ISSUE 23 | JANUARY 2018 www.tahawultech.com
Cybersecurity outlook 2018 IoT security Threat intelligence collaboration
IN THE HOT SEAT GE’S GEORGE EAPEN TALKS ABOUT THE EVOLVING ROLE OF TODAY’S CHIEF INFORMATION SECURITY OFFICER
Available at
STRATEGIC INNOVATION PARTNER
STRATEGIC PARTNER
CONTENTS
FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015) PUBLISHING DIRECTOR Natasha Pendleton natasha.pendleton@cpimediagroup.com +971 4 440 9139 EDITORIAL Managing Editor Michael Jabri-Pickett mjp@cpimediagroup.com +971 4 440 9158 Group Editor Jeevan Thankappan jeevan.thankappan@cpimediagroup.com +971 4 440 9129 Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135 Contributing Editors James Dartnell james.dartnell@cpimediagroup.com +971 4 440 9153 Janees Reghelini janees.reghelini@cpimediagroup.com +971 4 440 9167 Glesni Holland glesni.holland@cpimediagroup.com +971 4 440 9134 DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 440 9140 Designer Mhar Delaben marlou.delaben@cpimediagroup.com +971 4 440 9156 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9130
14 IN THE HOT SEAT
Sales Manager Merle Carrasco merle.carrasco@cpimediagroup.com +971 4 440 9147 Business Development Manager Youssef Hariz youssef.hariz@cpimediagroup.com +971 4 440 9111 CIRCULATION Circulation Manager Rajeesh M rajeesh.nair@cpimediagroup.com +971 4 440 9119
George Eapen, CISO of GE in the region talks about the challenges, opportunities and changing role of today’s Chief Information Security Officer.
PRODUCTION Production Manager James P Tharian james.tharian@cpimediagroup.com +971 4 440 9159 Operations Manager Shweta Santosh shweta.santosh@cpimediagroup.com +971 4 440 9107 DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh Photographer Charls Thomas Maksym Poriechkin
18
DIGITAL DETECTIVES Why organisations should have the right systems to track and reprimand cybercriminials.
webmaster@cpimediagroup.com +971 4 440 9100 Published by
Registered at Dubai Production City, DCCA PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Printwell Printing Press Regional partner of
© Copyright 2018 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.
20
22
A RECIPE FOR CYBERSECURITY EY’s Clinton Firth discusses some keys trends in cybersecurity today. WHY IOT IS VULNERABLE Security experts share insights on how enterprises can build an IoT security action plan.
24
WINNING THE WAR
28
AGAINST HACKERS How data sharing can help enterprises win the cyber war.
PATH TO PROTECTION
40
RSA’s Rashmi Knowles on how GDPR will impact Middle East firms and how they can prepare for it. FROM BUZZ TO THE BATTLEGROUND How artificial intelligence fits into cybersecurity.
NEWS
CPU SECURITY FLAWS FOUND IN APPLE AND MICROSOFT DEVICES
In December, security researchers disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel, AMD and ARM, according to a report from Reuters. One of the bugs is specific to Intel but another affects laptops, desktop computers, smartphones, tablets and internet servers alike. Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix. “Phones, PCs, everything are going to have some impact, but it’ll vary from product to product,” said Intel CEO Brian Krzanich. Researchers with Alphabet’s Google Project Zero, in conjunction with academic and industry researchers from several countries, discovered two flaws. The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information. Apple and Microsoft have already released updates and patches to address the chip vulnerabilities.
4
01.2018
TRA LAUNCHES ‘DON’T BE DECEIVED’ DIGITAL SAFETY CAMPAIGN The Telecommunications Regulatory Authority (TRA) has launched the ‘Don’t Be Deceived’ campaign, to educate customers – and in particular the youth – on digital safety, and enable them to stay aware of deceptive and fraudulent activities on smart devices. The digital safety campaign aims to educate customers on how to stay aware of deceptive and fraudulent activities on smart devices. The campaign, which was launched during a press conference at Dubai’s Emirates Towers, intends to raise awareness of cyber blackmail, spam SMS and phone calls, and malware, in which the attacker attempts to steal the user’s data, break their privacy, and steal their money. Such actions cause significant losses for individuals, institutions and nations, as electronic fraud has become one of the most
common methods of attack and penetration. Mohammed Gheyath, executive director, Information Security Regulatory Affairs at the TRA, said that the campaign was deliberately launched to spread the message to all targeted segments of society, according to the most appropriate method. “We have held a special workshop for children and adolescents, as well as the innovative awareness workshop titled ‘Virus Attack’, in which children learn the principles of safe and positive interaction with electronic devices and social media,” he said. The digital safety workshop included four main topics, namely cyber blackmail, phishing emails sent to victims containing infected links or files, protection of social media networks, and spam calls.
US GOVERNMENT ATTRIBUTES WANNACRY CYBER-ATTACK TO NORTH KOREA The United States government has officially named North Korea as the responsible party for the WannaCry cyber-attack in May. “After careful investigations, the United states is publicly attributing the massive WannaCry cyber-attack to North Korea,” said White House homeland security adviser Tom Bossert in a press briefing on Tuesday. “We do not make these allegation lightly, we do so with evidence and we do so with partners.” According to Bossert, Facebook, Microsoft, and other major tech companies had disabled a number of North Korean cyber threats just last week as the nation “continues to infect computers across the globe.” He said that Facebook took down accounts that stopped the operational execution of ongoing cyber-attacks and Microsoft acted to patch existing attacks, not just the WannaCry attack initially. Reports highlighted that the US government has assessed that a hacking entity known as Lazarus Group, which works on behalf of the North Korean government, was behind the virus. In a blog post, Microsoft’s Chief Legal Officer Brad Smith confirmed that the company
has worked with Facebook and others in recent weeks to disrupt White House homeland the activities of the security adviser Tom Bossert Lazarus group, which Microsoft tracks as ZINC. The company also concluded that the group was responsible for the WannaCry cyber-attack. Meanwhile, a Facebook spokesman has also reportedly confirmed that the company last week deleted accounts associated with a North Korea-linked hacking entity known as Lazarus Group “to make it harder for them to conduct their activities.” According to a Reuters report, Facebook said the accounts were mostly personal profiles operated as fake accounts that were used to build relationships with potential targets. The company also noted that it already notified individuals in contact with these accounts. Bossert also said that other governments including , the United Kingdom, Australia, Canada, New Zealand and Japan have all seen the analysis of the US government’s investigations and have joined in “denouncing North Korea for WannaCry.”
www.tahawultech.com
NEWS
$96.3 B
expected value of worldwide security spending in 2018 Source: Gartner
MIDDLE EAST HOMELAND SECURITY MARKET TO REACH $19.7B BY 2022
Middle East homeland security market is on course for significant growth over the next five years, as governments from the region put significant focus on building smart, sage and secure societies. Growth in the Middle East homeland security market, which includes monitoring and surveillance systems, restricted entry systems, and perimeter security solutions, will be fuelled by security investments in major infrastructure projects in the region. According to a recent study, homeland security market’s revenues are expected to double in value from an estimated $9.6 billion in 2017 to $19.7 billion by 2022. Analysts Frost & Sullivan (F&S) said that Middle East homeland security market, which includes monitoring and surveillance systems, restricted entry systems, and perimeter
security solutions, will grow annually by 15.5 percent between 2017 and 2022, fuelled by security investments in major infrastructure projects and the ongoing expansion in the building and construction industry. Saudi Arabia and the UAE dominate the regional market according to F&S, with Saudi holding a 45 percent share of revenue in 2017 at $4.3 billion, followed by the UAE with a 16.6 percent share at $1.6 billion. Mega events such as the Dubai Expo 2020 and the Qatar FIFA World Cup 2022 are also seen as major drivers of the increase in investments in this market as governments prepare to bolster internal security measures, according to the study. According to F&S, monitoring and surveillance will account for the largest share of the Middle East homeland security market, and is estimated to grow at a compound annual growth rate (CAGR) of 16.5 percent to reach $9.5 billion by 2022, from $4.4 billion in 2017. The study also found that demand is high for integrated solutions, with regional governments prioritising public safety and security of critical assets.
KASPERSKY LAB DETECTED 360K NEW MALICIOUS FILES PER DAY IN 2017 The number of new malicious files processed by Kaspersky Lab’s in-lab detection technologies reached 360,000 a day in 2017, which is 11.5 percent more than the previous year. After a slight decrease in 2015, the number of malicious files detected every day is growing for the second year in the row, the report said. The number of daily detected malicious files reflects the average activity of cybercriminals involved in the creation and distribution of malware. This figure was calculated for the first time in 2011 and totaled 70,000 at that time. Since then it has grown five-fold, and as the 2017 data shows, it is still increasing. Most of the files identified as dangerous fall into the malware category (78 percent). www.tahawultech.com
However, viruses – whose prevalence significantly dropped five to seven years ago, due to their complex development and low efficiency - still constitute 14 percent of daily detections. The remaining files are advertising software, which is not considered malicious by default, but in many instances can cause private information exposure and other risks. Protection against this kind of threat is essential for better user experience. Approximately 20,000 of all dangerous files detected daily, are identified by Astraea – Kaspersky Lab’s machine-learning malware analysis system, which identifies and blocks malware automatically.
CRYPTOCURRENCY MARKETPLACE NICEHASH HIT BY MAJOR DATA BREACH NiceHash, a cryptocurrency marketplace, has disclosed that the content of its bitcoin wallet had been stolen in a security breach. One of the executives said almost $64 million has been lost, according to a Reuters report. The firm’s statement on the website said, “Our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken.” Andrej P. Škraba, head of marketing, NiceHash, said, “The hack was a highly professional attack with sophisticated social engineering and about 4,700 bitcoin, worth about $63.92 million at current prices, were lost.” He added that the company was co-operating with local authorities but declined to give more information, according to the report. A digital currency marketplace, NiceHash matches people looking to sell processing time on their computers in exchange for the digital currency bitcoin. The company has advised users to change online passwords, saying it was still trying to figure the details on the security breach, Reuters reported. The cryptocurrency firm later revealed that after investigations they found that the attack was probably made from a nonEU IP address.
01.2018
5
FEATURE
CYBERSECURITY OUTLOOK 2018 Cybercriminals are becoming more sophisticated and collaborative with every coming year. As with previous years, 2017 saw no shortage of cyber-attacks. In an ongoing index of predictions, projections for 2018, we spoke to industry experts to find out what happens next.
6
01.2018
www.tahawultech.com
FEATURE
HOW WILL THE TREAT LANDSCAPE LOOK LIKE OVER THE NEXT 12 MONTHS?
Scott Manson, Cybersecurity Lead, Cisco Middle East and Africa: A majority of threats are well known today. Our threat intelligence data says 90% of attacks can already be identified across our networks and are known threats or variants of these threats (i.e. not zero-day attacks resulting from previously unknown gaps in software and applications). Unfortunately, companies are not helping themselves to be ready for the known, let alone the unknown and the main reason for this lack of readiness is the volume of cyberattacks. Threats will continue to be made easy for anyone to launch an attack on an organisation. The format will continue to be: search for weak spots and exploit the; workforce, supply chain, and IT systems. Finally, the endpoint and mobile devices and un-supervised WiFi networks will be the attackers sweet spot. Threat actors are targeting mobile devices in greater numbers with cybercriminals inserting malware into legitimate applications. App stores are being used to distribute mobile apps loaded with malware including wildly popular apps such as Pokémon GO. But the challenges extend beyond apps. WiFi spots that aren’t under the control of a company’s network administrators will continue to pose risks to enterprise data. www.tahawultech.com
Amir Kanaan, General Manager, Kaspersky Lab Middle East. The threat landscape is constantly changing and advancing. With the massive wave of digitisation sweeping the world, cybercriminals have found new and more sophisticated ways of breach. There is a variety of trends we have observed –ones that affect consumers and ones that are specifically targeted to organisations. For example, 2017 saw the rise of ransomware and the sheer panic caused by it in critical industries, such as healthcare. We believe ransomware will continue to loom over 2018 as well. Another trend that we witnessed and expect to continue through the next year is mobile banking threats, which are among the top 10 malicious financial programmes. Advanced Persistent Threats target businesses each year and we expect the trend to continue, but with a slight modification. We expect to see a decreased emphasis on ‘persistence’, with a greater focus on memory-resident or file-less malware, reducing the traces left on an infected system and thereby circumventing detection. We predict an increase in the repurposing of off-the-shelf malware by cybercriminals who make use of already created attack vectors. We also see diversification in attack targets by industries. Attacks 01.2018
7
FEATURE on financial services organisations, such as banks, investment funds, and both stock and currency exchanges, including those handling cryptocurrencies have become more commonplace. Industrial cybersecurity is also being targeted increasingly, which should be of a greater focus in the Middle East in order to safeguard its oil and gas and energy facilities.
James Lyne, Head of Research and Development, SANS Institute It isn’t just technology, but cyber security professionals that will be in high demand in 2018 and the coming years. While the security market is predicted to be worth $101bn by 2020 according to IDC, a shortfall of 1.5 million security professionals is expected within the same timeframe by Frost & Sullivan and (ISC).. Organisations need to act now to develop the necessary skill sets within their in-house IT teams. This means investing in trainings and certifications, so they can harden not just the technology but also people and processes which are fundamental pillars of cyber security.
targeted threats will continue to wreak havoc and effective protection will become increasingly important. Advanced security will become a no-brainer for any organisation who doesn’t want to lose money, data or reputation after falling victim to an effective cyber-attack. A major game changer will be the effect of artificial intelligence on cybersecurity. It’s likely that we will see a rise in the use of AI or machine learning to introduce attacks that can morph more quickly. While this is a frightening thought, AI will also play a crucial role in managing threats. Threats are evolving rapidly and are too varied for the industry to handle them manually. For example, spearphishing and impersonation attacks will become ever more insidious and we will need smarter algorithms to cope with them. Artificial intelligence and data science are not miracle cures, but are an increasingly important weapon in the arsenal of cybersecurity. We will need to focus on AI and invest more in machine learning, in order to cope with the increasingly severe problem of defending against malware.
WHAT TECHNOLOGIES WILL BE IN HIGH DEMAND?
Brandon Bekker, Managing Director, Mimecast MEA As attacks become more sophisticated, 8
01.2018
Tabrez Surve, Regional Director, F5 Networks Mobile technology powers and influences the way we live, work and play in profound ways. 5G is set to change the game yet again. Businesses should be planning for roll-out now, both from both a technical and process perspective. Factors to consider include how they will support 5G, how it will affect their customer’s experience using their www.tahawultech.com
FEATURE
service or product, and working with new kinds of partners. For example, a healthcare company could now find themselves working directly with an IoT vendor. Fundamentally, organisations need networks that can scale to handle massive traffic increases. With millions of new devices entering the space, security concerns will also need to be addressed from day one and, crucially, not result limited accessibility. The best way forward is to work with a service provider and deploy Network Functions Virtualisation (NFV) and cloud-based technology as soon and as intelligently as possible.
WILL RANSOMWARE SPIN OUT OF CONTROL?
Roland Daccache, Senior Regional Sales Engineer, MENA, Fidelis Cybersecurity Ransomware’s most obvious purpose is generating money, however there have been recent indications and clues that ransomware is at the forefront of other much more malignant activities, such as theft of intellectual property, trade secrets, etc. It is likely that we will witness more ransomware attacks against the healthcare, transport, retail and critical infrastructure sectors, as they are still more vulnerable than 10
01.2018
financial institutions, with more legacy systems in place.
Rick Holland, VP Strategy, Digital Shadows There has been a steady increase in ransomware use over the past few years, with several new variants on the scene or modified versions of older variants such as Locky being circulated. With the rise of ransomware-as-a-service (Raas) offerings the barriers to entry for this type of malware is lower than ever. One reason ransomware appears so ubiquitous these days is the experience of WannaCry and NotPetya, which affected a wide number of industries and geographies due to their self-propagating capabilities. The interconnectivity of modern systems and the ubiquity of applications means that enterprises could find themselves the victims of attacks not specifically targeting their organisations. WannaCry and NotPeyta are a sign of things to come, and you can expect attackers will improve their future campaigns. While similar attacks are likely, basic security principles can help prevent ransomware attacks spinning out of control. Both NotPetya and the earlier WannaCry exploited basic and known security vulnerabilities, so segmenting networks and applying basic patching cycles will go a long way to mitigating threats such as this. www.tahawultech.com
REDEFINING technology transformation
+971 4 440 9100
@TahawulTech
info@cpimediagroup.com
www.tahawultech.com
facebook.com/tahawultech
Media City, Building 4 Office G-08, Dubai, UAE, PO Box 13700
twitter.com/tahawultech
linkedin.com/in/tahawultech
COVER INTERVIEW
George Eapen, CISO, GE
14
01.2018
www.tahawultech.com
COVER INTERVIEW
IN THE HOT SEAT George Eapen, CISO of GE in the region talks about the challenges, opportunities and changing role of today’s Chief Information Security Officer.
C
an you briefly describe your role? I am the CISO for GE in the MENAT region, which is one of the biggest growth regions with 12,000 employees and $20 billion in revenue. My mandate is to ensure my company is safe in the region, all customer engagements are protected, and drive secure business growth. How do you see the CISO role changing? Is it getting more business focused? The role is evolving, rather than changing. But, is it getting less technical? I don’t think so. CISOs are now getting into new areas, transcending beyond just IT. For example, we used to talk about IT security a few years ago. Now we are talking about cybersecurity and soon it will be about digital security. This www.tahawultech.com
paradigm shift alone will show you how the CISO role is evolving. From a GE point of view, when I started out in this role, my objective was to protect the enterprise. Gradually, I realised that a lot of my customers – GE businesses – are dealing with their customers, which requires me to get involved in commercial deals to ensure all parties understand the cyber risk, and they are compliant with the country’s cyber laws and regulations. Till recently, IT was seen as a back-office function in companies, and security a back-office to IT; it is no longer the case and I get time and attention from the top management of my company. With the convergence of IT and OT, shouldn’t CISOs now look beyond IT shops? Yes, and GE is a perfect example of that. We are involved in many verticals such as healthcare, power, aviation
and oil & gas with dedicated business CISOs. As a CISO, I don’t look into just networks or firewalls. Many industrial control systems, which were historically isolated, are now getting connected to corporate networks so that we can monitor, diagnose it and leverage predictive analytics. Some of these devices were manufactured years back and were not designed with IOT in mind. These devices may have vulnerabilities such as zero day vulnerabilities. My role is making sure my company’s products are safe and people using them are protected. Do you think following basic cyber hygiene could help companies prevent some of the serious threats such as ransomware? Absolutely. If you look at the WannaCry ransomware, it targeted known vulnerabilities in Windows XP. At GE, we 01.2018
15
COVER INTERVIEW
retired those systems two years ago. It is why I always say cybersecurity needs to be proactive, not reactive. In fact, I was looking at the details of companies impacted by this ransomware breakout earlier this year, and some of them were running on Windows XP, and they never thought they would be targeted. This is where patching could have prevented such a breach. Another key to preventing attacks is employee awareness. Around 99 percent of threats can be caught by security control mechanisms but you need employee awareness to catch that one percent which gets past. How do you create employee awareness within your company? My goal is to foster a cyber culture for my company in this region. Every employee needs to build a certain level of cyber awareness and security should be part of our DNA. We all play a role in keeping ourselves and our company safe and it is not only the responsibility of CISOs. To achieve this culture change, we have divided MENAT into four sub-regions, where we have cyber leaders who will identify all the critical sites in these sub regions. It may not be possible to train all 12,000 employees, so what I am planning to do is start with one employee in every critical site, who in turn will become the cyber ambassador and go-to-person for all things related to cybersecurity. Do you face budget constraints when it comes to security spending? There is no unlimited budget for anyone and it is very important to prioritise your projects and look for the best value and return for your investment. Cybersecurity is a very critical topic for the companies and always get high focus. There has been an increase in high-profile cyber-attacks in recent years where corporations are frequently targeted and these external 16
01.2018
There is no unlimited budget for anyone and it is very important to prioritise your projects and look for the best value and return for your investment.
events has resulted in an increase in security spending in most of the companies. Cybersecurity remains a top priority in GE and we have management support when it comes to funding and security spending. Being part of a multi-national giant, do you share best practices within GE? We do. GE has 300,000 employees with operations in 180 countries. We have a global CISO, Nasrin Rezai who manages regional CISOs (horizontal) and business CISOs (vertical). Some of the cyber risks in healthcare sector might be different from aviation- but there may be learnings or best practices to share. Similarly, cyber risks in Egypt might be very different to the ones in China but regional CISOs managing both regions can exchange information and best practices. So, we do make sure that we share the best practices not just between regions, but businesses as well. Do more vendors necessarily mean more security? I don’t think so. No vendor is going to offer you an end-to-end security solution to protect you from cyber attacks. When you roll out a tool, don’t assume that the tool itself will solve the problem. It is also about the processes you build around those tools and people using them. A good company with a healthy cyber hygiene will look at multiple solutions; they will keep looking at new risks, which
may not have been covered by existing solutions. As a CISO, I try to understand the business risk along with the technical risk and articulate it to the leadership in a language they would understand. Cybersecurity is a balancing act between enabling operations and keeping you secure and, for that you need good vendor platforms, well-trained people and well-defined processes. As a CISO, are you worried about Industrial IOT opening new attack vectors? You should think about IOT in multiple ways. First off, products which are already out there, getting connected to networks. Second, new products that are getting developed. If you take GE as an example, our global CISO Nasrin Rezai plays a dual rolesecurity leader for the enterprise and at the same time she is also our chief product security officer. We make sure that security is baked in right during the product lifecycle process, and we are also focusing on the security of our existing installed base. It may not be easy to patch a gas turbine which runs 24/7 in the middle of a desert. GE has acquired a company called Wurldtech which is part of GE Digital now and they manufacture OT firewalls. So, if you are in an IOT or OT environment, if you can’t bring down a system to patch it, you must do a proper risk assessment, and secure the environment with OT firewalls. www.tahawultech.com
100% RANSOMWARE PROTECTION
PREVENTION
DETECTION
REMEDIATION
FORENSICS
SINGLE, HOLISTIC AGENT
DEPLOYMENT OPTIONS
Schedule your FREE demo today! SECURING NETWORKS PROTECTING DATA
UAE: +971.4.242.3608
info@itsec.ae | www.itsec.ae
FEATURE
DIGITAL DETECTIVES With virtually everyone having a computer and Internet access, more and more individuals, businesses and government entities are becoming increasingly vulnerable to cybercrime. In the inevitability of a cyber-attack, it is important for organisations to set the right systems that will help track and reprimand the culprits.
I
n ancient China, during the Song Dynasty, a physician and judge named Song Ci performed the first-ever known account of applying some form of forensic science to solve a criminal case. By using sunlight under red-oil umbrella and vinegar he was able to reveal hidden injuries on a corpse; and through the weather and insects, he was able to come up with a system that could calculate the time of the victim’s death. Over seven centuries later, forensic investigations have evolved tremendously with the introduction of more scientific and technologically-advanced processes. The modern age also saw the field integrate computers and related technologies and create the subfield called digital forensics. Digital forensics entails the recovery and analysis of information from data storage devices such as computers, phones, networks, and more to track down hackers, recover stolen data, and follow cyber-attacks back to their source. 18
01.2018
It is also utilised to aid in other types of investigations involving computers often for criminal or civil legal purposes. Cybersecurity and digital forensics are closely related that without one the other would be non-existent. “They are two sides of the same coin,” says Nicolai Solling, CTO, Help AG. “Historically most cybersecurity investments have been around detecting and protecting against something bad happening,” he adds, “but as attackers have invested time and effort in bypassing all of these controls we are starting to see more and more investments into dealing with the aftermath of a breach – digital forensics being one of them.” Symantec CTO for Emerging Markets Haider Pasha concurs, noting that as traditional forensics are used to help in any physical crime investigation, digital forensics allows an investigator to sort through any trails or ‘cyber footprints’ in order to help reconstruct the scene and take action accordingly. “In most cases, a discovery from a digital forensics
investigation is important to help bring the attacker to justice when an organisation pursues legal action.” Digital forensics is a field that is still evolving. However, slowly but surely, more and more organisations across various markets are practising it. “Data breaches have been a cybersecurity topic in focus as largescale attacks over the last couple years including those against Sony, Equifax and Target have demonstrated the impact these can have on business,” says Solling. “Digital forensics is one of the critical aspects needed in the aftermath of a data breach as it helps identify the cause and scale of the attack and can thus present affected customers with clear information about the security of their data.” The global market for digital forensics market is expected to be worth $4.97 billion by 2021, according to Transparency Market Research. In the Middle East region, the adoption of digital forensics is sluggish but there are quite a few enterprises and service www.tahawultech.com
FEATURE
providers who have established labs dedicated to the field. “Currently, we are still aren’t seeing any significant investments into this cybersecurity segment,” explains Pasha. “This is primarily due to the shortage of skilled talents with relevant experience, exposure and education for investigating and analysing cybersecurity incidents.” He adds, “Having said this, organisations have opted for the alternative, which is employing the expertise of third-party firms that specialise in digital forensics.” Despite the slow adoption rate in the region, the customer demands for cybersecurity tools are shifting. There is more focus on technologies providing visibility instead of just focusing the investments on pure protection. “Subsequently, it is also interesting to see the consolidation happening in the industry where vendors that typically focused on pure protection are now also adjusting their solution portfolios to also cover visibility,” says Solling. “Personally, I hope that this is a sign that the industry is starting to wake up to the fact that it is a losing battle to protect against adversaries who may be spending 10-fold more on attacking you then you are on protecting yourself against them.” Using digital forensics effectively requires that you understand your own networks. Once that is firmly in
Digital forensics is one of the critical aspects needed in the aftermath of a data breach as it helps identify the cause and scale of the attack and can thus present affected customers with clear information about the security of their data. - Nicolai Solling, Help AG
hand, it is easier to spot intrusions and reduces the need for outside teams. To realise these benefits of digital forensics it is crucial to have processes and procedures in place to identify the appropriate personnel in your organisation or to know who to call outside your organisation. According to Pasha, when onboarding a digital forensics expert security leaders should ensure that the following three main characteristics are present. “First is experience,” he explains. “It is ideal to find and employ someone who has a minimum of five to eight years of experience with a leading forensics organisation, preferably a law enforcement government agency or private cybersecurity practice are required. “Another factor IT security leaders
A digital forensics leader must be able to demonstrate the ability to replay their previous exposure to incident analysis from cyberattacks and what tools, processes, and steps were taken to investigate and identify patient zero. - Haider Pasha, Symantec
www.tahawultech.com
should look at is the candidate’s exposure. This means the person must be able to demonstrate the ability to replay their previous exposure to incident analysis from cyber-attacks and what tools, processes, and steps were taken to investigate and identify patient zero.” Finally, Pasha noted education as a critical criterion. “They should have completed training from Instructor-led labs and practical exams/certifications obtained from reputable training programmes such as SANS GIAC (GCFA), CFCE, EC-Council CHFI and the likes.” While education, experience and a knack for conducting investigations are key to succeeding in digital forensic investigations, there are also certain technologies that can help further the growth of this security field, according to Solling. Among those technologies is blockchain. “No doubt that blockchains is getting a lot of attention these days,” he says. “The technology could be used to ensure that evidence is not tampered with by any party involved in the legal proceeding. Its distributed and transparent nature of blockhcain makes it a promising companion for digital forensics.” The digital battlefield is growing, which means we have to ensure that we have a game plan in place that ensure that you have the resources necessary to respond appropriately in the midst of a cyber-attack.
01.2018
19
INTERVIEW
A RECIPE FOR CYBERSECURITY EY’s latest Global Information Security Survey has found that explosion of connectivity fueled by the growth of IoT and ever-expanding digital footprint of organisations have all introduced new vulnerabilities. Clinton Firth, cyberleader, EY Africa, India and Middle East, discusses some keys trends in cybersecurity today.
A
re businesses in the Middle East prepared to defend against cyber-attacks? The last several years have seen a pronounced shift in the overall understanding of cybersecurity threats and capabilities to counter them across the region. New government entities have been established to address the growing threats and more emphasis is being put on addressing the risk to critical infrastructures and government institutions. However, many institutions and enterprises in the Middle East are still not ready or capable to deal with the rapidly advancing cyber-attacks. While there are of course pockets of good practice, the perception among the threat actors is that the Middle East is seen as an easy target, with GCC states being among the highest globally ranked for cyber-attacks. While most
20
01.2018
organisations have invested heavily in technologies to address cyber threats, there is a lack of risk management maturity on how to deal with the cyber risk that digital technologies present at the strategic level. Further, at the operational layer we do not see sound and continuous awareness programmes which manifest into a poor cybersecurity culture, along with two of the other major elements that are missing; being continuous cybersecurity monitoring and effective identity and access management programmes. How do you see the threat landscape evolving in 2018? The threat landscape is going to continue to expand and outpace the ability of organisations to counter it due to two key factors; the rapid adoption of digital technologies as part of the Fourth
Industrial Revolution, and the inability of organisations to dynamically scale up cyber resilience to counter the new threats and vulnerabilities which the digital revolution is creating. The threats have been exponentially evolving over the past decade and 2018 will be no different, with a continuation of recording breaking cyber related events. Compounding the problem is the rapid explosion and adoption of digitally enabled technologies in commercial, government, industrial, and infrastructure applications. The digital enhancement of all aspects of life in the Middle East, and across the globe is creating a larger surface area for the attacks, and presents much more opportunity for threat actors such as criminal organisations, nation states, and insiders to have a larger impact. Additionally, cyber is a prime choice for threat actors as there is a level of plausible deniability and weak legal www.tahawultech.com
INTERVIEW
frameworks to enact any criminal or legal charges, especially across national borders, which makes it an ideal platform for nefarious activity from abroad. Has security become a boardroomlevel discussion now? We need only look to what is happening at the executive level in response to cyber-attacks around the globe to find the answer to this. Constituents, customers, investors, and board members are holding the highest level executives responsible for the outcome of cyber incidents. CEOs have been forced to step down, and boards are being held accountable for the resulting financial losses and institutional failings from cyber-attacks. Given the magnitude of the problem, governments, regulators and even consumers are putting a lot of pressure on organisations to take responsibility for data, service quality and assets. This is putting cyber as one of the top risks that boards are now dealing with, especially as the consequences of not acting or positively addressing the threats continue to grow and key executives are held accountable. The key is now for boards to become cyber aware and for the executive teams to build a culturally aware cyber organisation, leading towards a cyber resilient organisation of the future. In conjunction with this, boards and executives need to adopt a new understanding of cyber resiliency and a culture that puts security as part of the business drivers and requirements for their organisation. Will AI and machine learning shape the future of cybersecurity? AI and ML will shape the cyber in two ways. The threat actors will see AI / ML as a great target – because if they are able to control, manipulate or bring its integrity into doubt that will further allow them to enact their goals. So, organisations will have to focus their protection around such assets, and treat them as critical. Furthering the threats to AI/ML is the ability for sophisticated threat actors to harness the power www.tahawultech.com
On the defensive front AI/ML will certainly assist cyber functions from the providing better protection and detection technology allowing analysts to focus on more analytical related tasks and remediation. - Clinton Firth, EY
of such technologies to increase their effectiveness and capabilities in launching complex, multi-faceted attacks against the targets of their choosing. On the defensive front AI/ML will certainly assist cyber functions from the providing better protection and detection technology allowing analysts to focus on more analytical related tasks and remediation. An example of this, is the Digital Security Operations Centre (SOC) being launched by EY in the GCC, that uses world leading and award winning machine learning to better detect anomalies and threat actors within a client’s environment. This allows the analysts to focus on investigation, rather than sifting through hundreds, if not thousands, of false positive events with traditional technology. Further, as AI and ML increases in its understanding of the cyber threats, the systems will be able to eventually alleviate much of the human response to cyber-attacks in favour of a more dynamic, predictive, and proactive response to cyber threats and attacks. Do you think companies can avoid most of the breaches by following basic cyber hygiene? Certainly companies need to address the basics as a minimum, which goes a long way to protecting them from the majority of cyber threats. Organisations are still struggling with basic patching of their infrastructure and applications, which if resolved, and coupled with a security minded configuration control programme would go a long way to providing
a good core defence base. It is understandable that in some cases this is not possible for critical operational technology (such as industrial technology) due to the legacy nature of the asset, but in the majority of applications and cases, this is still an issue that can be more effectively addressed using basic cyber hygiene. Just looking to the largest cyber events of 2017, in many cases they could have been prevented by following basic cyber hygiene principles. In addition, the other core principles being security awareness and training, identity and access management reviews and audits, and lastly a good security monitoring solution - will really provide a good multi-faceted cyber defensive layer that will raise the security posture of any organisation and fend off a majority of the cyber-attacks, allowing organisations to provide more focus on more significant threats to their enterprise. What does it involve to develop a riskbased security framework? Cyber should be treated like any other risk and fit into an organisations enterprise risk management framework. For those organisations that don’t have a risk management function, simply providing accountability and authority of such a role and applying the basics like, risk registers, risk measurement, risk treatment (mitigation, acceptance, removal), and lastly tracking and reporting to an executive level, will go a long way to help maturing an organisation. 01.2018
21
FEATURE
IOT: WHY IT IS VULNERABLE How to build an IoT security action plan
T
he Internet of Things – the connecting of billions of everyday and industrial devices using tiny sensors that transmit data and share information in the cloud – is revolutionising the way we live and do business. IoT platforms are expected to save money, improve decision-making, increase staff productivity, provide 22 01.2018
better visibility into the organization and improve the customer experience. All this potential comes with some big security risks – mainly with the unsecured devices themselves, but also with their ability to join forces to bring down systems. This can leave corporate networks vulnerable. The IoT is exponentially increasing the number and type of attack vectors, creating many new and unforeseen
challenges for organisations and those responsible for defending the infrastructure. To capitalise on the vast opportunities that the IoT brings doesn’t just require networked connections but secure networked connections,” says Scott Manson, cybersecurity lead, Cisco. Ramon Vicens, vice president of threat intelligence at Blueliv, lists out four key IoT security concerns that should be under consideration: Firmware, which www.tahawultech.com
FEATURE
can contain vulnerable hardcoded critical information and suffer from a lack of integrity in updates. Second is software vulnerability due to insecure authentication/authorisation, and command injection vulnerabilities particularly found in TVs, Smart Home Security systems and more. There are additional problems with mobile apps, whereby if the app is not binary protected, it can be decompiled. Moreover, mobile app updates are often carried out using HTTP without integrity and signature checks. The comes hardware, particularly with regards to personal IoT devices. Even if their intention is n ot malicious, most personal devices do not have built-in security sufficient for enterprise use, which may allow them to be used to infiltrate or take down corporate networks if connected. Finally, radio, from typical frequencies to ZigBee, Bluetooth and WiFi, which remain relatively easily decoded, and LTK and STK can be extracted. According to a study, almost 57 percent of IoT devices are not secured. And both businesses and consumers seem to lack confidence in the security of IoT devices. Mohammad Jamal Tabbara, senior systems engineer at Infoblox, says that unfortunately many of the IoT devices that exist today lack the necessary and fundamental security measures needed in order to provide secure IoT devices and ecosystems. This will continue unless regulation happens.
Too often, protocols have many security features which are simply not implemented. So the protocols are secure on the paper, and totally unsecure in reality. - Axelle Apvrille, Fortinet
There are multiple security aspects that should be addressed in the IoT realm such as device, data, service, platform, and application security. Commonly, as a business or a consumer, you might only have control over the device security policy level, with some control over the on-premise network that you control, Tabbara says. There are many techniques used to prevent and defend against IoT-related attacks, including encryption. However, some security experts say users shouldn’t rely on encryption as the primary method of security IoT assets. “Encryption is not a good solution to IoT security. All this does is take lowtrust devices, and obscure what they are talking about and to whom they are talking. Indeed, a good approach for a CISO is to demand that all IoT devices allowed on the network must go into a dedicated network, separate from the regular corporate environment, and must allow active inspection and
There are multiple security aspects that should be addressed in the IoT realm such as device, data, service, platform, and application security. - Mohammad Jamal Tabbara, Infoblox
www.tahawultech.com
monitoring of everything the devices do,” says Mike Lloyd, CTO, RedSeal. Morey Haber, vice president of technology, BeyondTrust agrees: “In fact, encryption only mitigates communication threats and not any of the flaws listed above. It is a falsehood to think encryption can stop an IoT attack or prevent it from becoming a part of a botnet due to a security flaw.” AxelleApvrille, senior anti-malware virus researcher, Fortinet says for IOT security, users must use well-known protocols, and implement the security capabilities of these protocols. “Too often, protocols have many security features which are simply not implemented. So the protocols are secure on the paper, and totally unsecure in reality. During design, list all assets and see if it is okay the data becomes public, and/or if an unauthorised person modifies the data.And finally, remove any features, port, code you do not use. This keeps it simpler, hence easier to review and reduces the opportunity for security vulnerabilities.” Another key to developing strong IoT security will be acquiring the needed skills, which could be more challenging in the Middle East. “Most organisations do not have the internal skill sets that securing IoT devices will require,” says Scott Laliberte, managing director and global lead of the security and privacy practice at consulting firm Protiviti. “Securing IoT devices requires a unique mix of hardware, development, network, and embedded security skills. Finding these at all, let alone in one person, is extremely difficult.” 01.2018 23
FEATURE
WINNING THE WAR AGAINST HACKERS Our attackers are sharing data about us. Now, it’s time for us to distribute security information on the attacks and attackers we identify to win the war against cybercriminals.
T
he term threat intelligence is being bandied around by vendors creating confusion among security buyers. However, the ever-changing threat landscape makes it an imperative for CISOs to find threat intelligence relevant to their businesses and applying it correctly to stay ahead of the curve. Recent surveys suggest that though organisations are now drowning in threat intelligence, very few are actually efficient in utilising this data to pinpoint or thwart cyber threats. Security pundits say this is because most organisations do not have the required skill-sets or 24 01.2018
suitable technologies to process all the received intelligence. Is it the only reason most enterprises fail to maximise the value of threat Intel? Kalle Bjorn, director, Systems Engineering, Fortinet, says the problem has also been context. It is hard to put raw information into its larger context around the attacker of who, what, when, where, and how. In today’s Big Data world, any information being shared also needs to be suitable for automation, and not everyone has experience with sharing information that is suitable for automation, he says. Stuart Davis, director, FireEye’s Mandiant, echoes a similar opinion:
“This issue typically begins with an organisation failing to define its intelligence requirements. Other elements include not fully integrating threat intelligence into the Security Operations Center (SOC) and Computer Security Incident Response Team (CSIRT) workflow and only integrating threat intelligence with deployed technology that can result in alert fatigue.” CISOs are now faced with the daunting task of finding specialised, industryspecific intelligence, which needs to be personalized to their organisation’s defensive stack. With the abundance of threat intelligence feeds and platforms, many security pros are now starting www.tahawultech.com
FEATURE
to realise sharing threat data is also important to keep bad actors at bay, and standards have started emerging to make this easier. But, regionally, are we moving in the right direction when it comes to threat intelligence collaboration? “Today’s threat landscape is becoming increasingly volatile as actors use evermore sophisticated techniques to attack organizations, not just in the Middle East but around the world. The reality is that any company that holds valuable data – from confidential company credentials to PII to industrial IP – is at risk of being attacked. Though there is still significant work to be done in education, thankfully many organizations in the region are waking up to the idea they should be looking beyond their perimeter to detect and prevent attacks before they happen: protecting themselves from the outside by using targeted, actionable threat intelligence,” says Nahim Fazal, head, Cyber Threat Intelligence, Blueliv. Brian Pinnock, regional manager, Sales Engineering, Mimecast MEA, agrees that there is a growing realisation that security teams need to pool their collective expertise by sharing threat intelligence. This is because identifying new cyber problems before they escalate is critical to minimising the damage caused by cyber-attacks in the future. “The region is
Issues typically begin with an organisation failing to define its intelligence requirements. - Stuart Davis, FireEye
moving in the right direction, with industry verticals such as financial services being more proactive than others. However, collaboration is still not a pervasive practice worldwide. Recent surveys show that in 2015 less than 10 percent of organisations shared threat intelligence, but this has grown to almost 20 percent in 2017. This trend is set to continue.” There is no disputing the fact that accurate threat intelligence will go a long way in stopping large-scale cyber-attacks in the future. However, the trick is how best you can integrate this intelligence into your organisation’s incident detection and response capabilities. “It has to be a holistic approach,” says Haider Pasha, CTO, Emerging Markets, Symantec Middle East. “In the complex world of IT, real-
AI and machine learning can play a key role in finding patterns in threat data and automating certain tasks that until recently were seen as requiring human intelligence. - Brian Pinnock, Mimecast
www.tahawultech.com
time information is the key to protecting information. Intelligent security solutions can help organisations identify threats as they happen so information can stay safe. Without complete visibility into an organisation’s environment and the current threat landscape, it’s easy to be blindsided by an attacker and have security incidents to go undetected, such as targeted attacks and advanced persistent threats.” In the near future, AI and machine learning is expected to play a key role in helping CISOs to leverage threat intel for actionable data. “AI and machine learning can play a key role in finding patterns in threat data and automating certain tasks that until recently were seen as requiring human intelligence. The threat intelligence field presents unique opportunities for machine learning systems. Machine learning algorithms now deal with gathering, analysing, and presenting a variety of statistical and narrative data. The output is ultimately a series of actionable insights. There are, however, limitations to what machine learning is currently capable of doing, and these platforms can usually only detect and predict threat actors and threats within the limitations of their existing data sets,” sums up Pinnock from Mimecast. 01.2018 25
INTERVIEW
KEEPING GUARD On the sidelines of the RSA Conference in Abu Dhabi, Qualys CISO Mark Butler sat down with Security Advisor ME to discuss how CISOs should focus on helping deliver business growth through security.
26
01.2018
www.tahawultech.com
INTERVIEW
C
an you please tell us about what your role as CISO at Qualys entails? As a CISO, I have more of an outward facing role. I am tasked to talk to CIOs and fellow CISOs and other business leaders to ensure that our goals and strategies are aligned from a product roadmap’s standpoint. Qualys has traditionally been known as a vulnerability scanning company. That’s a foundational element of our offerings. We are primarily centred on security visibility not just for vulnerabilities but also for everything from web applications to File Integrity Monitoring. Furthermore, we are also increasing our focus on threat protection, which has brought huge benefits to our customers. Do you think that cybersecurity has now become an important part of the boardroom agenda? Yes, absolutely. Whether it’s by design or by some sort of trigger like a recent breach, cybersecurity is now increasingly becoming a big part of boardroom discussions. Non-IT C-level executives may only care about it because they don’t want to be in the papers and they don’t want a negative event to happen within the firm but they are now more than ever becoming more concerned about cybersecurity. However, some more matured organisations are looking at it from a different standpoint. They view it as a differentiator in staying ahead of the competition. They see it as an opportunity
to build their brand’s image as an organisation that has strong security capabilities. The boards are looking at security as a core competency for running their business and transforming their products into the digital world. How has the view on cybersecurity evolved over the years? When we talk to CIOs and CISOs today, one of the main questions they ask is: “How can you help me simplify my environment?” They want to know how they can reduce the number of tools that they use and solutions they deploy. They are interested in how we can help them optimise their investments. It’s not necessarily a financial discussion but it’s a matter of simplifying systems so they’ll no longer need a lot of resources to run their security teams. They are becoming more and more interested in ensuring that they get to focus on more targeted and critical issues. Business leaders are now beginning to realise that it is no longer about the number of solutions you deploy. It’s about having the minimal amount of security tools in place and getting them to integrate data, communicate with each other and developing an orchestration and response framework. There’s also a growing interest in building products that have security built-in instead of just having them as an add-on. How can CISOs better communicate the importance of security within the company? I think there are still CISOs today that need to evolve themselves
The boards are looking at security as a core competency for running their business and transforming their products into the digital world.
www.tahawultech.com
because they’re still running security programmes just for the sake of doing it. This needs to change. They need to communicate to the rest of the business and instead of adding new policies, guidelines or controls, which are all important as well, they should focus on how they create business value through security. CISOs need to keep in mind that the security programme exists for the business. Therefore, the systems and policies under it should complement the goals of the business. This mindset is slowly but surely starting to change. But this is what I see as the biggest challenge and, in some ways, an opportunity for CISOs today. How can CISOs help create an ITsecurity aware culture within their organisations? I think we have done a disservice to our employees in terms of creating that kind of culture. What I mean by that is, in a way, we have built a culture of ‘Don’t’ within the workplace i.e. “don’t open that”, “don’t click on this”, “don’t install that” and so on. While none of those are incorrect, it created a punitive environment. Instead, we should spend time on establishing preventative controls and measures wherein, say, they won’t be able to install software unless they have the right access or authorisation. The number of sophisticated cyber threats that are out there are growing and our employees are at risk every day. But, if we have the right preventative measures in place then our employees won’t be in high impact situations. We, of course, need to focus on training and educating them. But we should also create a culture wherein whenever our employees encounter a cybersecurity issue and they would want to immediately share it without feeling like they will be penalised in any way. There should be an open line of communication within the whole organisation. 01.2018
27
INTERVIEW
PATH TO PROTECTION Organisations collecting and handling data from the EU citizens are expected comply with the strict new General Data Protection Regulation. Compliance will cause some concerns and new expectations from security teams. Rashmi Knowles, field CTO, EMEA, RSA, discusses how the new regulation will impact Middle East firms and how they can prepare for it.
28
01.2018
www.tahawultech.com
INTERVIEW
ne of the most important topics being discussed in the cybersecurity industry today is GDPR, can you give a brief background on what it is exactly about and how it works? The General Data Protection Regulation will take the place of the EU Data Directive when it comes into force next year. Now, how the Directive differs from GDPR is that the first one is practically a set recommendations EU organisations can follow and base their data protection policies from. Meanwhile, the GDPR is a law, which means all organisations across all member states are required to adhere to it. The new rules grant people more rights regarding how companies handle their personally identifiable information (PII). The goal is to protect EU citizens and their data and harmonise data protection law across the EU member states. Non-compliance with GDPR entails having to pay significant fines. The new regulation will require organisations to report any kind of breach to the authorities within 72 hours of being aware of it. This will also push organisations to invest in resources to come up with a more efficient and effective detection and response plan. The definition of breach is also defined differently in GDPR. Historically, we see a breach as an incident wherein someone has come into our networks to steal data. Under the GDPR regulation, a breach could also mean non-availability of data. It focuses on how organisations can ensure the confidentiality, availability and integrity of their customers’ and employees’ data. Another important aspect of GDPR is ‘Subject Access Rights,’ which means that citizens from all 26 states can go to the organisations that handle their data and demand access said data to review it, change it or even delete it.
O
www.tahawultech.com
GDPR will push organisations to invest in resources to come up with a more efficient and effective detection and response plan.
From a process perspective that can be a challenge for organisations. Why should Middle East firms be concerned about GDPR? Well GDPR, first and foremost, is focused on protecting the data of EU citizens. About 80 percent of the UAE’s workforce are non-Emiratis. A big part of that workforce is EU citizens, which means that any company in the region that has access to the data of these people, whether they are customers or employees will have to comply with GDPR. This also applies to any organisation that has operations in any EU nation. In addition, the DIFC Authority has recently said that they will incorporate the EU data protection law in their best practices recommendations for UAE organisations. I believe that in the future other countries will also be incorporating aspects of the GDPR into their own policies, regulations and recommendations. At a regional level, do you believe organisations here in the region are already on the right track when it comes implementing best practices for data protection? Data protection law in Middle East countries has obviously already been around for a very long time. However, when it comes to GDPR there is still a lot of education that needs to be done. In my conversations with several businesses from the region, I found that there are a number of them who are
unaware as to whether they are in scope or not. What they need to understand is that just because they don’t have operations in a European country they are not in scope. They need to know that as long as they are handling data of EU citizens they will need to adhere to GDPR to some extent. For organisations that need to adhere to GDPR, how should they prepare? There are very simple steps in getting ready for GDPR. Firstly, they need to have a proper understanding of what data handle and what kind of risks can be associated with those data. A part of GDPR is also about consent, which means that the best practices should be applied across the whole life cycle of a customer’s data from collection to storage. Identity and access management are also critical for GDPR. You need to know not only who has access to that data but also if they are the right people to who should be opening or retrieving the information. Education is also important. You will have to ensure that employees within your organisation are well-aware of how they should protect the data they have, the implications should a breach occur and how they can recover from it. Last and probably the most important one, is incident detection and response. The faster an organisation can detect and mitigate a threat the more time they have to investigate the incident and prepare the breach notification within the 72-hour deadline set by the GDPR. 01.2018
29
PREVIEW INTERSEC 2018
ON THE WATCH Celebrating its 19th edition, Intersec is set to welcome 1,300 exhibitors and over 31,000 visitors from 128 countries. Taking place on 21st to 23rd January 2018 at the Dubai World Trade Centre, the trade show will feature the latest and most pertinent security and safety solutions. Security Advisor Middle East brings you some of the vendors to watch out for at the event.
W
hat are you focusing on at Intersec? Western Digital will be exhibiting its surveillance line up of storage products, which include HDD, SSD and flash storage solutions. Intersec continues to be one of the key trade shows for us since we believe storage is at the core of all surveillance environments.
Mohammed Owais Husainali, sales director, Western Digital
WESTERN DIGITAL Stand number: E42, Sheikh Saeed 1
30
01.2018
What are the surveillance storage trends to watch for this year? In 2018, the surveillance storage market will continue to see a large focus on smarter cities and by extension, security. We can also expect increases in government spending on the surveillance sector. Another important trend to consider is that large surveillance manufacturers are adopting new technologies and pushing higher resolutions for their cameras such as 4k recording and playback, which demand higher capacity storage. This is where Western Digital comes in. Our priority for 2018 is providing our customers with a wide
range of storage solutions, both in terms of storage platform and higher capacities. Our products range from high endurance flash SD cards that meet the needs of IP camera setups used in places like golf courses to high end large capacity HDDs designed for continuous data recording that will be used in DVRs and servers. Furthemore, end consumers are increasingly becoming aware of the importance of home and small business security in which digital storage plays a large part. What is the difference between a normal hard drive and surveillance hard drive? The key difference between regular and surveillance HDDs is the reliability. In a surveillance environment, the HDDs are expected to be in use 24/7, unlike desktop HDDs, which do not see this heavy use. To achieve this, our WD Purple Surveillance HDD line up is designed from the ground up on a hardware and software level to nonstop usage by maximising the write speed over the read speeds, being helium sealed at higher capacities and producing less overall movement. www.tahawultech.com
INTERSEC 2018 PREVIEW
Philippe Kubbinga, regional director MEA, Axis Communications
H
ow has the security and surveillance space evolved over the last two years? The Middle East market has continued to grow and we expect a further increase in adoption of the latest IP network solutions in the coming years with a great focus on smart and innovative technologies. What products and solutions are you showcasing at Intersec? Axis will showcase the recently launched AXIS D2050-VE Network Radar Detector, AXIS Q86 Thermal Network Cameras, AXIS Q87 Bispectral PTZ Network Cameras along with the 2N Sip Mic. We will also demonstrate solutions across retail, critical infrastructure and smart cities along with access control as part of integrated solutions and Internet of Security Things. Our long-term commitment towards cybersecurity and sustainability will be central to our participation at the show. We also have two key partners on the stand. Dedrone with their anti-drone solutions and Quanergy demonstrating LiDAR sensors. Dedrone is a company focused on airspace security. The firm’s proprietary software, DroneTracker, is fully compatible with the suite of Axis cameras
AXIS COMMUNICATIONS Stand number: H12, Sheikh Saeed 1
and sensors. By enabling Axis cameras to use DroneTracker, existing Axis customers will have a quickly accessible and complete aerial security system. Quanergy, a provider of LiDAR sensors and smart sensing solutions, will also be at the show. The company will demonstrate a security solution for intruder detection and surveillance automation. The demonstration will integrate Quanergy’s Q-Guard security technology with Axis Communications PTZ (Pan-Tilt-Zoom) camera and will showcase an intrusion detection and perimeter fencing solution powered by a Quanergy LiDAR sensor allowing for real-time detection, tracking, and counting using 3D point clouds and color video. The system uses LiDAR to quickly detect and classify a human intruding into a secure area, and follow that unique subject with a video security camera throughout a designated area. Has the market completely transitioned from analogue to IP-based cameras in the region? No, but IP based transitions continue to become a majority of the market share. At Axis, all of our flexible solutions can be integrated into existing analogue systems – so there’s no need to completely replace equipment. And with our open platform, you can add
extra functionality in the future – from encoders and cameras to increased security and intelligence measures. How are you integrating intelligence and analytics capabilities to your offerings? We expect to see a continued growing adoption of sophisticated video and audio analytics in the coming year, helping security systems evolve from passive monitoring to intelligent and adaptive recognition, situational awareness and analysis systems. Analytics go far beyond security uses. Retailers, for example, are increasingly using video analytics to gain business intelligence insights that allow them to optimise shop floor plans, merchandise display or checkout queue management. This opens entirely new user groups to video surveillance. For example, in-store traffic flow and behaviour analysis can help guide advertising and promotion campaigns. We also have solutions such as the Axis Perimeter Defender is the perfect solution for critical infrastructures. AXIS Perimeter Defender is a flexible, scalable video analytics application for perimeter surveillance and protection. It’s designed for demanding large-scale installations. Furthermore, we will be adding two more analytics to the Perimeter Defender for reducing false alarms and for improving verifications namely the
PREVIEW INTERSEC 2018
Lindon Francis, technical manager, Norden Communication Middle East
H
ow has the security and surveillance space evolved over the last two years? The Middle East market continues to witness substantial growth in the security space. Furthermore, the region has easily adapted to the transition from analogue to IP and advanced industry technologies. The convergence of deep learning technologies for video analysis, advances in AI for fully automated event detection, as well as the significant reduction of costs to implement these strategies are paving the way to organisations to harness the benefits of automated video surveillance. The amount of data generated worldwide is doubling every two years and a major driver of the world’s Big Data is surveillance video footage. Therefore, I believe that in an increasingly interconnected world, protecting video data and communications alongside safeguarding everyone’s privacy are now more important than ever. In the last two years, the security and surveillance industry have gradually shifted to the cloud bringing end-users more benefits and wider options for securing their facilities at 32
01.2018
NORDEN Stand number: K27, Trade Centre Arena
a lower cost without sacrificing the quality of experience. What are the products/solutions you are showcasing at Intersec? Our primary focus at Intersec will be to showcase our product portfolio of IP based CCTV and public address systems. Our offerings such as our latest multisensor panoramic cameras and the active IP speakers that enable the smart detection and intelligent functions will be on display. Intersec visitors will also be able to preview specific solutions such as our CMS and VMS with Explosion Proof IP Cameras, multi-sensor cameras which are relevant for this region. More than that, we aim to use Intersec as a platform to spread awareness about Norden’s brand and capabilities. Are you embedding more intelligence and analytics capabilities into your products? Yes, Norden CCTV cameras have been integrated with intelligence and analytics capabilities. It is equipped with the latest firmware modules, which can be upgraded for the additional analytic requirements on selected existing models as well.
The Internet of Things (IoT) has changed how people view video security. Now, cameras need to be smart enough to capture more than images. As they become integrated into the vast digital connectivity infrastructure, cameras are transforming into intelligent sensors, capable of extracting invaluable data to make improvements in video security, and beyond. Has the market completely transitioned from analogue to IPbased cameras in the region? Yes, I think organisations in the Middle East market have fully embraced IPbased cameras. Traditionally, video surveillance has been a closed-circuit analogue affair run by the physical security staff. The rise of IP-based digital systems has enabled IT and security teams to seamlessly deploy video surveillance systems and get more value out of the data it produces. More importantly, IP-based cameras capture better detail than analogue cameras, making them the obvious choice for modern organisations. Nevertheless, there is still a small market for analogue products in the retail sector, however, we can expect this to shrink significantly over time. www.tahawultech.com
PRESENTS
Monday, 29th January 2018 Jumeirah Beach Hotel, Dubai
#CIO100ME www.tahawultech.com/cio100/2018/
CELEBRATING TECH INNOVATION CNME is now accepting nominations for its 2018 CIO 100 Awards. As IT becomes the driver of digital change in the Middle East, the region’s chief information officers have the opportunity to put themselves at the core of business decision-making. The CIO 100 Awards 2018 celebrates leaders who are grabbing this opportunity with both hands, and constantly striving for innovative practices. CIO 100 winners will receive their awards at our annual CIO 100 Symposium & Awards Ceremony, and will also be featured in the February 2018 issue of CNME magazine.
For sponsorship enquires, please contact STRATEGIC VAD PARTNER
Kausar Syed, Group Sales Direcror Mobile: +971 50 758 6672 QUALITY TESTING INNOVATION PARTNER
GOLD PARTNERS
KNOWLEDGE PARTNER
EVENT PARTNERS
OFFICIAL PUBLICATION
HOSTED BY
IT SOLUTION PARTNER
OPINION
GETTING READY FOR GDPR The General Data Protection Regulation represents a massive change in personal data protection and privacy. When it takes effect this year the new law will transform the way every business deal with data and the whole information cycle. Laurence Pitt, security strategist, Juniper Networks, EMEA, shares how organisations can develop a data protection by design approach.
34 01.2018
www.tahawultech.com
OPINION
I
’m keen to change the perception that GDPR will act as a drag on organisations. I also want to avoid others falling into the trap of thinking the only inducement for an organisation to comply is to avoid a fine. But before I attempt this, I’m going to briefly stray into another passion of mine; cars – just to make a point. To drive safely, several conditions must be met: my vehicle must be in good condition and regularly inspected to ensure it meets minimum safety standards. I must adhere to the rules of the roads on which I travel, and I need to drive in a manner suitable for the prevailing conditions. Finally, there is an expectation from me that everyone else will do the same. For me, the freedom I gain by following the rules far outweighs any inconvenience I may experience. And, basically, that’s how I feel about GDPR, too. It’s designed to reinforce the information-related rights and freedoms of European citizens, and provide standardisation for organisations which, in turn, enables greater efficiencies. We are not starting from scratch, after all. Data protection regulations already exist and, for personal data held on EU citizens, GDPR will harmonise them. And, if an EU citizen is trusting you with their personal data, commonsense says you will want to protect that data. In effect, common sense will be enshrined in a legal framework and, whilst I am sure the advent of GDPR will bring greater scrutiny, I am equally confident the approach of regulators will be proportionate. As we approach May 2018 (when GDPR will be enacted), there are many things organisations can and should do. For me, a great place to start is ‘data protection by design.’ The foundation of this approach is the information lifecycle which gets to the very heart of why data is important to you and challenges you to consider what data you actually collect and what you do with it once you have it. You will see many variants on the information lifecycle but I tend to www.tahawultech.com
A ‘data protection by design’ approach enables you to develop policies and processes logically, create meaningful employee education programs, and, ultimately, protect your data more effectively. - Laurence Pitt, Juniper Networks EMEA
think about four main phases: collect, store and secure, use, and disposal. COLLECT (only what is relevant) Every successful organisation relies on good data. But data is so prolific, the temptation is to collect it just because we can. Think about which data is critical to your business and then define the purpose for which it is collected – the legal basis. You need the individual’s consent to acquire it and it must be clear to them how you intend to use it. STORE AND SECURE (with a data value in mind) It’s important to define the data you need to collect, the purpose for which it will be used, and for how long you want to keep it. You need to know not only what data is stored, but also where and this can be tricky in a public/ private multi-cloud environment. You can outsource the practice of storage but, under GDPR, you cannot outsource your accountability for the safety of personal data managed on your behalf, so I believe assigning a notional value to your data is useful. The notional value will influence where you physically store specific datasets, and the level of security you assign to them. USE (who and what) Nowadays it’s not just who is using the data, it’s also what is using the data. Organisations are complex structures
and many departments such as customer service, billing, sales, and so on that may have legitimate reason to collect different datasets pertaining to the same individual. You need to understand the implications of the aggregation of these datasets across your own estate as well as those of any third-party suppliers. The legal basis for data use underpins access rights; who has access to it, and what each employee, or application, can do with it. As your organisation transforms, you need a process in place to migrate data responsibilities too. DISPOSAL (is it really gone?) Hitting the delete key does not necessarily erase the footprint of data from storage devices. This means additional consideration is needed when you choose to end-of-life your own servers, computers, phones, etc. When thirdparty suppliers are involved, you do not have the same degree of control and this reinforces the need to plan and manage your data environment proactively. Whilst the information lifecycle will not, in itself, make you GDPR compliant, knowing where your data is, who and what is using it (and why), and being confident it is destroyed when you and your agents erase it makes good business sense. A ‘data protection by design’ approach enables you to develop policies and processes logically, create meaningful employee education programmes, and, ultimately, protect your data more effectively. 01.2018
35
INSIGHT
CYBERSECURITY GUIDE TO 2018 By Morey Haber, VP, technology, BeyondTrust
I
t’s that time of year again when we look back at what has motivated the market for IT security solutions over the past year and think about how we can apply our learnings to do better next year. Morey Haber, VP, technology, BeyondTrust, shares top 18 IT security to help organisations plan cybersecurity strategies for 2018. CATEGORY: METHODS FOR MAJOR HACKS, BREACHES AND EXPLOITS Prediction #1 – The bigger they are, the harder they fall If we think the headlines, with news of major organisations getting breached, shocked us, we will learn that large organisations have poor cybersecurity hygiene, are not meeting regulations, and are failing to enforce the policies they developed, recommend, and enforce on others. 2018’s news will have even more high-profile names. Prediction #2 – Increase in mobile phone spam With there being more mobile phones in most countries than there are citizens in those countries, mobile phone spam will rise 10,000 percent due to automated spam and dialing ‘botnets’ that 36
01.2018
essentially render most phones unusable because they receive so many phone calls from unidentified numbers. This rise in phone spam pushes cellular carriers to start to require that end users adopt an ‘opt in’ policy so only those in their contacts can call them. Prediction #3 – Major increase in ‘gaming deleteware’ infections ‘Gaming deleteware’ infections across most major platforms will increase as botnets continuously attack gaming networks and devices such as Steam, Xbox, PlayStation, and Nintendo systems with the sole intention of rendering the machine inoperable. The malware is downloaded as an embedded game add-on, causing millions of devices to need to be replaced. Prediction #4 – The first major Apple iOS virus hits within a popular ‘free’ game As users click on the ‘ad’ to play a game for free, their iOS11 device will be compromised, leaking all data stored in the local Safari password storage vault. Prediction #5 – Continued growth in the use of ransomware and cyberextortion tools 2017 has proven the model that vulnerabilities nearly 20 years old
are being exploited in organisational networks (Verizon DBIR 2017), so the opportunity is too great and too easy for organised crime to ignore. Further, the commoditisation of these tools on the deep web opens the door to anyone who feels the risk is worth the reward. This is likely to continue until organisations get the basics right and the risk/reward balance tips, making ransomware far less appealing. Prediction #6 – More end-user targeting Penetration through unpatched servers like in the case of Equifax will happen, but hackers will continue to target end users with more sophisticated phishing and targeted malware, taking advantage of unpatched desktops where clients have far too many privileges. Again, don’t take your eyes off the end users. Prediction #7 – Biometric hacking will be front and centre Attacks and research against biometric technology in Microsoft Hello, Surface Laptops, Samsung Galaxy Note, and Apple iPhone X will be the highest prize targets for researchers and hackers. The results will prove that these new technologies are just as susceptible to compromise as touch ID sensors, passcodes, and passwords. www.tahawultech.com
Introducing Microsoft 365 Business Microsoft 365 Business Empower your team, safeguard your business, and simplify IT management with a single solution, purpose-built for your business.
Achieve more together
Anywhere it matters
Always-on security
Simplified for business
Contact our team of experts to learn more about Microsoft 365 Business and how it can help in enhancing your business productivity. SPUSHT TECHNOLOGIES LLC P.O. Box 27523 307 Clover Bay Tower, Business Bay, Dubai UAE Phone: +971 4 457 2302 • Fax: +971 4 457 2158 Email • info@spusht.com • Website • www.spusht.com
INSIGHT
Prediction #8 – Cyber recycling As we see a rise in the adoption of the latest and greatest devices, we will see devices, and now IoT, be cyber recycled. These devices, including mobile phones, won’t be destroyed however. They will be wiped, refurbished, and resold even though they are end of life (EOL). Look for geographic attacks against these devices to rise since they are out of maintenance. CATEGORY: THE BUSINESS OF CYBERSECURITY – FOCUS AND INVESTMENTS Prediction #9 – More money for security, but the basics still won’t be covered Organisations will continue to increase spending on security and new solutions, but will struggle to keep up with basic security hygiene such as patching. Hackers will continue to penetrate environments leveraging known vulnerabilities where patches have existed for quite some time. Regardless of whether it is an employee mistake, lack of resources, or operational priorities, we are sure to see this theme highlighted in the next Verizon Breach report. Prediction #10 – IAM and privilege management going hand-in-hand Identity Access Management (IAM) and privilege management adoption as a required security layer will continue. We will see more security vendors adding identity context to their product lines. Identity context in NAC and microsegmentation technologies will increase as organisations invest in technologies to minimise breach impact.
Prediction #11 – Greater cloud security investments Vendors will begin to invest more heavily to protect cloud specific deployments for customers migrating to the cloud. Supporting Docker/containers, DevOps use cases, and enforcing secure cloud configurations are some initiatives that will be driven by customers. Prediction #12 – Acceptance that ‘completely safe’ is unobtainable As 2018 progresses and more and more organisations accept that breaches are inevitable, there will be a shift towards containing the breach rather than trying to prevent it. This doesn’t mean abandoning the wall, but rather accepting that it isn’t perfect, can never be and shifting appropriate focus toward limiting the impact of the breach. Organisations will refocus on the basics of cybersecurity best practice to enable them to build effective solutions that impede hackers without impacting legitimate users. Prediction #13 – Chaos erupts as the GDPR grace period ends As organisations enter 2018 and realise the size of the task to become GDPR compliant by 25th May, there will be a lot of panic. This legislation seems poorly understood which has led to many organisations tabling it for ‘later’ and, for many, they will wait until the first prosecution is underway before they react. The EU gave over two years, after GDPR passed into law (27th April 2016), for organisations to become GDPR compliant, so there is likely to
As 2018 progresses and more and more organisations accept that breaches are inevitable there will be a shift towards containing the breach rather than trying to prevent it.
38
01.2018
sbe little tolerance for non-compliant organisations which are breached after 25th May and, more than likely, some example setting. Those who completed their GDPR compliance ahead of the deadline will be right to feel smug as they watch their competitors flail. CATEGORY: OFFENSIVE AND DEFENSIVE STRATEGIES Prediction #14 – Increased automation in cybersecurity response The size of the cybersecurity threat continues to grow through 2018, with increasing numbers of attack vectors combined with increased incidence of attacks via each vector (driven by commoditisation of attack tools) leading to massive increases in the volume of data being processed by cybersecurity teams. This demands improvement in the automation of responses in cybersecurity tools to do much of the heavy lifting, thereby freeing the cyber teams to focus both on the high-risk threats identified and in planning effectively for improvements in defences. Increased use of machine learning technologies and, from that, more positive outcomes will lead to a significant growth in this area. Prediction #15 – Richer cybersecurity vision As organisations’ needs for more comprehensive cybersecurity solutions grows, so will the need for effective integration between the vendors of those technologies. This will lead to more technology partnerships in the near-term and eventually to industrystandards for integration in the longer term. The ability for systems to work with relatively unstructured data will allow for more effective information interchange and, as a result, far richer and more rewarding views across our cyber landscapes. Prediction #16 – It is now law Governments will begin passing legislation around cybersecurity and the basic management of IoT devices required for safe and secure computing. www.tahawultech.com
VOTE NOW! 29th January 2018 Safinah Ballroom, Jumeirah Beach Hotel, Dubai, UAE
#MastersOfTech
For the first time, CPI Media Group and Tahawul Tech present the Masters of Tech Awards 2018. The Masters of Tech Awards will honour one of the most important parts of our global technology ecosystem - that of vendors and providers. CPI Media Group and Tahawul Tech have nominated the companies that they believe comprise the top 10 vendors for each category. The final decision will come down to the results of an online public vote, which is open now.
www.tahawultech.com/mastersoftech/2018/ STRATEGIC VAD PARTNER
For sponsorship enquires, please contact OFFICIAL PUBLICATION
EVENT PARTNER
Kausar Syed, Group Sales Direcror Mobile: +971 50 758 6672 HOSTED BY
INTERVIEW
FROM BUZZ TO THE BATTLEGROUND Rajat Mohanty, co-founder and CEO, Paladion, gives us a lowdown on how artificial intelligence fits into cybersecurity.
W
ill AI and machine learning shape the future of cybersecurity? AI is already shaping cybersecurity. At Paladion, we already offer AI-driven Managed Detection and Response (MDR) services. At the moment, we offer a more sophisticated AI-driven MDR service than our competitors, but we do expect, in the future, AI will become a standard offering in all cybersecurity services. However, AI will never obviate the need for a human touch in cybersecurity – at least not in the near future. AI and machine learning algorithms are good at finding answers, but humans will always be required to ask the right questions, evaluate the machineproduced answers, and ultimately decide on the appropriate response. That’s why, at Paladion, we combine AI-driven security technology with nearly 1,000 of the world’s top cybersecurity experts. Is it a good idea to automate security functions? It is neither a good idea nor a
40
01.2018
bad idea—it is necessary. The emergence of AI-driven cyberattacks has increased the size, sophistication, and velocity of threats. We now need to automate certain elements of cybersecurity to effectively process this accelerating influx of threat data. And as more cybercriminals adopt AI to upgrade their attacks, we will need to automate more of our defenses. With AI, would it be possible for enterprises to detect and respond to incidents in real-time? AI certainly brings us closer to real-time detection and response. AI dramatically improves the speed at which we can process the vast amount of threat data each organisation receives every day. No human-only team could evaluate this data fast enough to reach real-time detection and response—especially as AI-driven attacks increase the volume, speed, and complexity of these threat data. In addition, AI-driven threat anticipation helps enterprises identify and prevent their most likely attacks—before those attacks
actually occur. So, you could say AI helps provide faster-than-real-time detection and response. Can AI help companies determine what new security technologies they need to invest in? AI can help evaluate the threat landscape and determine the attacks you will most likely suffer. And AI can help evaluate your network and identify your areas of vulnerability. But there is a more general point regarding AI and cybersecurity technology investment— it’s now necessary to invest in some form of AI-driven defense. Now, most organisations can’t invest in developing their own AIdriven security. It’s too expensive to develop and manage. And there are not enough unemployed cybersecurity experts in the market to develop in-house solutions for every organisation. Partnering with a managed detection and response firm with AI-driven systems offers the easiest, most effective, and least expensive way for most organisations to bring this technology to their defense. www.tahawultech.com
Register online today www.IntersecExpo.com/R
January 21 – 23, 2018 Dubai, UAE
The leading trade fair for Security, Safety and Fire Protection. Show Highlights
7 Show Sections
33,000+ Industry Professionals 1,300+ Exhibitors 84% International Exhibitors 15 Country Pavilions 10 World’s Top Security Companies
Commercial Security Cyber / Information Security Smart Home & Building Automation Fire & Rescue Safety & Health Homeland Security & Policing Perimeter & Physical Security
www.IntersecExpo.com
INSIGHT
LOOKING AHEAD Matthew Gyde, group executive for security, Dimension Data, shares top cybersecurity predictions
T
REND 1: ‘ZERO TRUST’ SECURITY MAKES A COMEBACK In 2018, we can expect to see significant disruption in the cybersecurity industry. Organisations are spending millions and in some cases, hundreds of millions of dollars on technologies aimed at bolstering their cybersecurity posture. But to no avail. Attacks are becoming more sophisticated. Cybercriminals have as much – if not more – funds to invest in developing new attacks than the businesses they’re targeting have to spend on defence. As a result, in the year ahead we’ll see the ‘zero trust’ security model re-emerging. With this approach, the IT team adopts a mindset of ‘we don’t trust anybody’, and only by explicitly allowing users to access systems, can trust be established. It does mean that there’ll be more rigorous authentication measures in place that will require users to verify their identities through multiple layers of credentials. Enterprise systems will vigorously authenticate whether users are indeed entitled access to specific sets of data, before making them available. Some might question whether the ‘zero trust’ approach will lead to bottlenecks and delays in getting tasks accomplished. The answer is no: if you’re 42
01.2018
running a cloud-based system, the authentication and verification process will be near-instantaneous, so people’s productivity won’t be inhibited. Re-examine policy and process Organisations that revert to this model will use it as an opportunity to reexamine their cybersecurity policies and processes. This will result in a new generation of policies and processes that take into account the organisation’s on-premise infrastructure as well as the cloud services and platforms that they utilise. Companies that embrace a ‘zero trust’ model will increasingly turn to managed security services providers to augment their security monitoring and management capabilities. This will allow them to focus on deriving maximum value from their investments in security controls and resources, and ensure that they’re being applied appropriately and effectively. TREND 2: DECEPTION TECHNOLOGIES BECOME THE SECURITY ENABLERS OF THE INTERNET OF THINGS (IOT) AND OPERATING TECHNOLOGY (OT) Increasingly, we’re seeing OT enabling IoT in industries such as automotive and manufacturing. The benefits are compelling: organisations can closely monitor the status of their equipment, which results in increased
productivity, better safety, cost savings, and the ability to perform pre-emptive maintenance. A new frontier of cybercriminal enablement However, this is also ushering in a new element of risk because the sensors attached to OT devices are enabling a new breed of cyber-attack. In the last year, the industry has been exploring ways to defend against them, but it’s not easy: Most manufacturers aren’t considering security in the development phase of their products. And sensors are typically light-weight devices with minimal storage capacity, which makes embedding encryption chips into them unfeasible. In 2018, I foresee deception technologies playing a significant role in ensuring that security is maintained across the supervisory control and data acquisition (SCADA) control system architecture, operational technologies, and wider IoT infrastructure. Many cyber-attacks begin when cybercriminals successfully penetrate an organisation’s perimeter firewall. Once they’ve accessed the network, they start moving laterally, searching for user identities, which will allow them to take control of different devices. Often, they go undetected for months, stealing confidential data and intellectual property. www.tahawultech.com
INSIGHT
Deception technologies introduce thousands of fake credentials onto an organisation’s network, which makes it mathematically impossible for cybercriminals to gain access to a legitimate set of user identities. And, once a cybercriminal has used a fake credential that’s been generated by the deception technologies, the security operations team will receive an alert that an unauthorised user is lurking on the network. They can then immediately initiate incident response. TREND 3: BEHAVIOURAL ANALYTICS AND ARTIFICIAL INTELLIGENCE DEMAND A RELOOK AT IDENTITY In the last year, we’ve seen more organisations exploit the power of artificial intelligence and machine learning to bolster their cybersecurity defences. However, until now they’ve faced limitations: the machine programmer must still provide the machine with algorithms that instruct it about what types of malicious software or activity to search for. In 2018, we’ll see this change, thanks to a technique known as ‘deep learning’. With deep learning, rather than providing the algorithms to the machine, you can enable it to learn itself. In the next 12 months we’ll see deep learning enabling us to take behavioural analytics to a new level. Machines will start undertaking highly granular analyses of users’ activities. By analysing user behaviour over a period of time, machines will be able to predict whether or not the person attempting to access my data or applications, is indeed the right one.
This provides organisations with an additional layer of defence over and above standard authentication methods. In 2018 I expect to see more security vendors starting to integrate artificial intelligence into their products to improve their ability to detect cyber threats in this manner. TREND 4: ROBO-HUNTERS ARE THE NEW NORM Most cybersecurity experts agree that it’s critical to have access to threat intelligence about the latest types of attacks and tactics. However, intelligence alone isn’t enough. Organisations must proactively ‘hunt down the enemy’. In 2018, we’ll start seeing machines entering the enterprise the kind that my colleague, Mark Thomas, Dimension Data’s Group Cybersecurity Strategist ─ has dubbed ‘robo-hunters’. Automated threat-seekers Essentially, robo-hunters are automated threat-seekers that can make decisions on behalf of humans. Enabled by AI, they continuously scan an organisation’s environment for any changes that might indicate a potential threat. They learn from what they discover and then take appropriate action, for example by isolating a bad packet or compromised device. I believe that the rise of robo-hunters will enable more businesses to move from a proactive to a predictive security posture. Those organisations that are leading the charge are starting to look at ways to automate threat hunting cycles and are conducting retrospective
In the next 12 months we’ll see deep learning enabling us to take behavioural analytics to a new level.
www.tahawultech.com
analysis to identify patterns in historical incursions. TREND 5: BLOCKCHAIN IS THE DISRUPTOR The opportunities and applications of Blockchain in the world of cybersecurity are only just emerging. Blockchain allows a digital ledger of transactions to be created and shared among participants via a distributed network of computers. The system is highly accessible and transparent to all participants all transactions are publicly visible. This means it’s possible for businesses to make Blockchain ‘corporately visible’ within their organisation so that they can see every transaction that takes place between one individual and another, one piece of data and another, or one machine and another. This enables companies to build up a comprehensive history of every transaction that occurs. The implementer of ‘zero trust’ In the scenarios I’ve mentioned, the Blockchain will isolate the connection and give the user restricted access until the transactions have been expressly sanctioned by system administrators or the IT security team. So essentially Blockchain will become the implementer of the ‘zero trust’ policy I mentioned earlier. There are other use cases for Blockchain in the realm of cybersecurity that I believe will emerge in the year ahead. It’s already being used in public key infrastructure (PKI). PKI is cryptography that’s used to secure emails, websites, and messaging applications. Most traditional PKI implementations rely on centralised certificate authorities to generate and store keys, which renders them susceptible to attacks from hackers. Blockchain-based implementations of PKI remove the central certificate authorities completely and make use of a distributed ledger of domains and their related public keys. This is an inherently more secure approach as there’s no central database to attack. 01.2018
43
PRODUCTS
Brand: Honeywell Product: Sensepoint XRL
Brand: Johnson Controls Product: Kantech KT-1
Kantech KT-1 is a single door controller with embedded simplified access control software for one door systems. KT-1 Standalone is the ideal choice for a cost-effective, easyto-use, single-door application. What you should know: With KT-1’s new Standalone Mode, using a dedicated web browser, the KT-1 Ethernetready single door controller can be controlled and managed via simple and intuitive web based software. EntraPass software is not required. This makes the KT-1 a viable option for small businesses and individuals with basic access control needs such as being able to assign card access and run reports. With a simplified and quick installation and no software required, KT-1 Standalone is appealing to a base beyond the traditional access control installer. No additional training is required because there is no software system to learn or special certification needed. The wizard-based platform walks installers through the process in minutes.
www.tahawultech.com
The new Sensepoint XRL fixed gas detector monitors industrial operations for specific hazardous gases, such as carbon monoxide or methane. Unlike other fixed gas detectors, Sensepoint XRL is Bluetooth-enabled, meaning it can be set up and maintained remotely using a smartphone app. What you should know: When paired with an intrinsically safe smartphone available from Honeywell, a single worker can perform many standard maintenance tasks, including set-up, commissioning, and calibration wirelessly from up to 33 feet away. Sensepoint XRL
and the app can also quickly produce system reports necessary for safety and environmental regulatory compliance. Sensepoint XRL is certified for explosive area applications, and is suitable for wastewater, utilities, power generation, laboratories, and downstream oil and gas operations and applications ranging from laboratories to boiler rooms, and from fuel stations to warehouses.
Brand: Hikvision Product: Turbo HD 4.0
The new Turbo HD 4.0 range boasts ultralow light performance and the ability to send power as well as 8MP video images over conventional coaxial cable. The latest-generation Turbo HD 4.0 products also take advantage of Hikvision’s new H.265+ video compression technology, which provides astounding savings on both bandwidth usage and storage requirements. What you should know: The first Turbo HD 4.0 products to hit the market include 8MP box and varifocal bullet cameras, and DVRs with 4K UHD
HDMI outputs. The 8MP cameras offer the highest resolution ever available in an analog surveillance system. Models equipped with Hikvision-patented Power over Coax 2.0 (PoC) capabilities also allow users to transmit both UHD video and power over the same coaxial cable, for faster, simpler and less expensive installations using existing infrastructure. As with previous Hikvision Turbo ranges, IP, analog, Turbo HD, and third-party AHD cameras are all supported, providing a flexible upgrade path. 01.2018
45
BLOG
THE 2018 CYBERSECURITY LANDSCAPE By Alastair Paterson, CEO and co-founder, Digital Shadows
E
very year around this time all the security businesses and analysts leap for their crystal ball and attempt to predict what we should be worrying about in the coming 12 months or more. And the sad reality is that not a lot will change as there is not much need for the cybercriminal community to do anything different – it’s already working well now! The cybercriminal community is all about profit and that means they continue to utilise the same sorts of tactics if they continue to gain the results they are after – mainly money! That said though, how will the threat landscape look like over the next 12 months? Supply chain and third-party attacks have been a common feature in 2017 and will continue to be a fruitful attack method for cybercriminals in the next year. These tend to be highly focused operations with predetermined targets of interest, rather than cases of mass, indiscriminate targeting. Nevertheless, the Oracle MICROS breach that affected its point of sale customers and NotPetya campaign were outliers in this regard. This is probably 46
01.2018
due to the differing motives of these campaigns: supply chain attacks are often done for intelligence gathering and reconnaissance purposes, whereas the MICROS and NotPetya attacks were financial or disruptive, so the emphasis would have been on widening the number of targets for maximum effect. Suppliers and third parties are often seen as easier entry points for attackers, especially as many do not have adequate security maturity levels. Moreover, suppliers are often given unnecessary wholesale access to company networks, which is why they are targeted in the first place. Wormable malware - Some of the biggest cyber incidents in 2017 revolved around the issue of self-replicating malware that can spread between networks. WannaCry and NotPetya were examples of this. We’ve also seen the Bad rabbit ransomware that reportedly spreads via a combination of Windows Management Instrumentation (WMI) and Server Message Block (SMB) protocol, and a wormable Trickbot banking trojan was also reported in Jul 2017. I expect malware modified with self-replicating capabilities to continue in 2018, particularly given the disruption caused by WannaCry and
NotPetya inspiring similar attacks. Another driver for this is that many organisations around the world will be slow to mitigate against these methods, whether by applying appropriate patches and updates, restricting communication between workstations, and disabling features such as SMB to reduce the capability of malware to propagate within organisation networks. The bar for cyber-attacks keeps getting lower. The availability of leaked tools from the NSA and HackingTeam, coupled with ‘how to’ manuals, means that threat actors will have access to powerful tools that they can iterate from and leverage to aggressively accomplish their goals. But whatever happens in 2018 and beyond, what is clear is that cybercrime will continue to be a problem and present governments, businesses and individuals with challenges to protect their data and their intellectual property. It is therefore critical that you take steps to manage your digital footprint and manage the digital risk you present to the World via your business activities in the Internet and via cloud solutions. That way, when something bad does happen, you will know quickly and can deal with it more effectively. www.tahawultech.com
Seize the Digital Business Opportunity Join the most influential gathering of CIOs, Senior IT Executives and Business Leaders from the GCC and MENA regions.
As the GCC and MENA regions enter a new era of government and business transformation, ‘digital-first’ has become the new mantra. Gartner Symposium/ITxpo 2018 in Dubai focuses on the leadership, organizational, cultural, business and technology challenges aligned to regional transformation programs, visions and initiatives.
5-7 March, 2018 / Dubai, UAE
Drawing on research and insights from the world’s leading technology research firm, this is your opportunity to validate, enhance and scale your strategies for digital business and growth. Join us in March 2018 and position your organization at the pinnacle of global competitiveness!
gartner.com/me/symposium +971 4 559 2406