ISSUE 27 | MAY 2018 www.tahawultech.com
GDPR: ARE YOU READY? HOW THE NEW DATA PROTECTION LAW WILL IMPACT MIDDLE EAST FIRMS
Cryptocurrency regulation
Social engineering
GISEC 2018
CYBER EXPOSURE PARTNER
FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015)
CONTENTS
The Cyber Exposure Company
Publishing Director Natasha Pendleton natasha.pendleton@cpimediagroup.com +971 4 440 9139 EDITORIAL Managing Editor Michael Jabri-Pickett mjp@cpimediagroup.com +971 4 440 9158 Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135 Contributing Editors James Dartnell james.dartnell@cpimediagroup.com +971 4 440 9153 Janees Reghelini janees.reghelini@cpimediagroup.com +971 4 440 9167 Glesni Holland glesni.holland@cpimediagroup.com +971 4 440 9134 DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 440 9140 Designer Mhar Delaben marlou.delaben@cpimediagroup.com +971 4 440 9156
06 GDPR: ARE YOU
ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9130 Senior Sales Manager Sabita Miranda sabita.miranda@cpimediagroup.com +971 4 440 9128 Sales Manager Nasir Bazaz nasir.bazaz@cpimediagroup.com +971 4 440 9147
READY?
Business Development Manager Youssef Hariz youssef.hariz@cpimediagroup.com +971 4 440 9111
How the new data protection law impact organisations in the Middle East
PRODUCTION Operations Manager Shweta Santosh shweta.santosh@cpimediagroup.com +971 4 440 9107 DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh Photographer Charls Thomas Maksym Poriechkin webmaster@cpimediagroup.com +971 4 440 9100
10
Published by
Registered at Dubai Production City, DCCA PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Al Ghurair Printing and Publishing Regional partner of
© Copyright 2018 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.
DON’T BE THE WEAKEST LINK Technology is not enough to keep an organisation cyber secure
16
20
HEALTH DATA IS WEALTH Why healthcare firms need a security health check A DEEP DIVE INTO RANSOMWARE Secureworks’ Ian Bancroft investigates the growing ransomware industry
25
SECURING THE
DIGITAL AGE Expert insights on what organisations can expect from the evolving threat landscape
34
SECURE CONNECTIONS Five ways to secure wireless routers
38
RESHAPING CYBERSECURITY Are deception technologies, AI and robo-hunters the future of enterprise security?
NEWS
SAUDI ARABIA BLOCKS OVER 1.6M MALICIOUS FILES IN THE LAST YEAR Saudi Arabia’s education sector was most affected by malware, followed by government, and telecommunications during 2017, according to a study. Trend Micro, in its latest findings, also noted that healthcare, manufacturing, and oil & gas sectors are also among those impacted by malware. Furthermore, of the 1.7 billion known ransomware threats globally in 2017, the Kingdom accounted for 0.55 percent. Trend Micro is keen to highlight the importance of a layered approach to cybersecurity for KSA businesses, even as the security vendor predicts significant rise in threats in the Kingdom in 2018. In Q4 of 2017, Trend Micro blocked over 310,000 malicious URLs being accessed by the country’s Internet users, while in the same period the number of malware files that were blocked in Saudi Arabia stood at 1.6 million. Also, in Q4, the number of email threats blocked via sender IP in Saudi Arabia stood at over 93.5 million. “Looking at these numbers, it is clear that KSA is a target for cybercriminals and companies and government entities must take cybersecurity seriously, or the consequences will be devastating. These criminals are organised and well informed, and they will exploit any vulnerabilities. Trend Micro with its next generation of machine learning cyber security solution is ideally placed to help provide a much-needed layered approach to cyber security to KSA businesses who are looking to maintain their competitiveness at a global level,” said Dr. Moataz Bin Ali, VP and Managing Director for Trend Micro for Middle East and North Africa.
4
05.2018
UP TO 87 MILLION USERS EXPOSED IN DATA SCANDAL, SAYS FACEBOOK
Mark Zuckerberg
Facebook said on Wednesday the personal data of up to 87 million users was improperly shared with British political consultancy Cambridge Analytica,
Reuters reported. The numbers are up from the previously reported 50 million user data Chief executive Mark Zuckerberg said he accepted blame for the data leak, which has angered users, advertisers and
lawmakers, while defending his leadership at the world’s largest social network. He said he had not fired anyone over the scandal and did not plan to. “I’m not looking to throw anyone else under the bus for mistakes that we made here,” he said. Facebook first acknowledged last month that personal information about millions of users wrongly ended up in the hands of Cambridge Analytica. Zuckerberg has since appeared before a joint hearing of the US Senate Judiciary and Commerce Committee and the US House Energy and Commerce Committee where he was asked to explain the incident and if he was open to supporting a legislation focused on regulating social media firms.
OMAN IT AUTHORITY BOOSTS CYBERSECURITY READINESS IN OIL AND GAS SECTOR
The Information Technology Authority (ITA), represented by the Arab Regional Cybersecurity Centre of ITU has signed a partnership agreement with the Oman Oil Company (OOC) to provide the company and its subsidiaries with cybersecurity services. The partnership was signed by Eng Bader Ali Al Salehi, head of the Arab regional cybersecurity centre and the DG of Oman National CERT at ITA; and Saleh bin Abdullah Al Musalhi, directorgeneral of Human Capital, ICT and
Supply Chain at OOC. The training programmes will include a number of technical and specialised topics in the field of cybersecurity, such as risk assessment and detection of vulnerabilities, which will contribute in protecting organisations from attacks that may occur as a result of these vulnerabilities or reduce the impact of risks, in case they occur; additionally, the services also include cybersecurity assessments and cyber threat and risk notifications
$1 trillion
forecasted global cybersecurity spending by 2021 Source: Gartner
www.tahawultech.com
NEWS
“DON’T MESS WITH OUR ELECTIONS”: HACKERS WARN IRAN Hackers have reportedly launched a cyberattack that disrupted Internet service in Iran late Friday, according to Reuters. The attack has disrupted data centres in Iran and has reportedly been launched in multiple countries as well. The hackers have left the image of a US flag on screens along with a warning: “Don’t mess with our elections”, the Iranian IT ministry said on Saturday. “The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country,” the Communication and Information Technology Ministry said in a statement carried by Iran’s official news agency IRNA. The statement said the attack, which hit Internet service providers and cut off web access for subscribers, was made possible by a vulnerability in routers from Cisco which had earlier issued a warning and provided a patch that some firms had failed to install over the Iranian new year holiday. A blog post by Cisco’s Talos security
unit says the cyber-attacks are exploiting what Cisco officials are calling a “protocol misuse” situation in Cisco’s Smart Install Client, which is designed to enable the notouch installation and deployment of new Cisco hardware, in particular Cisco switches. Attackers have targeted a protocol issue with the Cisco Smart Install Client. If a user does not configure or turn off the Cisco Smart Install, it will hang out in the background waiting for commands on what to do. “As a result, we are taking an active stance, and are urging customers, again, of the elevated risk and available remediation paths.” Cisco said those postings were a tool to help clients identify weaknesses and repel a cyber-attack. Iran’s IT Minister Mohammad Javad Azari-Jahromi said the attack mainly affected Europe, India and the United States. Hadi Sajadi, deputy head of the staterun Information Technology Organisation of Iran, said the attack was neutralised within hours and no data was lost.
UAE’S ETISALAT, GLOBAL TELCOS FORM CYBERSECURITY ALLIANCE
UAE’s Etisalat have partnered with a number of global telcos to create the first Global Telco Security Alliance. Etisalat have signed the agreement with Singtel, SoftBank and Telefónica have signed an agreement to offer enterprises a comprehensive portfolio of cybersecurity services. The alliance will be one of the world’s biggest cyber security providers, with more than 1.2 billion customers in over 60 countries across Asia Pacific, Europe, the Middle East and the America, according to reports. www.tahawultech.com
The group of telcos aims to combine their resources and capabilities to help protect enterprises against the rising cyber security risks as the information security environment becomes increasingly complex. The group’s members operate 22 world-class Security Operation Centres (SOCs) and employ more than 6,000 cybersecurity experts. To expand their global footprint, the alliance is open to bringing in new members over time. Under the agreement, the group will share network intelligence on cyber threats and leverage their joint global reach, assets and cyber security capabilities to serve customers worldwide. Leveraging each member’s respective geographic footprint and expertise, the alliance is able to support each other’s customers anywhere and anytime, allowing them to respond rapidly to any cyber security threats.
FOUR BILLION PEOPLE WILL BE AT RISK TO CYBERATTACKS BY 2020 The annual cost of damages caused by cybercrimes is expected to reach $6 trillion by 2021, according to a recent industry report. Studies have also revealed that the number of people at risk to cyber threats is poised to reach about four billion by 2020 as a result of the rapid evolution of online piracy and other cyber-attack techniques. As a result, cybersecurity spending is expected to exceed $1 trillion between 2017 and 2021, and the number of unfilled cybersecurity jobs is set to more than triple, with a projected increase to 3.25 million by 2021. The Emirates Institute for Banking and Financial Studies (EIBFS), a regional banking and finance education and training firm, has recently hosted a cybersecurity conference for finance professionals in the UAE. The event gathered local and global consultants to examine the challenges of cyber-attacks and explored ways for financial institutions to build effective and comprehensive security strategies to combat real and potential threats. More than 30 mid- to seniorlevel professionals representing key areas of the UAE banking and financial services sector, including operations, risk management, quality audit and IT, attended the conference. The experts discussed the cyber threat landscape in the region, shared best practices for protecting the region’s banking and financial IT infrastructure, and suggested solutions to the challenges cybercrime presents.
05.2018
5
FEATURE
GDPR:
Are you ready? On 25th May the General Data Protection Regulation is set to kick in and while European businesses are the primary target of this new law, its impact will be felt by organisations in regions outside the EU bloc. Are Middle East firms ready for GDPR?
D
ata has become one of the most valuable assets of businesses of all sizes, which makes data protection now more important than ever. Over the last two decades, the way we generate and handle data have changed dramatically. Subsequently,
we have also seen cyber breaches make headlines left, right and centre across the globe. Among the latest incidents that came to light is the Facebook data breach, which exposed the information of over 87 million users. The implementation of GDPR, according to regulators, is vital to
If you operate a website that takes online orders from EU residents; ship goods to EU countries for either your firm or as a third-party organisation; or operate a service that processes information of EU customers – GDPR applies to you. - Brian Chappell, BeyondTrust
6 05.2018
protect consumers in an era of huge cyber-attacks and data leaks. It also aims to strengthen the control that individuals have over their data and to improve transparency about how that data is processed. It also seeks to facilitate business by simplifying rules for companies in the digital single market. GDPR replaces the current EU Data Protection Directive, 95/46/EC, which every EU country has implemented at country level. As a regulation, it will automatically apply to every EU member state from the effective date. However, the new regulation will not only affect companies within the EU, its impact will also be felt by businesses in other regions including the Middle East. Non-compliance could cost organisations penalties upwards of $24 million (EUR 20 million) or four percent of the firm’s yearly revenue worldwide, whichever is higher. Brian Chappell, senior director, Enterprise and Solution Architecture, www.tahawultech.com
FEATURE
BeyondTrust, explains that GDPR applies to any organisation that collects and/or processes data of EU residents irrespective of purpose and location. “It affects organisations all over the world,” says Chappell. “If you operate a website that takes online orders from EU residents; ship goods to EU countries for either your firm or as a third-party organisation; or operate a service that processes information of EU customers – GDPR applies to you.” GDPR is also designed to protect the owners of data as it requires organisations to demonstrate that they have proper controls over processing and securing information including how it used, stored, updated, accessed, transferred and deleted. “It positions data protection and security as something that’s done by design and default,” adds Chappell. “Security cannot remain an add-on or an afterthought.” However, with the deadline fast approaching, many organisations including those in the Middle East are yet to begin the processes to comply with GDPR, risk lagging behind and potentially facing hefty penalties. A NetApp study revealed that only 35 percent surveyed EMEA firms are confident that they know where all their data are stored, which is quite alarming. Fadi Kanafani, regional director, Middle East and Africa, NetApp, explains, “The level of awareness on the implications of the GDPR deadline is relatively low in the region and that could be the major reason behind the slow pace of activities aimed at ensuring compliance.” In addition, while there are plenty of literature on GDPR available through the Internet and even from reputed sources, these are www.tahawultech.com
WHAT IT AND SECURITY LEADERS NEED TO KEEP IN MIND ABOUT GDPR “Considering how data breaches have become a commonplace today, it is imperative for organisations to invest in implementing a robust data life cycle management framework. Building awareness among employees on how to use data internally and to implement stronger data usage practices are also vital. The need today is not only to create internal awareness but to institutionalise data security practices as a culture within the organisation.” Anoop Ravindra, IT GRC Practice Head, Provise GRC Lab, Middle East “GDPR aside, the recent incident with Facebook and Cambridge Analytica are highlighting the need for stronger data protection, both in terms of technology and procedure. How vulneratable an organisation is to these incidents will depend largely on their business as some are more data intensive than others. Businesses should assess and update their data protection strategies as often as their resources allow. However, a quarterly review of would be appropriate for most organisations. If a firm has any doubt as to the application of the regulation to them, they should seek an opinion from a data protection expert. Patrick Grillo, senior director, Solutions Marketing, Fortinet “The biggest issue that IT and security heads need to focus on is mapping out how their business operates. Under regulations like GDPR, it is not enough to evade breaches (by luck or by skill); rather, GDPR requires you to demonstrate that you take customer privacy seriously in every aspect of your business process. To demonstrate this, you must be able to map out your whole business – people, processes, and technology. The requirement for transparency means you must first map out your business. Mike Lloyd, CTO, RedSeal
oftentimes incomplete. Dr. Angelika Eksteen, chief strategic officer, Help AG, says this results to Middle East organisations being woefully unaware and, therefore, ill-prepared for GDPR.” Dr. Eksteen notes, that more than the financial penalties, a company’s non-compliance could also hinder any plans of establishing partnerships with EU-based firms, once GDPR is fully enforced. “People affected
by any future data breach will be entitled to sue the company which failed to protect their data,” she says. “Therefore, many organisations will be highly selective of the partners they work with whether it be in the Middle East or in other parts of the world.”
Next steps for Middle East organisations Compliance might appear a daunting 05.2018 7
FEATURE
task for organisations, but it is not too late to begin to get ready. There is still time to put in place an action plan and timeline for developing and implementing a GDPR compliance programme; including the changes needed to practices, key documents, processes and procedures. “Organisations will need to assess their current level of compliance, fortify their systems and roll out the infrastructure,” says Khanafani from NetApp. “Companies in the UAE do not shy away from investing in robust IT infrastructure and that will be an advantage in navigating this challenge.” GDPR should be driven in a topdown approach, according to Austin Kuruvilla, senior GDPR consultant, Paladion. “The new regulation supplements existing measures in the Middle East that many corporates in the region adopt as a matter of good practice or to comply with local regimes, such as the DIFC Data Protection Law, Abu Dhabi Global Market’s Data Protection Regulations and the Qatar Personal Privacy Protection Law. “Organisations should look at GDPR as an opportunity to put in place data security practices, strategies and policies to enhance security,” he adds.
People affected by any future data breach will be entitled to sue the company which failed to protect their data. - Dr. Angelika Eksteen, Help AG
With GDPR’s wide-ranging scope and impact, it is vital for organisations to implement a holistic plan and go beyond conventional security measures. “Email security is one of the biggest threat vectors for any organisation,” says Bian Pinnock, regional manager, Sales Engineering, Mimecast MEA. “By its very nature, emails contain personal data and are especially vulnerable to cybercriminal exploits. However, GDPR compliance requirements extend well beyond email-centric security and operations and involve privacy and governance processes wherever personal data is stored or processed such
Organisations should look at GDPR as an opportunity to put in place data security practices, strategies and policies to enhance security. - Austin Kuruvilla, Paladion
8
05.2018
as databases, CRM systems, ERP platforms. Email security and management is only part of the story and all organisations need to consider this when reviewing their current systems and processes.” Harish Chib, vice president, Sophos MEA, says that like all security and compliance measures, the best way to prepare for GDPR is to understand its potential risk exposure. “For the many organisations that must comply with the new legislation, they should plan a solid data protection strategy that guards against loss of data whether through malicious or accidental method,” he explains. “Securing against these threats is a great place to begin. We recommend these three steps to achieve this: stop the causes of data loss – implement solutions against malware and ensure the security of data residing in various devices; stop threats at the door – implement multi-layered security strategies, and reduce human error – encrypt individual files and reduce access to sensitive files.” Much like technology, data security is evolving and today’s businesses should continuously innovate to adapt. Following GDPR will also enable organisations better understand the value of their data and more importantly cultivate customer trust. www.tahawultech.com
REDEFINING technology transformation
+971 4 440 9100
@TahawulTech
info@cpimediagroup.com
www.tahawultech.com
facebook.com/tahawultech
twitter.com/tahawultech
linkedin.com/in/tahawultech
FEATURE
Don’t be the weakest link Technology is not enough to keep an organisation cyber secure. Business leaders should also consider the human element as even the most tech-savvy professional can fall victim to a social engineering attack.
10
05.2018
www.tahawultech.com
FEATURE
T
he Stuxnet worm, which infected multiple Iranian computer systems from 2010 onwards, is thought to have arrived at its key target – a nuclear plant – on an infected USB device. A 500kb digital spanner in the works, Stuxnet caused scores of centrifuges at the Natanz facility to run abnormally and to fail, hampering nuclearenrichment efforts. So significant was the attack that it inspired a book, Countdown to Zero Day: Stuxnet and the launch of the world’s first digital weapon. Although the book calls Stuxnet the world’s first digital weapon, no one would describe it as the last. It is part of the wider phenomenon of social engineering, a type of information security attack that takes advantage of a mistake by an individual to circumvent security safeguards. While some attacks, like Stuxnet, find their way in through an infectious USB stick, others begin when an employee opens unsolicited emails containing links or downloads that insert malware. The scale of the problems social engineering causes is daunting. Reports citing the United States’ Federal Bureau of Investigation indicate that globally between October 2013 and December 2016 there were more than 40,000 email account compromises (when a legitimate email account is taken over in order to send messages) and business email compromises (when attackers use an identity familiar to the victim to get data or money). These 40,000-plus attacks cost businesses more than $5 billion. So, although computer systems and threats evolve, social engineering, a malign presence since the 1990s (and dating back centuries if non-computer forms are included), shows no signs of disappearing. “As the platforms change, people don’t,” says John Clark, professor of computer and information security at The University of Sheffield in the United Kingdom. www.tahawultech.com
Today, more and more attacks are targeted. The reason for that is simple: these attacks are much more successful i.e. result in a higher yield. - Dr Markus Jakobsson, Agari
According to Dr Markus Jakobsson, chief scientist of Agari, a Californiaheadquartered email security provider, today “more and more attacks are targeted”. “The reason for that is simple: these attacks are much more successful i.e. result in a higher yield,” he says. Among such targeted attacks, Jakobsson says identity deception is always part of the strategy used by attackers. But the form that such deception takes has changed “rather dramatically” recently. “Just about a year ago, 48 percent of all targeted attacks used spoofing, which is when an attacker inserts fake mail in a corrupted mail server. These emails look perfect to the recipient,” he explains. By scrutinising headers, security systems can detect this type of abuse using an open standard called Domainbased Message Authentication, Reporting and Conformance (DMARC). “Because the roll-out of DMARC has been so successful, attackers have abandoned this method in droves, with only six per cent of all targeted attacks using spoofing these days,” says Jakobsson. Instead of spoofing, Jakobsson says the new favourite method among attackers is “deceptive display names”. Such attacks involve an attacker creating a free webmail account, such as gmail or hotmail, with a deceptive
display name, such as that of someone the recipient knows. Just over fourfifths of targeted attacks today use this method, according to Jakobsson. While DMARC is not effective against such attacks, there are security controls that Agari and its competitor companies produce that can detect deceptive display names. “This, of course, will put pressure on the attackers, and the $64,000 question is, of course, ‘Where will they go next?’” adds Jakobsson. Another trend has been the growth in account take-over attacks (ATOs), which have increased in frequency by 300 per cent in recent months. “In these attacks, a user’s account is taken over – most commonly, phished – and then used by the criminals,” explains Jakobsson. “Cunning criminals use these corrupted accounts to target people [who] the ‘launchpad’ user knows, which they can tell based on the email history and the contact list of the corrupted account. “An email from a corrupted account, of course, is terrifying: traditional security controls have no chance against these attacks and most users do not realize it either, especially when the social engineering part of this last step of the attacks is smooth and convincing.” So with security controls sometimes able to do nothing, institutions must 05.2018
11
FEATURE
rely on the alertness of their employees to prevent attacks. But, according to researchers, one reason why organisations still fall victim as often as they do is that they are not spending enough time and money training staff to be aware of them. “Like many things around security, publicity and recognition of the problem doesn’t necessarily lead to action,” says Steve Furnell, a professor of information security at Plymouth University in the United Kingdom and editor-in-chief of the journal Information and Computer Security. “The most prevalent form of social engineering is phishing, but how many organisations actively promote related awareness raising or conduct practical vulnerability assessments with mock phishing tests? Relatively few.” Organisations like dealing with security problems that can be tackled by deploying technology, says Furnell, but it is human interventions that are most effective against social engineering attacks. A recent EY Global Information Security Survey found that the top area of vulnerability was “careless or unaware employees”, but Furnell says efforts to address this “appear to be continually lacking”. This has been a long-standing concern. A decade ago, Furness coauthored a white paper about social engineering for the European Network and Information Security Agency, but
The most prevalent form of social engineering is phishing, but how many organisations actively promote related awareness raising or conduct practical vulnerability assessments with mock phishing tests? Relatively few. - Steve Furnell, Plymouth University
he says that many of the issues around lack of awareness that this highlighted remain true today. “Most people are not naturally attuned to the threats they face and so without support, they will continue to represent a directly exploitable area of vulnerability,” he adds. While the ability of fraudsters to trick people through social engineering appears not to have changed, even if attack methods have evolved, today’s increasingly connected world could be creating new vulnerabilities. As Clark says, we are less used to seeing social engineering attacks that directly affect the likes of manufacturing or engineering-oriented services, but this is likely to change.
We are less used to seeing social engineering attacks that directly affect the likes of manufacturing or engineering-oriented services, but this is likely to change. - John Clark, The University of Sheffield
12
05.2018
There was, of course, the 2010 attack that affected the Iranian nuclear facility. Another example was a 2014 incident that affected a German steel mill. This was a “spear phishing” attack: an email arrived that appeared to have been sent from an account familiar to the plant, but which in fact contained malware. It made its way from the office software network to the production management software, allowing it to take charge of the control systems, affecting, for example, a blast furnace and causing significant damage. “Anyone in a doctors’ surgery or steel plant can contract malware to their local system,” says Clark. “If you ask the question, ‘What’s the damage that can be done?,’ up to now it’s denial of service or disrupted data. “If the recipient of an email or whatever resides in a process plant, it’s feasible the damage could be physical. We’re now seeing the advent of the cyber-physical system.” As a result, Clark says the consequences of attacks could today be much more serious, with state-orchestrated cyber attacks likely to use these methods. “The shift will be from the compromising of data to compromising of physical machinery and what’s around it. It raises not only security concerns, but safety concerns,” says Clark. It perhaps emphasis that training staff to be wise to the risk of social engineering attacks is going to become ever more important. www.tahawultech.com
FEATURE
The crypto conundrum Cryptocurrencies are here to stay, making the conversation to regulate them more important than ever.
O
ne place in the world that does not lack enthusiasm for cryptocurrencies is Dubai: the emirate is home to a string of initiatives linked to the blockchain-based virtual currencies. Among them is a Shariah-compliant cryptocurrency called Habibi Coin that was launched by an entrepreneur based in the emirate, complementing Dubai’s BitOasis cryptocurrency exchange. There have also been multiple www.tahawultech.com
05.2018
13
FEATURE
government initiatives. In late 2017, for example, the government of Dubai announced that it was creating emCash, an encrypted digital currency described as the first state-issued cryptocurrency and designed to be used to pay for services. Not long after, it was revealed that blockchain would form the basis of 20 Dubai government services in areas ranging from roads and transport to health. Indeed Dubai has reportedly set the target that by 2020 all government transactions should be based around blockchain technology. And most recently there has been the unveiling of the Dubai Art Cryptocurrency, with cryptocurrency instead of cash used to manage art collections through the Dubai ArtBank. While Dubai has taken to cryptocurrencies in a big way, some other parts of the Middle East – and many other nations further afield – have taken a very different approach. In April, reports said that Iran, for example, had banned its banks and other financial institutions from using cryptocurrencies. “All cryptocurrencies have the capacity to be turned into a means for money-laundering and financing terrorism and in general can be turned into a means for transferring criminals’ money,” the Central Bank of Iran said in
a statement quoted by media. The approaches of Dubai and Iran are at opposite ends of a spectrum and countries adopting all positions in between can be found. “Currently the cryptocurrency regulation is in the emerging stage. It’s a debate: how they should be regulated, whether they should be or not,” says Dr Larisa Yarovaya, who researches cryptocurrencies at Anglia Ruskin University in the United Kingdom. “It’s a new financial instrument. Whether it’s a financial asset and which government area has to take responsibility – these [questions] increase
The lack of a coherent vision of the future is the reason why cryptocurrencies seem to be operating on the fringe, and it calls for a concerted effort by authorities and the public and private sector to define the future. - Amir Kanaan, Kaspersky Lab
14
05.2018
the complexity of how the cryptocurrency markets should be regulated. Because of this complexity, different governments have different approaches.” One current theme is the move by many nations towards tougher controls or at least the introduction of measures to deal with a phenomenon that largely lies outside of current regulatory regimes. Indeed one account has suggested that “2018 is destined to become the year of regulatory reckoning”. The United States’ Securities and Exchange Commission is among the numerous institutions to have indicated that stricter rules need to be introduced. China is now taking a very tough line, India is becoming less cryptocurrency friendly, and the European Union is likely to bring in new rules, although mixed signals have been given. By contrast, Switzerland has remained resolutely cryptocurrencyfriendly, while Venezuela has launched its own cryptocurrency, although the headline to one Washington Post opinion piece described this as “one of the worst investments ever”. The best-known cryptocurrency and the one with the highest market capitalisation is, of course, bitcoin, which was launched in early 2009 and grabbed headlines last year thanks to its dramatic increase in value. Illustrating how cryptocurrencies www.tahawultech.com
FEATURE
in general work, it operates through a shared public ledger or blockchain that records all transfer between bitcoin wallets. A private key signs transactions and confirms they come from the owner’s wallet, and once signed records cannot be altered. If an attempt to steal a coin was made, alerts would go up in the computers that store the ledger. Bitcoin is the biggest player in an increasingly crowded market that now boasts more than 1,500 cryptocurrencies, several dozen of which have market capitalisations of more than $1 billion. The large numbers of cryptocurrencies and dramatic fluctuations in market capitalisation have sparked concern that valuing them is becoming increasingly difficult. While the market remains volatile, Amir Kanaan, Kaspersky Lab’s managing director for the Middle East, Turkey and Africa, notes that some predictions suggest that cryptocurrencies are on track to replace traditional payment methods by 2030. “A new asset class naturally calls for new understanding, new modes of transaction, and new regulation,” he says. “The lack of a coherent vision of the future is the reason why cryptocurrencies seem to be operating on the fringe, and it calls for a concerted effort by authorities and the public and private sector to define the future.” One of the key concerns surrounding cryptocurrencies is, of course, criminal activity, with one estimate quoted by the American Enterprise Institute suggesting that illegal trade accounted for as much as half of the bitcoin transactions that took place last year, although the proportion is said to be falling. Forms of criminality associated with cryptocurrencies include tax evasion, the sponsoring of terrorism, extortion and money laundering. Criminals can stay arm’s length from the law because finding out who owns the private keys is far from straightforward. www.tahawultech.com
I think for the Middle East region particularly, cryptocurrencies can provide some opportunities for economic growth and development. - Dr Larisa Yarovaya, Anglia Ruskin University.
“These [concerns] are encouraging governments to look how to better control financial flows and what to do if the cryptocurrency is used for [criminality],” says Yarovaya. “The second approach is to encourage cryptocurrency exchanges to carry out proper due diligence: They keep anonymity, but if they see any suspicious activity, the must report it to the government.” Andrea Baronchelli, a lecturer in the School of Mathematics, Computer Science and Engineering at City University, London, cautions against exaggerating the significance of criminal activity associated with cryptocurrencies. “Many things typical of cryptocurrencies are probably already present in cash,” he says, noting that, for example, laundered money has “hugely inflated” London’s housing market, without attracting significant regulatory oversight. “But with cryptocurrencies, there’s a lot of attention,” he says. Other factors, according to Yarovaya, are encouraging some authorities to take a relatively laissez-fare approach when it comes to regulating cryptocurrencies. “There are benefits to the liquidity; some financial transactions can attract money to the countries. The freedom of money is an appealing idea. Whether it’s realistic or practical, this is another question,” she says. “Perhaps they look at it [as being a] new and innovative financial interest
that it would be attractive for the citizens to use. For emerging markets, the cryptocurrency can look attractive. “I think for the Middle East region particularly, cryptocurrencies can provide some opportunities for economic growth and development.” Yarovaya sees cryptocurrencies as potentially being useful in the region as an alternative to the American dollar for many types of transaction, saying they could help to smooth trade within the Middle East and beyond. “And avoid international pressure, for example pressure of the US dollar. There are lots of oil exports and oil trades in US dollars. If they introduce cryptocurrencies, that can compete with traditional currencies … It could be a very successful international instrument. I’m optimistic. But they have to think how they will regulate it,” she says. But it remains unclear whether cryptocurrencies can be appropriately regulated at only the national or regional level. “I think it would be better to have some high regulation that unifies across borders. If the goal is to prevent criminal activity, you have to ensure that not only a few countries are trying to impose regulations; we need to ensure it’s imposed across the globe,” says Yarovaya. One thing seems certain: the regulatory regime surrounding cryptocurrencies is far from settled. 05.2018
15
FEATURE
Health data is wealth 16
05.2018
www.tahawultech.com
FEATURE
I
t is a year since Britain’s National Health Service was hit by the biggest cyberattack in its history. Vulnerabilities created by having outdated software was partly blamed for the scale of the disruption, which included thousands of appointments being cancelled. Worldwide, the risk of cyber-attacks in healthcare is certainly recognised: an estimated $65 billion will be spent between 2017 and 2022 to prevent such incidents, according to Cybersecurity Ventures. It is perhaps no surprise that vast amounts are being spent: healthcare faces particular cybersecurity challenges. There are several reasons for this, according to Shabnam Karim, the Dubai-based legal director for dispute resolution and insurance at the law firm Clyde and Co, which offers incidentresponse legal services and cyber liability advice, as well as pre-incident planning. Firstly, hospitals hold highly personal and sensitive information that could be held to ransom. Also, medical records, research data or drug trial information can be sold through the dark web. Another vulnerability is that hospitals cannot afford to lose access to their systems because of the effects on patient safety. While to many other businesses, having the IT system unavailable has effects that are primarily financial, for hospitals the consequences could even cost lives. So, they might be left with little option but to pay up to prevent continued downtime. And healthcare is one of the biggest sectors of economic activity globally, so opportunities to extort money are significant. Risks could increase, especially in the Middle East, because healthcare institutions are digitising their operations and records, such as unifying digital patient records so that they can be more easily accessed across facilities within a healthcare group. www.tahawultech.com
There’s this focus on becoming more technologically advanced and whilst healthcare companies in this region are starting to develop an understanding of the risks and vulnerabilities that go with increased digitisation, there is still a gap when it comes to processes and plans if things do go wrong. - Shabnam Karim, Clyde and Co
“Many of our clients are at a stage where they are digitising and developing integrated systems for increased efficiency and patient service,” says Shabnam, who works across the Middle East. “There’s this focus on becoming more technologically advanced and whilst healthcare companies in this region are starting to develop an understanding of the risks and vulnerabilities that go with increased digitisation, there is still a gap when it comes to processes and plans if things do go wrong.” Eyad Shihabi, vice president, Middle East, North Africa and Turkey, for BT, highlights multiple measures that institutions can take to prevent themselves falling victim. Among them are regular assessments to identify threats and vulnerabilities on systems and networks where patient information is stored or handled. Access to patient information should be controlled on a need-to-know basis, something that Shabnam says many organisations in the region do not adhere to. “Within organisations, there can be lots of people with access to data where they don’t really need to have that access and there may be no clear oversight of this,” she says.
Shihabi advises organisations to have disaster-response plans, to back up data and test restorations, and to keep antivirus software up to date. “Ensure that all critical and high security patches are deployed within 30 days of release. Log and monitor all access to critical systems; also log and monitor all administrative actions on critical systems,” says Shihabi. Another priority is ensuring that suppliers that, for example, carry out hardware and software maintenance have strict procedures to screen staff and prevent breaches. One survey indicated that 30 per cent of healthcare breaches in 2016 were down to business associates or suppliers. Another of Shihabi’s priorities is staff training on issues like detecting malicious software. Personnel should also be aware of the risk of “phishing” attacks. Shabnam says that cyber security training is being rolled out at various local organisations. “One of our clients simply added a sticker to every employee’s computer which said, ‘Think before you click.’ The little things like that can go quite a long way,” she says. “Acts by employees can be malicious or inadvertent; for example, we have 05.2018
17
FEATURE
seen employees using personal email accounts that may not be secure.” One of the biggest technological changes impacting healthcare is the Internet of Things (IoT) and the use of connected devices. As the United States Food and Drug Administration (FDA) says in a briefing document, this will see “medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices and smartphones”. “There is an increased risk of exploitation of cyber security vulnerabilities, some of which could affect how a medical device operates,” the FDA says. In August last year, cyber security concerns led the FDA to issue a voluntary recall of 465,000 radio frequencyenabled pacemakers for a firmware update. If the security of connected devices is compromised, the consequences could be serious. “When you look at the context of surgery, there are so many instruments and monitoring devices – they’re interconnected and connected to the internet,” says Erol Gelenbe, a professor in the Department of Electrical and Electronic Engineering at Imperial College London. “If you attack a factory, you might mess up a production line. If you attack a surgical procedure, you could kill someone.” Gelenbe who is involved with Konfido, an EU-funded project to improve healthcare cyber security, cites as an example an automatic injection system in which a person receives insulin. A wrong dose could prove fatal, as could an excessive dose from a connected device controlling anaesthesia. Local providers are enthusiastically embracing technology such as the use of diagnostic tools and, in future, robotics in surgery. This could create “multiple points of potential breach”, says Shabnam. 18
05.2018
With remote health solutions being pushed by governments across the world, quite often for cost saving, the integrity becomes a bigger issue over time. - Eerke Boiten, De Montfort University Leicester
There are also concerns over the increased use of data from remote locations, often to monitor discharged patients. For example, patients with chronic conditions may have devices to measure their blood pressure and transmit it to their computer, which forwards it to their doctors. Is the patient using, say, a smartphone connected to unsecured home Wi-Fi? “If a measurement is overheard, that’s not as bad. If it’s modified in transit, the remote medic may [give] the wrong diagnosis,” explains Eerke Boiten, a professor in cyber security at De Montfort University Leicester in the United Kingdom. “With remote health solutions being pushed by governments across the world, quite often for cost saving, the integrity becomes a bigger issue over time.” One answer to the myriad threats is, says Gelenbe, to have constant monitoring systems that can trigger a rapid response. “There has to be a layer doing what the human operator could be doing, but doesn’t have the time or the speed to do,” he said. There should not be interfering flows of information and data coming into the system. If there are flows of information coming into the system, this must be detected and dealt with.
“All this has to be happening not at human level speed, but at microsecond speed; it has to be done by automated software at the same speed the devices themselves are operating,” says Gelenbe. Ray Kafity, vice president for Middle East, Turkey and Africa at the cyber security firm Attivo Networks, says healthcare organisations are turning to the likes of “deception technology” to provide early detection of, and response to, in-network threats that have bypassed other security controls. “Additionally, through third-party integrations, advanced detection solutions accelerate incident response with automated blocking, quarantine and threat hunting,” he says. He says, with modern deception technology, organisations of all sizes can achieve early detection, mitigating the risks associated with network and IoT devices. Although many of the risks healthcare institutions face are understood and can be mitigated, some feel the growth in the use of connected technologies is creating hazards that are yet to be fully understood. “At the moment, it’s specialists saying, ‘Are you sure this is safe?’ But the drive to make medicine cheaper is quite fierce, so I’m seriously concerned it will go dramatically wrong before anyone says that it needs fixing,” says Boiten. www.tahawultech.com
8TH MAY, 2018
JUMEIRAH EMIRATES TOWERS
DRESS CODE:BLACK TIE &BOLLYWOOD GLAM Reseller Middle East’s Partner Excellence Awards has been the industry’s most prominent event over the last decade. In its ninth year, the Awards applauds the successes of the regional channel business, saluting the excellence and resilience of individual executives and firms. Raising the bar every year, the Partner Excellence Awards strives to create a memorable, action-packed and entertaining evening to honour the crème de la crème of the channel business. FOR SPONSORSHIP ENQUIRIES Natasha Pendleton Publishing Director natasha.pendleton@cpimediagroup.com +971 4 440 9139 +971 56 787 4778
Kausar Syed Group Sales Director kausar.syed@cpimediagroup.com +971 4 440 9130 +971 50 758 6672
Sabita Miranda Senior Sales Manager sabita.miranda@cpimediagroup.com +971 4 440 9128 +971 507782771
Youssef Hariz Business Development Manager youssef.hariz@cpimediagroup.com +971 4 440 9111 +971 56 665 8683
Nasir Bazaz Sales Manager nasir.bazaz@cpimediagroup.com +971 4 440 9147 +971 501012027
FOR AGENDA-RELATED ENQUIRIES Janees Reghelini Editor janees.reghelini@cpimediagroup.com +971 4 440 9167 +971 50 459 5293
Adelle Geronimo Online Editor adelle.geronimo@cpimediagroup.com +971 4 440 9135 +971 56 484 7564
PLATINUM PARTNER
STRATEGIC VAD PARTNER
DISRUPTIVE TECHNOLOGY PARTNER
IT SOLUTIONS PARTNER
OFFICIAL SECURITY PARTNER
GOLD PARTNERS
VAD TECHNOLOGIES
SILVER PARTNERS
RAFFLE PARTNER
OFFICIAL PUBLICATION
HOSTED BY
INSIGHT
A deep dive into ransomware Ransomware is a growing threat and continues to offer criminals a high return on investment. However, many ransomware attacks are still under-resourced and designed by low-skilled operators – so what happens when this changes? Secureworks vice president and general manager for EMEA Ian Bancroft investigates.
O
ver the past year, 36 percent of organisations have admitted to being victims of ransomware. In addition, there has been more than a 100 per cent increase in the volume of named ransomware variants, from 90 in 2016, to nearly 200 in 2017. Ransomware activity has exploded across the world as cybercriminals have realised its relative simplicity of use and virtual untraceability. That combined with the fact that ransom payments can be made in cryptocurrencies like Bitcoin more easily than ever, obfuscating ‘clean’ funds with dirty money through services like tumbling, mixing and coin laundering, is the reason why many cybercriminals are turning to 20
05.2018
ransomware as their weapon of choice. Mobile devices have also not been immune to the growing risk of ransomware. Our recent State of Cybercrime report identifies several instances of malware for sale on Russianspeaking forums that are advertised as being capable of spying on all functions of an Android phone, encrypting files on the device and demanding payment. Whilst at present this is a less-targeted and smallervalue approach than targeting companies with ransomware, it is actually more likely to succeed. This is because individuals are unlikely to have the security knowledge and resources that organisations have to defend against these threats. Large-scale ‘scale over substance’ ransomware attacks in 2017
devastated individual and corporate communications. However, some of the most infamous strands, WannaCry and NotPetya for example, were relatively poorly designed. WannaCry, which leveraged an exploit disclosed by the Shadow Brokers group and spread via a Windows Server Message Block (SMB) worm to vulnerable systems across the world, was designed with a kill switch and unsavvy handling of bitcoin payments. NotPetya overlooked the extortion element common to other ransomware campaigns, yet showed just how vulnerable organisations continue to be to such attacks. But what happens when we begin to see well-designed operators establish reliable distribution methods regularly, for www.tahawultech.com
INSIGHT
example utilising spam or exploit kits and/ or vibrant affiliate programmes? Unlike poorly designed and under-resourced operators that are unable to establish long-term distribution, well-designed operators will leverage legitimate software and pass the ransomware through multiple release iterations to make them much harder to stop and protect against. Attacks like WannaCry and NotPetya are the beginning, and organisations need to be prepared for what’s next in order to survive and thrive in an era where threat actors are becoming more commonplace, more intelligent and better resourced. Be responsible, use protection WannaCry spread across corporate networks seven weeks after Microsoft Windows patches were made available, six weeks after the patch warnings started to appear, and four weeks after the Shadow Brokers group released the working exploits – so organisations had ample time and information available to ready themselves for such an attack. Cybersecurity is everyone’s responsibility and is not just a technology discussion, but a cultural one. Protection starts with the training and educating of all staff and those with access to corporate networks, including outsourcing companies and affiliates, to ensure that they are completely aware of the cybersecurity risks and how to respond in the event of an attack. Making sure that the operating system, antivirus, and malware detection software is patched and up-to-date, and applying patches as they become available, is of paramount importance. Being properly prepared for a ransomware attack is also critical to business longevity. Organisations need to have a backup and recovery strategy for all critical files. This means backing up data on a regular basis, and having more than one method. So, if you use the cloud or remote services, have a copy that is not connected to the infected systems. Also make sure to: Exercise caution when it comes to links www.tahawultech.com
Cybersecurity is everyone’s responsibility and is not just a technology discussion, but a cultural one. Protection starts with the training and educating of all staff and those with access to corporate networks, including outsourcing companies and affiliates, to ensure that they are completely aware of the cybersecurity risks and how to respond in the event of an attack.
Ian Bancroft, Secureworks EMEA
and attachments in emails and sent through social media sites. Even if it comes from someone you trust, if it looks suspicious, don’t open it. Familiarise yourself with and get alerts regarding known Ransomware file extensions. Establish a back-up strategy that will allow you to recover quickly and prevent the backup data from being encrypted. Create and rehearse annually an IR plan that includes a scenario for being targeted with ransomware. 05.2018 21
INSIGHT
FIVE REASONS WHY YOU NEED TO HIRE A CHIEF PRIVACY OFFICERÂ By Sarah K White, CIO Online
22
05.2018
www.tahawultech.com
INSIGHT
D
ata collection, storage and management havebecome the norm for nearly every business – but how carefully businesses handle that data is another question entirely. That’s where a chief privacy officer (CPO) comes in. A CPO sets privacy strategy within an organisation, navigates the complex and changing landscape of regulatory compliance and, perhaps above all, advocates for customers. “The most important responsibilities for the chief privacy officer is to be the customer’s advocate inside an enterprise process to determine what is personally identifiable information (PII) amongst the mountains of data that is in an enterprise’s possession, find a way to protect the data as soon as it is generated or to not collect it all to de-risk being fined and make sure that the data is still usable for business operations,” says Ameesh Divatia, co-founder and CEO of data protection company Baffle. You stand to lose more than just money if you ignore privacy regulations or if you experience a data breach – your business’ reputation is on the line. Here are some solid reasons you need to hire a CPO, if you haven’t already. 1. Privacy regulations Handling personal data comes with a lot of responsibility to protect the customer and the business. You’ll need to ensure customer, client and user data stays private and you need a high level of familiarity with compliance regulations. “There are privacy laws in more than 100 countries around the world regarding how companies can collect, manage and store this data. In addition, there are financial and reputational consequences to being a good or bad actor with personal data, so it’s very important for companies to hire someone to help steer efforts to adhere to these regulations and ensure www.tahawultech.com
transparent data practices,” says Peter Lefkowitz, chief privacy and digital risk officer at Citrix. “The legal risk is non-compliance with various laws around the world, which have specific requirements concerning notice and transparency, collection, use, storage, processing and return of data, as well as incident management. The requirements are not self-evident, and the penalties for non-compliance are steep,” says Lefkowitz. Europe’s General Data Protection Regulation (GDPR), which goes into effect May 25, is top-of-mind for companies that do business in Europe. The new regulation outlines how business can use, collect and manage the data of EU citizens and gives individuals more control over their personal data. 2. Mandated CPO The GDPR gives companies another reason to hire a CPO: You might be legally required to have one. The regulation mandates that companies “have a [data protection officer] (DPO) if they process or store large amounts of EU citizen data, process or store special personal data, regularly monitor data subjects, or are a public authority,” writes Michael Nadeau for our sister site CSO. “The risks will never outweigh the benefits (or a gamble) of not addressing and hiring some level of a privacy officer. A company’s trusted brand can diminish overnight with failed privacy, an organisation can miss potential revenue streams by not being compliant and certified, and GDPR could be costly,” Chris Bihary, CEO of Garland Technology. 3. Data breaches There has been no shortage of headline-making, high-profile data breaches over the last several years. Breaches like those at Target, Sony,
Home Depot and Equifax have cost companies millions of dollars. “A CPO helps develop strategies to support how personally identifiable information is protected from these types of incidents and can fully brief the C-suite on the issues — both technical and business — which could arise from a breach,” says Deema Freij, global privacy officer of security services provider Intralinks. 4. PR nightmares Having a proactive strategy in place to protect against a security breach can also protect your brand’s reputation. Worst-case scenario, a CPO can at least work to diminish the effects of an attack and create a strategy to avoid future problems. “The more you have that is worth protecting, the more you need a CPO. It is less about industries that are at greater risk and more about identifying the value of what you need to protect. Perhaps one could think that healthcare or finance has a greater risk than retail, but our past few years of breaches with Target, Equifax, and Yahoo have shown different,” says Bihary. 5. Lost profits or interrupted business operations A CPO helps organisations navigate privacy and compliance, while also building a sound strategy that will help protect the business. Businesses can gain some peace of mind knowing they have a point person dedicated to staying on top of privacy and compliance trends and who will build a strategy to prevent and manage any data breaches. “Without a well-understood and well-managed privacy policy, and without a dedicated person or team to address, deploy, and manage these practices, there will be missed economic gain, followed by economic loss, and even failure. The interruption costs to the business could be crippling,” says Bihary. 05.2018
23
INSIGHT
All the little things count By Giridhara Raam, marketing analyst, ManageEngine.
E
very enterprise faces a number of challenges in keeping their networks secure against data breaches, ransomware, malware, and other unforeseen cyberattacks. The personal data of your users is a valuable asset, and with cyberattacks on the rise as well as the approaching GDPR, securing this asset has never been more important. Your enterprise should strive for excellent overall security, but to achieve this, you need to start with the little things. From an IT security standpoint, “the little things” are desktops, laptops, servers, smartphones, tablets, and iPads— otherwise collectively known as endpoints. This year, CIOs and CISOs need to incorporate the correct strategies to secure their networks against potential cyber threats, and endpoints are a great place to start. Endpoint security is in high demand— especially after WannaCry and the Meltdown/Spectre saga—which requires that users consistently patch their applications and OSs. Often, the best defense against cyberthreats is to patch, patch some more, and keep patching. Securing the little things The string of major cyberattacks that happened in 2017 was a major wakeup call to enterprises using outdated OSs and third-party applications. Managing updates for your desktops and servers in a timely manner keeps systems and networks safe while centralising a heterogenous environment can reduce the time and effort it takes for 24
05.2018
technicians to manage that environment. The first step to securing your data, is securing your servers, desktops, and laptops against known vulnerabilities (which is usually done by patching). Once this first level of security is up, the next step includes scrutinising and auditing events, files, and logs. Enterprise security begins with patching Attackers use various means to breach networks and devices, including phishing, DDOS attacks, brute-force attacks, and more. When it comes to patching, however, the 80-20 rule is typically in effect: 80 percent of issues can be avoided just with proper patching. Employing an automated patch management procedure will keep your network safe from most known vulnerabilities. Windows is considered the most vulnerable operating system when compared to Mac and Linux, but remote code executions and the recent processor vulnerabilities have no bias. Third-party applications have also become a major concern as the IT industry moves towards utilising more cloud-based applications. If third-party applications like Chrome or Firefox aren’t patched in time, then other web applications that are hosted on the cloud can be easily exploited by spyware or adware. Patching can be simple Compared to other security procedures like restructuring your network architecture or employing honeypot
technology to track and take down anonymous IP addresses, patching is both simple and beneficial. Patching tends to be the first level of security keeping your Windows, Mac, Linux, and third-party applications safe from known exploits. The everyday attention of your technicians and security personnel can be shifted elsewhere just by automating patches, thereby improving productivity in addition to endpoint security. According to a Gartner report, we’ve already witnessed known vulnerabilities causing chaos across the world, prompting security personnel to stay on top of updates for firmware/BIOS, OSs, and antivirus programs in order to preserve their sensitive data. Through 2020, 99 percent of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year, said Gartner. In-depth patch management Effective patch management is a fundamental strategy for defending enterprises from cyberattacks. Organisations that were affected by ransomware in 2017 faced combined damages of $5 billion, up from $325 million in 2015. Experts have found that ransomware damages are 15 times higher from two years ago, and predict this number will quadruple by 2020. Incorporating an automated patch management procedure in your enterprise will help you save on costs as well as deliver seamless endpoint security. www.tahawultech.com
GISEC SPECIAL
Securing the digital age T
echnologies such as cloud, Big Data, Internet of Things and artificial intelligence are fundamentally changing how people interact with the world around them. However, while these trends provide opportunities for
www.tahawultech.com
organisations redefine and reinvent themselves they also broaden the scope of potential vulnerabilities. Gartner forecasts worldwide security spending to total $96.3 billion in 2018, which shows how organisation’s are shifting their mindsets as they realise cybersecurity’s
crucial role in the success of their digital business strategies. Security Advisor Middle East spoke to a number of regional security players to get their insights on what organisations can expect from the evolving technology landscape and how they can foil the looming threats.
05.2018
25
GISEC SPECIAL
CYBER AWARE Hani Nofal, VP, Intelligent Network Solutions, Security and Mobility, GBM, discusses how having the right intelligence enable organisations make effective and strategic decisions for responding to cyber incidents or attempts to attacks.
H
ow important is the role of security in the success of an organisation’s digital transformation? Identity theft leading to data breaches, the rise in ransomware, and the risk around Cloud services are directly blocking the organisations in their journey to digital transformation. The cyber landscape is complex and continuously evolving. The huge development in modern technology and the online-world has given hackers the perfect playground and a number of high-profile companies in the Gulf have struggled with the constant demand for up-to-date security. As the rise in threat continues, the demand for a comprehensive and responsive cyber defense is also growing on a much grander scale than previously thought possible. Last year, we have seen a spate of ransomware attacks globally. Do you see this trend continuing in 2018 and how can organisations prepare to combat this threat? Cybercrime is now ranking 2nd in the top 10 risks to the global economy, 26
05.2018
according to a report by The Economist Intelligence Unit. The pressure to improve cybersecurity is more critical than ever, as cybercriminals are becoming more advanced, armed with latest technology trends and backed financially by criminal organisations. Our region is no different. GBM’s latest research demonstrated that 41 percent of Gulf organisations suffered a security incident in 2017 compared to 29 percent in 2016. 15 percent of those who suffered a security breach experienced more than five security incidents over the past year, which is an alarming fact. Cloud, mobility and Internet of Things are always prone to new attacks. That’s why organisations need to take a risk based approach towards new technology adoption, such as getting their business services assessed for weaknesses from a “people, process and technology” perspective. Adopting cloud security technologies can be key to ensure visibility, data security, compliance and malware protection. Also, organisations should start deploying Security Operation Centers for SCADA networks to provide them with the much needed visibility to take appropriate actions.
Most breaches occur by compromising the identity of a user and accessing confidential data. To secure information, it is not enough to adopt a silo approach without data classification. We advise organisations to use Identity Management as a business enabler with a seamless experience. Furthermore, visibility is another vital aspect of data security. Organisations are lacking the intelligence they need to take quick and effective decisions for responding to incidents or attempts to attacks. Finally, organisations should conduct pilots of AI and ML to assist them in fighting the adversaries. It is important to implement use cases which will show the benefit of the technology and move your organisations towards predictive security. What was the primary focus of your participation at this year’s GISEC? GBM has always been one of the leading sponsors of GISEC and we had continued that this year. Our participation is testament to our commitment to pioneer thecyber security practices and our ability to reveal the cybersecurity trends in the region as well as to help our clients foster data protection and information security. www.tahawultech.com
OFFICIAL SECURITY SOLUTIONS PARTNER
www.gbmme.com
GISEC SPECIAL
DATA WATCHERS As new generations of malware and cyberattacks surface, Kristina Tantsyura, general director, InfoWatch Gulf, explains why conventional cybersecurity protocols are no longer sufficient to protect today’s enterprises.
H
ow important is the role of security in the success of an organisation’s digital transformation? New technologies become an integral part of our life and change everything completely. Unfortunately, while improving the quality of life and the efficiency of governmental and business systems, these technologies also pose new information security threats, including leaks of state secrets, corporate and personal data, viruses, trojans, targeted attacks, backdoors, and other cyber challenges as a reverse side of ongoing digitalisation. Last year, we have seen a spate of ransomware attacks globally. Do you see this trend continuing in 2018 and what do you think is still lacking among enterprises today that make them vulnerable to such attacks? In 2018 the organisation must be prepared for increased attacks. Ransomware is not a new thing and we saw such attacks from over 10 years ago. From a technology point of view, it doesn’t bring any new technology. The danger is that it uses encryption to make your files unreadable to you. What should be done to prevent such attacks happening in the future is simple. Make sure your operating 28
05.2018
systems are updated regularly and make sure you install the latest security measures. Use your anti-virus, update it regularly; and don’t visit suspicious sites and download suspicious files. What are the security threats that will continue to impact organisations in the region over the next 3-5 years? Today, cybersecurity is a pressing issue for both businesses and government agencies worldwide and in the Middle East in particular. Any country that goes digital has to focus on digital sovereignty and digital rights for all participants during this digital journey powered by breakthrough technology. There are many factors that play into the hands of scammers in the UAE: various levels of education and experience with technologies in the country, overall obsession with emerging technologies and new possibilities, slightly “belated” (in comparison with the world’s leading countries) attention of the Government and large companies to the issues of computer and information security of their electronic services, and many other factors. Such huge leak volumes are feeding a negative side of the ongoing massive digitalisation. To meet all today’s challenges, enterprises need to have
comprehensive information security systems and be ready to prevent not only existing, but also looming threats. All over the world, intruders are hunting for huge volumes of personal data. Even though the Middle East has not followed that trend yet and accounts for a smaller share of personal and payment data leaks than the rest of the world, the situation is about to change against a backdrop of massive digital transformation of economy and the growing interest of intruders in such valuable data. Local cybercriminals target the most liquid data and, hence, banking, manufacturing, government, and hi-tech sectors. What was the primary focus of your participation at this year’s GISEC? We showcased key enterprise cybersecurity solutions and educational initiatives in the region for local government officials and business executives, as well as students from field-specific universities, including the new predictive analytics software designed to anticipate information security threats coming from resigning employees, as well as InfoWatch Traffic Monitor 6.9, the latest release of InfoWatch’s flagship product for data leak prevention and enterprise protection against internal threats. www.tahawultech.com
PRESENTS l Reality
Blo ckch
AI/ M a
uto mation
Virtua
e a rni n g eL n i ch
IT A
REGISTER NOW Monday, 17th September 2018
WHO
Business leaders seeking to explore and leverage the benefits of emerging technologies, such as artificial intelligence, Blockchain, IT automation and virtual reality.
WHY
Learn how your organisation can prepare for the onslaught of these new technologies, and explore the best methods of integrating them into future business models. Get to grips with how your organisation can utilise these technologies to progress to the next phase of digital transformation with measurable business value.
Speakers
Adam Lalani Group Head of IT, Tristar
Ajay Rathi Senior Director of IT, Meraas Holding
Farid Farouq Director of IT, Dubai World Trade Centre
Alia Al Hammadi Director of IT, Emirates Nuclear Energy Corporation
Herbert Fuchs Chief Information Officer, ASGC
David Ashford Chief Information Officer, The Entertainer
Jon Richards CEO, Yallacompare.com
Faisal Ali Senior IT Manager, Deyaar
HE Dr. Rashid Alleem Chairman, Sharjah Electricty & Water Authority and UAE Knowledge Ambassador
TO REGISTER PLEASE VISIT
www.tahawultech.com/powerof4/2018 For sponsorship enquires, please contact
Natasha Pendleton, Publishing Director +971 56 787 4778 STRATIGIC VAD PARTNER
OFFICIAL PUBLICATION
HOSTED BY
a in
GISEC SPECIAL
STRATEGIC SECURITY Abhijit Mahadik, director, Infra and Cyber Security, Raqmiyat, on why being cyber-resilient is not only about having latest security technologies but also about strategic partnerships and enablement.
H
ow can technologies like artificial intelligence and machine learning help CISOs bridge gaps in security? The last five years have really seen the adoption artificial intelligence and machine learning technologies for enterprises rise. Most of which can be attributed to advancements in computing power and the evolution of paradigms like distributed computing, Big Data and cloud computing. Machine learning is a branch of AI that refers to technologies that enable computers to learn and adapt through experience. It emulates human cognition – i.e. learning based on experience and patterns, rather than by inference (cause and effect). Today, deep learning advancements in machine learning allow machines to teach themselves how to build models for pattern recognition (rather than relying on humans to build them). CISOs in large organisations are already beginning to use AI to bolster cybersecurity and offer more protections against sophisticated hackers. AI helps by automating complex processes for detecting attacks and reacting to breaches. How important is the role of security in the success of an organisation’s digital transformation? Digital transformation involves replacing conventional business processes with digital equivalents. Just as e-mail transformed paper-based communication 30
05.2018
and websites transformed access to information, new technologies now promise similar benefits in a host of other areas. As IT and business fast-track initiatives like agile and DevOps to improve speed to market, security’s role is confined to asking questions afterwards about the knock-on impact on risk and security. The rise in data breach and vulnerability figures has led some to suggest that security-less digital transformation leaves organisations at greater risk. In all cases, security plays a critical role. The value being created by such digital transformations is so great that business leaders are willing to invest in additional security to keep the benefits of the transformation. Digital security can go beyond enhancing traditional processes and support entirely new ones. What was not possible or practical without digital security becomes easy with it. Examples include: Biometrics: Biometrics has already started changing the way we identify ourselves, but it is capable of more than identification. Biometrics can be used to track an individual’s movements and activities without identifying them, such as recording foot traffic through public places. Blockchains: While bitcoin is the highest-profile example, blockchains have potential in many areas of business. If any process requires a high degree of integrity and accountability, and public sharing of information, blockchain is likely to be able to enable or transform it. Smartphone-based digital identities: A mobile phone can be a proxy for a
real human, thereby supplementing, supplanting, or simply enabling processes which were previously too risky. As a device that is usually in the possession of the real owner, and capable of collecting and processing security relevant information, the mobile phone is the link between a digital identity and a physical person. How vital is the role of channel partners in helping businesses be cyber-resilient in the digital era? When choosing an enterprise security partner it is important to select one that is willing to take the time to understand your business. Nowadays, it is not enough for channel partners to offer good technology, they must also provide responsiveness, flexibility and strategic enablement. On the simplest level, partnerships allow resources to be shared between both parties, including consultancy, education and expertise, as well as more tangible resources like technology, capital and marketing materials. Effective channel partnerships have enabled businesses to generate new revenue streams, leverage powerful IT solutions and brand influence and gain access to professional business tools that may have otherwise been out of reach. On the other hand, ineffective partnerships can see businesses weighed down by bureaucracy and lacking support and open communication. www.tahawultech.com
GISEC SPECIAL
CYBER EXPOSURE Maher Jadallah, regional director, Tenable, Middle East, highlights why organisations need to adopt a more proactive method for assessing their vulnerabilities.
W
hat are the security threats that will impact organisations in the region over the next 3-5 years? What do businesses need to do to prepare for these? Organisations are scrambling to shore up their defenses in light of all the breaches, as they should be. But they also need to lead the way in basic security practices that keep their customer and critical business data safe. It seems there is a need for a “top down” approach where organisations provide comprehensive cybersecurity, but also team up with customers and employees to educate them about what they can do extend their best practices across their own personal attack surface. This starts with companies being more transparent about their own security practices and holding themselves accountable for lapses. If they don’t make security a top business priority and they aren’t sensitive to these changing consumer patterns and needs, they risk losing customers. Today, being customer-focused isn’t just about making good products; it’s about listening to customers and making sure the products and services they are using don’t cause them harm. 32
05.2018
The irony is that cyber poses an existential threat to our economy and our very social fabric – safeguarding ourselves is therefore a shared responsibility. Enterprises must lead the way by practicing fundamental hygiene and enforcing a basic standard of care for their customers’ data. But individuals must do their part, too – both as consumers and, in many cases, as employees of those same enterprises – and that starts with cyber literacy. How important is the role of security in the success of an organisation’s digital transformation? Organisations of all sizes have embraced digital transformation to create new business models and ecosystems, deliver new products and services and operate more efficiently in the digital economy. An asset is no longer just a laptop or server. It’s now a complex mix of digital compute platforms and assets which represent your modern attack surface, where the assets themselves and their associated vulnerabilities are constantly expanding, contracting and evolving. This elastic attack surface has created a massive gap in an organisation’s ability to truly understand
its Cyber Exposure at any given time. We call this the Cyber Exposure gap. The exposure of the attack surface by which hackers to come in and do damage. What was the primary focus of your participation at this year’s GISEC? The world is evolving with smart devices, emerging technologies, automated processes, cloud, mobile, IoT – all connected and programmable. This is the modern era of the organisation – and the new, elastic, attack surface to defend. Through GISEC we highlighted our commitment to helping organisations efficiently identify their cyber exposure gap and reduce cyber risk. We showcased Tenable.io, the first Cyber Exposure platform aimed at protecting any asset on any computing platform. This solution helps eliminate blind spots with the industry’s most comprehensive visibility into traditional and modern assets, such as cloud, mobile devices, containers and web applications. The Tenable.io platform offers multiple applications that solve clear security challenges, such as vulnerability management, container security, web application scanning and more. www.tahawultech.com
HOW-TO
FIVE WAYS TO SECURE WIRELESS ROUTERS By Miguel Ángel Mendoza, security researcher, ESET
I
n a dynamic environment where threats continually evolve and new vulnerabilities are identified almost daily, it is necessary to use the most up-todate security tools, since they deal with protection measures for new and evershifting attack vectors. Whether we are speaking about the work, school or home environment, security must consider and protect all 34
05.2018
elements that could become gateways for possible attacks. Here are some security aspects users should look at in a home network ―particularly those related to the configuration of its Internet-connected router:
1
Conduct router connectivity and authentication tests Routers allow administration and configuration using some ports in the local network; this could be done via Ethernet
cable or wireless connection. Usually you can configure your router via the web, but routers also allow connections for other services and ports, such as FTP (port 21), SSH (22), Telnet (23), HTTP (80), HTTPS (443), or SMB (139, 445). In addition to these, there are various other well-known and well-used services whose default ports are established as internet standards ―defined by the Internet Assigned Numbers Authority (IANA). Enable only the services you need, www.tahawultech.com
HOW-TO
disable all others, and block unused ports. Even for remote connections, except where they are necessary. The same logic applies to the use of passwords for management of services. If possible, you should change both (admin) password and username, so neither is the out-of-the-box default. Also, it is advisable to use of long and complex passwords, or a passphrase for these purposes.
Whether we are speaking about the work, school or home environment, security must consider and protect all elements that could become gateways for possible attacks. Miguel Ángel Mendoza, security researcher, ESET
2
Perform vulnerability tests on the router There is another aspect to consider when looking for weak points in your router settings – tests for routers that can be carried out using tools that automate tasks such as looking for known vulnerabilities. This type of tool includes information, options and suggestions on how to solve these possible problems. Attackers use similar tools to identify vulnerabilities in your router, so it’s a good idea to use them too, so that your router is no longer low-hanging fruit. Some router tests include scanning for port vulnerabilities, malicious DNS server reputation, default or easy-tocrack passwords, vulnerable firmware, or malware attacks. Some also include vulnerability analysis of the router’s web server component, looking for issues such as cross-site scripting (XSS), code injection or remote code execution.
3
Verify connected devices in the network A third aspect of maintaining the proper functioning and performance of the router and the network is the identification of connected devices. Sometimes, due to bad practices and the use of vulnerable protocols, it’s possible for trusted devices to connect without proper authorisation, and also for untrusted devices to connect. It is, therefore, a good idea to be aware of and able to identify all the devices that connect to your router: firstly, to avoid the consumption of resources by third parties that do so illegitimately and degrade the www.tahawultech.com
network’s performance, and secondly, as a security measure, to prevent your information from being compromised. Whether this verification is done through an automated tool or by manually using the router’s administration options, the appropriate next step consists of permitting allowed devices only, by using filters to restrict access to specific IP addresses or MAC addresses only.
4
Update all devices on the home network The recent news of the vulnerability known as KRACK (Key Reinstallation AttaCK), which allows the interception of traffic between devices that connect to an access point in a Wi-Fi network, emphasises again the importance of updates. For an attack to take advantage of this vulnerability, its perpetrator would normally have to be near the intended victim’s Wi-Fi network. Success would allow the attacker to spy on communications or install malware. We always recommend updating all devices connected to your network (like computers, smartphones or tablets), once the manufacturers publish the security patches that address the vulnerability; also install the updates to the firmware of the routers, as soon as patches are available. Other practices, such as configuring computers for “Public Network” mode, increase the security level of the device compared to the “Private/Home” network mode, because it lessens the risk of attack
across trusted devices. We would like to stress that the most essential thing to do is to keep computers and devices updated.
5
Enable security options A fifth desirable practice is to enable the security options that are available in the configuration of the router, which vary depending on the model and type of device. Regardless of the router model used in your home network, we advise that you enable security options that are designed to offer more protection of your devices and the network. For example, some recent routers include configuration options that allow increased protection against known Denial of Service (DoS) attacks, such as SYN Flooding, ICMP Echo, ICMP Redirection, Local Area Network Denial (LAND), Smurf and WinNuke. If enabling these options prevents your router and network performing properly, selectively disable them to improve performance. The protection of information – a never-ending task We have just touched lightly on five practices that help to improve security levels. It’s important to review the settings of your router and to change them, as needed, to contribute to the overall protection of the network, router, devices and, of course, your data; doing so will help block many of the entry points used by currently prevalent cybersecurity threats. 05.2018
35
OPINION
WINNING THE CYBERSECURITY ‘GAME’ Tarek Jundi, managing director, Middle East & Turkey, McAfee
C
ybersecurity defenses are under unprecedented levels of attack. From old malware foes and newer types, such as ransomware, to sophisticated advanced threats and state-sponsored cyberattacks, breaches are, sadly, now an everyday reality. It’s an ever-changing landscape that organisations face. Take the McAfee Labs 2018 Threat Predictions report. Among its forecasts are an escalating arms race in machine learning as adversaries ramp up their use of artificial intelligence and also a move by cybercriminals to apply ransomware technologies beyond extortion of individuals to higher-value cyber-sabotage and disruption of organisations. In the face of these threats, what are the key tools and strategies required to fight back? What are the characteristics and capabilities of those cybersecurity organisations that are better equipped to deal with these threats? Based on findings of a recent survey we conducted, I believe the answer lies in job satisfaction of cybersecurity employees, automation and gamification. 36
05.2018
www.tahawultech.com
OPINION
1. JOB SATISFACTION OF CYBERSECURITY EMPLOYEES Retaining staff is clearly key in the current climate of a cybersecurity skills shortage and a growing threat landscape. Some organisations believe the only way to win the cybersecurity game is by throwing more people at the problem. Yet this seems unrealistic when many organisations still fall short of addressing the requirements of the market. Given the high levels of staff churn at many organisations, it is more important than ever for senior managers and HR departments to consider alternative methods to plug this cybersecurity skills gap. In addition to better pay, opportunities for promotion and development and flexible working hours, one key factor in retaining cybersecurity employees is the type of work they are engaged in. According to findings from the survey, the cybersecurity activities that provide respondents with the greatest level of enjoyment are threat hunting/finding vulnerabilities (55 percent), resolving threats (55 percent) and preventing threats entering the network (54 percent). It’s perhaps no surprise that such types of cybersecurity work appeal to many security staff, with 21 percent of security professionals saying a threat hunter position either in their current organisation or elsewhere is a career aspiration. 2. AUTOMATION By pairing human intelligence with automated tasks and putting humanmachine teaming in practice, automated programs handle basic security protocols while practitioners have their time freed up to proactively address unknown threats. This not only improves the organisations’ cybersecurity posture but as detailed above, is a key driver for higher employee satisfaction. At its core, there are essentially three pillars to an effective automation strategy: Integration Integrating detection and response systems is an essential part of automating the cybersecurity environment to help employees deal www.tahawultech.com
Just as taxes and death are often said to be the only two certainties in life, a growing cybersecurity threat landscape and a skills shortage are ever-present challenges for IT organisations.
with the volume of information and identify the pieces that matter. Security information and event management (SIEM) A SIEM product has continuous access to a data feed from across the cybersecurity estate. It analyses areas such as DNS data, perimeter firewalls and VPN traffic. It can be configured to identify suspicious patterns or activities on the network and carry out immediate automated historical analysis. This not only aids detection but can speed up incident response times, potentially mitigating the damage to data and systems from any breach. Machine learning In relation to cybersecurity, machine learning is changing the game within corporate environments, by managing massive amounts of data. Although some actions may need to be managed through human intervention, machine learning can take care of much of the easy and predictable work. For example, it can be used to set correlation rules to make the same review decisions you make on a routine basis, and then set alarms, create watch lists, or use scripts to package and forward data. With machine learning, you can automate
advanced classification and scoping and prioritisation of security events, making it possible to perform both predictive and prescriptive analytics. 3. USE OF GAMIFICATION Gamification, the concept of applying elements of game-playing to non-game activities, is growing in importance as a tool to help drive a higher performing cybersecurity organisation. Within organisations that hold gamification exercises, hackathons, capture-theflag, red team-blue team or bug bounty programs are the most common, and almost all (96 percent) of those organisations that use gamification in the workplace report seeing benefits. However, there is huge room for improvement in the use of gamification as a tool to win the cybersecurity game. One area of improvement, in terms of talent, might lie outside the typical cybersecurity hiring profile, in a generation entering the workforce who have been brought up on video and computer games. Gamers quickly learn to continually look for clues, tools and weapons in their quest for success. And they develop persistence, endurance, observation and logic. This is supported by the survey, which suggests that gamers have many of the core skills that cybersecurity threat hunters of the future will need. 78 percent of respondents say the current generation entering the workforce—who have been raised playing video games—are stronger candidates for cybersecurity roles than traditional hires. Just as taxes and death are often said to be the only two certainties in life, a growing cybersecurity threat landscape and a skills shortage are ever-present challenges for IT organisations. There is cause for optimism, however. Most organisations have plenty of room for improvement in tackling these challenges. In short, there are ways to fight back— concerted efforts to increase job satisfaction, automation in the Security Operations Center (SOC) and gamification in the workplace are key to beating cybercriminals at their own game. 05.2018
37
INSIGHT
RESHAPING CYBERSECURITY The Internet of Things is rapidly expanding the attack surface of the digital enterprise and exposing it to enhanced risk levels not seen before. Deception technologies, artificial intelligence, Robohunters, are solutions for tomorrow’s enterprise, says Mechelle Buys Du Plessis, managing director, UAE, Dimension Data.
he convergence between operational and digital technologies is well underway, being driven by the use cases around Internet of Things. Digitally enabling both new and old machines, devices, sensors, and other objects with connectivity, provides benefits not realised before. Reallife and real-time data is much more accessible on the edge of the network and can be rapidly processed to give business insights and business benefit. This results in increased productivity, reduced operational costs, higher levels of safety, and overall better decision making, amongst others. While the gains are widespread and adoption is increasing in an exponential fashion, there is a downside to this rapidly snowballing trend. The fact is many sensor manufacturers are just not doing enough to secure their products by not including encryption in the product development stage. Since sensors are light weight objects with a low footprint, adding on additional security at a later stage may not be feasible. This inherent deficiency of large-scale object-based networks in the future, is going to drive the creation of deception technologies, to confuse intrusive malware through the presence of real and fake user identities. Transformative scale-out converged networks, including supervisory control and data acquisition control system
T
38
05.2018
architectures or SCADA, operational technologies, and wider IoT infrastructure, will see huge security gains through the presence of deception technologies. Deception technologies create thousands of fake, user credential in conjunction with real user-identities. Once a threat actor is inside an organisation’s network, they are unable to distinguish between real and fake user identity credentials. Since there are many more fake user identity credentials distributed, the probability of engaging with a fake user identity credential and triggering an intrusion alert is much higher. Afterwards an incident response alert and action are then initiated. The large number of fake credentials generated through deception technologies also facilitate pattern tracking. This allows internal teams to recreate the pattern of attack and point of entry. To further strengthen their cybersecurity defences, digitally transformative organisations will begin to tap the power of AI and machine learning, to secure their networks. While these buzzwords are already in place, they have been defined by programmer-built algorithms, limiting the amount of self-learning. Machine learning applied to cybersecurity has traditionally been driven by algorithms that give instructions on the types of malware and their associated behaviour inside internal networks. Now machine learning will be replaced by deep learning applied to cybersecurity.
With deep learning techniques, cybersecurity applications are aided by self-learning technologies. Deep learning applications develop highly granular patterns and analysis of end user activities. The presence of a threat actor inside a network using an assumed credential, will have a deviant user pattern. This divergent pattern of accessing the network, monitored by behavioural analytics, will trigger a security remediation alert without delay. With these intuitive gains around the corner, cybersecurity vendors will continue to integrate deep learning technologies into their products in the year ahead. AI technologies will also create a new generation of proactive and defensive cybersecurity products called Robohunters. Enabled by AI, Robo-hunters are automated threat-seekers that scan an organisation’s environment for potential threats. They can scan an organisation’s environment for any changes that might indicate a potential threat. As they scan the environment, they learn from what they discover, and take remediation action as required. The cybersecurity stage is set. The threat landscape is too fast moving, too complex, and with enormously high stakes, to rely on present day technologies alone. AI coupled with predictive analytics and high degree of compute, as well as a trusted security partner, will provide a welcome relief in the not so distant future. www.tahawultech.com