ISSUE 40 | JULY-AUGUST 2019
HOW TO PROTECT YOUR DIGITAL LEGACY
WWW.TAHAWULTECH.COM
INSIDER THREATS:
THE UNUSUAL SUSPECTS
DYNAMIC DEFENCE BITDEFENDER REGIONAL DIRECTOR TAREK KUZBARI ON THE NEW DAWN OF CYBERSECURITY
THE TALENT CRUNCH
CONSOLIDATION CONUNDRUM INDUSTRY HIGHLIGHT: Women in cybersecurity How to secure multi-cloud environments
Specialized Cyber Security & IT Distribution in META Region We cover all top 20 Critical Security Controls
emt.ae emtMETA.com
CONTENTS FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015) Publishing Director Natasha Pendleton natasha.pendleton@cpimediagroup.com +971 4 440 9139 EDITORIAL Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135
12
Contributing Editors Daniel Bardsley Janees Reghelini Mark Forker Giorgia Guantario DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 440 9140 Designer Mhar Delaben marlou.delaben@cpimediagroup.com +971 4 440 9156 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9130 Senior Sales Manager Sabita Miranda sabita.miranda@cpimediagroup.com +971 4 440 9128 Business Development Manager Youssef Hariz youssef.hariz@cpimediagroup.com +971 4 440 9111 PRODUCTION Operations Manager Shweta Santosh shweta.santosh@cpimediagroup.com +971 4 440 9107 DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh
18
14
DYNAMIC DEFENCE
26
Bitdefender’s Tarek Kuzbari shares his vision for the region
Photographer Charls Thomas Maksym Poriechkin webmaster@cpimediagroup.com +971 4 440 9100 Published by
Registered at Dubai Production City, DCCA PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409
6
While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.
28 CONSOLIDATION CONUNDRUM
How industry integration is impacting the security space
Qualys’s Marco Rottigni on the challenges of defending what you can’t see
Why we need to plan for our digital legacy
A DIFFERENT PERSPECTIVE
THE UNUSUAL SUSPECTS
WHY DX NEEDS VISIBILITY DIGITAL AFTERLIFE 20 31
Printed by Al Ghurair Printing and Publishing © Copyright 2019 CPI All rights reserved
INDUSTRY HIGHLIGHT
Women in Cyber Security Middle East celebrates first year anniversary
24
How taking a walk in the shoes of the victim can help create effective security strategies
34
How organisations can thwart insider threats
NEWS
EMIRCOM RECOGNISED UAE NATIONAL CYBERSECURITY STRATEGY AS DELL TECHNOLOGIES PAVES WAY FOR NEW ERA OF CYBER RESILIENCE TITANIUM PARTNER UAE-based Emircom has announced that it has been honoured with the Titanium Partner status by Dell Technologies. According to Dell Technologies, the status is reserved for partners demonstrating exceptional capabilities, expert-level certifications and strong commitment to its portfolio of products and solutions. The Partner Programme enables Emircomto cross-sell and procure products and solutions across the Dell Technologies family of brands. The Titanium tier of the Dell Technologies Partner Programme designates partners that have capabilities and resources with expert-level certifications, making them industry experts in their designated competency. Titanium partners also have the option of embracing and supporting comprehensive solutions in the competencies of products, services and solutions. These partners can deliver complete end-to-end solutions, inclusive of services. Mohamad Abou Zaki, CEO, Emircom, said, “This partnership status is a testimony to our excellent service and unparalleled expertise which customers have grown to prefer and expect from us. In this age when customers are actively adopting and embracing digitisation, we know that they want a partner that is more than an ICT provider and we strive to continue building strong relationships based on this understanding.”
4
JULY-AUGUST 2019
The Telecommunications Regulatory Authority (TRA) has launched the “UAE National Cybersecurity Strategy.” The new strategy aims to create safe and resilient cyber infrastructure in the UAE that enables citizens to fulfill their aspirations and empowers businesses to thrive. Hamad Obaid Al Mansoori, TRA DirectorGeneral, highlighted the need for a national cybersecurity strategy as the UAE is rapidly advance its artificial intelligence, big data, and fourth industrial revolution tracks, driven by the strong momentum generated by a history of leadership and major achievements. “If we want to draw a future perception of the UAE, years from now, we would see the features of the smart city where millions of devices and platforms are connected, producing massive amounts of data, many of which will be at risk of piracy or privacy violation,” the TRA Director-General said.
UAE National Cybersecurity Strategy will be focusing on five key pillars, which include enhancing cybersecurity laws and regulations to address all types of cybercrimes; securing existing and emerging technologies; supporting the protection of SMEs by developing essential cybersecurity standard for SMEs; mandating cybersecurity implementation certification for government suppliers and building one-stop portal for SMEs to enable SMEs to implement the standard.
EMIRATES NBD, DUBAI POLICE TEAM UP TO RAISE CYBERSECURITY AWARENESS Emirates NBD has announced a joint initiative with Dubai Police – the launch of a UAE-wide #secureyouraccount campaign, aimed at raising public awareness and education on cybersecurity. The public service campaign is part of Emirates NBD’s ongoing initiatives to remind customers that the bank would never ask for personal details such as online or mobile banking credentials and password, card PIN or the three-digit CVV number on the back of the card and to remain vigilant about fraudulent emails, links, websites or calls to
protect themselves against potential fraud. The campaign will be supported by public service ads across print, broadcast, outdoor and social media by partners including major local media agencies as well as Facebook. “Cybersecurity is a global threat that demands a collective approach between banks, law enforcement agencies, the media and end users. As the UAE’s leading bank, we are committed to working with stakeholders across the sector to address this critical issue,” said Abdulla Qassem, group chief operating officer, Emirates NBD.
www.tahawultech.com
APPOINTMENTS
GENETEC ANNOUNCES STRATEGIC APPOINTMENTS IN EMEA Genetec, a technology and guide the continued provider of unified growth of the Genetec security, public safety brand in the region while and business intelligence continuing to oversee the solutions has announced company’s global portfolio of a number of strategic strategic technology alliance hires in Europe to support partners. A key player in the the company’s sustained global Genetec Marketing growth in both Europe and Leadership programme, the Middle East. Tannous will work closely Francesco Serra has with the sales organisation (L-R) FRANCESCO SERRA, GEORGES TANNOUS AND JAKUB KOZSAK FROM GENETEC taken on the role of vice to build powerful demand president of Sales for Europe, based in generation, channel engagement, and the Genetec European headquarters in end-user awareness programmes. With over 15 years’ experience in Paris. His extensive background in sales Lastly, security industry veteran, global partner management, and an and sales management will be an asset Jakub Kozsak has also joined Genetec MBA from Western University’s Ivey to the Genetec leadership team as the to become the company’s new regional school of business, Georges Tannous company continues to accelerate its sales manager for East Central Europe. has taken on the new position of growth year after year. In his new role, Having held senior sales position in director of marketing for Europe, Serra will be responsible for driving the the region with Axis communications, Middle East, Turkey and Africa. Also Genetec European sales and channel and L3 Technologies, Kozsak will be based in Paris, Tannous will lead the operations to deliver on the company’s responsible for expanding the company’s company’s EMEA marketing teams ambitious growth plans. footprint in Eastern Europe.
DARKMATTER STRENGTHENS LEADERSHIP TEAM
KARIM SABBAGH, DARKMATTER
DarkMatter Group has announced the appointment of two global leaders to bolster the organisation’s journey in providing smart and safe digital solutions to its clients. According to the firm, effective immediately, Nilesh Patel will serve as EVP of Secure Solutions and Joshua Knight will serve as EVP of Cyber Defense.
www.tahawultech.com
Patel will lead the Secure Solutions practice to deliver the strategic vision for DarkMatter’ secure solutions portfolio. He brings deep domain expertise in software and systems, SaaS, cloud services, cyber security, data-centric platforms and services, managed services, IoT and 5G network security. Meanwhile, Knight will lead the Cyber Defense practice to deliver the strategic vision for enabling organisations to achieve their goal of cyber secure resilient posture. He brings deep domain expertise in cyber security, governance risk and compliance, identity management, and next generation services including mobile, cloud and analytics. Karim Sabbagh, CEO of DarkMatter
Group, said, “It is the cornerstone of our organisation to embrace and develop the best talent pools that convey the required breadth of proficiencies in order to instill growth and help deliver essential value to clients. Both Patel and Knight have developed their strategic and organisational expertise over the course of many years with leading technology companies. With the appointment of two global leaders in their fields, we continue to strengthen the DarkMatter senior team and we reaffirm our steadfast commitment for providing comprehensive insights and executions that fulfil our mission of smart and safe digital. We are excited to welcome into our global community, Nilesh and Joshua.”
JULY-AUGUST 2019
5
INDUSTRY HIGHLIGHT | WICSME
PUSHING FOR PROGRESS
I
t is undeniable that there is currently a dramatic gender imbalance spanning multiple industries across the globe and the IT security sector is no different. According to Cybersecurity Ventures, there will be up to 3.5 million unfilled security jobs by 2021. Meanwhile, women only make up 11 percent of the global cybersecurity workforce. However, slowly but surely, the landscape is changing and initiatives promoting diversity in the workforce are on the rise. A number of women in cybersecurity groups are also being established in various parts of the world to accelerate awareness about gender inclusion in the industry as well as empower women to seize the opportunities available. In the region, a group of female cybersecurity leaders from the UAE, Saudi Arabia, Kuwait and Egypt have established the Women in Cyber Security Middle East (WiCSME). The group, which was created in April last year, seeks to motivate and encourage women to continue their interest in the IT security field. It also aims to help organisations understand how to attract and retain women into their cyber teams. To date, WiCSME has grown to more than 400 members. It hosts activities such as monthly talk series with top industry speakers as well as online technical skills development sessions. Both programmes are conducted online where members join via video conference and can interact with the speakers. Among the top speakers that WiCSME featured in its talk series are Mary Jo de Leeuw, one of the 50 most influential women in Information Security (Netherlands), and Magda Chelly a cyberfeminist from Singapore. For members who are not able to attend
6
JULY/AUGUST 2019
the live online sessions, the recorded video is published in the WiCSME’s official LinkedIn (#WiCSME) group’s account. The Group has also official accounts on various social media such as twitter (@WiCSME), YouTube Channel (Women in Cyber Security Middle East Channel), where they interact actively through sharing posts and news related to cybersecurity. A number of technology and information security conferences are inviting WiCSME to speak as a way of creating awareness about the group, to motivate and encourage women to continue their interest in this field and not be discouraged, and for organizations to understand how to attract and retain women into their cyber teams. “There is a big skills gap in the cybersecurity industry and most of the untapped skilled resources are women. Starting the WiCSME is an opportunity to create awareness that women are as capable as men when it comes to this field. Recently a number of technology conferences have included topics focused on gender diversity and whenever our members get invited to speak or present during one these conferences they make sure to mention our group’s initiatives. We feel a sense of accomplishment when some of the attendees approach us
either to share how they enhanced gender diversity in their security teams. It also gives us the chance to connect them with some of our members who may be looking for better opportunity,” said Irene Corpuz, one of the founding leaders of WiCSME, and manager at a Federal Higher Education entity. On events and conferences, both the leaders and members are actively participating either as speaker or panelists. Most interesting is the CTF (Capture the Flag) events most specially led by Abeer Khedr (Egypt). Moreover, WiCSME has initiated its global collaboration and co-operation with other women in cyber groups during RSA Conference 2019 hosted in San Francisco, an initiative led by co-founder Dr. Reem Al-Shammari. In collaboration with Global Women in Cyber Security groups, Initiatives were put into action and more are planned down the pipeline. WiCSME celebrated its first-year anniversary in May where it hosted a networking event in Dubai, which was attended by over 50 male and female cybersecurity players. As part of its anniversary WiCSME introduced its 20192020 Action plans for the group and its members. Country affiliate groups have also been organised to lead the WiCSME members in their respective countries.
www.tahawultech.com
FEATURE
STRENGTH IN UNITY DURING THE RECENTLY HELD INTERCHANGE UNPLUGGED CONFERENCE IN DUBAI, TOP EXECUTIVES FROM IVANTI SAT DOWN WITH SECURITY ADVISOR ME TO DISCUSS THE FIRM’S RECENT MILESTONES AND THE BENEFITS OF UNIFIED IT.
8
JULY/AUGUST 2019
www.tahawultech.com
Why is Interchange Unplugged an important platform for Ivanti here in the region? Husni Hammoud, general manager, Middle East (HM): This is the first time that Interchange Unplugged took place in Dubai and I must say that we are very happy with how it turned out. We’ve received very positive feedback from both our customers and partners who participated. Interchange Unplugged is a great opportunity for us to highlight the company’s recent milestones. It is also a good occasion for us to communicate our latest business updates, upcoming innovations and new channel enablement activities. Moreover, it is the perfect platform for us to showcase our commitment to our customers and partners here in the region. We want to show them how we can be a catalyst for digital transformation in the market. How does Ivanti plan to continue its growth in the region? Nigel Seddon, vice president for Northern Europe and MEA (NS): We have experienced a very positive past
few years and have achieved between 300 to 400 percent business growth. We will continue to invest in developing our on-ground team’s capabilities as well as in onboarding more people here in the region. Another big focus for us is reaching
and penetrating new markets. We see a lot of opportunities in countries such as Saudi Arabia and Qatar, and we have plans to expand our presence in those countries. Over the past couple of years, Ivanti’s partner community has doubled. As
Husni Hammoud
“WE WANT TO SHOW THEM HOW WE CAN BE A CATALYST FOR DIGITAL TRANSFORMATION IN THE MARKET.”
Nigel Seddon
“WE HAVE EXPERIENCED A VERY POSITIVE PAST FEW YEARS AND HAVE ACHIEVED BETWEEN 300 TO 400 PERCENT BUSINESS GROWTH.”
www.tahawultech.com
JULY/AUGUST 2019
9
FEATURE
Samer Hani
a result, we now have a bigger sales team, which allowed us to acquire more customers. This is another aspect that we want to continue to develop. How have demands for unified IT solutions evolved over the years? Andrew Brickell, director for UK, Ireland and the Middle East (AB): In the past, IT systems were very
Andrew Brickell
10
JULY/AUGUST 2019
siloed. Different departments within organisations were struggling with multiple operational technologies that do not work well together. Today, as organisations seek more visibility into their networks, they are looking for increased consolidation and unification of their IT systems across various segments from operations, cybersecurity, asset management and more. This unification of IT enables them to get a better idea of what critical assets they have, what risks or vulnerabilities they need to prioritise and how they can improve user experiences. NS: As today’s workforce are becoming more mobile, organisations are seeing the change in their environments. Therefore, they are increasing their focus on enhancing the user experience within their organisations. That’s where they see great value in what Ivanti can offer in terms of unifying their systems and streamlining their operations. Unification is at the core of our business. Ivanti came into the market two years ago as a result of the amalgamation of multiple companies with the goal to offer the market integrated solutions that help IT organisations balance rapidly-evolving user requirements. Are organisations in the Middle East region on-track when it comes to leveraging unified IT solutions? Samer Hani, regional sales director, Middle East (SH): Definitely, regional organisations here in the region are quick to adopt technology and have made significant investments into their infrastructures. However, what we found is that many regional customers are on the lookout for client management tools. The unified IT
approach is more focused on enabling our customers to transform business tasks, make them more efficient, and improve the entire organisation’s operational excellence. Any final message for your customers here in the region? SH: Customers hesitate to invest in unified IT due to budget constraints. But what they need to realise is that the will be investing in a futureproof model. If you buy one of our solutions today, for example, our Endpoint Manager, you can use that as a foundation for adding patch management and application control then link them to your ITSM and so on. So, the benefits don’t stop at the first investment they make. They can build on it as their IT requirements grow. AB: At Ivanti, we have a programme called “Customer for Life.” Whether a customer started with us by purchasing an ITSM tool or security solution they have the option to grow and build on their investments. We aim to continuously support them throughout that process, hence, they become customers for life. HM: Ivanti’s philosophy has always been focused on enabling our customers’ success. That’s why when we build our solutions, we always keep in mind how our customers can leverage our solutions to achieve business efficiency and IT success. In addition, we want to be the drivers in helping them adopt new technologies such as artificial intelligence and machine learning. NS: There are three key messages that I want to highlight – Ivanti empowers organisations to discover, provide insight and take action. These three aspects sum up everything that we do.
www.tahawultech.com
WHERE THE FUTURE OF BUSINESS AND TECHNOLOGY MEET
10th September 2019 | Jumeirah Emirates Towers, Dubai 8.30AM -1.30PM (Networking Lunch provided) Complimentary Event for the IT Industry
ABHIJIT MAHADIK
Director - Cyber Security Business UAE & KSA, Raqmiyat LLC
JALEEL B RAHIMAN
IT Director, Prime Healthcare Group
KAISER H. NASEEM
Advisor, MENA Fintech Association
SACHIN CHANDNA
Head of Customer Lifecycle Management & Digital Marketing, Emirates NBD
Evolve Digital Transformation Forum, scheduled to take place on the 10th September at Jumeirah Emirates Towers Dubai, will address the exciting merger of business with the future of technology, where it’s going and how it can help you. It will help you discover how technology innovation can drive your business transformation and unlock new business opportunities.
ENG. SARA ABDELWAHAB OSMAN
Internal Auditor and Network Engineer, Abu Dhabi Police GHQ
SUNIL VARKEY
CTO & Strategist – Emerging Region, Symantec
DIGITAL TRANSFORMATION PARTNER
Join more than 150 business and IT decision makers from the public and private sectors, who will share their journey on implementing strong cyber security strategies, adopting new technologies that effectively manage and process data and offer real examples of AI implementation including challenges and successes.
DIGITAL INNOVATION PARTNER
STRATEGIC VAD PARTNER
Panel Topics at this year’s event include: • Examining the Transformative Power of AI • Driving Better Business Insights with Big Data and Analytics • Making Cyber Security Risks your Business Confirmed Speakers included so far: • Abhijit Mahadik - Director - Cyber Security Business, UAE & KSA, Raqmiyat LLC • Jaleel B Rahiman - IT Director, Prime Healthcare Group • Kaiser H. Naseem - Advisor, MENA Fintech Association • Sachin Chandna - Head of Customer Lifecycle Management & Digital Marketing, Emirates NBD • Eng. Sara Abdelwahab Osman - Internal Auditor and Network Engineer, Abu Dhabi Police GHQ • Sunil Varkey - CTO & Strategist – Emerging Region, Symantec • Tatiana F. Labaki - E25 Partner – Strategic Projects, Emaar Properties PJSC • Stay tuned, more speakers to come!
TATIANA F. LABAKI
E25 Partner – Strategic Projects, Emaar Properties PJSC
GOLD PARTNERS
SILVER PARTNER
HOSTED BY
OFFICIAL PUBLICATION
ORGANISER
https://www.tahawultech.com/evolve-forum/2019/
#evolveforum
REGISTER NOW
INTERVIEW
THE TALENT CRUNCH SUNIL VARKEY, CTO AND STRATEGIST, EMERGING REGION, SYMANTEC, SHEDS LIGHT ON HOW THE CURRENT SKILLS GAP IS TAKING ITS TOLL ON SECURITY.
W
Sunil Varkey, Symantec
hat do you think are the primary factors contributing to the skills shortage in the IT security industry? The skills shortage is a systemic, complex issue with a lot of contributing factors. I think a lot of people underestimate just how exciting a career in cybersecurity can be. Symantec’s
“OVERALL, WE MUST LEAVE ‘NO STONE UNTURNED’ IN ADDRESSING THE SKILLS GAP. IT’S A COMPLEX, CHRONIC ISSUE WHICH WILL TAKE YEARS TO RESOLVE.” 12
JULY-AUGUST 2019
2019 High Alert research of 3,000 security leaders across Europe, found that 92 percent are fully immersed in their work, even when it’s stressful. However, while the job is thrilling, cybersecurity professionals operate in an extremely dynamic industry. The fast pace of evolution of the security landscape, in addition to the shortage of talent, means current security professionals have even less time to focus on their own skills development. Firms can also underappreciate the value of cybersecurity experts, and the salaries required to attract this talent – it’s not the same as for general enterprise IT professionals. How has the current cyber skills shortage impacted today’s threat
www.tahawultech.com
landscape? What kind of strain does it bring enterprises? Ultimately, if your people are feeling strained, then your enterprise security efforts are being strained. Our latest study also demonstrated the extent of the pressure cybersecurity staff are feeling. It found that 65 percent of surveyed professionals feel they’re being set up to fail. 64 percent also think about quitting their job and 63 percent are considering quitting the cybersecurity industry altogether. The study also revealed that 86 percent of professionals say mounting regulation is increasing the pressure on security teams. In addition, 82 percent cited that they have too many threat alerts to deal with and securing too much data, in too many places, is making their roles more stressful. While these are European figures, I believe they reflect the same challenges we face in the Middle East, and every single one of these problems is exacerbated by the skills and talent shortage. What’s even worse is that the strain is clearly impacting security teams’ performance. The High Alert research, which covered the UK, France & Germany, also showed 77 percent find themselves rushing when assessing a threat. On top of this, 69 percent report feeling responsible for a cyber security incident that could have been avoided. This makes an already challenging threat landscape even more dangerous. It also makes retaining talent much harder. That said, we can’t lay this all at the feet of the skills shortage, many other factors are raising the pressure too, such as the growing amounts of regulation, technological complexity, as well as increasingly skilled and wellresourced hackers. How can security players today help address the skills gap issue? We must continue building a case for
www.tahawultech.com
the attractiveness of integrated cyber our industry, and defense platform - by work to share correlating, crossknowledge and, checking and in many cases, prioritising data the advanced across multiple cyber security security facilities at products - can OF SECURITY PROFESSIONALS our disposal. reduce the SAY MOUNTING REGULATION IS Whether that’s volume of alerts INCREASING THE PRESSURE giving lectures and highlight ON SECURITY TEAMS at universities or those that really offering interested matter. Second, in candidates the chance addition to reducing to tour security facilities. analysts’ workload around The industry, as a whole, needs alerts, it can automate reporting to commit to working more closely with and compliance. This relieves a wider range of organizations, which mundane manual administrative tasks, means going beyond just educational enabling time-pressed cyber security institutions. We need a bigger, but a professionals to focus on higher value more diverse, workforce, so we need activities. to cast a wider net. Women are still Modern integrated cyber defense under-represented, and we could do platforms, machine learning and AI more to attract people embarking on a can change the game entirely. These second career. Psychologists, teachers, technologies free up time for cyber trainers and HR professionals, these security professionals to focus more are backgrounds which can offer on skills development, while also immense value, because analyzing and making them more capable and less understanding human behavior, and stressed. All of which makes the job communicating well internally are so more enjoyable – always a good thing essential for organizational security. A for staff retention. successful career in cybersecurity does What cybersecurity roles will be the not have to be a technical role. most in-demand in the region from Overall, we must leave ‘no stone 2019 onwards? unturned’ in addressing the skills gap. It’s a complex, chronic issue which will Predicting anything in our industry is take years to resolve. So, any technology a tough ask, due to the speed at which job roles and requirements can change. which can provide an edge in the shorter Based on what we’re seeing now term should be welcomed too, while the benefits of longer-term initiatives take though, some of the most in-demand time to pay off. jobs for the year ahead will be Network Security Engineers, Cyber Security Are automation, artificial intelligence Analysts, Security Architects, Cyber (AI) and machine learning Security Managers and of course Chief technologies the key to closing the Information Security Officers. cyber skills gap? As we work to tackle the critical skills As far as automation is concerned, it gap, we must be as collaborative and can help address the security skills resourceful as attackers are, with regard gap on two levels. First, a modern to our technology and talent strategies.
86%
JULY-AUGUST 2019
13
COVER FEATURE
14
JULY/AUGUST 2019
www.tahawultech.com
DYNAMIC DEFENCE
IN AN EXCLUSIVE INTERVIEW, SECURITY ADVISOR ME SAT DOWN WITH BITDEFENDER’S RECENTLY APPOINTED REGIONAL DIRECTOR FOR THE MIDDLE EAST, TAREK KUZBARI TO DISCUSS HIS VISION FOR THE REGION AND WHAT HE THINKS WILL BE THE FUTURE OF THE SECURITY LANDSCAPE.
G
ive an overview of Bitdefender’s operations and its vision for the region. Bitdefender has been in the cybersecurity business for the past 19 years. We have a presence across European markets as well as other international offices.
“UNFORTUNATELY, THERE IS NO ‘FUTUREPROOF’ CYBERSECURITY SOLUTION. THE REALITY IS, WE NEED TO BE CONTINUOUSLY DEVELOPING, EVOLVING AND INNOVATING TO BE AT LEAST ONE STEP AHEAD OF THE CYBERCRIMINAL.” www.tahawultech.com
As for our Middle East operations, we are based here in Dubai where we cover countries in the GCC and Levant regions. We have been doing business in the region for almost 10 years now. Over that period, our operations have evolved through different phases from providing cybersecurity solutions and expertise to consumer clients to small and medium businesses and now the enterprise segment. Previously, a big focus of Bitdefender’s business has been endpoint protection – everything from encryption, patch management, traditional and nextgen anti-virus, and endpoint detection and response. Today, we now also have a variety of network security offerings solutions including Network Traffic Security Analytics, on-prem sandboxing, threat intelligence solutions and many more. Having recently taken on the reins of Bitdefender’s regional business, what is the primary focus of your role? I will be focusing on growing our enterprise business here in the Middle East. My aim is to ensure that our onground teams are well-equipped with the capabilities to deliver our enterprise solutions to the market. The key verticals
that our enterprise segment will centre on include the government, finance, telco, manufacturing and healthcare sectors. Our ultimate goal has always been to develop a premium cybersecurity solution in the market. To date, we have over 150 technology partners that use our products including FireEye, Fidelis and Ivanti among others. These organisations licence a portion of our technology and integrate them with some of their offerings. In addition, with a 100 percent channel-driven go-to-market strategy in the region, a key focus of my role will be leading efforts around expanding Bitdefender’s channel ecosystem. The cybersecurity industry is constantly evolving especially as organisations seek to stay ahead of the bad guys. How do you think have attitudes and views around security evolved over the last couple of years? So, there are different aspects to that. Firstly, there is the philosophy of cybersecurity. In the past, we typically see cybersecurity leaders and business decision-makers acquiring the latest tools hoping there will be no security issues once they implement them within the organisation. This was the approach in
JULY/AUGUST 2019
15
COVER FEATURE
the past. Deploy security technologies for your endpoints, implement firewalls and just wait and see. However, over time this has evolved as security teams adopt the assumption-ofbreach security model. The assumption of a breach encourages organisations to take a proactive approach to security. They need to assume that there is already someone in their network and the job of the cybersecurity team is to look for clues, identify vulnerabilities and close those gaps or address the problems that cybercriminals may have caused upon penetrating the company’s IT systems. The emergence of new technologies around machine learning, big data and cloud have also impacted the industry. These technologies are now being leveraged by cybersecurity vendors to enhance their solutions. As cybersecurity increasingly becomes embedded into the latest technologies, how are you innovating to keep your offerings future-proof? Unfortunately, there is no ‘future-proof’ cybersecurity solution. The reality is, we need to be continuously developing, evolving and innovating to be at least one step ahead of the cybercriminal. This is why we’re continuously evolving our solutions. We believe that ensuring end-users can adopt a holistic solution stack of security tools is a vital step in helping them stay secure. That’s why we’re continuously working towards the seamless integration of our products with other security tools in the market. Moreover, increased collaboration within the industry provides end-users with the opportunity to access top security tools and manage everything in a single console.
16
JULY/AUGUST 2019
The growing sophistication of cyberattacks are causing a lot of strain to today’s security teams, what do you think are the most critical steps they need to take to ensure that their incident response strategies are effective? It’s a combination of having the right people, processes and tools. Firstly, there should be ample awareness and training within the workplace in terms of responding to security incidents. Secondly, the right processes should be set in place to ensure that accurate data is collected to enable security teams make correct assessments and decisions. Finally, tools or technologies. There is no one-size-fits-all when it comes to buying security tools, therefore, it is vital for an organisation to ensure that they evaluate their security postures before making a purchase.
When it comes to threat detection and response, understanding network behaviour is essential. Can you please explain how Network Traffic Analytics enhances security? Network traffic analytics (NTA), originally coined by Gartner, is as old as the invention of networking itself. It involves the process of intercepting, recording and analysing network traffic patterns to detect and respond to security threats. However, NTA has now evolved to a completely different level with the integration of machine learning, artificial intelligence (AI) and behavioural analytics technologies as well as threat intelligence. Combining these elements with NTA enables security teams to gain better visibility on their networks. This provides them with the capability to monitor any device within the network and see what kind of traffic is going in and out from various endpoints.
www.tahawultech.com
“ULTIMATELY, WHILE WE MAY SEE A LOT OF CHALLENGES IN THE THREAT LANDSCAPE, WE CAN ALSO EXPECT NEW OPPORTUNITIES FOR INNOVATION.” discussions needed within the industry regarding the quality, reliability, and innovations around this technology.
NTA also allows them to conduct tailed analyses on the different types of threats in their network, which gives them the right data to prioritise risks. For example, our solution – the Bitdefender Network Traffic Security Analytics (NTSA) – relies on semisupervised machine learning to provide real-time and accurate threat detection. It identifies key patterns and trends in live data flows without the need for human input. Instead of fully relying on the knowledge of specific past threats, it independently classifies data and detects patterns. It then uses an algorithm using machine learning to reduce false positives and generate more accurate insights for the cybersecurity teams. NTSA also allows security teams to prioritise the risks and alerts, thereby saving time and resources. I believe that NTA will be the next big thing in the cybersecurity space. There is a significant growth value for this segment. However, there are still a lot of
www.tahawultech.com
What are Bitdefender’s initiatives in terms of helping organisations realise the potential of NTA technologies? We offer our customer free Proof-of-Value (POV) where we showcase the value of our product by implementing the solution within their networks, so they can have the first-hand experience of its benefits. We believe this is the most effective way of communicating the value of this product. Since it’s a relatively new product, most people don’t have the right perception of what it is and how it works. Some people believe it’s a replacement to firewalls and others think it’s an alternative to Intrusion Detection Systems (IDS). But, in fact, it’s more of a complementary solution for both as it’s aimed at providing visibility on the blind spots within the network. What can the market expect from Bitdefender this year? This year we will focus on three key pillars – customer awareness, channel expansion and brand recognition. For customer awareness, we want to put a focus on educating our customers with our capabilities and the different products and technologies that we offer. We want to effectively communicate how our solutions can add value to their business. On the channel side, we are looking to recruit more specialised partners in the cybersecurity, managed services and managed security services fields. We plan
to invest more in supporting our channel partners through enablement initiatives, lead generation and marketing activities. Finally, we will also be focusing on brand recognition. We have an aggressive strategy to increase awareness about Bitdefender across various markets in the region. A big part of which is taking part in roadshows with our partners as well as in top industry events such as GITEX. And as a final message, what do you think will be the future of the cybersecurity industry? I think from a threat perspective the landscape will grow in complexity. The number of attacks will continue to increase in volume and sophistication as the bad guys optimise the same advanced technologies – AI and machine learning – that security players adopt. I think that will make security more challenging. So, we all have to be prepared for that. The good news is we can expect a lot of innovations from the security market’s side. Many new startups are appearing and are coming up with new solutions to address today’s emerging security challenges. In addition, many established vendors are also introducing new outof-the-box innovations. It’s a dynamic market with growing segments. People still consider it among the top three priorities when it comes to technology spending. Ultimately, while we may see a lot of challenges in the threat landscape, we can also expect new opportunities for innovation.
JULY/AUGUST 2019
17
INTERVIEW
THE BIG PICTURE SAM OLYAEI, SENIOR PRINCIPAL ANALYST AND CONFERENCE CHAIR, GARTNER, DISCUSSES HOW SECURITY AND RISK STRATEGIES HAVE EVOLVED IN THE DIGITAL AGE.
Sam Olayei, Gartner
18
JULY-AUGUST 2019
H
ow is the security landscape different today as compared to two years ago? Today, we are seeing increase complexity in the security landscape. This is because there are currently more tools, threats and cyber-attacks in the market. In addition, there is now much more malice in the attack landscape. Years ago, hacking was more about learning but now it has been weaponised for political and financial gains. New and different kinds of attacks have been emerging since late 2017. We’re seeing more financially motivated attacks and a big uptick in damaging ransomware. In terms of changes in the landscape, the transition to cloud continues, bringing new opportunities as well as challenges. While this evolution has made a significant impact in the Middle East, many business leaders have been hesitant
www.tahawultech.com
to adopt a cloud first strategy due to privacy and security concerns. Over time, resistance to cloud adoption has diminished especially with the opening of multiple data centres by the Tier 1 CSPs, but cloud security remains a big concern due to visibility issues. Another issue that security leaders need to keep an eye on is the skills shortage. Business and IT leaders need to work on strategies to bridge the talent gaps within the organisation. CISOs will need to be proactive in that area through training, development, taking advantage of gamification and alternative means to upskilling their function. C-level executives, especially those who are handling security and risk management roles, have also become more involved in developing cyber defence strategies. This is primarily due to increased regulations, which stipulate that business leaders should be held liable for cyber incidents. Lastly, the topic of privacy is one that continues to ignite strong debates within the public and private sectors. The introduction of GDPR has opened the region up to scrutiny, unlike seen before, and more governments are starting to adopt data protection laws that seek to protect consumer information and other personally identifiable information. The GCC has unique complications due to the geographic and political landscape of the region, but ultimately it is no different. In the UAE, the government
has introduced plans to have a data protection law by the end of 2020, and soon the Kingdom of Saudi Arabia will follow, while Bahrain has had a formal data protection law in place for a number of years now. Why do you think organisations remain vulnerable to cyber threats despite the emergence of advanced security technologies? Security needs to be more focused on business problems and be part of the conversation earlier in the strategic planning process. Security teams are often still playing catch up, working to solve yesterday’s problems instead of laying the groundwork to secure the next digital initiative while it’s still in the planning stages. In the digital age, security is everybody’s responsibility. Security and risk need to be integrated into the fabric of the enterprise. It’s not about being an alarmist or putting the brakes on innovation, but about improving communication between the business and security and risk leaders. It’s also about shifting the organisational culture to make security and risk core values. How have risk management strategies evolved? As organisations embrace digital technologies, they become exposed to all kinds of risks inherent to the endeavour. Hence, we are seeing people’s perspective on risk is broadening. In the
“IN THE DIGITAL AGE, SECURITY IS EVERYBODY’S RESPONSIBILITY. SECURITY AND RISK NEED TO BE INTEGRATED INTO THE FABRIC OF THE ENTERPRISE.” www.tahawultech.com
You can get a comprehensive update on security and risk strategies, tactics and technologies at Gartner Security & Risk Management Summit 2019, October 28 – 29 in Dubai, UAE. Gartner will present its latest independent research and bias-free recommendations to help businesses accelerate progress on all their security and risk initiatives and enable a more secure and resilient digital future.
past, we used to view various risks in silos – technology risk, compliance risk, audit risk and operational risk. Today, we’re seeing a desire on the part of business leaders to take a more holistic approach to risk management. The idea is to clearly and defensively connect the risk elements to business challenges and do so in a practical way. Many organisations should eye greater business resilience along with business continuity. They need to focus on developing strategies that will enable them to bounce back from a cyber incident rather than simply recovering from a disruption. How can security and risk teams keep up with emerging technologies and digital business transformation? It comes down to embedding security and risk awareness into the organizational culture. Today, speed and agility are critical. Organisations need to take a holistic approach to security and risk to be more adaptable and able to seize new opportunities. Business leaders need a mandate, a strategy, a governance program, an architecture of technologies, a catalog of formalised processes, and the right skillsets to be able to stay ahead of the curve when it comes to digital transformation. JULY-AUGUST 2019
19
INSIGHT
WHY DIGITAL TRANSFORMATION CALLS FOR INCREASED VISIBILITY
S
Marco Rottigni, Chief Technical Security Officer EMEA, Qualys
20
JULY/AUGUST 2019
ometimes it is difficult to see everything that affects us. Getting philosophical for a moment, you cannot see what you do not know about, like colour blindness affecting the ability for people to see red and green. For those of us in IT security, this inability to see everything can lead to unnecessary risks and challenges. In other words, you cannot defend what you can’t see. Visibility across IT is a challenge today. New digital transformation initiatives have delivered vital competitive advantages for the companies involved, but these new projects have made it difficult to track what is taking place across IT. Rather than being able to maintain accurate lists of assets over time, IT teams today can find it difficult to keep up with all the changing parts that make up applications.
How does digital transformation affect the practicalities of IT? Digital transformation involves developing completely new business models based on technology and leads to a huge amount of change in how IT teams work to support the scale, speed and ephemeral nature of underlying IT, particularly when cloud applications or third-party services are involved. Rather than being centralised and easier to manage, the range of IT assets to track has gone up considerably, and the number of different infrastructure locations or platforms used has risen too. This has a big impact on security, which relies on visibility of assets to manage and reduce risk. IT teams now need to have a constant stream of updates around all the changes and fluctuations taking place, and consolidate that information in one central location. The resulting singlepane visibility provides a foundation for other processes that can harmonise IT,
www.tahawultech.com
“WE AIM TO GROW OUR PORTFOLIO AND LOOK FOR VENDORS WHO HAVE NICHE OFFERINGS THAT WILL NOT ONLY COMPLEMENT OUR EXISTING PARTNERS BUT ALSO FURTHER ADD VALUE TO OUR OFFERINGS.“ centres and through to new applications based on cloud. The ability to collect this data allows security teams to understand it in context —normalising and simplifying it so that it delivers the right level of visibility.
Security and Compliance teams across the organisation. As digital transformation efforts take place, IT has to keep up with the basics as well. Taking a practical approach to keeping up with change To keep up with digital transformation, you have to maintain constant insight into what is changing across IT. This insight must be accurate, up to date and provide useful information on risk. Without this data, you will forever be in catch-up mode, making it extremely difficult to impossible to manage security over time. To get this insight, you need a continuous stream of data, so you can track what is taking place across these ephemeral assets in the moment and over time. In order to get that data, you must have sensors within each infrastructure component on every platform that the IT team uses – from endpoints and devices, through to internal applications deployed in data
www.tahawultech.com
Planning ahead on data Now you have this data, what can you use it for? It can power more proactive planning around security issues as they develop. This helps you deliver new processes and ways of ensuring security that can keep pace with digital service delivery. Finding vulnerabilities in digital platforms can be challenging without an up to date IT asset list and data coming in from each asset. Similarly, the sheer volume of vulnerabilities can make it difficult to manage. In this case, you have to weigh the potential impact of any new vulnerabilities up across different devices and device types so that you can prioritise those that represent the biggest risks. This approach of prioritisation, asset building in a centralised place and connecting assets to vulnerability can also easily help you spot other security issues such as applications that have reached their End of Life and won’t receive new security patches and potentially unwanted applications (PUA). To build on this, you can also use this data to manage relationships with stakeholders across the business, from other IT teams and senior business leaders. The role of IT as the facilitator has become more important as digital transformation work has grown. Firstly, the level of investment in digital has made these projects more valuable and more visible to the business; secondly, the amount of interest around security
issues is higher than it has ever been, due to the number of data breaches and increased compliance legislation that has been brought in. By getting data on issues early and communicating on potential risks – or by flagging where issues in the news don’t have an impact – you can help management teams understand what is going on and how risks are handled. The important thing is to make this visibility consumable and actionable, starting from a high-level dashboard and drilling down in a couple of clicks to the specific information needed to support actions within specific teams. Digital transformation requires security transformation The investment in digital transformation projects is not slowing. If anything, traditional companies are spending more to get up to speed alongside new market entrants. This has led to new applications being developed and cloud-based infrastructure expanding rapidly. The move to digital requires a new approach to security that can keep up with these developments. It demands more visibility, greater automation and more understanding. As digital transformation makes businesses more responsive to customer demands, so security has to follow this same approach, responding faster to changes and ensuring that the right steps are taken to fix issues. This involves more collaboration across teams, across processes and should be based on common data to allow for more objective decisions. Digital transformation involves meeting needs faster and the continuous security and data-driven approach to IT security which also embraces automation will help IT support this goal.
JULY/AUGUST 2019
21
INSIGHT
SIX STEPS TO ACHIEVE PRIVACY COMPLIANCE GOALS
P
rivacy is a relatively subjective term in corporate environments. For most companies, contemporary privacy compliance rests squarely on the shoulders of the IT department, as other departments consider privacy to be a technology issue. But, let’s be practical; how can one department single-handedly manage the privacy compliance of an entire company? While addressing the plethora of data protection laws worldwide, as well as specific regulations like the General Data Protection Regulation (GDPR), there are many opportunities for IT teams to get lost. Adhering to privacy regulations is no longer a marketing hook; it’s a serious obligation, and companies can’t afford to have the “it-can’t-happen-here” approach anymore. If you work for a tech company, here are six steps you can take to achieve privacy compliance. Strict privacy settings by default Any action that involves the processing of consumers’ personal data must be handled with privacy in mind, and companies should enable the strictest privacy settings by default. For example, by removing the tracking code on websites and applications, you can achieve the highest level of compliance. Although tracking codes are useful for marketing and product development teams’ decisionmaking, you should remove them. Also, sharing customers’ behaviour patterns with Google Analytics, Crazy Egg, Hotjar or others without customers’ consent invites unwanted trouble for your company. Department-level DPOs With new regulations, such as the GDPR, it’s vital to have a data protection officer
22
JULY/AUGUST 2019
Chandramouli Dorai, Marketing Analyst, ManageEngine
(DPO). That said, appointing one DPO for the whole company won’t help you completely achieve your compliance goals. In our case, we decided to appoint individual DPOs for every department, with one centralised DPO for the entire company. This helped us understand the various privacy-related use cases of each team, as well as how to address these use cases according to our compliance standards—all under one common framework. Risk-driven development Emerging research and development are the lifelines of every technology company. However, by using data mining and AI techniques to analyse user behaviour, tech companies’ privacy concerns are exacerbated. In our case, we began adopting a risk-driven model to our R&D, which helped us identify and mitigate pressing privacy risks well before we rolled out anything into production. This model allowed our developers to
prioritize risks, apply the right mitigation techniques, and save a lot of time. Using the right language When it comes to privacy compliance, there’s a lot of jargon used across various departments. To tackle this situation, we decided to translate all commonly used privacy terms into plain English. Also, we began awarding privacy points to teams for achieving internal compliance goals, which they can redeem as cash, and deducting points whenever there was a violation. This helped our employees use the right terms, understand things quick and easy, and solve privacy issues together. Automate privacy controls Knowingly or unknowingly, employees end up breaching privacy policies; for example, leaving papers with customer data in a printer tray, loosely sharing customer information on internal forums, and sharing event participants’ details with other internal teams. To combat this, our company built intelligent bots into our internal chat service, Cliq, which helped us quickly identify privacy violations. Now, if an employee tries to share information that appears to contain personal data, such as phone numbers and email addresses, a bot automatically pops up awnd warns the user not to share personally identifiable information. By building such automated intelligent controls, we helped our employees learn privacy rules contextually. Maintain an activity register It’s important to document who handles which tasks in order to monitor who is accountable; this can be done using a responsibility assignment matrix (RACI). By using RACI matrices at the department level, we were able to significantly improve the overall success rate of our compliance programs. As an example, our developers listed their top 20 routine tasks in an internal RACI matrix document. If there were any deviations from their respective routines, privacy teams would reach out to the relevant developer as quickly as possible.
www.tahawultech.com
10th September 2019 Jumeirah Emirates Towers, Dubai, UAE
#FutureSecurityAwards
facebook.com/ tahawultech
twitter.com/ tahawultech
linkedin.com/in/ tahawultech
instagram.com/ tahawultech
https://tahawultech.com/futuresecurityawards/2019/ For sponsorship enquiries Natasha Pendleton Publishing Director natasha.pendleton@cpimediagroup.com +971 4 440 9139 +971 56 787 4778
Kausar Syed Group Sales Director kausar.syed@cpimediagroup.com +971 4 440 9130 +971 50 758 6672
Sabita Miranda Senior Sales Manager sabita.miranda@cpimediagroup.com +971 4 440 9147 +971 507782771
Youssef Hariz Business Development Manager youssef.hariz@cpimediagroup.com +971 4 440 9111 +971 56 665 8683
GOLD SPONSOR
HOSTED BY
OFFICIAL PUBLICATION
ORGANISER
INSIGHT
VICTIMOLOGY: IN THE SHOES OF A CYBERSECURITY ANALYST STEVE RIVERS, INTERNATIONAL TECHNICAL DIRECTOR, THREATQUOTIENT, DISCUSSES WHY INVESTIGATING A CYBER-ATTACK FROM THE PERSPECTIVE OF THE VICTIM CAN HELP PROVIDE EFFECTIVE INFORMATION IN BUILDING A CYBERSECURITY PLAN.
A
recent report from the government showed that 32 percent of businesses identified a cyber security attack in the last 12 months, and one of the most common attacks is spear-phishing - which involves sending targeted sophisticated emails to fool the victims. When a threat arises, the security team role is to investigate and determine the reality of an attack and its severity. This investigation makes it possible to set up a plan to defeat the offensive and, generally, better protect against certain type of attacks.
24
JULY-AUGUST 2019
One of the ways to investigate when a situation such as this happens is called victimology. This process allows security teams to quickly determine if they are dealing with a targeted offensive against businesses or traditional phishing. To explore this type of investigation, we’ll take the example of a protection system indicating in its alerts that it has blocked six spear-phishing attacks from the same sender, over a period of 45 days. Victimology: identifying the motives and target of the attack The first step is to understand who these e-mails were targeted at. As the head of
the investigation does not necessarily know all the company’s employees, their identities – including their title, position, manager’s name, geographical location, etc - should be imported in a Threat Intelligence Platform (TIP). There are several ways to build this list; they range from simple export from Active Directory to script that automatically inject data into the TIP via an Application Programming Interface (API), using standard software fields like PeopleSoft. With this set of data, it becomes easier to spot the similarities between the recipients of this spear-phishing campaign. An example would be they
www.tahawultech.com
“VICTIMOLOGY ALLOWS SECURITY TEAMS TO QUICKLY DETERMINE IF THEY ARE DEALING WITH A TARGETED OFFENSIVE AGAINST BUSINESSES OR TRADITIONAL PHISHING.�
all work in the financial department. Therefore, a custom-designed attack against employees of that enterprise means the attackers motivation would be financial. Conduct a technical analysis to know which countermeasures to deploy The second step is a technical analysis of the attack. The timestamp of each event is sometimes a hint: if e-mails are sent at the same time of day, we can deduce that a script was programmed by an assailant who attacks on a substantial scale, which would mean that said company is only one target
www.tahawultech.com
amongst a larger campaign. If this is not the case, it means that the company occupies all the attention of the attacker and that they are all the less likely to throw in the towel. The detailed analysis of the recipients can also reveal interesting points. For example, it may be that one of them only appears several days after the attacks began and that, according to HR, he was not part of the financial team before that. Here, the opponent keeps up to date on the employees. E-mail scanning allows you to know if radically different content is being used for each dispatch, including attached items, vulnerabilities they address, and/or malicious code they embed. If this content evolves, it means that the attacker changes techniques to test the defences of the company and it is likely that he will continue to do so. Note that it is difficult to say if the attacker is only one person with a large arsenal of offensives or several pirates each with a specialty, but it is a safe bet that attacks are co-ordinated. This technical analysis enables to make arrangements when facing an
attack. The company is in fact able to know how to make the teams aware, how to clean the posts, what technical countermeasures to put in place and better prioritise its vulnerabilities. The perspectives brought by the investigation The investigation does not stop there. As the attack is obviously targeted, it will be necessary to compare the next spearphishing attempt to those studied here and determine whether the attacker is still targeting the company and if the techniques used are the same. As part of this example, the next spear-phishing e-mails will be integrated into a Threat intelligence platform and it is likely that future correlations are discovered, if for example we could see that the assailant began targeting the HR team. Ultimately, this investigation has revealed that the company had an opponent and had to redirect its strategy to defend against them. Such investigation gives tangible elements to reassemble information at the highest level and thus raise awareness throughout the company.
JULY-AUGUST 2019
25
INSIGHT
RIDING THE CLOUD
NICOLAI SOLLING, CTO, HELP AG, SHARES INSIGHTS INTO HOW REGIONAL ORGANISATIONS CAN DEVELOP A STRATEGIC APPROACH TO SECURING MULTI-CLOUD ENVIRONMENTS.
C
loud computing is really making inroads in the UAE – and not just the public cloud environments. Customers are also starting to explore the benefits of modern compute and application environments, which private and public cloud deliver. It is expected that the UAE public cloud market will reach a $290 million by 2020. Major technology vendors including AWS, Microsoft, Alibaba, and SAP have been quick to recognise the region’s cloudreadiness and have begun investing in Middle East-based cloud data centres. All of this is intriguing and the numbers staggering, but we are still in the early days of cloud - particularly when it comes to cloud security. I am often surprised to find that regional enterprises either believe that the cloud is secure by default, or that the native controls delivered by cloud providers are good enough. Therefore, we continue to see higher levels of security investment being
26
JULY-AUGUST 2019
made to secure legacy environments. Unfortunately, cloud and the applications we deploy there are not secure by default – in fact security in the cloud is as complex, and as much of a requirement, as in any traditional data centre infrastructure. Organisations need to build competence and understanding of cloud related security challenges, meaning we currently find ourselves with a competence gap – especially as cloud platforms and the attacks against those are often very different. For example, growing cloud adoption is causing attackers to focus more intently on client-side attacks and phishing, as the lack of a natural perimeter means that our user, endpoint and authentication are the new perimeters. From a security perspective, this means that endpoint-security, identity control and user awareness are now becoming increasingly critical elements in a robust security strategy. Then there is also the question of multi-cloud architectures. Whether by choice or by circumstance, more
www.tahawultech.com
“UNFORTUNATELY, CLOUD AND THE APPLICATIONS WE DEPLOY THERE ARE NOT SECURE BY DEFAULT – IN FACT SECURITY IN THE CLOUD IS AS COMPLEX, AND AS MUCH OF A REQUIREMENT, AS IN ANY TRADITIONAL DATA CENTRE INFRASTRUCTURE.”
and more, organisations are finding their resources, applications and data deployed across multiple cloud environments with highly different security properties. The approach offers them unmatched power of choice and the freedom to run different workloads in different environments as per the best interests of their business, as well as helping them avoid vendor lock-in, increase reliability and robustness, and distribute their attack surface. However, just as the cloud itself changes how we think about security, so does multi-cloud. The primary issue is that when we move to the cloud, we may not be able to provision the same security controls as we had on-premises - and for multi-cloud scenarios, the controls may also differ. While the native security controls may work well enough in one cloud, they may ultimately not expand to other cloud providers, which causes inconsistent controls, policies, management and the need to understand events and build competence on multiple tools.
www.tahawultech.com
Developing a multi-cloud strategy Given the inevitability of multi-cloud adoption, it is critical for businesses to start taking steps to secure their future in the multi-cloud. The first of these is to acknowledge that the responsibility for the security of their sensitive data rests with them, rather than with any cloud provider. This means that having full visibility and control over data flows - even across different cloud applications and environments - is imperative. Similarly, organisations must ensure that data and applications can only be accessed by those users who they are intended for. Understanding cloud security also entails ensuring that you deploy technologies that can deliver solutions for both immediate and future requirements – and very importantly the cloud vendors that your organisation plans to utilise. It would be very unfortunate if you cannot deploy your applications securely because your security products do not support the cloud environment, or do not integrate very well with it. The immediate capabilities of a vendor but also their long-term roadmaps and vision is therefore a key selection criteria. After all, your choice today may not be the choice of the future. With the right access controls, end-to-end visibility and other security solutions in place, businesses can then start to understand and evaluate which cloud providers they should be focusing on – some may be geographically more attractive than others. As we move to PaaS and serverless compute, and benefit from the features of containerised applications a whole
new set of requirements will evolve, where security will be much more tightly coupled in the application and focus will be around ensuring that the developed application is bulletproof. Unfortunately, in this area, we are still in the infantile state. A good example is that the top 10 most popular docker images available on GitHub contain more than 30 vulnerabilities. These images are gladly trusted by developers as ‘sources of truth and security’ when they download them and build their applications on them. But PaaS and Serverless compute also completely change how we store, and compute data as opposed to Infrastructure as a Service, where we take a much more classic approach to data and compute and just deliver it in a cloud format. Even with all these security concerns, the cloud future for the region looks highly promising. And just as we see organisations increasingly leverage cloud platforms, we will hopefully also see an increased awareness and focus on the security implications. There is already an indication of this as Gartner has predicted that through 2019 cloud security spending in the MENA region will total $9 million, representing a staggering 108 percent year-on-year increase. As has always been the case in cybersecurity, ensuring that this spending is directed into the right plan and the right technologies is what will determine the long-term success of an organisation’s multi-cloud strategy. There is no doubt that we are looking at great opportunities, but also great responsibility.
JULY-AUGUST 2019
27
FEATURE
CONSOLIDATION CONUNDRUM
AS CYBERSECURITY CONTINUES TO BE A TOP BOARDROOM AGENDA FOR ENTERPRISES ACROSS THE WORLD, SECURITY TECHNOLOGY PLAYERS – WHETHER IT BE LARGE VENDORS OR STARTUPS – ARE RACING TO DELIVER THE BEST SOLUTIONS INTO THE MARKET. HOWEVER, THE INCREASING COMPLEXITY IN THE MARKET ARE PUSHING ORGANISATIONS TO LOOK FOR LESS PROVIDER DIVERSITY. DANIEL BARDSLEY SPEAKS TO INDUSTRY EXPERTS TO DISCUSS HOW CONSOLIDATION AND INTEGRATION IS IMPACTING THE CYBERSECURITY LANDSCAPE. 28
JULY-AUGUST 2019
www.tahawultech.com
A
s one industry observer put it earlier this year, in cybersecurity there are “too many companies offering too many solutions to too many
problems”. Ambitious start-ups are springing up by the dozen to offer solutions to fast-emerging threats, and companies are faced with a lengthy list of potential purchases as the list of hazards grows. Customers pick the “best of breed” in each field of cybersecurity, “point tools” that do not communicate with each other because they were developed separately by different companies, making full situational awareness harder to achieve. Cybersecurity staff are burdened by the need to knit these products together are inundated with alerts from them. “Security professionals have acquired too much technology which is non-integrated with either other security tools or other IT systems and infrastructure management solutions used in customer environments,” says Paul McKay, a senior analyst with the research organisation Forrester. “This is creating alert fatigue, where all of these solutions are pushing out hundreds and sometimes thousands of alerts per day, which is overwhelming security teams.” As well as creating operational headaches, having a large number of cybersecurity tools increases the complexity of procurement. It is perhaps no wonder, then, that a recent study by ESG Research indicated
www.tahawultech.com
that two-thirds of organisations were in the process of cutting the number of cybersecurity vendors that they dealt with. In this context, there has been much talk suggesting that a round of consolidation in the cybersecurity industry is likely. Late last year, for example, a forecast was made that the number of cybersecurity companies would halve over the coming five to seven years. Jeff Pollard, a principal analyst at Forrester, recently suggested that there would be an increase in the number of large cybersecurity companies buying up smaller entities and bundling a dozen or so solutions into a “suite”. Pollard’s colleague McKay takes a similar view. “It is not untypical to hear customers [now] ask for ‘best of need’ as opposed to ‘best of breed’ security solutions,” he says. “Integrated product portfolios are becoming a core requirement of customer RFPs [requests for proposal] and servicing. “We are seeing much more pressure on security leaders from across the boardroom to more effectively use existing security investments.” On top of this, McKay notes that in areas of the world where growth is stalling – including parts of the Middle East where volatility in the commodity markets has acted as a drag – cybersecurity spending is facing a squeeze. Budgets are still increasing as the threats escalate, but these increases are “at a much slower rate”. A flurry of recent big-ticket acquisitions has been seen by some as indicating that consolidation is already happening, and McKay takes the view that the overall cybersecurity mergers and acquisitions market is “quite frothy at the moment”.
“There are a number of acquisitions and exits being seen in the industry. There is certainly no shortage of ideas coming from the industry or shortage of backers to do it,” he says. “In mature cybersecurity markets, we see evidence of significant consolidation within particular technology markets such as user behaviour analytics and in areas such as data security.” Among the most talked about deals is Cisco’s $2.35 billion purchase late last year of the privately-owned Duo Security, a Michigan-based cybersecurity company with particular strengths in, for example, multi-factor authentication in the cloud. Indeed, McKay says that the identity and access management field as a whole is seeing “a lot of activity”. In addition to the Duo Security transaction, he cites as another example the deal in August last year that saw the private equity investor Thoma Bravo take a majority stake in Centrify. Not long afterwards, a company called Idaptive, focusing on Identity-as-a-Service (IdaaS), was spun out of Centrify. McKay notes also that an area that has seen “some very interesting consolidation” over the last few months is security orchestration, automation and response (SOAR). He mentions Palo Alto Networks’ acquisition of Demisto as being a “large shake-up in that product segment”. “We can expect further announcements to be made in this area as automation and orchestration are popular capabilities to build for both end-users and also service providers, such as MSSPs [managed security service providers] and consultancies,” he says.
JULY-AUGUST 2019
29
FEATURE
Other analysts have pinpointed a number of additional reasons that could be driving consolidation in cybersecurity. Writing last year in Cybersecurity: At the crossroads of risk, a report released by the law firm White & Case, Sean Cunningham, a managing director at the US-based ForgePoint Capital, a venture capital investor, said that there was “substantial duplication” among cybersecurity companies, with large numbers offering similar solutions. He noted that significant amounts of institutional and private equity were funding these companies, sometimes leading to inflated valuations. However, more recently venture capital money has become harder to come by, limiting the options for smaller cybersecurity companies to raise capital and making it easier for larger companies to acquire them. One benefit of consolidation is that it could mitigate the skills shortage in cybersecurity, with a 2018/19 survey of IT professionals by ESG Research indicating that more than half of companies are experiencing such a human resources deficit. Security teams are, says McKay, “struggling to find people with the right skills at the right salary point” to deal with all the work that they have. “Some forecasts say that the number of unfilled vacancies will have risen to
Paul McKay, Forrester
“THERE ARE A NUMBER OF ACQUISITIONS AND EXITS BEING SEEN IN THE INDUSTRY. THERE IS CERTAINLY NO SHORTAGE OF IDEAS COMING FROM THE INDUSTRY OR SHORTAGE OF BACKERS TO DO IT.” three million by the end of 2020,” he says. While McKay expects further consolidation, he does not expect the number of cybersecurity companies to fall by half over the coming years, as one forecast has suggested. Indeed, some are not convinced that the consolidation being seen currently will lead to a sustained reduction in the number of cybersecurity companies. Bob Tarzey, formerly an IT industry analyst with Quocirca and now freelance, says that consolidation is “constant and ongoing”. “If you made a list of today’s cybersecurity companies, that list may have halved in five years’ time, but by then many more start-ups addressing new problems will have emerged,” he says. He says that a common pattern is for
Bob Tarzey former analyst at Quocirca
“IF YOU MADE A LIST OF TODAY’S CYBERSECURITY COMPANIES, THAT LIST MAY HAVE HALVED IN FIVE YEARS’ TIME, BUT BY THEN MANY MORE START-UPS ADDRESSING NEW PROBLEMS WILL HAVE EMERGED.” 30
JULY-AUGUST 2019
a new cybersecurity concept to arise and to spawn a number of start-ups. Over time, if the technology goes mainstream, a start-up gets acquired either by a broad portfolio vendor, such as McAfee, Trend Micro or Symantec, or by a large tech company with a cybersecurity business, for example IBM or Microsoft. This has been seen, he notes, in a number of cybersecurity sectors, including anti-spam and firewalls. This pattern, he says, can help to drive down the number of suppliers. A customer might pay for the technology of a start-up, but if one of their larger suppliers acquires similar technology and adds it to a suite, the customer will – eventually – switch to that product instead. “Sometimes a start-up survives and goes mainstream itself, for example Forcepoint (formerly Websense). In this way, from a revenue and profits perspective, the cybersecurity industry is dominated by a dozen or so companies,” he says. Tying in with Tarzey’s view of the industry is the fact that forecasts that the number of cybersecurity companies will fall is nothing new. Such forecasts were made in the early 2010s too, but did not come to pass. Perhaps, to use a well-worn phrase, the more things change, the more they stay the same.
www.tahawultech.com
FEATURE
DIGITAL N AFTERLIFE AS TECHNOLOGY ADVANCES, SOCIAL MEDIA PLATFORMS SUCH AS FACEBOOK AND TWITTER HAVE BECOME AN INTEGRAL PART OF OUR EVERYDAY LIVES. BUT WHAT HAPPENS TO OUR ONLINE IDENTITIES AND DATA WHEN WE DIE? DANIEL BARDSLEY SPEAKS TO INDUSTRY EXPERTS TO DISCUSS WHY WE NEED TO PLAN OUR DIGITAL LEGACY.
www.tahawultech.com
o one needs to be told that Facebook is popular in the UAE. One estimate suggests that around 7.5 million of the country’s 9.7 million residents use the social network, and some reports put the figure even higher. Yet how many of these users have thought about what happens to their account after they pass away? It may seem a distant concern, but a person’s continued online presence can have consequences for those they leave behind. This is illustrated by the tragic case in the United Kingdom of Hollie Gazzard, a young woman who was fatally stabbed by her former boyfriend Asher Maslin in 2014. For Hollie’s relatives, the task of trying to rebuild their lives after the killing was made all the more difficult by the continued presence on her Facebook profile of multiple photos of her with Maslin, all taken during happier times. Despite pleas, Facebook initially refused to take the pictures down, and it was only when more than 11,000 people signed a petition calling for a change of heart that, in 2015, the social network removed the images. As well as perhaps illustrating the power that big tech companies have over
JULY-AUGUST 2019
31
FEATURE
users’ data – even beyond the grave – the case demonstrates the long reach of a person’s “digital legacy”: individuals do not simply disappear online when they die. The question of how people deal with this digital legacy has become an increasing talking point, but many feels that, still, it is too often ignored. Four years ago, James Norris set up The Digital Legacy Association to highlight the issue and to assist people keen to manage what happens to their online presence after they are gone. “For some people, their legacy planning might simply be passing on a password for their phone,” he says. “For others with computers and who use social media sites, online banking, cryptocurrencies, gambling accounts or shopping accounts – all of these things that have migrated to the digital realm where there’s not a paper trail – making plans is important.” Indeed, without planning ahead and passing on details to loved ones, people risk some of their assets being lost on their death, as the absence of papers highlighted by Norris means that beneficiaries may have no idea that these assets exist. Also, there are more emotional factors to consider. Even someone who places little value on their digital footprint may want to ensure that it is preserved, and that relatives have access, because it may be a source of comfort to these
loved ones (this is a potential reason why an account should not be deleted). Not making plans can create stress for those left behind, who will be unsure of the deceased’s wishes. The Digital Legacy Association has a free social media will template that individuals can download and use to indicate what they would like to happen to their accounts. For each account, they may specify a “digital executor” who is tasked with carrying out their wishes. Alternatively, or in addition, a letter attached to a will – although not likely to be legally enforceable
James Norris, The Digital Legacy Association
“FOR SOME PEOPLE, THEIR LEGACY PLANNING MIGHT SIMPLY BE PASSING ON A PASSWORD FOR THEIR PHONE.” 32
JULY-AUGUST 2019
– can be helpful in ensuring a person’s wishes are carried out. In a similar vein, Facebook has a system that allows users to appoint a “legacy contact” to manage an account that is memorialised after the user’s death. Users can also choose to have the account deleted upon their death. A legacy contact’s privileges are limited to actions such as writing a pinned post for the profile and dealing with friend requests. They cannot alter old posts, read private messages, or remove photos or delete friends, among other things. It can be a significant role, indicates Dr Elaine Kasket, a British-based psychologist who earlier this year published a book called All the Ghosts in the Machine: Illusions of Immortality in the Digital Age. “That’s a huge burden of responsibility on someone who probably doesn’t know what they’re signing up for,” says Kasket.
www.tahawultech.com
Dr Elaine Kasket, author, All the Ghosts in the Machine: Illusions of Immortality in the Digital Age
“IF THEY HAVE ACCESS, THEY HAVE CONTROL. THE PERSON HOLDING THE REINS HOLD CONTROL. PEOPLE NEED TO BE AWARE OF THE MASSIVE IMPORTANCE OF GETTING THEIR HOUSE IN ORDER.”
For Facebook, the issue of what happens to the profiles of deceased users is not trivial. It is thought that around 8,000 members die each day and, although estimates vary, one forecast suggests that by the end of this century, close to 5 billion will have passed away – twice as many people as are currently active members. Social media accounts are, however, just a fraction of a person’s digital legacy; even individuals who think they have little digital footprint have much to consider. “One of the things that really is underneath people’s radar is the stuff that our devices automatically capture for us,” says Kasket. Devices may record locations their user has visited, if this function is not disabled, while search histories are kept, unless cleared. They are part of what Kasket describes as the “digital dossier that gets kept on you”. She describes a film that was made
www.tahawultech.com
of a woman’s search history, saying that gave an “incisive insight” and was “dark nature of the soul stuff”. “It’s gripping. All of it is in her search history. She didn’t put it out there as Facebook posts, but it’s pretty intimate stuff she was struggling with,” she says. “Imagine if it had been her husband who came across her history after she died. What would he discover about his wife that he didn’t know before?” A mobile phone too could provide information that individuals might want to keep private, indicating, for example, where a person was at a particular time. In this climate, any computer user might want to consider what they leave behind on their machine and who it might pass to on their death. Just as there is the risk of loved ones failing to find out about the digital assets of a deceased person, so there is also a chance that the person’s accounts, such as a PayPal account, could be illegitimately accessed through the devices they leave behind. It highlights the importance of considering who will physically take hold of laptops, tablets, mobile phones and the rest. “If they have access, they have control. The person holding the reins hold control,” says Kasket, adding that people “need to
be aware of the massive importance of getting their house in order.” Kasket also explains that providers of digital services need to develop “wellarticulated mechanisms” to deal with requests from relatives of the deceased. Currently, loved ones will often get a different answer each time they speak to a company. “Everybody is running around like chickens with their heads cut off,” she says, adding that in her book she writes about the case of one family who had to work for one and a half years to close down their father’s Amazon Seller’s account. “It was something they really needed to close down and tidy away,” she says. Kasket is concerned that big tech companies are “writing the rule book on what could or should happen” and that there is a danger of “laws following corporations, rather than corporations following the law”. “At least for traditional wills, we have established protocols and experts who can help us,” says Kasket. “Eventually the [traditional] estate gets wrapped up, but this [digital estate] is open for who knows how long.” There is, it seems, much for the UAE’s millions of Facebook members – indeed all computer users in the Emirates – to think about.
JULY-AUGUST 2019
33
FEATURE
THE UNUSUAL SUSPECTS
MORE OFTEN THAN NOT ORGANISATIONS ARE WARNED ABOUT SECURITY INCIDENTS THAT MAKE THE HEADLINES TEND TO BE ABOUT CATASTROPHIC TECHNOLOGY FAILURES OR BREACHES CAUSED BY NEFARIOUS ACTORS. HOWEVER, WHAT BUSINESS LEADERS NEED TO REALISE IS THAT SOMETIMES THE MOST DANGEROUS THREATS COULD BE RIGHT UNDER THEIR NOSES.
34
JULY-AUGUST 2019
www.tahawultech.com
T
he human factor plays a critical role in cybersecurity, with figures suggesting that human error is responsible for more than 90 percent of breaches. For companies, this means that a major concern has to be the actions of their own employees, who can frequently – either deliberately or unwittingly – be the cause when things go wrong. Latest research – some of it in the UAE and Saudi Arabia – by the US-based cybersecurity company BeyondTrust, which produces privileged access management tools, indicates just how much of a problem that employee breaches can be. The Privileged Access Threat Report 2019 is the fourth report of its kind, and the research behind it – based on surveying the views of organisations in sectors such as government, manufacturing and retail – helps to highlight issues that are of particular concern in the Middle East. In the UAE and Saudi Arabia, 62 percent of respondents were concerned about the intentional misuse by employees of sensitive data for personal gain. In the Asia-Pacific region, the figure was about the same, at 64 percent. These figures were significantly higher than those for some other parts of the world, notably Germany, where 44 percent of respondents said sensitive data misuse by employees was a
concern, and the United Kingdom, where the figure was 55 percent. So, what is behind the difference? “I think it’s cultural, I think it’s values. It might be the law as well,” says Morey Haber, BeyondTrust’s chief technology officer and chief information security officer. “Ramifications [for data theft] in somewhere like Germany are significantly worse. In the Middle East the laws for physical theft are much stricter, but data theft does not have the same perception,” he says. In Western Europe because legal punishments for data theft are likely to be much stricter, companies are likely to worry less that their employees are abusing their data. Tying in with what might be seen as a less rigorous approach to data issues in the Middle East, just 28 percent of businesses in the region were worried about employees downloading data onto a memory stick, compared to 42 percent in APAC. Another major geographical difference was the extent to which companies were aware of how many IT devices were accessing their network. Worldwide, of the survey’s more than 1,000 respondents, 76 percent were confident that they knew the number accessing their systems. However, there was wide divergence between the Middle East and some other regions. In Germany, 85 percent of companies were confident about their knowledge of the number of IT devices accessing their
Hoda Al Khzaimi, NYUAD
“KNOWLEDGE IS THE ULTIMATE POWER HERE. THE STAFF SHOULD BE REGULARLY EDUCATED ON THE TECHNOLOGY BEING USED AND THE VULNERABILITIES OF THIS TECHNOLOGY.” www.tahawultech.com
KNOWLEDGE IS POWER Among the vulnerabilities highlighted in the Privileged Access Threat Report 2019 are those posed by Internet of Things (IoT) devices. These were seen as posing moderate or significant threats by 57 percent of respondents, as much as for Bring Your Own Devices (BYOD). It is a concern that seems set to grow given that, as Hoda Al Khzaimi, director of the Centre for Cybersecurity at New York University Abu Dhabi notes, worldwide the number of connected devices is set to reach a staggering 25 billion by 2021. Al Khzaimi says the lack of global design standards for IoT devices, which often lack computational complexity, sometimes makes it difficult to implement standard security protocols, leading to vulnerabilities. “Companies should invest in building a customised security trust model for any IoT platform that they deploy, based on the latest available security standards,” says Al Khzaimi. Among other things, all devices joining the platform should be authenticated and all communication secure through, for example, encryption. “Accessing devices should be done within an access control model, as not everyone within the platform should have the right to access the devices’ set up and configuration,” says Al Khzaimi. “Make sure that anything that runs within this model is verified, secure and proven. This could be a challenge, as these devices might need to perform transactions in a very rapid manner and implementing a traditional security model might introduce an overhead on the computations offered by these devices.” Skilled security employees should, advises Al Khzaimi, constantly internally test and evaluate their own IoT platform. This includes updating the firmware of these devices with trusted software. She also advices organisations to be cognisant of the risks that advanced persistent threats pose, so hardware and software should be tested. “Knowledge is the ultimate power here. The staff should be regularly educated on the technology being used and the vulnerabilities of this technology,” says Al Khzaimi.
JULY-AUGUST 2019
35
FEATURE
Morey Haber, BeyondTrust
“IN THE MIDDLE EAST THE LAWS FOR PHYSICAL THEFT ARE MUCH STRICTER, BUT DATA THEFT DOES NOT HAVE THE SAME PERCEPTION.” systems, while in the Middle East it was just 70 percent. “It’s a very big difference between the regions and potentially a problem,” says Haber. Worldwide, 64 percent of companies believed that, in the past 12 months, they had had a direct or indirect breach from misused or abused employee access. More than seven in 10 organisations agreed that restricting employee device access would improve security – but acknowledged that this was not realistic. The report highlighted concerns over bring your own devices (BYOD), where employees use their own equipment when accessing a company’s network. Globally, 57 percent ranked this as a threat, only fractionally behind the numbers concerned about insider access (58 percent) and hostile external threats (61 percent). Professor Ernesto Damiani, from the Department of Electrical Engineering and Computer Science at Khalifa University in Abu Dhabi, also feels that BYOD is a key vulnerability, saying that it can be “asking for trouble”. “Bring your own has not only been tolerated but encouraged. It’s typical for
large organisations like hospitals and companies which are not particularly computer savvy,” he says. “This is normally one of the biggest threats. It’s seen as saving money for the company, but it’s the way that the solitary guy, the solitary hacker infiltrates the network easily.” Given the vulnerabilities outlined in the survey, what else should companies do to secure their systems? Damiani says the best strategy is to “limit the privileges [of employees] severely,” only providing them with the privileges that they need to carry out their jobs. “It’s a key precaution,” he explains. “Don’t allow more people to have more privileges than they need. If you cannot do anything, you cannot do harm.” Such a strategy is not always popular with employees, especially senior ones, who may feel that they have more right to privileged access than anyone. Damiani says that such senior employees are the ones who it is most important to restrict the privileges of, since they are more likely than other staff to be targeted.
Professor Ernesto Damiani, Khalifa University Abu Dhabi
“DON’T ALLOW MORE PEOPLE TO HAVE MORE PRIVILEGES THAN THEY NEED. IF YOU CANNOT DO ANYTHING, YOU CANNOT DO HARM.” 36
JULY-AUGUST 2019
BEYONDTRUST’S PRIVILEGED ACCESS THREAT REPORT 2019 ALSO FOUND:
182
AVERAGE NUMBER OF VENDORS LOGGING INTO THE IT SYSTEMS OF RESPONDENT ORGANISATIONS EACH WEEK
35%
PROPORTION OF ORGANISATIONS THAT HAD BREACHES DUE TO DIRECT OR INDIRECT EMPLOYEE BEHAVIOUR (UP FROM 29 PERCENT IN 2018)
29%
PROPORTION OF ORGANISATIONS “VERY CONFIDENT” THAT THEY KNOW THE NUMBER OF THIRD-PARTY VENDORS LOGGING ON TO THEIR SYSTEMS
60%
PROPORTION OF ORGANISATIONS THAT FEEL UNCHANGED DEFAULT IOT PASSWORDS PASSWORDS POSE A MODERATE OR SIGNIFICANT THREAT
40%
PROPORTION OF ORGANISATIONS THAT MANUALLY MANAGE IOT ACCESS
BeyondTrust says that its privileged access management (PAM) tools can help companies to secure their networks in the face of threats from employees, vendors and contractors. A suitable number of integrated PAM solutions can, according to the company, leave productivity unaffected while at the same time offering better visibility and appropriate control of “privileged insiders” and vendors.
www.tahawultech.com
REDEFINING technology transformation
+971 4 440 9100
@TahawulTech
info@cpimediagroup.com
www.tahawultech.com
COLUMN
ONLINE EDITOR ADELLE GERONIMO SHARES HER VIEWS ON THE LATEST DEVELOPMENTS IN THE SECURITY LANDSCAPE.
IN FULL VIEW
C
yber-attacks are inevitable. Today, organisations are realising that it is no longer a question of “if” a breach happens but “when.” As security threats continue to grow in complexity and volume, visibility is becoming crucial now more than ever. Organisations need visibility across their whole ICT infrastructure to secure themselves effectively. After all, you can’t protect what you can’t see. According to a report by Cisco, a hacker could remain undetected within networks for an average of 100 to 200 days. While some advanced, specially targeted threats can go undetected up to several years. This was the case for Marriott Hotels when its systems got breached and over 500 million customer data including passport details, emails, mailing addresses and credit card information were stolen. The hospitality 38
JULY/AUGUST 2019
firm found that its Starwood reservation database had been compromised since 2014 and the perpetrators had copied and encrypted the information. It is considered as the second largest data breach in history – behind Yahoo, which lost 3 billion customer information – not only because of the volume of data that’s been compromised but also because the breach went undetected for four years. Hackers are increasingly becoming more creative in how they penetrate networks and growing number of endpoints within organisations can make it even more cumbersome for security teams to spot vulnerabilities. That’s why it’s so important to have strong network visibility. Deep insight into networks is vital in addressing malware attacks. Therefore, organisations need to conduct regular vulnerability assessments to identify risks and security gaps. Visibility is also key to detection. By conducting real-time
monitoring across your infrastructure, you can spot threats that may have already slipped through the cracks. Furthermore, education is also a big aspect to achieving strong visibility. In any business, the number one asset is people. The principle is the same when it comes to combatting cyber-attacks. It’s important that an organisation’s entire workforce, from top management down to all employees, has an awareness of cybersecurity so they know what to look out for to spot a potential attack. By gaining better visibility across their whole infrastructure, businesses can get better insights into what assets are most critical and are vulnerable to attacks, determine where it is, who has access to it and how they can secure it. By seeing more organisations can understand their environments better, adapt to the current threat landscape, fine-tune defences and ultimately make better decisions when protecting their data. www.tahawultech.com