment is not new. Ransomware attacks have been in the news for the past couple of years, and no one expects them to go away any time soon. But the growth of ransomware-asa-service (RaaS) in 2016 - where potential criminals with virtually no training or skills can simply download tools and point them at a victim, in exchange for sharing a percentage of the profits with the developers – means this high-value attack method is going to increase dramatically. According to some experts, the total cost of ransomware for 2016 is expected to top one billion dollars, and is expected to grow exponentially in 2017. 6. Technology will have to close the gap on the critical cyber skills shortage The current shortage of skilled cybersecurity professionals means that many organisations looking to participate in the digital economy will do so at great risk. They simply do not have the experience or training necessary to develop a security policy, protect critical assets that now move

freely between network environments, or identify and respond to today’s more sophisticated attacks. For many, their first response will be to buy traditional security tools, such as a firewall or IPS device. But tuning, integrating, managing, and analysing these devices requires specialised training and resources. And increasingly, such tools are inadequate for securing highly dynamic and widely distributed networks. We predict that savvy organisations will instead turn to security consulting services that can guide them through the labyrinth of security, or to managed security services providers, like MSSPs, who can provide a turnkey security solution, or they will simply move the bulk of their infrastructure to the cloud where they can simply add security services with a few clicks of a mouse. Final word Security vendors will need to respond to these changes and rethink their traditional, siloed approach to developing security tools. The historical goal has been to build a fortress against an invisible enemy. But with highly fluid, multi-platform networks, that approach needs to change. Today’s security needs to START with visibility, and then dynamically build an integrated and adaptable security framework around that intelligence. Vendors that cannot adapt to the scope and scale of the borderless digital economy, and the evolving requirements of today’s digital businesses, will fail. 12.2016

OPINION

big challenges facing the security industry in 2017

Raj Samani, Chief Technology Officer, EMEA, Intel Security.

ttacks and defenses adapt and evolve in a continuing dance. As a new technique is developed, its effectiveness increases rapidly until it is ready for deployment. Once deployed, broad exposure to real-world scenarios, feedback to the development team, and inclusion in other defenses further improves its effectiveness. The enhancement continues until it reaches a level of effectiveness that prompts adversaries to respond. At this stage, attackers experiment and discover ways to evade this type of defense and develop countermeasures to reduce its value. The security industry’s challenge is to improve the lifecycle of threat defense effectiveness, something that requires foundational research, new classes of products, heavy development time and effort, and a sustained focus, often by multiple industry participants working together.

REDUCE ASYMMETRY OF INFORMATION Adversaries have more information about our defenses than we have about their attacks, and this asymmetry 32

12.2016

significantly influences the threat defense effectiveness curve. Preventing attackers from testing against us is very difficult and possibly unsolvable. However, sharing information about attacks more broadly is one of the critical initial steps that we can take to address this asymmetry. When we share and combine information about attacks, we better understand what the attackers are doing to find weaknesses in our algorithms. That allows us to more quickly adapt and improve defenses.

MAKE ATTACKS MORE EXPENSIVE OR LESS PROFITABLE Money is the primary motivation of most cyberattacks. If we can change the economics of the attack process, reduce the success rate of attacks, and make capture more likely, then we can make targets less interesting.

Analysing law enforcement data, we find that investigation and prosecution of cybercrime is inversely related to the severity of the crime. With physical crimes, prosecution is oriented toward the most serious crimes. With cybercrime, high-level attacks are more difficult to investigate and prosecute because they often cross multiple jurisdictions, and often more skills and resources are required to help them evade detection and prosecution. One potential response to this is to deceive attackers and increase their time spent on a given attack, making them easier to trace, identify, capture, and prosecute.

IMPROVE VISIBILITY Security operations within companies and security vendors are shifting their focus from IT assets to data assets and from “pseudo-absolute” www.securityadvisorme.com

defensive coverage to informed risk management. We have tools that can identify and classify data, monitor its usage, apply appropriate policies, or block movement if necessary. With these tools, organisations can more effectively quantify their risk profile, identify critical gaps, and appropriately focus resources. Good organizations compare basic statistics to the previous month, much like accounting. Better organisations work to build regional, national, and industry benchmarks for comparison, like investors. However, many common security metrics are not very actionable. There is much more to be done to be able to act, in near real time, on threatening activities seen in the protected environment.

IDENTIFY EXPLOITATION OF LEGITIMACY Telling the difference between when a legitimate tool is used for a legitimate purpose versus a suspicious activity is very difficult. The only approach we have now is behavioral analytics, which is in its cybersecurity infancy. It is a good start, but we also need to move toward a model that conducts legitimacy tests for every transaction, not just for files and credentials. We need to analyze actions and data movement and try to determine intent, whether from an external actor or an unauthorised insider. This step requires knowing a lot more about the context of the activity. One controversial possibility is the development of user reputation and predictive analytics. The concept is to assess the probability of a given account being breached, stolen, or used for unauthorised insider activity. By collecting user behaviour in context, from the tendency to reuse passwords on different systems to the job description and typical working hours, we can compare each action to a set of expected legitimate activities and flag those that are outside a given level of risk. This is www.securityadvisorme.com

a sensitive area. We will have significant privacy, ethics, and legal issues to address before this technique enters the mainstream.

PROTECT DECENTRALISED DATA Data is moving around outside of the corporate perimeter, making it much more vulnerable to unintentional leaks and targeted attacks. It is moving to clouds and personal devices, as well as to partners, suppliers, and customers. Less than 20% of an organizationâ&#x20AC;&#x2122;s data ever moves in this extended ecosystem, yet 70% of data loss is connected to this movement. Today some try to protect this type of data movement by encrypting it and sending decryption keys in a separate email, passing on the responsibility for protection to the next person in the chain. This results in a very small sphere of trust. We need to figure out how to extend the sphere of trust while maintaining better control. Data classification and loss prevention systems represent early efforts to manage and extend the sphere of trust for decentralised data. Security that moves with the data, enabling persistent policy enforcement, is the next step. We need to be able to protect data during its next use, similar to digital rights management mechanisms.

DETECT AND PROTECT WITHOUT AGENTS So much of our history and strength in security is based on having an agent running on the device we are protecting. However, with the onset of technologies like IoT, the future of cybersecurity, and the solution to most of these big, hardto-solve problems must take place in an agentless security world. The evolution to agentless security is already underway, with early solutions attacking the problem from multiple directions. Chip designers are enhancing hardware-level security, memory protection, and trusted execution

Raj Samani, Intel Security

environments. Behavioral analytics products watch from the outside, ready to quarantine and investigate devices that are doing something suspicious or anomalous. Processing and analysis still has to happen somewhere, but we will increasingly leverage flexible computing resources instead of dedicated agents. Distributed enforcement points are already emerging that will spread enforcement throughout a network of devices, with multiple points communicating and collaborating in real time about their detection and protection actions. In summary, increasing our threat defense effectiveness throughout the security industry will be key to staying ahead of the adversaries. It is critical that multiple industry participants work together to solve big-picture problems that cannot be addressed by simple patches or software updates. We need to share information more broadly among industry leaders to not only give us greater volume and detail in telemetry, but also aid in deception techniques. By increasing our use of predictive analytics, improving security visibility with both organisational assets and decentralised data, and reducing our use of dedicated agents, we can better protect, detect and correct cyberattacks and increase our effectiveness in the threat defense lifecycle. 12.2016

INSIGHT

2017 THE YEAR OF… By Alastair Paterson, CEO and Co-Founder, Digital Shadows

s we approach the year-end attention of course turns to what we can expect to see in 2017 and what we are security professionals need to be prepared for. In many ways, 2016 was very much the ‘Year of the Ransomware Threat’, and it is very hard to see that changing much next year. After all most cybercrime is driven by hard cash and the fact remains that most ransomware and extortion attacks are successful. Estimates from the FBI suggest ransomware could be worth $1 billion this year but the agency pointed to a jump in cases where victims reported bigger losses, and also hinted that the actual ransom payment totals may be even larger since many choose not to report the crime. So ransomware and extortion is not going away in 2017, but what else can we expect next year? First, in 2016 there were some very high profile Distributed Denial of Service (DDoS) and we can expect to see even more in 2017 with criminals making more use of techniques like Mirai to leverage IoT and networked devices to amplify their attacks. These sorts of DDoS attacks powered by cheap, insecure IoT devices could become more common, but they are also likely to become less 34

12.2016

lethal suppliers harden their defenses and device manufacturers adopt identitybased security to close vulnerabilities. Second, I expect there will be a change in approach by the criminals using DDoS extortion attacks. Not only will they continue to go after larger demands for payment, but also they will utilize malware like Mirai to target network enabled devices like routers and remote cameras to amplify the attacks and make them more prolonged and adaptive. We are becoming more used to the Internet of Things, but what if criminals turn this against us to demand money via extortion attempts? We have already seen IoT linked attacks in 2016 and this can only increase in 2017.

2016 was very much the ‘Year of the Ransomware Threat’, and it is very hard to see that changing much next year.

Third, in all the ‘excitement’ of IoT and DDoS attacks we cannot afford to lose sight of the continuing threat caused by data breaches. Whether deliberate or accidental, data breaches cost businesses millions of dollars each year in loss of business; brand damage and reputation. A recent IBM study found that the average cost of a data breach has hit $4 million—up from $3.8 million in 2015. But while these three are likely to be the most common threats faced in 2017, it is important to mention how some threats are more relevant to some organisations than others. The most targeted sectors include healthcare, financial services, retail, and communications and media. But in no way can any business or individual afford to be complacent. It is critical that you understand your individual threat model and plan in case the worst does happen. You also need to monitor inside and outside of your network and look at the threats revealed through the eyes of an attacker. Only then can you begin to ensure you have enough intelligence and awareness to manage the risks effectively for when the inevitable attack happens. All in all it’s critical that you make sure 2017 is the year you take control of your security intelligence and awareness. www.securityadvisorme.com

+971 4 367 2210

PRODUCTS

Brand: A10 Networks Product: A10 Lightning ADS

Q3505

Brand: Axis Product: Q35 Series What it does: The Q35 Series is a range of fixed domes for critical video surveillance installations, with capabilities such as IK10+ vandal resistance, extended temperature ranges from -50 ºC to 60 ºC (-58 ºF to 140 ºF) and electronic image stabilisation. Axis Q3505-V/-VE/-SVE Mk II models provide HDTV 1080p video at 30 fps with WDR and 1080p at up to 60 fps or 720p at up to 120 fps with WDR disabled. They are available with wide or telephoto lens. AXIS Q3504-V/-VE cameras provide HDTV 720p at 30 fps with WDR, and up to 120 fps with WDR disabled. All new Axis Q35 models offer remote zoom and focus capabilities as well as P-Iris control ensuring optimal depth of field, resolution, image contrast and clarity. What you should know: According to Axis, the new series of surveillance devices feature image sensor technology and enhanced processing including Lightfinder technology, resulting in exceptional light sensitivity and Wide Dynamic Range – Forensic Capture. Moreover, two new models with marine-grade, electropolished and coated stainless steel casing and transparent nylon dome are offered to withstand the corrosive effect of seawater and chemicals.

12.2016

What it does: A10 Networks has introduced its A10 Lightning Application Delivery Service (ADS), a cloudnative software-as-a-service (SaaS) platform designed to boost the delivery and security of applications and microservices across public, private and hybrid clouds. The A10 Lightning, a portfolio of new and forthcoming secure application services, according to the company, helps with the transition from traditional data centres to hybrid environments. The Application Delivery Service provides a cloud-native application delivery controller (ADC) that helps bridge traditional and cloud application environments.

What you should know: Its softwaredefined architecture includes lightweight ADCs (LADCs) that provide advanced load balancing and Layer 7 web security and a multi-tenant controller that provides centralised policy management with self-previsioning, per-application analytics and orchestrates the LADCs to deliver a flexible cloud-native solution.

Brand: FireEye Product: Helix

What it does: FireEye has introduced Helix, a platform that unifies network, endpoint and third-party product visibility with the FireEye iSIGHT Intelligence and Mandiant expertise. According to FireEye, Helix is designed to reduce the time, effort, and cost associated with managing low quality or false alerts from traditional security offerings like next generation

firewalls, endpoint, and intrusion prevention systems. What you should know: Helix integrates FireEye’s MVX detection capabilities from Endpoint Security (HX) and Network Security (NX). For enhanced visibility Helix also integrates and analyse alerts from all thirdparty products within customer environments with FireEye iSIGHT Intelligence. www.securityadvisorme.com

STAYING CYBER CONNECTED IS COOL! BEING INVISIBLE AT THE SAME TIME? NOT ANYMORE!!!

YOU ARE BEING WATCHED!!!

SHADOWED!!!

HACKED!!!

Call us now to strategize!!! DUBAI TEL : +971 4 4330560 FAX : +971 4 4537281 EMAIL : sales@nanjgel.com

ABU DHABI TEL : +971 2 6226301 FAX : +971 2 6226302 WEBSITE : www.nanjgel.com

    

BLOG

AUTONOMOUS DRIVING HEADED FOR A PILE-UP By Harshul Joshi, Senior Vice President of Cyber Governance, Risk and Compliance, DarkMatter

couple of months’ ago a national government issued its first public statement on autonomous, or driverless cars. The 15-point safety standard issued by the Obama Administration in the United States attempted to strike a balance between public safety and the commercial interests of tech companies like Tesla and Google, which are eager to reap the gains of digital transformations on the road. But details were a little thin on a critical issue to both the commercial and public interest: A concrete approach to vehicular cyber sabotage. Keeping up with the cyber threat landscape is one of the greatest challenges to cyber security today. New threats and vulnerabilities emerge on a daily basis, and, like many sectors, the auto industry has been slow to develop the necessary security mechanisms for greater resilience. For example, after a pair of security researchers hacked into a Chevy Impala in 2009, it took General Motors five years to develop a countermeasure for the exploit code. The pace of change is quickening. Car companies are now plugged into cyber threats and are hardening cars against cyber sabotage, from data loss to safetycritical situations. They are also working in association with regulators to develop standards that help detect and prevent attacks. The 15-point safety standard 38

12.2016

even includes pre-market approval of driverless cars and regulation of post-sale software updates. Although a bit slow, we do commend this move, which makes Department of Transportation a world leader in the nascent area of Internet of Things device development. This attention to software and safety systems is critical. Just as personally identifiable information should be compartmented and firewalled, so should the software in a car. In 2015, for example, a pair of security researchers upended the transmission of a 2014 Jeep Cherokee and took control of the car’s accelerator. Just a month later a Corvette’s breaks were disabled by a team of researchers using a standard insurance dongle, and earlier this year, the alarm on a Mitsubishi Outlander was disabled and its doors opened. More recently, researchers exposed vulnerabilities in 24 cars across 19 manufacturers using a radio amplifier to trick the keyless sensor into opening the vehicle. All of these breaches occurred remotely through compromised software, pushing the industry to pay greater attention to software security, encryption and development. While automakers are making strides, they risk applying to their cars the same fragmented approach to cyber security that we see in their IT systems. Many businesses protect their data incrementally, patching gaps

with a firewall here or access control there. In addition, one would like to see ongoing and detailed requirements behind each and every of the 15-point safety standards that would hold manufacturers to account. The more hi-tech a car is, the increase in the number of possible endpoint vulnerabilities. To design true cyber security, it must be built into every device from the very beginning, ensuring that the hardware has been hardened against attack, and guaranteeing that the software in the command centre of every car has been tested rigorously. The time to strengthen these procedures and shore up the cyber defences is now. By 2020, 25 percent of all cars shipped will support different levels of autonomy, and that proportion will climb to 44 percent by 2025, according to Navigant Research. Automaker Ford hopes to have fully autonomous vehicles on the road by 2021. It is also time to reach out to global regulators and include their inputs as the auto business is an international one. An absence of the necessary skillset within the auto manufacturer is no excuse to deliver on cyber security requirements. For companies without hacking expertise or the resources to perform constant, iterative testing, external contractors can deliver some of the world’s best cyber defence knowledge at less expense to the business. www.securityadvisorme.com

CTM360 CYBER THREAT MANAGEMENT

25 of the top 50 GCC Banks trust us Would you like to know why? SUSPICIOUS MOBILE APPS

DOMAIN INVENTORY

JOB SCAMS

LICIOUS

DATA LEAKAGE

ASSET AUDIT

G I T I M AT

SPICIOUS

TARGETED MALWARE

SOCIAL MEDIA FRAUD

www

CYBERSQUATTING

TRADEMARK INFRINGEMENT EMAIL FRAUD PHISHING & PHARMING CYBER FOOTPRINT MANAGEMENT

Comprehensive Cyber Threat Detec�on & Incident Response Service

Preven�on ▪ Detec�on ▪ Response www.ctm360.com

24 7

365