Cyber News Global: Issue 13

Dear Reader,

Welcome to CNG issue 13, as 2024 comes to an end we take time to reflect on some of the news we shared with our readers.

AI is certainly one subject that will be making more of an impact in 2025, regulation will see the EU AI impacting on many organisations, DORA has now started to make its mark.

Cybercrime and its impact are still being felt by both the public and private sectors. Collaborations between all sectors of the business community has become best practice for ensuring organisations have the best possible capability available to everyone.

International Cyber focus has seen an increase in opportunities for UK Cyber companies expanding into the middle east, we witnessed The Rt Hon Stephen McPartland having an immediate impact at the GITEX Expo in Dubai in September. The Cyber Centre of Excellence have made significant strides in supporting those public authorities, that do not possess the Infrastructure to deal with large scale cyber threats. Innovative methods of training are reaching sectors not really considered before, the engagement of the OSP Cyber Academy Cyber Escape Rooms training having an impact for the public sector councils with its exclusive collaboration between CCoE and OSP.

The industry is preparing itself for what lies ahead in 2025, with some stark cyber security predictions for 2025 provided by i-Confidential, we take a look at how the UAE and its partners are looking to strengthen its Cyber Resilience. CNG have expanded its capability with the an exclusive partnership with Gulf Creative to bring the Podcast Channel “ Let’s Talk Cyber” Live from GSIEC2025 within its dedicated Pod Cast Studio at the UK Pavilion.

Cyber News Global has expanded its partnerships into Saudi Arabia and Abu Dhabi with Plexusas Group providing further reach into the specialist conference arena for our CNI and CISO community. CNG will visit USA for its first time as partners for the International Cyber Risk Summit Washington DC and finally we will be the privileged International Media Partners for GISEC 2025 providing the conference magazine that will cover all of the relevant news hitting GISEC 2025.

So please join the journey reach out to our team to be apart of 2025 special journey.

Powered By

There are some commonalities, but there are also some key differences. Whether you are considered in scope or out of scope of various regulations very much depends on where you and your customers are located. There are of course, various reporting requirements from various regulations too, which increases complexity in the system.

The Impact of not Complying

The impacts of non-compliance can ultimately affect the organisations bottom line. This is something that our business stakeholders will understand in financial terms.

When speaking about impacts to business stakeholders we should seek to translate our language into meaningful terms that they understand, and what impact means from a financial perspective.

To communicate the impacts of incidents to business stakeholders, Factor Analysis

Replacement loss

The costs associated with the replacement of a capital asset or a person

Fines and judgements

Penalties levied against an organisation through civil, criminal, or contractual actions, usually the result of a Confidentiality related scenario

Competitive advantage

Losses associated with a diminished competitive advantage

Reputational Damage

Losses associated with an external actor’s perception that the value proposition of your organisation has been diminished

Each regulation will have its own enforcement fines and penalties for non-compliance, as detailed in figure 1. The severity of the fines will depend on the nature type of finding and how it was discovered. Consider if the non-compliance was discovered as part of your audit program, then we could say with a high degree of certainty that this would likely be lower, compared to if it was discovered by an external threat actor in abreach scenario. It is important to note that these fines can vary depending on the specific case, the severity of the violation, and the discretion of the relevant authority, so it’s cost effective if you have an internal audit program. If you don’t have an audit program in place this could serve as a business case for just that, supported by objective data.

Speaking of objectivity - If we look at data relating to data breaches as part of our situational awareness, the global average cost of a data breach is now $4.35M2 .That’s a fairly sizeable number and would certainly affect the organisational bottom line in terms of profit.

To get good data of course you need a large sample across horizontals so that we can increase our confidence in the data. It can of course vary on the cost per stolen record, so you might want to represent that as a distribution instead of being precise.

The cost per stolen record is $1643, which has increased slightly from $161 the previous year.

Information Risk (FAIR) provides a great model for understanding, analysing and quantifying information risk in financial terms. The impacts of incidents and breaches are far more than just being served fines by secondary stakeholders (regulatory bodies). There are other forms of loss that can be realised and should be communicated in your risk analysis:

Producivity loss

Losses that result from an organisation’;s inability to deliver its products or services

Responses loss

Losses that are associated with managing the event itself

A measurement is a reduction in uncertainty, and it can be helpful to review industry reports from incidents globally to help inform decisions and incorporate these into risk analysis.

Achieving, and maintaining compliance is crucial in todays interconnected world which is why it’s important to ensure you have a well resourced GRC function. Introduce simplicity in the system to combat the complexity by ensuring you have the resources required; you can’t change the external regulatory landscape, but you can change how easy or difficult it is to adhere to.

Digital Management –

We Lost Everything

Mary Lanigan,

Leader Redcar and Cleveland Borough Council

Evidence to Parliamentary National Security Strategy (Joint Committee) hearing 30 th January 2023

“We lost everything. We lost connection to our telephone systems, child services and important data dating back decades. It was so catastrophic that it took us about eight months to recover.”

For councillors and council officers the management of place for the progress and protection of its people, natural and built environment is central to their purpose. Every council’s area collective sense of place and context is unique. However, one way of thinking about how to progress the management of place in your council is to think about progressing and protecting the 5 Capitals:

Natural capital

Social capital

Human capital

Built (including digital)capital

Financial capital.

The strategy that individual councils choose to grow and thrive will vary. But part of any effective and efficient strategy and delivery of its essential services will be the digitalisation of its management of place and the essential services that the council deliver.

However, digitalisation of essential services and wider community stakeholders, creates a paradox, of both opportunities to grow the 5 Capitals, but also dangers ofto sustaining them. For councillors, whether in cabinet or not, and council officers, what was once something that could be delegated to IT or similar, is now central to strategy and achieving management of the place that, they have the privilege to serve.

Whilst protecting your place and making it more cyber resilient to the risks that accompany digitisation.

So, the challenge for councillors and officers is to develop a deeper individual and shared understanding as well asnd competence of why and how digitalisation can enable the progress of your place.

This starts with councillors and officers understanding more deeply: what is going on here? So that the opportunities of digitisation can be seized, whilst managing the risks. Including understanding the value of information for investment in the 5 Capitals in your place and what must be enabled and protected to achieve your purpose and strategy.

A while ago now Keep it simpleworking up Enduring Cyber Resilience

On this clay tablet is some of the earliest writing from anywhere in the world. It was made around 3100–3000 BC in southern Iraq and is now in the British Museum. It was used by workers for counting beer.

According to a study by IBM, human error is the main cause of 95% of cyber security breaches. Therefore, if we can improve human resilience and greater security awareness, the likelihood is that we can reduce cyber driven breaches.

Back then , it was pretty clear that the devices that provided information and those responsible for managing “technology” were directly connected to those using it. The relationship was simple and straightforward.

Not so nowadays. The average user of technology is bombarded with all sorts of acronyms and strange, mid Atlantic terms.

They are assailed with a cacophony of sometimes well-meaning but confusing advice and training regimes. There are dire warnings of the repercussions should technology fails or is infiltrated by cyber invaders.

We need to get real. Yes! There are some very clever adversaries out there who are quite capable of implementing an attack in response to our often-blunted defence posture.

However, too much gobbledegook clouds the issues in responding and deflects practitioners in OT from collaborating effectively with their IT cousins and developing the right relationship with the people who use technology.

As a result, what do many people do to protect themselves?

Almost nothing. Or sometimes the wrong thing.

But all is not lost. Many of the dominant cyber adversaries exist within a cult of personality centred on the Leader. The leader sets direction and everyone else executes it. Often repeating patterns by doing exactly what they are told. I have seen examples of this in the security industry and during the Cold War. This form of predictability can be defeated by good training and collective rethinking; intertwined with first class leadership.

In democracies, counter measures can be worked up. Ideas about how to act against both present cyber attacks and help prevent future occurrences can be funnelled by teams and individual contributors. This allows more room for feedback and discussion leading to far better outcomes potentially. There is room for individualism and allowances can be made for human error — and human error plays a critical part.

One might assume that involvement in high-tech and high-risk industries, like technology and banking, would bring greater security awareness. However, verified research has shown that this isn’t necessarily the case.

Among the industries that face the most human error are technology companies and financial services.

Employees in technology industries are the most likely to click on links in phishing emails. 45% of employees in banking and finance also admitted to clicking on phishing emails.

Our company’s senior psychologist tells me that new procedures often fail because humans like to get things done but they also fear making mistakes. Many find change difficult — when something stands in the way of progress, humans either concede defeat or circumnavigate the first line of defence. Good aspiration: bad cyber resilience.

Good training and awareness programmes can introduce the tenable cyber threats into employees’ working lives. The best programmes often provide real-time simulations that demonstrate what a threat can look like, and how employees should react. This is partnered with continuous education of the workforce because the threat landscape doesn’t just stop evolving when an employee’s cybersecurity training is done.

So where does IT and OT play a part?

If you Google definitions of IT and OT you will get a cats cradle of responses.

If you bundle these together, the difference between IT and OT systems is that IT is focused on data and communication, whereas OT is focused on behaviours and outcomes.

However, I have an added a third dimension which is TU. Technology User is defined by lawyers “as someone who uses technology to access and use information or carry out a task that involves the use of digital technology”.

All three are linked inextricably.

Over the years, I have led or participated in a number of major transformation programmes and reviewed complex technology projects- some with downstream get well programmes.

In 2020, McKinsey Digital wrote a useful article on a technology-transformation approach that works

McKinsey reported that technology leaders who have pursued this new approach that is comprehensive enough to account for the myriad inter linkages of modern technology joined at the hip, have shown considerable improvements in business effectiveness and technology resilience.

So where do we go from here?

In 1958 the Royal Navy, set up a transformation programme to train the crews in operating their equipment and give them experience in dealing with every eventuality likely to be met at sea. The McKinsey approach aligns with this transformation.

Starting with a baseline, “Work Up” proceeds with basic safety and awareness training, and progresses through various scenarios to more advanced training on a collective basis involving different “units”.

Common sense plays a big part and it’s accepted from the outset, that all participants can learn from mistakes.

Training is delivered to the same standard whoever, the customer although it can be tailored to meet specific requirements.

It draws heavily on experience gained over 65 years and promotes best practice. It is recognised as a world leader in the international Naval community.

So how do we develop this Work Up in the civilian cyber environment?

The key components are all available in the UK and many other countries. Basic check: setting the requirement, exercising-real and simulated, training and mentoring, feedback leading to revision of an incremental approach.

It just needs to be joined up.

The strengths of this Work Up approach include a less silo relationship between IT and OT Teams and individuals, and across business sectors. People find themselves working more closely together to manage converged technology and the human being plays a central role.

For businesses, a positive flow-on impact of this is reduced development, operational, and support costs and a confidence that any attack on technology systems can be dealt with authoritatively and with practicality.

WHAT THREATS WILL LEAD THE WAY IN OUR CRITICAL NATIONAL INFRASTRUCTURE

OPERATIONAL TECHNOLOGY SYSTEMS?

Introduction

Critical National Infrastructure (CNI), including energy, water, transportation, healthcare, and telecommunications, is vital to society, the economy, and public safety. Operational Technology (OT) systems, which control this infrastructure, are increasingly under attack. With OT systems interfacing more with Information Technology (IT) networks as part of IT/OT convergence, vulnerabilities are rising, leading to potential integrity breaches and service disruptions that pose significant risks to national security and public welfare. This article examines the top threats to CNI OT systems and actions required to mitigate them.

Merging of IT and OT The continued convergence of IT and OT is a major factor in the expanding threat landscape. Previously, OT systems operated independently of IT networks, providing some protection from cyberattacks. However, the integration of these systems for efficiency, remote management, and data analytics has introduced new vulnerabilities.

IT/OT Integration Risks

1. Increased Attack Surface: The integration of IT and OT increases the attack surface, offering more entry points for cybercriminals. Attackers can move laterally within a network when previously isolated systems are connected.

2. Legacy OT Systems: Many existing OT systems are outdated and not built with cybersecurity in mind. These legacy systems lack modern security features, making them susceptible to attacks.

Cyber Threats Against CNI OT Systems

1. Ransomware Attacks Ransomware attacks encrypt victims; data and demand payment for its release. These attacks can cause prolonged downtime for critical services, resulting in disastrous scenarios, such as interruptions in energy supply or healthcare services.

Impact on CNI:

• Service Downtime: Ransomware can cause prolonged downtime for critical services, leading to disastrous scenarios like interruptions in energy supply or healthcare services.

• Business Damage: Organizations face downtime, ransom payments, and recovery costs, which can be crippling.

• Public Safety: Healthcare services can be severely impacted, risking patient safety and access to critical records.

• Notable Incidents:

• Colonial Pipeline Attack (2021): This ransomware attack halted fuel supply to the eastern United States for several days, causing shortages and panic buying.

• Ireland’s Health Service Executive (HSE) Attack (2021): A ransomware attack disrupted IT systems in public hospitals, delaying healthcare services across Ireland.

2. State-Sponsored Attacks Statesponsored cyberattacks, funded by nation- states, aim to compromise critical infrastructure for political, economic, or military advantage. These attacks can cause wide-scale disruption or espionage.

Impact on CNI:

• Espionage: Theft of sensitive data related to national security, industrial secrets, or critical infrastructure operations.

• Sabotage: Targeting critical systems to cause long-term loss and service disablement.

• Geopolitical Tensions: These attacks can escalate geopolitical tensions and result in retaliation and conflicts between nations.

Notable Incidents:

• Stuxnet (2010): A state-sponsored attack by the US and Israel crippled Iran’s nuclear facilities, slowing its uranium enrichment program.

• Ukrainian Power Grid Attacks (2015, 2016): Russian state-sponsored hackers disrupted power supply to thousands of Ukrainians during winter.

3. Supply Chain Attacks Supply chain attacks compromise a third-party product or service to gain access to a target organization’s network, leveraging trust and connectivity within modern supply chains.

Impact on CNI:

• Indirect Entry: Attackers exploit lower security levels of vendors or partners to gain a foothold.

• Amplified Impact: The attack can affect multiple organizations reliant on the compromised vendor.

• Data Breaches: Loss of sensitive information, including intellectual property and personal data.

Notable Incidents:

• SolarWinds Sunburst Attack: Malicious code was introduced into SolarWind’s Orion software, affecting thousands of users, including US Federal agencies, and causing significant data breaches.

• NotPetya Attack (2017): Spread via a compromised software update, this attack caused major disruption to global businesses.

4. Insider Threats Insider threats involve data theft or sabotage by employees or partners with authorized access to a company’s systems. These threats can be intentional or unintentional, such as negligence.

Impact on CNI:

• Unauthorized Access: Insiders with access to critical systems can easily cause damage or steal information.

• Detection Difficulty: Insiders typically have authorization for their actions, making detection challenging.

• Financial and Reputational Loss: Insider incidents can result in expensive losses, operational interruptions, and damage to an organization’s brand. Stealthy Sabotage: These attacks can go unnoticed for a long time, allowing

Notable Incidents:

• Edward Snowden (2013): The release of classified NSA documents by Snowden highlighted the impact rogue insiders can have on national security.

• TESCO Bank (2016): £2.5 million were fraudulently taken from customers accounts due to an insider attack.

5. Advanced Persistent Threats (APTs) APTs are long-term, targeted cyberattacks by state-sponsored groups or expert hackers. These attacks aim to maintain a persistent presence on a network to collect intelligence or cause damage.

Impact on CNI:

• Lasting Espionage: APTs can conduct long-term espionage, stealing data and intellectual property over months or years.

• Stealthy Sabotage: These attacks can go unnoticed for a long time, allowing attackers to slowly corrupt or disrupt critical systems.

• Economic and Strategic Damage: By targeting key infrastructure sectors, APTs can inflict substantial economic and strategic damage.

Notable Incidents:

• Operation Aurora (2009-2010): An APT targeting major US corporations to steal secrets and intellectual property, linked to Chinese state-sponsored actors.

• Dragonfly Campaigns (2014 and 2017): Cyber espionage attacks on the energy industry in the US and Europe, focusing on compromising industrial control systems.

6. Internet of Things (IoT) Vulnerabilities The increasing number of IoT devices in CNI introduces new vulnerabilities. These devices often have weak security measures, making them susceptible to external attacks.

Impact on CNI:

• Botnets: Hijacked IoT devices can be used to create large botnets for Distributed Denial of Service (DDoS) attacks.

• Control and Disruption: Attackers can exploit vulnerabilities in IoT devices to control critical systems or disrupt operations.

• Data Breaches: IoT devices collect and transmit data, which can be intercepted or stolen by malicious actors.

Notable Incidents:

• Mirai Botnet (2016): Compromised IoT devices were used to create a massive botnet army, launching some of the largest DDoS attacks in history.

•TRITON Malware (2017): Designed to disable safety systems at a petrochemical plant, TRITON highlighted the potential damage from insecure IoT devices in CNI.

Mitigating Threats to CNI OT Systems To protect national infrastructure, organizations should adopt a multi-layered strategy that includes technical, organizational, and human resources.

1. Isolate OT Networks from IT Networks Network segmentation can prevent malware propagation by isolating OT systems from IT networks.

2. Regular Updates and Patching Frequent updates and patches can close known vulnerabilities in OT systems.

3. Intrusion Detection and Prevention Systems (IDPS) Deploying IDPS allows organizations to monitor network traffic in real-time, identifying suspicious activity.

4. Incident Response Plans Developing and maintaining an incident response plan ensures quick and effective responses to cyber incidents.

5. Cybersecurity Training Regular training on best practices and recent threats can minimize human error. OT-specific training enables professionals to identify and mitigate risks associated with their systems.

Conclusion:

The threat landscape for CNI OT systems is increasingly sophisticated and dangerous. Protecting these systems requires strong cybersecurity practices, effective incident response strategies, regular training, and adopting innovative technologies like Artificial Intelligence.

A proactive, full-spectrum approach is essential to safeguard our national infrastructure from evolving cyber threats.

CYBERPRISM STRENGTHENS MARKET POSITION

AMID RISING THREATS TO CRITICAL INFRASTRUCTURE

CyberPrism

Aberdeen team members at the quarterly meeting.

About CyberPrism :

CyberPrism safeguards your business-critical Operational Technology (OT). We use technology to simplify and automate OT cyber security services, putting people in control. We support regulatory compliance in organisations to protect systems and ensure organisational resilience. We help keep people safe, underpin process optimisation, and eliminate reputational risk. With our innovative technological solutions, deep technical expertise, and core principles of discipline and focus, we have built a track record of successful partnerships with clients in Energy, Industry, Maritime and Government.

CyberPrism, a leading provider of OT cyber security solutions, is proud to report significant growth over the past year, driven by increasing awareness of cyber risks among energy operators and a surge in demand for robust security measures.As a result of rising demand, a series of major contract awards with four North Sea operators has been central to the company’s expansion over the last year.

Those contracts have seen CyberPrism engage with clients to enhance the safety and security of their energyproducing assets across the UKCS. These include assessing cyber risk, instituting governance and management systems, generating OT cyber security policies, conducting detailed platform risk assessments and providing regulatory compliance support.

CyberPrism’s success has led to recent major appointments across both technical and non technical roles, having increased the staffing footprint by 60%.

The company has also expanded its office space at its Aberdeen city centre HQ, paving the way for further growth.

Martin Smith, Managing Director of CyberPrism, said: “The energy sector is waking up to the magnitude of the threat to their operational technology.

“As industrial networks across various industries are becoming increasingly prone to cyber attacks, posing significant risks to national security and the economy, as well as impacting business operations and HSEQ assurance, the full extent of these threats is only now becoming apparent to many. “Our rapidly growing team, armed with technical expertise, knowledge of critical infrastructure and military experience, has built a strong foundation to support clients.

“Looking ahead, our strategic vision includes expanding our cyber security solutions to additional sectors and regions, such as Europe and the Middle East.

This will position us at the forefront of efforts to protect vital infrastructure on a global scale, and drive continued growth and innovation for our industry.”

Cyberprism’s work on behalf of its North Sea clients is carried out to two key industry standards. The first of those, ISA/IEC 62443, is designed to enhance the safety and security of industrial automation and control systems (IACS). The second, OG86, was issued by the UK Health & Safety Executive (HSE) to provide guidance on implementing robust industrial networks and systems to prevent cyber-attacks that could lead to health and safety incidents, major accidents, or loss of essential services.

It draws upon the framework of the NCSC’s Cyber Assessment Framework (CAF) in complying with the Network and Information Systems Regulations 2018.

For more information visit: www.cyberprism.net

•Al-crafted phishing and malware will become harder to detect.

•Employee training is vital, but layered protections are essential to mitigate Al-fuelled threats.

Al can empower defence-but it also gives attackers a dangerous edge.

Deepfakes Fuel Disinformation Campaigns

Deepfakes are poised to target organisations directly, threatening reputations and trust.

Governments and tech companies will ramp up efforts, but staying ahead of these threats requires: Detection tools.

Clear response strategies.

Cloud Security Challenges Expand

The shift to the cloud introduces risks: Misconfigurations.

Third-party dependencies.

Multi-cloud complexities. Organisations must prioritise:

Secure application code.

Identity and access management.

Effective monitoring of serverless functions.

Cloud growth demands smarter, more adaptable security strategies.

Let’s discuss how we can help you strengthen your defences and build true cyber resilience.

1: The RACE model, a simple 4-part plan for building cyber resilience

The solution needs not to be complex nor flamboyant; it just needs to be practical, and if one can cut through the levels of complexity and zero in on the crux of the problem and put in place basic security controls that are effective and efficient, it will lay the groundwork for success.

Borrowing the analogy of racing, would you be driving a race car that has a manual gearbox for full control and is tuned for the race track, or would you just take any car straight from the garage untuned for the conditions of the race track and relying on the car’s automatic gearbox to take care of the driving? Thus, it is clear that returning to basics and tuning your security measures for accuracy and precision is a much better bet than pouring huge investments into advanced systems and mechanics, building layers and layers of security indiscriminately.

In simplistic terms, it is to provide robustness and survivability of the organization’s cyber footprint in the face of adversaries and threats, meet compliance needs for business governance while excelling and providing a competitive advantage, using whatever security capabilities are based on established best practices, processes, and frameworks that achieve repeatable results. Figure 2 below summarizes what it takes to build cyber resilience and the value it brings to the table, taking into consideration the interplay between being compliance and building capabilities to support the resiliency of the entire information infrastructure that supports the business of an organization.

Being accurate and precise will enable us to build quantifiability into our cybersecurity program. Accuracy and precision are both ways to measure results. Accuracy measures how close results are to the true or known value, while precision, on the other hand, measures how close results are to one another or, in other words, how well our defenses are designed and executed. This is our motivation behind the development of the RACE model. The subsequent paragraph will describe each key component of the model in greater detail.Firstly, resiliency in modern cybersecurity speaks to the capability to provide value for the customer.

Next, awareness refers not only to imbuing a culture of cybersecurity among all the staff in an organization to the extent that basic cy their core competencies and fundamentals. Hereby, it is recommended that harnessing risks and hedging your bet against the barrage of threats based on a risk-based approach is the best way, given that resources on hand are always scarce, limited, and, to some extent, expensive. Given that is the case, we have identified five basic core fundamentals that every cybersecurity team in any organization needs to build up on their basics (and manage them well) based on common cybersecurity issues faced, as depicted in Figure 3.

While it may seem simple, the devil is always in the details to ensure a job is done well.

RACE Model: Building Cyber Resiliency and Mitigating Network Risks by Going Back to Basics (Contd:)

One man, organization,or country cannot resolve cybersecurity issues alone. It takes an entire village to address cybersecurity issues as they affect everyone if anything goes awry. Cybersecurity is a team sport, and all the stakeholders within the ecosystem must contribute towards addressing the elephant in the room, as shown in Figure 4. We always find strength in numbers because “united we stand, divided we fall.” We see the Blackhat community is doing that exactly, and that is why they are always a step ahead of the good guys every time, thereby summarizing the urgency to Collaborate as a key differentiating measure.

Last but not least, we need to bring everything together to build or Engineer the process, putting the cogwheels into their rightful places to drive the engine forward. We have identified five key fundamental security measures that, if done diligently, will be key to building an end-to-end resilient system and reducing network risks.

The five key fundamental security measures are

1) software integrity protection

2) security configuration

3) digital certification management

4) vulnerability remediation

5) product lifecycle management

Take “Security configuration” as an example. To engineer and address the risk brought about by system misconfiguration, we need to break it down into its elements or identify its Work Breakdown Structure or WBS, which is a key step for planning project tasks and allocating resources.

Figure 5 summarizes typical work done to break down “security configuration” into its WBS. While this figure does not depict the complete picture, it does show a deep dive into each piece of work.

One should keep working on breaking it down until the project scope and all the tasks required to complete the project can be visualized in one snapshot.

In conclusion, we have distilled the entire RACE model in detail in this paper. Achieving RACE is key to building resiliency for any organization. The important thing to note is to keep it simple and go back to basics. Build an autoevolving, adaptable security framework based on the strategy that is designed to shape-shift alongside emerging blended, hybrid threats by leveraging on actionable intelligence, building resilience, and fostering collaboration so that individuals, organizations, and nations. Establishing public-private partnerships (PPP) with governmental entities and authorities enables public sector players, such as the UAE Cyber Security Council, to act as the fulcrum for coordinating and pooling resources and intelligence. This will enable our modern society to defend against today’s threat and safeguard one’s digital journey by addressing the challenges of tomorrow’s Age of Intelligence.