PAGE 6
PAGE 18
PAGE 22
The year ahead
The truth about fake news
Rapid response
ISSUE 33 | DECEMBER 2018
THIS MAN PROMISES TO KEEP YOUR MONEY SAFE UAE EXCHANGE CISO ON MANAGING RISKS AND PROTECTING CUSTOMER DATA
WWW.TAHAWULTECH.COM
YOU NEED ACCESS…
WE’VE GOT OPTIONS
MOBILE PUSH
BIOMETRIC
SMS
Sign up for FREE Multi-Factor Authentication from RSA SecurID Access ®
For a limited time, you can get mobile multi-factor authentication (MFA) from RSA for password authentication to secure access to cloud apps and on-premises systems AT NO COST FOR A FULL YEAR, beginning from the time you sign up for this offer. Don’t miss this unprecedented opportunity to try RSA SecurID Access mobile multifactor authentication for free and modernize your authentication strategy. Visit rsa.com/freeMFA for details.
©2018 Dell Inc. or its subsidiaries. All rights reserved. RSA and the RSA logo, are registered trademarks or trademarks of Dell Inc. or its subsidiaries in the United States and other countries. All other trademarks are the property of their respective owners. RSA believes the information in this document is accurate. The information is subject to change without notice.
CYBER EXPOSURE PARTNER
CYBERSECURITY SOLUTIONS PARTNER
CONTENTS
The Cyber Exposure Company FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015) Publishing Director Natasha Pendleton natasha.pendleton@cpimediagroup.com +971 4 440 9139 EDITORIAL Managing Editor Michael Jabri-Pickett mjp@cpimediagroup.com +971 4 440 9158 Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135 Contributing Editors James Dartnell james.dartnell@cpimediagroup.com +971 4 440 9153 Janees Reghelini janees.reghelini@cpimediagroup.com +971 4 440 9167 DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 440 9140 Designer Mhar Delaben marlou.delaben@cpimediagroup.com +971 4 440 9156 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9130 Senior Sales Manager Sabita Miranda sabita.miranda@cpimediagroup.com +971 4 440 9128
12
Sales Manager Nasir Bazaz nasir.bazaz@cpimediagroup.com +971 4 440 9147 Business Development Manager Youssef Hariz youssef.hariz@cpimediagroup.com +971 4 440 9111
INTERVIEW:
PRODUCTION Operations Manager Shweta Santosh shweta.santosh@cpimediagroup.com +971 4 440 9107
UAE Exchange CISO on managing risks and protecting customer data
DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh Photographer Charls Thomas Maksym Poriechkin webmaster@cpimediagroup.com +971 4 440 9100
Published by
Registered at Dubai Production City, DCCA PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Al Ghurair Printing and Publishing Regional partner of
© Copyright 2018 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.
6
THE ROAD AHEAD
15
Industry experts share what the future holds for the security industry
BUILDING TRUST IN THE DIGITAL ERA How Kaspersky Lab promotes transparency and data integrity
18
THE TRUTH ABOUT FAKE NEWS
How technology can help combat misinformation in the digital era.
22
RAPID RESPONSE
24
30
Protecting brand reputation in the wake of a cyber incident
TRUSTED PARTNERS BeyondTrust’s John Hathaway and Westcon Security’s Ian Jones discuss cyber resilience in the region
ON THE FAST TRACK
Fidelis’s Nick Lantuh on fast response times and quicker recovery
NEWS
DU SECURES DUBAI COMMUNITY DEVELOPMENT AUTHORITY’S DIGITAL FUTURE
“CYBERCRIME COULD HAVE DIRE EFFECTS”: WEF PRESIDENT
Børge Brende, WEF
Ahmed Abdul Karim Mohammed Julfar, CDA and Osman Sultan, EITC
du, from Emirates Integrated Telecommunications Company (EITC), has signed a Managed Security Operation Centre (SOC) agreement with Community Development Authority (CDA). The CDA is responsible for setting up and developing a framework for social development, and aims to achieve the goals outlined in the Dubai Strategic Plans. du’s managed security services will provide CDA with continuous monitoring, fast detection of incidents and response and managed web applications firewalls. Ahmed Abdul Karim Mohammed Julfar, director general, Dubai Community Development Authority (CDA), said, “Through the new agreement, we have entrusted du to help us protect business operation continuity and protecting critical data by increasing security visibility, lowering risks and proactively managing security incidents.” CDA is in charge of the overall supervision to achieve social sector outputs, and provide the provisions of social services in order to create an integrated and efficient management system for the development of social services in the UAE. du combines consulting, infrastructure and Security Operation Centre services to provide a comprehensive solution for all enterprise security needs. The new agreement will allow CDA to benefit from agile and scalable security services that will enable it to confidently achieve its business objectives.
4
12.2018
The president of the World Economic Forum has said that the Fourth Industrial Revolution and the increased risk of cybercrime must be taken seriously in order to avoid “dire” consequences. Børge Brende was speaking at a keynote address at the third Annual Meeting of the Global Future Councils at the Madinat Jumeirah in Dubai. “The new wave of globalisation, driven by the Fourth Industrial Revolution, is taking place at an unprecedented pace,” he said. “It took 75 years for landlines to reach 100 million people. The iPhone was launched in 2007, and now has 2 billion users. Globalisation can’t be stopped,
but can be improved. It should be more inclusive, sustainable and create more jobs. It’s imperative given the pace of change. “Digital trade currently accounts for about 12 percent of international trade. If you look at the digital age, we’re only in the early stages. There are many things we’re learning about. Many of the largest companies in the world didn’t exist 20 years ago.” Brende went on to highlight how the World Economic Forum had established a Fourth Industrial Revolution network with governments and experts from around the world to co-design a pilot for new approaches to policy and governance. He then underlined how governments that failed to comprehend the impact of cybercrime could be severely punished. “Cyber-attacks are currently the number one risk in three out of eight regions,” he said. “We need to do more to protect digital infrastructure and bolster cybersecurity with a collaborative approach. If this is not achieved, can you imagine how dire the consequences will be in the age of driverless cars, smart grids and drones?”
SAUDI ARABIA GROOMS NEXT GENERATION OF CYBERSECURITY EXPERTS
The National Cybersecurity Authority (NCA) has started training the first batch in the Cybersecurity Training Program (CyberPro). The training programme is one of NCA’s initiatives to raise the efficiency of government employees and recent university graduates with specialisation in cybersecurity.
In its first year, NCA aims to provide some 800 training opportunities to Saudi young men and women in this field with the help of international specialist companies under NCA’s supervision. The courses comprised four weeks of intensive theoretical and practical training in ethical hacking and cybersecurity for operation systems and computer networks. This programme was launched in partnership with the Ministry of Education via the Custodian of the Two Holy Mosques External Scholarship Program. The objective is to meet the need to build national capabilities in cybersecurity and cover the shortage in the labour market in both the government and private sectors.
www.tahawultech.com
NEWS
EMIRATES NBD CUSTOMERS TARGETED BY PHISHING EMAILS Dubai’s Emirates NBD has warned customers to beware of a new phishing email scam which claims to offer VAT refunds. The bank has warned customers to not open an email claiming to be from the bank with the subject line VAT Refund Notification. In a statement in its website, Emirates NBD said, ” You may have received a recent e-mail with the subject line ‘VAT Refund Notification’, claiming to be from Emirates NBD. Please be aware that this is a Phishing e-mail.” The bank urged its customers to be “highly vigilant and always check the source before clicking on any links or attachments in e-mails.” Emirates NBD reiterated that it would never ask its customers for their personal
81%
details such as Account Number, Online and Mobile Banking credentials, and Debit or Credit Card details such as Username, Password, PIN or the three-digit CVV number. “Your online privacy and safety is of utmost importance to us. If you are unsure of any communication from Emirates NBD, please contact us on 600 54 0000,” the bank said in a statement.
of IT professionals state securing campus networks has become more challenging in the past two years Source: Infoblox
US CHARGES TWO IRANIAN HACKERS OVER “SAMSAM” ATTACK
The United States has reportedly indicted two Iranians for launching a major cyber-attack using ransomware known as “SamSam,” Reuters reported. According to the report, the US also sanctioned two others for helping exchange the ransom payments from www.tahawultech.com
Bitcoin digital currency into rials. The scheme reportedly ran over 34 months wreaking havoc on hospitals, schools, companies and government agencies, including the cities of Atlanta, Georgia, and Newark, New Jersey, causing over $30 million in losses to victims and allowing the alleged hackers to collect over $6 million in ransom payments. The deployment of the SamSam ransomware represented some of the highest profile cyber-attacks on US. The six-count indictment, unsealed in the District Court for the District of New Jersey, charges Iran-based Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27 with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud related to computers, and other counts accusing them of intentionally damaging protected computers and illegally transmitting demands related to protected computers, Reuters reported.
NUVIAS EXTENDS SECURITY OFFERINGS WITH NEW PARTNERSHIP Nuvias has announced that it will be adding Lookout, a global player in securing the post-perimeter world, to its vendor portfolio in the ME region. The partnership will provide channel partners with the latest in Cloud-based security software for mobile devices, addressing data security across both the enterprise segments and government sectors. Lookout is a cybersecurity company for a cloud-first, mobilefirst world. Powered by the largest dataset of mobile code in existence, the Lookout Security Cloud provides visibility into the entire spectrum of mobile risk. With its wide expertise in the Mobile Threat Defense market, Lookout is uniquely positioned to deliver Post-Perimeter Security. Centered on the protection of corporate data when accessed by devices outside the corporate perimeter, it is a security model for the modern, perimeter-less, clouddelivered, and privacy-focused world. Nuvias, whose distribution model is based on deep technology expertise in selected areas of focus, counts Cybersecurity as one of its leading Practices across EMEA. Mario Gay, GM, Nuvias ME, said, “Our collaboration with Lookout is a major asset to the establishment of our Centre of Excellence in the Middle East. We are excited about being able to offer Lookout’s robust and comprehensive solutions to our channel partners, coupled with Nuvias services and support to help them deliver real business value to their customers.”
5 out of 10 consumers, globally, are anxious about identity theft Source: KPMG
12.2018
5
OUTLOOK 2019
THE ROAD AHEAD As 2018 comes to a close, we must prepare ourselves for what’s in store in 2019. Security Advisor ME reached out to industry experts to get insights as to how organisations can best plan their cyber defences for the next 12 months.
6
12.2018
www.tahawultech.com
OUTLOOK 2019
WHAT WILL THE THREAT LANDSCAPE LOOK LIKE IN 2019?
attacks in 2017 were on healthcare organisations. Attackers will also continue to shift their attention to small and medium businesses from larger ones and we will see weaker verticals being targeted. Many companies in Africa and the Middle East and certain verticals assume that they have enough security and don’t realise that the threat landscape has moved. As cyberattacks become increasingly common, businesses will ensure they have comprehensive cyber resilience strategies in place, rather than simply focusing on a defence only approach.
Another key attack vector is phishing or stealing credentials. With businesses moving to the cloud, protecting credentials is more important than ever and attackers also know this. You could say that as you move into the cloud, the perimeter slowly disappears, and credentials become the new perimeter.
Jeff Ogden, general manager, Middle East, Mimecast
The landscape will continue to evolve, cybercrime will rise, and criminals will become more sophisticated in their targeted attacks. The dangers of email-borne threats like ransomware, phishing and impersonation attacks will become more advanced. I believe that we won’t see too many new attack types, but better execution of existing attacks through better social engineering and data correlation. Phishing will become almost flawless and criminals will continue to prey on the gap in human firewalls. There will be a much larger focus on how to better educate all staff. The cyber security conversation will also shift from a focus on the cost of an attack to how it impacts human life. I expect to see large scale critical infrastructure – such as energy services, water supplies or hospitals – being targeted, or the hack of autonomous vehicles or medical devices. This could result in a loss of life and will be a catalyst for alarm and change. As far as industries go, healthcare will continue to be the number one choice for attackers. According to a global cybersecurity insurance company Beazley, 45 percent of ransomware www.tahawultech.com
Jeroen Schlosser, managing director, Equinix MENA
Nicolai Solling, CTO, Help AG
There is no doubt that the threat landscape has changed a lot over the last couple of years. Over the last 12 to 24 months, all that was on our mind was ransomware as it proved to be an efficient way for attackers to monetise their efforts and there is no doubt that ransomware will still be a nuisance in 2019 as well. But the attacks are slowly changing – we have seen a steady increase in social engineering attacks such as CEO fraud or supply chain fraud, where organisations are tricked into performing business transactions to third parties– as such nothing new, but the sophistication of the attacks has increased.
The trend of digital transformation is revolutionising the MENA market, urging businesses to take innovative approaches such as cloud adoption so cloud technology is expected to continue to impact the industry. Many enterprises and SaaS providers are deploying mini-clouds in multiple regions in order to adhere to local data residence and compliance requirements. They are also looking at distributed data management architectures that require global networks and data fabrics in order to coherently manage these distributed mini-clouds. We believe that in order to prevent data breaches and retain control over their data, enterprises will consider: new data management techniques that operate seamlessly on encrypted data (for example, limited forms of data querying on homomorphically encrypted data); and new hardware-based virtualisation technology that will prevent service providers from surveilling their customer’s data. 12.2018
7
OUTLOOK 2019
WHAT WILL BE THE BIGGEST DRIVERS FOR SECURITY SPENDING IN THE COMING YEAR?
Mohammed Abukhater, vice president, MEA, FireEye
When I think about how the cybersecurity industry will shift and evolve as we move into 2019, I see few key areas that organisations will focus and invest: staffing, cloud and consolidation. Firstly, according to various industry estimates, there are two or three million cyber security jobs that will go unfilled by the year 2020. The good news is that the pain is there, and the thinking is 8
12.2018
changing. If you’re not giving employees new responsibilities and investing in training to enhance their cyber security skills, you’re missing an opportunity and will likely lose those employees. If you invest in your people, you develop and attract the best people. Following that, there’s cloud security. Everyone in the industry will see huge migrations to the cloud, but most companies are not doing anywhere near as much work as they need to be doing to protect and invest in cloud security — and the bad guys know this. The bad guys go where the money is, and throughout 2019 there will be an increasing number of opportunities for attackers in the cloud. The third key driver will be consolidation. A lot of innovations in 2019 are going to focus on consolidation in cybersecurity solutions. In the cyber security market, people tend to ask “what is the magic technology?” Unfortunately, there is none. The question should be: What is the overlapping system of controls and capabilities that you have, and how do you use and invest in them? There are many organisations that have purchased various tools and technologies, but they don’t have sufficient resources to manage them.
WHAT ARE THE BIGGEST CYBERSECURITY THREATS IT LEADERS SHOULD WATCH OUT FOR?
Alain Penel, regional vice president – Middle East, Fortinet
We can expect cyber-attacks to become smarter and more sophisticated. In an effort to adapt to the increased use of machine learning and automation, we predict that the as cybersecurity experts adopt advanced technologies so will the cybercriminal community. An example of which is artificial intelligence fuzzing (AIF). As www.tahawultech.com
OUTLOOK 2019
Finally, we can expect threats from mobile and IoT malware to continue. With illegal Android apps on the increase, 2018 has seen an increased focus in malware being pushed to phones, tablets and other IoT devices. As homes and businesses adopt more internet-connected devices, criminals have been devising new ways to hijack those devices to use as nodes in huge botnet attacks.
Joe Levy, CTO, Sophos
cybercriminals begin to leverage machine learning to develop automated fuzzing programmes they will be able to accelerate the process of discovering zero-day vulnerabilities, which will lead to an increase in zero-day attacks targeting different programmes and platforms. There’s also swarm-as-a-service. The progression of this emerging generation of threats will be used to create large swarms of intelligent bots that can operate collaboratively and autonomously. These swarm networks will not only raise the bar in terms of the technologies needed to defend organisations, but like zeroday mining, they will also have an impact on the underlying cybercriminal business model. Another potential cybersecurity threat that we might see in the future is focused on “poisoning machine learning. By targeting the machine learning process, cybercriminals will be able to train devices or systems to not apply patches or updates to a particular device, to ignore specific types of applications or behaviors, or to not log specific traffic to evade detection. This will have an important evolutionary impact on the future of machine learning and AI technology. www.tahawultech.com
The threat landscape is undoubtedly evolving; less skilled cyber criminals are being forced out of business, the fittest among them step up their game to survive and we’ll eventually be left with fewer, but smarter and stronger, adversaries. These new cybercriminals are effectively a crossbreed of the once esoteric, targeted attacker, and the pedestrian purveyor of off-the-shelf malware, using manual hacking techniques, not for espionage or sabotage, but to maintain their dishonorable income streams. We can expect cybercrimals that are more “capitalists” in nature, which means those who are are turning to targeted ransomware attacks that are premeditated and reaping millions of dollars in ransom. The financial success of SamSam, BitPaymer and Dharma to inspire copycat attacks and expect more happen in 2019. Cyber-attacks leveraging Windows systems administration tools will also pose big threats in the coming year. There has been a shift in threat execution, as more mainstream attackers now employ Advanced Persistent Threat (APT) techniques to use readily available IT tools as their route to advance through a system and complete their mission – whether it’s to steal sensitive information off the server or drop ransomware.
Morey Haber, CTO, BeyondTrust
The threat landscape in the coming year will continue to highlight threat actors targeting the lowest ‘hanging fruit’ for a successful attack vector. It will reveal how poor credential and privilege management are paving way for threat actors to breach an organisations. With privileged access management (PAM) continuing to be the number one attack vector for threat actors, IT leaders should be mindful of device sprawl, shadow IT, and IoT devices. These all have privilege risks and potential problems with poor password management. 2019 will see even more high-profile breaches. Organisations must discover and manage their privileged accounts because the attack vector is not going away anytime soon, and ugly newspaper headlines will continue to plague boardrooms. 12.2018
9
INSIGHT
A THREE-SIDED STORY Huawei Enterprise Business Group managing director and vice president for Middle East Alaa Elshimy discusses how safe cities are impacting people, public and private sectors.
I
t’s a good time to be alive. The digital revolution is upon us, technologies are becoming more accessible and affordable, and governments are going smart. A smart city is an urbanised area that utilises numerous smart initiatives to improve the livelihood of its citizens and visitors. These initiatives focus on healthcare, education, water, energy, and perhaps most importantly, public safety. One of the best benefits of improved connectivity is the ability to bring people together. This has resulted in a number of benefits in the field of public safety, from bringing citizens closer to the authorities, to accident response times, to vehicle tracking and city mapping. The very goal of smart public safety is prediction and prevention of incidents. Globally, this area of smart investment is receiving more and more attention from governments. By 2050 it’s predicted that more than nine billion inhabitants will walk the earth, and over half of those will live in cities. Bringing toagether the smartest minds to create and deploy the most intelligent networks and technologies to protect those people is all-important. Generally, there’s a number of challenges that cities face, and will face in the future. Terrorism, overpopulation, transport infrastructure, strained resources, both utility and personnel wise, are all major talking points on government agendas. But on a more macro level, it’s clear that each city has its own list of challenges, in an order of priority it deems fair. Some are unique, others are shared – regardless, local solutions are necessary. At Huawei, we have delivered many
10
12.2018
safe cities around the world, working with partners to develop converged, open, one-stop Safe City solutions that are video-enabled. Huawei’s Safe City solutions currently serve more than 800 million people in 200 cities across 80 countries and regions in Europe, Africa, and Asia-Pacific. With this in mind, it’s equally as important that we are working closely with a large, local ecosystem that includes everyone from government entities, to app developers, to major banks, and more. Empowering partners to support local governments and developers will help us to better solve unique, relevant problems that cities face. Solving these problems will have a direct impact on multiple city stakeholders, but each in their own unique way. I’ve explored three separate areas to outline how each will be affected by a successful smart public safety initiative.
media and public forums, they will be better educated on how and when to share information relating to safety. Moreover, they will be advocates of the technologies, and offer tangible feedback on systems deployed across the city. The development of a strong and diverse ecosystem will allow governments and their authorities to have a better relationship with its publics, and therefore create and provide better, tailored services.
2
Public – businesses and organisations operating in the public sector The major opportunity for businesses and the public sector is becoming part of the ecosystem that facilitates smart city evolution. Developers, engineers, manufacturers, and others stand to benefit from the burgeoning
1
People – citizens and visitors Citizens might be the obvious choice when wondering who will feel the impact of a smart public safety initiative most. But in actual fact, a well-designed and deployed safe city shouldn’t be obvious to those it serves. Visitors and residents should interact with smart solutions seamlessly, on a daily basis. However, one major difference for them will be how they begin to play an active role in maintaining safety measures in their own cities. If local partners and governments can build relationships through social www.tahawultech.com
platform for innovation and creativity. IoT and cloud computing will nurture an innovative society led by public and private sector companies trying to find unique solutions for citizens. Public sector initiatives will rely on private sector input, as well as talent nurturing, training, and research. There’s also the impact on private sector organisations as end-users. For example, the ability to run sporting events, retail chains, etc., with added safety and control would be hugely beneficial in today’s environment, and in the future. Huawei’s journey in this area has been fruitful in recent years, too. We’ve been developing a number of converged safety technologies that seek to empower local authorities to better serve their people. Private – government entities leading the way Of course, this is where the difference is made – the vision and determination from governments around the world create safe, smart havens for their people. Investment, interest, intelligence, and insights are all crucial for this to happen. Firstly, financial allocations will change – the
3
www.tahawultech.com
how and where of government spending will soon reflect the growing importance of ICT equipment, resources, and training needed to make this a reality. This will have a direct impact on crime and incident levels, the risk to individual property, and of course culture surrounding safety perception. Nations in the Middle East will benefit hugely from this shift in perception. Therefore, more and more people will be able to better live out and enjoy their daily lives, while building better, stronger relationships with their governments. We have continued to make new use of advanced ICT technologies, including cloud computing, big data, mobile
broadband, IoT, and most importantly artificial intelligence (AI). During this year’s GITEX, Huawei held an AI conference just a week after Huawei Rotating Chairman Eric Xu announced the global launch of Huawei’s AI strategy, as well as its fullstack, all-scenario AI portfolio. We’re proud to say that the Middle East is one of the first regions worldwide to import our recently-unveiled revolutionary AI products and solutions. Huawei’s AI portfolio includes its new Ascend series of AI chips – the world’s first AI IP and chip series designed for a full range of scenarios. The portfolio also includes new products and cloud services that are built on Ascend chip capabilities. With its full-stack AI portfolio, Huawei aims to provide pervasive intelligence to help drive industry development and build a fully connected, intelligent world. Although these safe cities are predominantly government-led initiatives, it will take a strong ecosystem of partners and stakeholders to make it a reality. Huawei is proudly helping facilitate the ecosystem and is aiding partners as they drive digital transformation across the board, ultimately helping improve everyone’s livelihood.
12.2018
11
COVER STORY
12 12.2018
www.tahawultech.com
COVER STORY
CASHING IN ON SECURITY UAE Exchange CISO Venu Sriraj discusses how the firm is protecting two of the most valuable assets of its customers – money and data.
W
ith a global network of 800 branches across 28 countries in five continents and serving millions of customers every year, UAE Exchange is privy to importance of the customer and transaction data. This is why, it is imperative for the company to deploy technologies and processes necessary to protect these assets. Led by Venu Sriraj, who has 15+ years of experience, the Information Security function at UAE Exchange is where the data is curated under strict processes with the help of advanced security technologies. “Our strategy is to ensure that the sanctity of data security is maintained, particularly at a time when privacy has become vulnerable in today’s technology-driven world. For us, what matters more is to safeguard the company’s interest from any known and unforeseen threats, protect customer data, ensure market compliance, and enable business continuity.” Comprising of a 25-member team, the Infosec division of UAE Exchange focuses on the twin goals of the Information Security function – Information Security Programme Management and Cybersecurity Operations. “The Information Security Programme Management division largely focuses on www.tahawultech.com
governance, risk and compliance. We ensure that processes and procedures outlined by the company are carried out in compliance with both internal and external security policies, standards and regulatory diktats,” he explains. The team also focuses on augmenting business continuity by collaborating with cross-functional teams. This is central for the division as UAE Exchange caters to expatriate workers, which account for 75 percent of the country’s 9.5 million population, and processes billions of dirhams in salaries and
You can have all the best technologies available but with just one click on a malicious link everything can go wrong.
remittances while also handling an immense amount of customer data. Having a global presence means, the organisation handles large volumes of information such as customer, card and transaction data. This requires the team to mandatorily ensure that its processes comply with various security standards including the Payment Card Industry Data Security Standard (PCIDSS), ISO 27000, global data protection frameworks such as EU’s GDPR, Malaysia’s Data Protection Act and Hong Kong’s Personal Data (Privacy) Ordinance among others. “In the case of Cybersecurity Operations, the predominant task ensuring that we have the right processes and technologies in place to deal with potential cyber threats and vulnerabilities,” says Sriraj. “We have to be prepared to quickly respond to cyber threats and mitigate its impact on the business. Therefore, a key responsibility of the Cybersecurity Operations team is making sure that we are equipped with all the tools necessary in responding to cyber-attacks.” As part of this process, the Infosec team has identified key core security processes and integrated it into the company’s security operations. These processes and solutions focuses on incident detection and response, application security, threat intelligence 12.2018
13
COVER STORY
and vulnerability management as well as user identity and access management. These are critical core security processes which have been implemented and sees continuous investment. “Today, cyber threats are evolving at a rapid pace and hence, we believe that it is vital that we constantly develop processes to ensure that our defences are strong enough to address potential vulnerabilities,” explains Sriraj. “Creating security awareness among people is a vital aspect of our strategic agenda as users are typically regarded as the weakest link in the cybersecurity chain. You can have all the best technologies available but with just one click on a malicious link everything can go wrong. That’s why security awareness is an important part of our strategy. We view it as a key principle rather than process.” The Infosec team at UAE Exchange has curated a comprehensive security awareness programme, which comprises of a wide range of activities starting from learning campaigns, security training to phishing 14
12.2018
We want cyber vigilance to be a norm within the company so that each member of our workforce is equipped with the knowledge needed for when an actual security incident occurs.
assessments. These training sessions are conducted monthly and the phishing assessments every quarter. “At UAE Exchange, the workforce is educated on the emphasis of security as an enabler for business growth instead of treating it as a hindrance. We want cyber vigilance to be a norm within the company so that each member of our workforce is equipped with the knowledge needed for when an actual security incident occurs.” Sriraj’s foresight has also helped in reconstituting and streamlining the security processes resulting in enhanced user experience. “The Management has always been supportive when it comes to technology and security innovation. Over the years,
I have seen a dramatic rise in their collective interest in increasing the protection of our day-to-day business operations and more importantly our customers privacy.” Looking ahead, Sriraj believes that in the coming years, machine learning will be among the key technologies that will enable cybersecurity for financial organisations such as UAE Exchange. “We handle huge volumes of data and run multiple processes on a regular basis and machine learning can help us sift through hundreds of thousands of security events per day much faster and improve the detection and response to these incidents. This is something that we have started investing in and we plan to continuously develop.” www.tahawultech.com
FEATURE
BUILDING TRUST IN THE DIGITAL ERA In a bid to ensure transparency and data integrity, Kaspersky Lab is moving a number of its core processes from Russia to a brand-new Transparency Centre. Based in Zurich, Switzerland, the new facility reflects the company’s determination to assure trustworthiness of its products, services and internal processes, security correspondent Daniel Bardsley reports.
I
n a suburb of Zurich sits a nondescript building that, at first glance, appears not to differ from the average office block. However, the high metal fence across the front, and the hefty metal gates, two of which visitors must pass through to reach the steps leading up to the lobby, indicate that this is no ordinary place of work. Pass into the lobby and, on the left, is a large room filled with television screens showing images from the 200 or so CCTV cameras monitoring the building. So, what makes security such a priority? Is there a vault of gold bars? www.tahawultech.com
Or perhaps high-value artwork or other such investments? No, instead this facility safeguards what The Economist has described as “the oil of the digital era”: data. One of the customers using this data centre, which is run by Amsterdambased Interxion, is Kaspersky Lab, the Russian cybersecurity company. Last year Kaspersky Lab’s revenues grew eight percent to $698 million, an impressive result that, in isolation, masks challenges the company has been facing. As anyone involved in cybersecurity knows, concerns have been raised that Kaspersky Lab products have been used
as an entry point for cyberespionage efforts by the Kremlin. Over the past year, Kaspersky Lab – which describes itself as “the world’s largest privately held vendor of internet solutions for businesses and consumers” – has launched its Global Transparency Initiative (GTI), aimed at dispelling these fears. A key part of the GTI is the relocation to two Zurich data centres, including this one, of the processing and storage of information for users in North America, Australia, Europe, Japan, South Korea and Singapore. The processing in Zurich of malicious and 12.2018 15
FEATURE
suspicious files from European users went live in November. Build systems that compile and create Kaspersky Lab products and updates are also being relocated to Zurich, with a third-party monitoring the compilation and signing of software. Also, Kaspersky Lab has set up a Transparency Centre in Zurich where customers and regulators can review code, software updates and threat detection rules. More Transparency Centres – and associated data centres nearby – are due to be set up in North America and Asia by 2020. At a recent Global Transparency Summit in Zurich, the company said it would consider opening one in Dubai too. It also
CYBERSECURITY THREATS IN THE MIDDLE EAST Kaspersky Lab has a Dubai office that monitors threats across the Middle East – and there are many such attacks. “In the Middle East we see a lot of attacks directed at energy companies. There’s a lot in relation to oil and natural gas. In the last year or so we’ve noticed a lot of attacks related to political issues as well,” said Costin Raiu, director of Kaspersky Lab’s global research and analysis team. Local actors include the Gaza Cybergang, active since 2012 targeting regional governments and oil and gas companies. Other regional groups include the Syrian Electronic Army, which supports Syria’s president, Bashar Al Assad, and FruityArmor. “The Middle East has always been very active in terms of not just cyber-attacks, but sophisticated techniques,” said Raiu. These are about 45 people in Kaspersky Lab’s Global Research and Analysis Team headed by Romanian-
16
12.2018
based Raiu. Each day Kaspersky Lab detects more than 380,000 malicious threats globally, although less than 0.1 percent are of these are of interest to Raiu’s team. Sophisticated attacks such as advanced persistent threats, large financial attacks, major cryptocurrency hacks, critical infrastructure hacks and big international attacks may be looked at. “We try to build our own knowledge and some of these we publish on [the Kaspersky Lab website] securelist. com,” said Raiu, adding that details are also made available to private APT reports subscribers. Raiu said having people in the Middle East – the Dubai office has one staff member, and a second is being taken on – brought many benefits. “It helps to have someone native in the local language and customs. Maybe it’s just reading forum posts or reading information available on this topic,” he said.
The company has never helped, nor will help, any government in the world in its cyberespionage efforts. - Kaspersky Lab
predicted that its model of dispersing data and functions across the globe to increase confidence would be followed by other cybersecurity companies. Speaking in a panel discussion at the event, Jan-Peter Kleinhans, project director at Stiftung Neue Verantwortung, a German think tank, described the GTI as “the right first step”. “In the coming years we’ll figure out whether it’s a reasonable measure to build trust. There are a lot of good first initiatives, but we’ll see much, much more over the years from a variety of stakeholders,” he said. According to Anton Shingarev, Kaspersky Lab’s vice president for public affairs, an important factor determining the success of the Global Transparency Initiative would be feedback from regulators. “The initial feedback from regulators is pretty positive. They say we’re moving www.tahawultech.com
FEATURE
in the right direction,” he said. Through the Transparency Centre, Kaspersky Lab is letting regulators and partners look at source codes. While finding irregularities is something of a needle-in-a-haystack exercise, Shingarev said experts who know what to look for can zone in on areas of interest. So far, Kaspersky Lab has put about $3 million (AED 11 million) into the GTI, a significant sum, but an understandable investment given the difficulties the cyberespionage concerns have created. In the United States, in December 2017 – two months after the GTI was announced – the president, Donald Trump, banned the use of Kaspersky Lab products in federal systems. Some retailers in the US stopped stocking Kaspersky Lab software. The Dutch government made a similar move to the administration in Washington, while in June the European Parliament voted in favour of a non-binding resolution calling for Kaspersky Lab products to no longer be used by EU institutions. The company emphasises its independence and has addressed the cyberespionage concerns head on. In a briefing document, the company noted that it “does not have ties to any government”. “The company has never helped, nor will help, any government in the world in its cyberespionage efforts,” the document stated. The document goes on to say that the only links that the co-founder and CEO, Eugene Kaspersky, has ever had to the KGB, the defunct Soviet intelligence agency, “was studying cryptography and mathematics at the Higher School, co-sponsored by the KGB and the Soviet Ministry of Defence”. “Eugene has no relationship with high-ranking governmental officials in Russia,” the document said. More than four-fifths of company revenue is generated outside Russia, while the holding company is based in the United Kingdom. Research and development functions are not restricted to Russia, with the company having a research centre in Ireland, for example. www.tahawultech.com
B
ehind the gates of the Interxion data centre in Zurich lies a world of blinking servers through which 60 percent of Switzerland’s internet traffic passes. “The only business we’re doing here is data. We’re really focused on building data centres and operating data centres,” said Marks Brupbacher, an Interxion senior account manager. Founded two decades ago, Interxion has over 50 data centres across Europe and, in a demonstration of how quickly demand is growing as digitisation continues apace, has 10 under construction. A key demand of centres such as these is, of course, a large-scale electricity supply, which in this case totals 16,000 volts. A back-up battery pack provides enough energy in an emergency to meet the centre’s needs for about half an hour, while generators can then keep up with demand for 25 days. The
The GTI will not, however, involve moving additional research work to Europe. As the company noted in Zurich, five top-level software developers can be hired in Russia for the price of one in Switzerland. As Kaspersky Lab continues its fightback, its bottom line is being affected. Revenues in North America are down in 2017 and last year’s eight
generators are sometimes required to even out what can be a fluctuating power supply provided by the grid. Aside from power, another requirement is cooling to draw heat away from the busy servers. An array of copper pipes with a diameter of as much as 250mm, covered in black cladding and containing water with glycol added, create a circulation of cool air into the equipment. The air temperature in the rooms containing equipment may rise as high as 32C, but the servers are kept cool. The data centre has about 180 customers, with the smallest amount of space available to rent being a single cabinet. Around 30 percent of customers are service providers, which hold customers’ data, so the actual amount of organisations represented at the centre is well above 180. Interxion has 4,400 customers in total across all of its more than 50 data centres across Europe.
percent growth worldwide is not likely to be repeated in 2018, with revenues set to flatline. But the Middle East its showing brisk growth, with double-digit revenue increases this year. And what we have seen of the GTI so far could just be the beginning. “If we see that the Global Transparency Initiative works, we would like to invest more,” Shingarev told summit delegates. 12.2018
17
FEATURE
THE TRUTH ABOUT FAKE NEWS Security correspondent Daniel Bardsley asks experts how technology can help combat misinformation in the digital era.
18
12.2018
www.tahawultech.com
FEATURE
I
t often seems as though the phenomenon of fake news is never far from the headlines. Whether it is American mid-term elections, Brazil’s presidential poll or news coverage in the Arab world, concerns over misinformation are high on the agenda. Questions have been asked about the extent to which public debate – and, in some countries, the democratic process – has been corrupted, with even the results of major national elections potentially having been influenced. While disinformation of various kinds has existed for centuries, technology has allowed its spread to increase exponentially, putting pressure on companies such as Twitter to take action. “What’s new is the ease with which false, fabricated [stories], especially deliberately fabricated information, can be generated, and the speed with which it can be spread across borders, and the sophistication of false content,” says the University of Amsterdam’s Dr Tarlach McGonagle, a member of the Council of Europe’s committee on journalism in the digital age. It is, says McGonagle, increasingly difficult to tell what is real and what
is fabricated, something that has “farreaching consequences”. In terms of its recent manifestation, the 2016 American presidential campaign that saw Donald Trump triumph over Hillary Clinton brought fake news to prominence. Twitter came under fire over concerns that it was being used for the spread of false or misleading stories, and other social media platforms were also criticised. Two years on, have Twitter’s actions – deleting fake accounts and the like – have improved the situation? Dr Matthew Hindman, author of The Myth of Digital Democracy, recently co-wrote a report published by the Knight Foundation entitled Disinformation, ‘Fake News’ and Influence Campaigns on Twitter that indicated the problem was as significant as it had ever been. “Our study found that the vast majority of accounts that are repeatedly linked to fake and conspiracy news sites were still up. These accounts are very active and it really hasn’t changed dramatically in the last two years,” he says. However, he also says that “certain types of bot nets are hard to do, especially at scale now”. “Specific types of disinformation seem to be more closely monitored and
Specific types of disinformation seem to be more closely monitored and shut down. It’s a mixed bag in terms of the Twitter response. - Dr Matthew Hindman, author of The Myth of Digital Democracy
www.tahawultech.com
shut down. It’s a mixed bag in terms of the Twitter response,” he says. In terms of their effect on democracy, the influence that these types of accounts have is “a couple of steps removed” from actual voter intentions, says Hindman, an associate professor of media and public affairs at The George Washington University in Washington, DC in the United States. “The core aim of a lot of disinformation efforts is to sow division and to set the news agenda. Worldwide, they tend to focus on ethnicity and religion; much of their content vilifies Muslims,” he says. Concerns over fake news are not restricted to any one geography or social media platform. Mona Elswah, a researcher at the Oxford Internet Institute, part of the University of Oxford in the United Kingdom, visited Brazil for the recent presidential election, which was won by Jair Bolsonaro, often described as a right-wing populist. In Brazil, Elswah saw that, instead of Twitter, WhatsApp was the main platform for disinformation. Elswah prefers to use the term “junk news”, as this reflects the fact that disinformation can be as much about twisting facts to meet a specific narrative – possibly incorrect or deceptive – as it can be about simply fabricating stories. This is, perhaps of particular relevance to the Arab world, which is the key focus of Elswah’s research. “In the Arab world, junk news is more of a practice than a phenomenon,” she says, explaining that self-censorship by professional journalists can be as much of an issue as “shady blogs” peddling disinformation are in the West. The picture for the reader in the Arab world is, she says, more complex. So, what technological solutions might be available? 12.2018
19
29th January 2019
Habtoor Grand Resort, Autograph Collection, Dubai Marina Recognise your technology leader as one of Dubai’s top 100 digital leaders CNME is now accepting nominations for its 2019 CIO 100 Awards. Is your organisation’s CIO one of Dubai’s best technology leaders or are you a CIO which has made innovative and transforming changes? If so, Nominate now! The CIO 100 Awards celebrate leaders who are driving digital change in the Middle East and constantly striving for innovative practices. CIO 100 winners will receive their award at our annual CIO 100 Awards Ceremony and will also be featured in the February 2019 issue of CNME magazine. *CIOs, CTOs, IT directors and equivalents are invited to take part in the CIO 100 nominations.
#CIO100ME www.tahawultech.com/cio100/2019/ For sponsorship enquiries Kausar Syed Group Sales Director kausar.syed@cpimediagroup.com +971 4 440 9130 / +971 50 758 6672
Youssef Hariz Business Development Manager youssef.Hariz@cpimediagroup.com +971 4 440 9111 / +971 56 665 8683
Sabita Miranda Senior Sales Manager sabita.miranda@cpimediagroup.com +971 4 440 9128 / +971 50 778 2771
STRATEGIC VAD PARTNER
CLOUD & MANAGED SERVICES PARTNER
HOSTED BY
OFFICIAL PUBLICATION
ORGANISER
Nasir Bazaz Sales Manager nasir.bazaz@cpimediagroup.com +971 4 440 9147 / +971 50 101 2027
FEATURE
Deleting accounts, which Twitter has done in the thousands, can help to reduce the spread of falsehoods by bots, but these can only be part of the solution. Research has shown that algorithms are not 100 percent effective in combating bots – they miss some out and clamp down on other accounts that are genuine – and, in any case, it is not just bots that cause the problem. “Even if we fix the bots phenomenon, the junk news problem will still exist,” says Elswah, explaining that, instead, the online behaviour of people is also a factor. Individuals are more likely to share sensationalist news items – including false ones – than more soberly written material, so Elswah says it is important that people are equipped with “the tools they need to be critical of media”. A common message from analysts is that multiple approaches are needed to combat disinformation and to create a better-informed citizenry in the Middle East and elsewhere. “You have to decide what’s right from a human rights, rule of law and democratic perspective, and you can achieve something in the short, medium and long term,” says McGonagle, his comments reflecting concerns that efforts to combat misinformation have to be balanced against concerns over, for example, freedom of expression.
AN APPLICATION OF TECHNOLOGY TO PREVENT THE SPREAD OF FAKE NEWS One technological approach to try to reduce the effect of fake news takes account of human psychology and, in particular, the way in which our views are influenced by those around us. Professor Stephan Lewandowsky, a professor of cognitive psychology at the University of Bristol in the United Kingdom, is among the researchers looking at such “technocognition” remedies. “We don’t want to introduce censorship or a Ministry of Truth, but to create an architecture that’s designed so that accurate information is easier to disseminate than inaccurate; or accurate is given the chance to be perceived,” he says. “We know that people will not change their mind on anything if they think their view is widely shared with others.” Technology can, Lewandowsky says, determine relatively easily what the proportion of people hold a particular view, and then inform users of this, helping them to put what they are reading in perspective. “The idea is very simple. We can apply machine learning on people’s
That disruption of the social calibration has serious consequences that are underestimated by people. But we have a technical fix. - Professor Stephan Lewandowsky, University of Bristol
www.tahawultech.com
language and find where people overlap and count the number of people,” he says, adding that it is “certainly doable”. In the past, it would have been the people around us whose views we heard and who, as a result, shaped how we saw the world. However, today, we can log onto the Internet and, whatever our opinions, enter an “echo chamber” of people who think the same. This may risk the spread of conspiracy theories and mean that fake news goes unchallenged. “In the 19th century it probably was a good idea to trust your neighbours that a [particular] berry was poisonous. We have legitimately been doing that through history. The problem with the internet is that this social calibration has been completely disrupted,” says Lewandowsky. “That disruption of calibration has serious consequences that are underestimated by people. But we have a technical fix. If you are in a group of people, there’s no reason why you shouldn’t know what proportion of the population that represents.”
In the long term, McGonagle suggests there should be measures to make democracy and public debate robust and sustainable, such as investment in pluralistic media and journalism, and in digital literacy. Civil society, established media companies and governments all have a role to play. Additionally, efforts by tech companies could offer a remedy in the short term. “There’s an awful lot of things that have to be done, but none of them alone will have an overall solution,” he says. 12.2018
21
FEATURE
RAPID RESPONSE By Daniel Bardsley
E
mirates NBD bank recently warned customers to beware of a phishing email that was doing the rounds entitled “VAT Refund Notification”. In a statement it released online, the Dubai-headquartered bank told people to be “highly vigilant and always check the source before clicking on any links or attachments in e-mails”. Customers were told by the bank that they would never be asked for personal details such as their username, password or PIN. Emirates NBD’s statement is typical of the cautionary notes that
22
12.2018
banks and other companies across the globe have had to issue when they or their customers have been affected by cyber-attacks. It was, according to those working in cybersecurity, just the way to react, with Jeff Ogden, general manager – Middle East at Mimecast, an email and data security company, highlighting the bank’s quick action through warnings and social media videos. “There are different ways of doing these attacks, therefore, there are many different facets from a defence point of view,” says Ogden. There are numerous measures major organisations like banks can take to prevent themselves from falling victim to phishing attacks, such as remaining vigilant to ensure that their email domains are not being used fraudulently.
“Another area is to make sure you’re monitoring all activity associated with spoof domains,” says Ogden. Staff should be educated so that they, like customers, are wise to the risk of phishing emails. There is good reason to do take all possible precautions to prevent a cyberattack, because
www.tahawultech.com
FEATURE
the consequences to a brand when the worst comes to the worst can be significant. Ogden cites the case last year when the credit-monitoring company Equifax revealed it had experienced a severe data breach. “Just in a day, I think their share price dropped by 13 percent. Many millions of users were compromised,” he says, referring to the day in September 2017 when the company’s value plummeted by 13.12 percent. The harm caused by cyber-attacks, says Ogden, “goes into the tens if not hundreds of millions of dollars for the large multinationals”. “And [there is also] the impact that is difficult to measure: whether a customer is comfortable to work with the organisation that’s previously compromised. It’s a difficult thing to measure, but it has an impact on the trust relationship with consumers,” he says. So what strategies should companies employ to mitigate such reputational effects? According to Dr Audra Diers-Lawson, a United Kingdom-based American academic who specialises in public relations, the first thing an organisation should do is to demonstrate what culpability it has or does not have, and then talk about how it is going to prevent a recurrence. “If it’s data, how are they going to help the people affected? What are they going to do to re-secure the information?” she says.
“The most important step is reducing the uncertainty to customers or potential customers that they’re going to be protected.” Wherever blame lies for the fact that an attack happened, Diers-Lawson says organisations are better off not being too vehement in denying that they are at fault “They cannot deny it too strenuously or focus on a negative strategy,” she says. “The question is how do they move beyond it and what are they going to do to make sure it doesn’t happen again.” Customers should be given all necessary support to deal with any effects that the breach may have had on them. Technological security measures and reputation management can easily merge into one another, with companies advised to set up teams with technical and communications experts in advance, so that they can react promptly in the event of a cyber-emergency. Legal specialists may also have to have a seat at the table. “In an ideal [situation] there’s a good level of communication between the communication fields and the technical fields,” says Diers-Lawson. The effects on a company’s reputation of an attack are likely to be more modest if that business can demonstrate that it has consistently upgraded its software and hardware and that it has always done its best with security. There are few things worse than news coming out that simple patches could have
The most important step is reducing the uncertainty to customers or potential customers that they’re going to be protected. - Dr Audra Diers-Lawson
www.tahawultech.com
Jeff Ogden, General Manager - Middle East, Mimecast
prevented an attack, as has happened with some major incidents. The reach of the company’s message can be maximised by using search engine optimisation techniques. Looking further ahead, as the email security company Vade Secure describes in a briefing document, significant sums may have to be spent to try to repair reputational damage. There may be expensive public relations campaigns, and market research to identify how additional advertising spending can improve a brand’s image with consumers. Other measures to take, although their costs can be significant, are cuts in prices to generate interest from customers. “If it’s the first time it’s happened, the public reputation of the organisation tends to come back relatively quickly,” says Diers-Lawson, who is a senior lecturer at the Leeds Business School, part of Leeds Beckett University. Overall, as Diers-Lawson puts it, cyberattacks represent “a very substantial risk” to a company’s reputation and brand. But responding in the right way, both in technical and communications terms, can mitigate the major threats that breaches can represent. “It may hit the headlines for a little while, but if they show they are taking action, the effects aren’t particularly long term, unless it’s severe,” says Diers-Lawson. 12.2018
23
INTERVIEW
TRUSTED PARTNERS As the security landscape becomes increasingly sophisticated, having control over how data is accessed and processed has now become more important than ever for any business. John Hathaway, regional sales director - Middle East and India, BeyondTrust, together with Ian Jones, Divisional Director, Westcon Security, discuss how their most recent partnership can enable regional organisations to become cyber resilient through Privileged Access Management.
C
an you please share a brief background on the drivers behind the partnership between Westcon and BeyondTrust? John Hathaway (JH): BeyondTrust started its Middle East operations four years ago. Since then, we have
John Hathaway, regional sales director - Middle East and India, BeyondTrust
24
12.2018
established a strong local presence and have grown our customer base. Following a period of exceptional growth, we believe that we needed the support from a value-added distributor that has a strong foothold in the security space. BeyondTrust has gained a strong portfolio of enterprise accounts distributed around the Middle East. We needed a VAD who could support our efforts in the widest geography possible. Having one of the most welldeveloped security divisions in the region, Westcon fits the bill perfectly, hence, it was an easy decision for us to go with them. Ian Jones (IJ): Over the course of our conversation in the last year, we have managed to reach a tipping point. Both companies believe
that we can add value to each other’s businesses. Since then, we have finalised the partnership and have now enjoyed a full quarter of working together. We are optimistic about taking our relationship with BeyondTrust forward. From a distribution perspective, Westcon has a presence in every
Ian Jones, Divisional Director, Westcon Security
www.tahawultech.com
INTERVIEW
country in the Middle East and we are still expanding. We also have over 3,800 business partners in the region. We believe we can add value to BeyondTrust’s business by helping them deliver a targeted approach for reaching markets and industry segments that they haven’t explored yet. As a VAD, we make sure that we bring in the right partners that will enable us to provide a holistic approach to regional customers. As an expert in Privileged Access Management (PAM), BeyondTrust is a great addition to our portfolio making our vendor ecosystem more attractive to our business partners. What is Westcon’s strategy in delivering BeyondTrust’s offerings in the Middle East? What kind of enablement initiatives will you be offering partners? IJ: BeyondTrust is one of our biggest pureplay security players in the Middle East. That’s why we made a conscious effort to take the pulse of our partner network and ensure that BeyondTrust’s offerings are compatible with them and vice versa. Ultimately, this also gave BeyondTrust
As an expert in Privileged Access Management (PAM), BeyondTrust is a great addition to our portfolio making our vendor ecosystem more attractive to our business partners. - Ian Jones, Westcon Security
www.tahawultech.com
a sense of how they can develop relationships with our current partners. We promote BeyondTrust’s expertise and offerings through a variety of channels ranging from awareness campaigns to roadshows to identifying and appointing partners that we think are most suitable for them. Which trends do you see disrupting the privileged access and vulnerability management? JH: I think there are a few different ways this aspect of security has evolved. PAM is one of the fastest growing security tools today. Previously, it was predominantly used by organisations in highly compliant environments like banks and insurance companies. But as governments across the world introduce stricter regulations, technologies such as PAM has become critical to security infrastructures. This has resulted in a significant amount of competition and a fragmented market. However, we are already seeing a lot of consolidation in the market. In fact, BeyondTrust was acquired recently in a deal that combined Avecto, BeyondTrust and Bomgar into one organisation, ultimately making us the biggest PAM organisation in the market. What are the most common challenges organisations face when it comes to effectively implementing PAM? How can BeyondTrust help businesses in this regard? JH: PAM is part of the identity stack, which requires quick implementation time. Furthermore, since PAM protects credentials and a variety of data, it touches every part of an IT environment. That’s why we have identified quite early on that it is necessary to have local professional service engineers to deploy our solutions. BeyondTrust is one of the only PAM vendors in the local market with a mature, experienced and highly available professional service practice based in the region. So, we cater to all the aspects of implementation for our customers. And this is the role that
Having one of the most welldeveloped security divisions in the region, Westcon fits the bill perfectly, hence, it was an easy decision for us to go with them. - John Hathaway, BeyondTrust
Westcon can play for us, where we might require subject matter expertise to install a product or solution. A distributor such as Westcon can come along and wrap their project delivery services around it and hold the hand of the customer during the whole implementation process. We also work closely with global SI, VAR and VAD partners to extend our capability to deliver projects across the region. How can organisations maintain the balance between security and productivity within the workplace? JH: Well, that’s always a subject and a conversation we have with new customers because PAM often receives significant resistance from administrators who can view these tools as counterproductive. On the other hand, from a compliance perspective, the security guys need to set up controls on how systems and information are accessed. Enabling productivity is at the core of our solutions. That’s why BeyondTrust has redeveloped Password Safe and enhanced how privileged sessions are managed to ensure that disruptions are kept to a minimum. 12.2018
25
OPINION
SERVICE EXCELLENCE Paladion discusses its strategies for effective Managed Detection and Response
I
n a world where digital connectivity means both productivity and increased threat surface, Paladion has built a strong reputation for cybersecurity. Receiving an award from CPI Media Group for “Best Managed Detection and Response Provider” reflects the quality of the company’s cybersecurity services. However, the effectiveness of Paladion’s MDR service, and its cybersecurity approach in general, is not unique just because of its AI-based technology or 26
12.2018
the deep cybersecurity expertise or the robust processes and continued investment; there is still more. The right mix for effective MDR Paladion combines all these elements in a savvy mix that is bound together by leadership and innovation in cybersecurity across industries and across the world. In addition to dramatically improving performance in areas such as rapid detection and speed of containment and response, we also makes our platform-based
service accessible to large and small enterprises alike. So, every organisation can achieve solid cyber protection for an acceptable monthly investment. Technology to tackle cybercriminals Hackers and cybercriminals are already well versed in applying latest in technology to breach enterprise defenses. The proprietary technology from Paladion provides a robust, scalable base on which to address these threats. Paladion’s big data platform handles large volumes of www.tahawultech.com
OPINION
Amit Roy EVP and regional head for EMEA accepts the Best MDR Provider award on behalf of Paladion at the Future Security Awards
Human resources for strong security strategies In addition to excellent security technology, sound cyber protection also needs fully trained human resources. By combining AI and automation with people skills of a pool of approximately 1,000 security engineers, analysts, threat hunters, incident responders and forensic experts, Paladion delivers end to end threat management. Specifically, the AI.saac platform helps staff to accelerate analysis and action. Attack dwell time is cut from months to only days and response time from days to just hours, depending on the business. Paladion also combines advanced technology such as machine learning with expert human intelligence in its 24 x 7 security operations centers (SOCs) to detect current, new and advanced threats and alert customers.
data from the entire IT Stack including existing security systems, to leverage security investments already made. This powerful in-house platform – AI.saac uses machine learning and advanced AI technology to uncover known and unknown threats and respond to them rapidly. Worldwide threat intelligence and analysis of individual business customer environments enables us to advise those customers of oncoming threats that apply specifically to them, thus providing proactive defense.
www.tahawultech.com
Processes to ensure optimal results and protection Leveraging its strengths in AI, Paladion takes a process-driven approach to consistently provide cybersecurity detection, response and consulting services for both large and small businesses. Compliance with different regulations and standards is assured and can be demonstrated. Hundreds of playbooks can be deployed to automatically contain threats. Paladion’s AI.saac continuously learns (machine learning) to add new playbooks to make MDR processes even more reliable and effective. Incident response is coordinated to reduce attacker dwell
time from weeks to days, while Paladion’s incident responders make sure attackers do not exploit the same vulnerability or use the same TTP (tactics, techniques and procedures) again. Ongoing investment and innovation Whether it is in its people, its platform or its processes, Paladion continues to invest and take managed detection and response services to a new level. At Paladion, we are acutely aware of the notion that the thinking that caused a problem is unlikely to contribute to finding its solution. Old approaches relying on prevention alone cannot match the now highly evolved tactics of hackers and cybercriminals. Likewise, the idea that a fixed security perimeter exists is no longer true. The enterprise perimeter is now formed by its people with their mobile computing devices and its partners with which it collaborates over the net. While staples like configuration audit and vulnerability scanning are still important parts of cybersecurity, an enterprise now needs excellent response capabilities as well as resilience. Paladion has turned the concept of MDR into a solution that extends all the away from ‘left of hack’ (anticipation, hunting, monitoring) to ‘right of hack’ (analysis, containment, response). Beyond static defense and basic compliance, Paladion leverages AI to detect new threat vectors, use specific customer context information to prioritise alerts, and drive response automation to quickly contain threats. Conclusion While Paladion is proud to add this award for “Best Managed Detection and Response Provider” to its list of recognitions the company will not rest on its laurels. Actively managing cyber risk for over 700 customers from its 5 AI-Driven security operations centers (SOCs) placed across the globe, Paladion will continue to refine and enhance its MDR service as the solution of choice for enterprises and organizations. 12.2018
27
OPINION
WHERE SHOULD THE CISO SIT IN THE LEADERSHIP TEAM? By: Haider Pasha, senior director and CSO, Emerging Markets, Palo Alto Networks
A
s cybersecurity risk management has ascended to become a top strategic priority, where the Chief Information Security Officer (CISO) sits within the leadership team has become a major question. It is fair to say that there is no onesize-fits-all answer. Organisations need to weigh up the advantages and disadvantages of several models and see which one suits them best. Here’s some of the current options: Option #1: Reporting to the CIO It has been traditional for the CISO to report to the chief information officer (CIO). Indeed, this tends to be the most common arrangement today. This line of reporting model has made a great deal of sense since the CIO is the member of the business leadership team who should best understand cybersecurity and the CISO role was created to secure IT systems and data. However, this model may be losing its relevancy as CISOs begin to see how much they need to influence and exert control outside of the IT realm. For example, they must consider employee cyber awareness and education, policy development and even programmes of cultural change. 28
12.2018
Technological solutions cannot remedy the whole issue when the biggest vulnerabilities are the humans inside the organisation. CIOs also have competing priorities that may conflict with a CISO’s cybersecurity agenda. For example, budget for application development, infrastructure and networking may take precedence over what the CISO may prioritise for their team and organisation as a whole. Option #2: Reporting to the CRO A recent trend has been to see the CISO working under the chief risk officer (CRO), especially within financial services and larger corporates. Organisations who rely on greater insight into enterprise risks are recognising that their risk management team needs to cover cyber risks much more thoroughly and proactively. The CISO then is a natural member of the risk team. A downside of this model is that the CRO doesn’t tend to report to the CEO so this reporting structure can further distance CISOs from top executives and company strategy. Option #3: Reporting to the CFO Companies collect all kinds of functions under finance—IT, risk
management, procurement, tax, audit. So, it is no unusual to place the CISO there as well. Having the chief financial officer (CFO)as their boss puts the CISO in direct contact with the financial power on the board. CFOs who are sensitive to risk management may make critical decisions about cybersecurity spending. They also can be the CEO heir apparent. The downside is that many CFOs want to see returns particularly if they are incentivised on year-overyear earnings growth. This can be challenging for CISOs who may find it difficult to present the financial benefits of cybersecurity investments. Option #4: Reporting to the CDO The chief data officer (CDO) is a relatively new corporate role often focused on preserving and expanding the value of corporate data, so there is certainly some overlap with the CISO’s role in protecting that data. However, the CDO tends to see data in ways that clashes with a CISO. A CDO wants to leverage data to increase revenues and can judge a CISO as putting obstacles in the way of making this happen. With their focus on mining data for the business, the ability of a CDO to also support cybersecurity may www.tahawultech.com
OPINION
be limited. Like a CRO a CDO doesn’t necessarily report into the CEO, meaning the CISO remains further removed from strategic decisionmaking and budget-setting. Option #5: Reporting to the CLO A rarer model is for CISO to report into an organisation’s chief legal officer (CLO). This happens when a CEO recognises the critical nature of cybersecurity and its regulatory demands and risks, and deems that chief legal officer is best trusted to deal with these matters. Legal officers within an organisation handle significant issues related to information governance and compliance and have a good idea about corporate direction since they often serve as board secretaries. They also tend to get involved when there is a cybersecurity incident. Unlike the CEO or even the CFO, an organisation’s legal officer has few other direct reports so
www.tahawultech.com
a CISO can find themselves a wellregarded adviser. A drawback of his model is chief legal officers tend to be more engaged in cybersecurity on an episodic basis for example when a breach occurs. They have less interest in cybersecurity as an operational issue to be planned for, monitored and improved. Option #6: Reporting to the CEO For a long time, it has been predicted that the CISO would report directly to the CEO; three years ago IDC predicted that 75% of CISOs would do this. However, this reporting model is still the exception rather than the rule. Those organisations that have embraced this approach are typically techcentric companies or those that have suffered high-profile cyber setbacks and demands a CISO who is a true business leader. Reporting to the CEO maintains the independence of the CISO
role and can enable a fuller, more open discussion with all the senior stakeholders. Yet adding the CISO to the CEOs direct reports runs against a trend of CEOs seeking to reduce rather than increase the number of principals who directly report to them. CEOs want less not more distraction from their focus on strategy an operational leadership. This perhaps explains why those predictions of CISOs reporting to CEOs haven’t yet been realised. Many CEOs actually may prefer their CISO reporting into the CIO who can then filter out relevant information. Option #7: Reporting to the Board An alternative few companies have considered but is worth exploring is having the CISO report directly to the board of directors or one of its committees. The board’s prime responsibility is to supervise management. As organisations become more digital the board needs to know the unvarnished truth of an organisation’s cyber performance. A CISO who directly reports to the board can facilitate the process of exchanging critical information that isn’t sanitised. These sessions also could allow the board to get discrete cyber information outside of the main board meetings when their attention is drowned out by a plethora of other issues. A major challenge with this model is whether the board contains enough knowledge of cybersecurity issues to make this engagement meaningful enough. Overall there are no wrong or right ways to how the CISO fits into the organisation. What is important is that a CISO’s concerns and recommendations are fully heard and understood. Any reporting model that doesn’t close the gap in a common understanding of cybersecurity from differing technology and business leadership perspectives will not be helpful to anyone, CISO, CRO, CIO, CFO, CEO or anyone else at board level. 12.2018
29
INTERVIEW
ON THE FAST TRACK In an exclusive interview with Security Advisor ME, Fidelis Cybersecurity president and CEO Nick Lantuh discusses why deception and MDR technologies are key to faster response times and quicker recovery from cyber-attacks.
W
hat has been your key focus since taking on the reins at the company earlier this year? There are a number of key initiatives that are in the works. Firstly, we have 16 projects that we are currently developing from an innovation standpoint. It involves a wide variety of integrations ranging from product enhancements to additional features into our offerings. Additionally, we have recently released our latest managed detection and response service, Fidelis MDR. This complements our automated detection and response platform very well, which has further enhanced our threat and data loss hunting capabilities. Finally, we have been putting significant efforts into expanding our global presence. We are doing this by opening operations in new markets and doubling down in places where we’ve had success. We are also bringing additional backend support to our customers such as profes These have been our primary focus over the last year. How have strategies and practices in security, specifically in the detection and response space, evolved over the last two years? For a long time, the SIEM has been at the centre of detection and response solutions. However, such solutions primarily generate alerts that are logbased and NetFlow-based, which don’t 30
12.2018
have the granularity that will enable quick response. This creates enormous amounts of false-positives, which brings “alert fatigue” to organisations. This resulted in an increasing desire from organisations to learn how to hunt better for cyber threats and prevent data from being exfiltrated out of their environments. There is a strong demand for solutions that will facilitate quicker response and reduce the amount of dwell time. Those are all things that right now are very front and centre in the industry. How would you explain the importance of investing in deception and MDR technologies to members of the C-suite who are not privy to the technical side of security? Decision-makers who are not technically savvy don’t always
Deception technologies primarily function as an earlywarning system for external threats that have already penetrated networks to exfiltrate as well as compromise data.
understand the importance of investing in deception and MDR technologies. That’s why constant education is key. Deception technologies primarily function as an early-warning system for external threats that have already penetrated networks to exfiltrate as well as compromise data. Fundamentally, deception technologies are a proactive type of a solution. It emulates an attack surface thwarting threats that may have entered the system. Another benefit a deception network provides is the ability to capture east-west traffic, which only happens after you’ve already been successfully compromised. Ultimately, this helps reduce dwell time, which is paramount because the longer a cyber threat, the more damage it can cause. Looking forward, what can organisations expect from Fidelis in the coming year? We will continue to enhance the speed with which we detect and respond to threats. We aim to further boost our capabilities from a deception technology’s standpoint. In addition, we will develop strategies that will enable us to expand our services in assisting customers to manage threats and augment SOC infrastructures. We will also push initiatives that will help equip our customers with the capability to effectively manage and monitor their networks. The Middle East is a very important market for Fidelis. We have a strong presence here in the region and will continue to invest more in growing our business in this market. www.tahawultech.com
THE REGION’S NUMBER ONE PROVIDER OF IT SOLUTIONS
DRIVE REAL BUSINESS RESULTS WITH OUR LATEST IT TECHNOLOGIES COGNITIVE SOLUTIONS
IOT
CLOUD
SECURITY
ANALYTICS
www.gbmme.com
On-demand Adaptation Layered Intelligence Collaboration Continuous Evolution
Software Defined Camera
For more information, please visit e.huawei.com/ae Leading New ICT, The Road to Digital Transformation Please contact us at enterpriseME@huawei.com to know more