Page 1

SPECIAL SUPPLEMENT BY

VO LU M E 0 4 | I S S U E 10 | O C TO B E R 2 0 2 1

CYBER SECURITY

TRANSFORMING THREATS, SOLUTIONS, ROLES Digital platforms and technologies are also transforming nature of threats, vendor driven solutions, and roles of specialists including the CISO. SPECIAL ISSUE


JOIN FUN & THRILL WEEKENDS

BADMINTON CRICKET CYCLING FOOTBALL SWIMMING TENNIS TABLE TENNIS GOLF TEAM BUILDING TASK TUG OF WAR ATHLETIC FITNESS CHALLENGE BOWLING VOLLEY BALL BASKET BALL

O CT 14 - N OV 5, D U B A I

PARTICIPANTS

3000+ SPORTS

15

GEC

MATCHES

150+

CORPORATE CHAMPIONSHIP

Title Partner

Venue Partner

Healthcare Partner

Refreshment Partner

Supporting partner Official Technology Magazine

Wellness Partner

Community Partners

Official Radio Partner

Official Business Magazine

Refreshment Partner

Event Management

COMPANY OF GEC MEDIA GROUP


ent

IA GROUP

MANAGING DIRECTOR TUSHAR SAHOO TUSHAR@GECMEDIAGROUP.COM EDITOR

EDITORIAL

ARUN SHANKAR ARUN@GECMEDIAGROUP.COM CEO

Pandemic takeaways and preparing for rebound As we enter the last quarter of this year, it appears that regional business may finally be on the rebound. Vaccination has worked and cases are on a decline. Social distancing and various protocols are being eased and governments are keen for an economic rebound. Private and public partnerships now need to work together for a revival. Was the pandemic all gloom and doom? It provided an immense amount of learning for executives in the technology solution business as well as business executives who used innovation to pull their enterprises through the challenging pandemic. In the cyber security industry, end users confronted the challenges of remote working and hugely accelerated activity by threat actors. Additional Internet usage and activity put regional and local networks under strain and tested availability and resilience. Despite the turbulence witnessed in recent times, positive outcomes have transpired following the outbreak. The pandemic facilitated a revised security approach, ARUN SHANKAR one that included secure remote access and connectivity Arun@gecmediagroup.com strategies. From an EITC du standpoint, the zero-trust concept introduced was a major paradigm shift. EITC’s Saleem AlBlooshi, points out that network reliance reached its highest ever point in 12 months. EITC du broadened the scope of its IT investments, accelerating in zero-trust, secure access service edge, identity governance, and data security controls, to manage the challenges of the pandemic and preparations for the rebound. As the digital landscape continues to evolve and expand, so do windows of opportunity for hackers and the likelihood of cybersecurity breaches. The question arises as to whether threat actors will be more successful in usage of new technologies like AI and ML or whether CISOs will be able to do a better job in protection. Says Acronis’ Mareva Koulamallah, using AI for behavioral malware is a powerful defense. Using behavioral anti-malware with artificial intelligence has emerged as an important defense against hackers and support for CISOs. Companies should focus on training their workforce with the latest tools and decision makers need to be comfortable using data processing tools. Everyone in an organisation is a potential threat and should be kept informed of risks and how to avoid them. Most of the email-borne threats come from unpatched systems and software which allow for targeted malware attacks. An integrated cyber-protection software allows the disruption of attacks at various stages depending on the type of attack at play. Gartner’s Rajpreet Kaur, recommends to position the enterprise for a secure future by choosing technologies that offer high levels of integration, automation, and orchestration capabilities. Security and risk management leaders must develop a culture of cyber judgment and align this culture with evolving talent needs. CISOs must prioritise customers and market-facing executives including the CFO, CMO, CEO. Security and risk management leaders needs to reframe their security and risk management plans to keep ahead of the challenges. In short, the learning is many and so are future opportunities. Good luck at Gitex 2021 and ahead to all of our audience.

RONAK SAMANTARAY RONAK@GECMEDIAGROUP.COM GLOBAL HEAD, CONTENT AND STRATEGIC ALLIANCES ANUSHREE DIXIT ANUSHREE@GECMEDIAGROUP.COM GROUP SALES HEAD RICHA S RICHA@GECMEDIAGROUP.COM EVENTS EXECUTIVE GURLEEN ROOPRAI GURLEEN@GECMDIAGROUP.COM RONIT GHOSH RONIT@GECMDIAGROUP.COM JENNEFER LORRAINE MENDOZA JENNEFER@GECMDIAGROUP.COM SALES AND ADVERTISING RONAK SAMANTARAY RONAK@GECMEDIAGROUP.COM PH: + 971 555 120 490 PRODUCTION, CIRCULATION, SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM DESIGNER AJAY ARYA ASSISTANT DESIGNER RAHUL ARYA

DESIGNED BY

PRINTED BY AL GHURAIR PRINTING & PUBLISHING LLC. MASAFI COMPOUND, SATWA, P.O.BOX: 5613, DUBAI, UAE

SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM SOCIAL MARKETING & DIGITAL COMMUNICATION YASOBANT MISHRA YASOBANT@GECMEDIAGROUP.COM

# 203 , 2ND FLOOR G2 CIRCULAR BUILDING , DUBAI PRODUCTION CITY (IMPZ) PHONE : +971 4 564 8684 31 FOXTAIL LAN, MONMOUTH JUNCTION, NJ - 08852 UNITED STATES OF AMERICA PHONE NO: + 1 732 794 5918 A PUBLICATION LICENSED BY INTERNATIONAL MEDIA PRODUCTION ZONE, DUBAI, UAE @COPYRIGHT 2013 ACCENT INFOMEDIA. ALL RIGHTS RESERVED. WHILE THE PUBLISHERS HAVE MADE EVERY EFFORT TO ENSURE THE ACCURACYOF ALL INFORMATION IN THIS MAGAZINE, THEY WILL NOT BE HELD RESPONSIBLE FOR ANY ERRORS THEREIN.


Power and protect life online. akamai.com/lifeonline


CONTENTS OCTOBER 2021

23-42

COVER STORY

Acronis Using AI for behavioral malware is a powerful defense Axon Technologies Most critical technology is attack surface identification Barracuda Networks Making robust email-security available to all businesses BCG Using AI to sort 1 million security alerts per week

NEXT GENERATION SOLUTIONS AND BEST PRACTICES FOR CISOS

Cloud Box Technologies CISOs must re-evaluate policies aligning with business Dell Technologies Security should be intelligent, automated, everywhere dU Network reliance reaches highest ever point in 12 months Gartner High integration, automation, and orchestration capabilities Mandiant Arrival of the evolved ransomware attack Milestone Systems Hyper automation is the idea anything can be automated NETSCOUT Threat actors continue to weaponise new attack vectors Nozomi Networks CISOs need to understand convergence of IT and OT Palo Alto Network Rapid cloud migration is creating security gaps Proofpoint Supplier risk, remote working, innovation, top priorities Qualys Cloud based security platforms are must have Sophos Protecting businesses from all types of threats Tenable Disrupting attacks with adaptive user and data profiles Thales Opportunities and threats emanating from quantum computing

03

07-11

13-16

17-21

44-49

50

EDITOR’S PAGE

TRENDS

TOP OF MIND

DEEP DIVE

O CTO B E R 2 0 21

CHANNEL

TRENDS

05


Faster

Exasol - the in-memory database built for analytics.

Speed matters. Rethink what’s possible with the fastest database on the market. For more than a decade Exasol has been helping people and organizations transform the way they use data. Find out more and try for free at Exasol.com 6010_Produce one Exasol page advert.indd 2

08.10.21 13:08


TOP OF MIND

WHY VISIBILITY INTO ENCRYPTION IS BECOMING IMPORTANT Companies need to achieve same level of visibility over encrypted applications and network traffic as they have historically had for un-encrypted traffic.

E

Invest in solutions that have been specifically designed to provide enhanced insight into encrypted network traffic

ncryption is growing at a steady rate. This term that was once associated primarily with clandestine cyber operations has now gone mainstream owing to the popularity of consumer messaging applications such as WhatsApp and Signal. Highlighting the importance of this technology in a cloud-first world, popular collaboration services including Zoom and Microsoft Teams have also incorporated this security feature. And while the technique is undoubtedly beneficial, it can act as a double-edged sword. Encryption can be used by hackers to exfiltrate data or to conceal malware delivery. Moreover, it can lead to a loss of visibility over the network, increasing the risk of malicious activity going undetected. It also reduces the administrators ability to monitor and optimise performance on a per-app or per-user basis. Encryption has become the de-facto standard because it protects data in all states. This includes during transit which is when data is at its most vulnerable. Without encryption, cybercriminals can simply capture network traffic as they see it on the move. On the other hand, encoding the information places it in a black box, effectively making it unfindable and untouchable. In this way, encryption provides peace of mind for organisations. Encryption is increasingly being used by hackers to disguise data exfiltration. This is because it enables them to sneak sensitive information – such as login credentials or financial data – by the companies’ security sensors. After all, IT Will not be alerted to an attack if they don’t have visibility over the contents of the network traffic. The lack of visibility creates challenges in the performance realm as well, as even for the authorised movement of data by employees, the business can see only the opaque transfer of information but not critical performance metrics. Without insight into protocol level metrics of how smoothly the data is moving, or not moving, IT teams can’t identify and resolve problems. It is clear that the drawbacks of encoding centre around visibility. To thrive in a world where encryption is essential therefore, companies need to focus on achieving the same level of visibility and performance management over encrypted applications

CHARBEL KHNEISSER,

Regional Director Technical Sales, META at Riverbed.

and network traffic as they’ve historically had for un-encrypted traffic. This is possible by investing in solutions that have been specifically designed to provide enhanced insight into encrypted network traffic. Such solutions offer numerous benefits. Firstly, they empower operators to see if an application or network performance is slow and needs optimising to maintain user productivity. Secondly, they give them the ability to track, report, and validate the integrity of SSL, TLS certificates. This is a fundamental process for guaranteeing that critical encryption technology is properly deployed and are up-to-date, so that key data is not exposed to malicious actors. It also means IT teams can pick out anomalous activity – such as an expired certificate being used, or unusual or weak cyphers – which may indicate a hackers’ presence. Furthermore, an awareness of the existence of encrypted channels can be powerful in itself. Although operators cannot see the content, they can dig in at either side to establish why the channel exists and if it may be for nefarious reasons. It is paramount for companies to adopt solutions focused on regaining visibility. With these tools in place, they can reap the benefits encoding provides, while mitigating against any risks, in order to maintain strong company performance at a critical stage in the business environment. ë

O CTO B E R 2 0 21

13:08

07


COMPANY OF GEC MEDIA GROUP


TOP OF MIND

DEFENDING APIS IS NOW A TIER-ONE SECURITY PRIORITY An API based application is more exposed than a traditional web-based app because of the way it is deployed, allowing access to sensitive data.

A

72%

said their organisation had suffered at least one security breach from an application vulnerability in the past year

pplications are everywhere, from datacentres to smart phones. Remote working has increased the need for more applications to be exposed to the cloud. Application growth is insatiable. However, Applications are regularly breached - so how do you go about protecting them? Having an understanding to what the threat vectors are is incredibly important in starting to figure out how to wrap your head around AppSec and start protecting your applications. Application security has evolved considerably through 2021. Traditionally, it has always been a major consideration for areas potentially exposed to attack. But working from home has rapidly increased this source CIF. And they are certainly not going away - rather they are growing in capabilities. Add in the fact that 28% of breaches are caused by human error and it is clear that now more than ever we need to make sure no door is left open. Recent research data shows that out of 750 Global customers, 72% said their organisation had suffered at least one security breach from an application vulnerability in the past year, with nearly 40% experiencing more than one. Organisations are moving to an API-first development model as APIs make the development of new versions of applications significantly faster. But therein lies another exposure point. Extending the visibility of these applications creates a whole new attack surface. And if you include Single Page Applications, it’s more than enough to keep you on your toes. There are no humans involved in B2B end point checking, it’s all done by APIs and are all areas of potential threat. Why? Think about it, APIs by nature expose, the application’s logic, the user’s credentials and tokens and all kinds of personal information. All of this is done at cloud speeds and initiated and served to your phone! An API based application is significantly more exposed than a traditional web-based app because of the deliberate way it is deployed, allowing direct access to a host of sensitive data. Organisations love APIs but find it hard for security to keep up. BOTS are in place, ready to jump on unsecured APIs, 24 x

CHRIS HILL,

RVP Public Cloud and Strategic Alliances, Barracuda.

7. Once there, they have access to customer data or employee information that they can compromise however they see fit. There are plenty of examples of test APIs being deployed with direct access to production data with absolutely no security in place. Facebook’s 2018 breach is a case in point but an encouraging statistic from the research showed that 75% say that whilst APIs present security challenges, they are now recognising the risks, which is a positive sign that this area is being taken seriously. Defending APIs is now a tier one security consideration. It is important to consider a comprehensive, scalable, and easy to deploy platform to protect applications wherever they may reside. A web application firewall with Active Threat Intelligence is the most manageable way to protect your applications and in turn APIs from the aforementioned threats. Protecting your organisation against zero-day threats, BOTS, DDoS attacks, Supply Chain compromise, credential stuffing, adding client-side protection as well as internally protecting against malicious employees, should be discussed to avoid joining the 72%. ë

O CTO B E R 2 0 21

09



TOP OF MIND

FOCUS ON BETTER OUTCOMES FROM A SECURITY PROTECTION PROGRAMME Using a predefined practice framework helps to ensure your security programme delivers better outcomes, not just greater capital spending.

W

hen an organisation suffers a data breach or other cybersecurity incident, it is not judged by whether it had a low number of vulnerabilities or if it spent enough on security tools. The question is whether it did the right thing based on its budget, size and needs. Gartner predicts that within three years, 80% of the magnitude of fines imposed by regulators after a cybersecurity breach will be attributable to failures to prove the duty of due care was met rather than the impact of the breach. In the past, cybersecurity priorities and investments were largely based on doing something to avoid an outcome. For example, you might implement a patch management tool to avoid incidents resulting from unpatched security vulnerabilities. This is not the best course of action. Cybersecurity priorities and investments should be based on achieving a set of outcomes that are consistent, adequate, reasonable, and effective, CARE. Gartner introduced CARE as a framework to help organisations assess the credibility and defensibility of their cybersecurity programme. For example, rather than simply confirming the presence of tools and processes to patch vulnerabilities, an organisation should measure outcomes directly related to the level of protection, such as the number of days it takes to update critical systems with critical patches. But because there is no industry standard set of security metrics or KPIs, every organisation needs the flexibility to meet its unique circumstances. Ultimately, these are value judgments. These four characteristics embody myriad opportunities to do what is best for the organisation. Use the framework to ensure your security programme delivers better outcomes, not just

greater spend.

CONSISTENCY METRICS These assess whether security controls are working consistently over time across an organisation. They should be continuously updated, measured, and reported weekly, monthly, or quarterly to demonstrate that they remain consistent. For example: l Third-party risk assessment: The security control could be coverage or the percentage of third parties with a completed risk assessment l Security awareness: The control could be currency or the percentage of employees who have received phishing training in the last X months

CLAUDE MANDY,

Senior Director Analyst, Gartner.

Cybersecurity priorities should be based on achieving a set of outcomes that are consistent, adequate, reasonable, effective

ADEQUACY METRICS These assess whether the controls meet business needs and stakeholder expectations. For example: l Achievement of patching: Percentage of assets regularly patched within a protectionlevel agreement PLA l Achievement of malware update PLA: Percentage of endpoints with anti-malware definitions regularly applied within PLA

REASONABLENESS METRICS These prove that your security controls are appropriate, fair, and moderate, as determined by their business impact and the friction they cause. For example: l Delays and downtime: Average delay in hours when adding new access l Complaints: Number of complaints triggered by a particular security control

EFFECTIVENESS METRICS These assess whether your security controls are producing the desired outcome. For example: Vulnerability remediation: The control could be timeliness, such as average or maximum number of days required to remedy critical security vulnerabilities l Prevalence of cloud security incidents: Number of cloud security issues per year related to cloud configuration issues As a security and risk management leader, it is up to you to contextualise for the audience, drill into detail for specific business units and systems, and link CARE metrics to business outcomes. ë l

O CTO B E R 2 0 21

11


C

M

Y

CM

MY

CY

MY

K


CHANNEL

RNS ranked at 150 amongst top managed security service providers by MSSP alert MSSP Alert, declared RNS Technology Services on the 150th rank amongst the World’s Top Managed Security Service Providers. This achievement has brought RNS another recognition this year. RNS’s prime focus is to provide organisations an opportunity that’s affordable to focus on their core business and enhance their skillset for achieving depth and mastery of their own domain while RNS enhance their security posture and digital footprint. RNS has key technology vendor partners, combined with aiSIEM and aiXDR, a comprehensive cybersecurity management platform that visualises, detects, and eliminates threats

SAMIR CHOPRA, Founder and CEO at RNS Technology Services.

in real-time, with continuous security posture improvement, compliance monitoring and reporting and policy management. Global Delivery Center is the dedicated hub

for detecting new threats, planning mitigation strategies and responding to incidents. Currently, RNS has GDC hubs in India and the Philippines for better coverage and reduced response times. “Our objective is to provide a holistic business-aligned security protection, detection and response control framework focusing on People, Process and Technology. The complexity and sophistication of the new age threats demand a comprehensive model that aims to reduce risk exposure, increase visibility and respond to threats with agility and accuracy, said Samir Chopra – Founder and CEO at RNS Technology Services.”

(Left to right) Nicholas Argyrides, General Manager, Gulf at Mindware and Amer Chebaro, Region Lead, EMEA Emerging Markets at Quest.

Mindware and Quest sign distribution agreement for GCC and Levant Mindware announced that it has been signed on by Quest, a global systems management, data protection and security software provider, as a Value-Added Distributor for the GCC and Levant regions. The agreement will see Mindware promote and distribute the entire suite of the vendor’s offerings that manage, modernise & secure enterprise infrastructure. Since 1987, Quest has been providing software solutions – from Active Directory and Office 365 management, and cybersecurity resilience, to helping enterprises maximise the value of their data. Around the globe, more than 130,000 companies and 95% of the Fortune 500 count on Quest to become data empowered, deliver proactive management and monitoring for the next enterprise initiative, find the next solution for

complex Microsoft challenges, and stay ahead of the next cyber threat. One Identity, a Quest Software business, that helps organisations establish an identity-centric security strategy, was named a Leader in the 2021 Gartner Magic Quadrant for Privileged Access Management. Mindware and Quest will work closely together to build an ecosystem of specialised partners that have the technical proficiency to provide high quality consultancy and implementation services on behalf of the vendor. Partner training and enablement sessions will be a top priority. In addition, Mindware will provide support to partners at the time of conducting POCs. The distributor will run promotions, which include offering free-trial licenses as per the deal size and an incentive programme involving Microsoft LSP partners.

O CTO B E R 2 0 21

13


CHANNEL

Help AG gets F5 Gold Partner status to expand reach inside Saudi Arabia Help AG has been upgraded to F5 Gold Partner status, enabling it to significantly expand its value-added distribution reach in the Kingdom of Saudi Arabia. F5’s Unity+ Partner Programme has been specifically designed to address the evolution of the market, F5 as a business, and partner business models. The programme offers a clear path to success for serving customers with F5’s best-in-class portfolio of products. Help AG supports leading enterprise businesses and governments with strategic consultancy combined with tailored information security solutions and services. The company has been present in the Middle East since 2004 and is firmly established as one of the region’s most trusted IT security advisors. In February 2020, Help AG was strategically acquired by Etisalat, which positioned the business as the cybersecurity arm of Etisalat Digital. “We are thrilled to become an F5 Gold Partner, as the enhanced partnership will bring huge value and benefits to our clients across the Middle East, particularly in Saudi Arabia. Leveraging F5’s comprehensive portfolio, we will provide all-inclusive and integrated multi-cloud application services, information security solutions, and professional advisory services to all business sectors,” said Stephan Berner, Chief Executive Officer of Help AG. “Crucially, we are in our strongest position yet to help organisations in every sector substantively realise their digital transformation ambitions. This includes the ability to safely flex to whatever cloud scenario is needed for the job, including virtual machines, container-native, SaaS, and purpose-built hardware.”

STEPHAN BERNER, Chief Executive Officer of Help AG.

Axis Communications presents smart city solutions at Swedish Pavilion at Expo 2020 Axis Communications will be an official partner of the Sweden Pavilion in the event’s Sustainability District. The theme of the Sweden Pavilion is Co-creation for Innovation, and as part of this, Axis will present solutions for smart cities, where the combination of technology and data allows authorities to understand and manage key areas of urban life, helping city authorities ensure community safety while also meeting their sustainability goals. With smarter and safer cities as a goal for many countries in the Middle East, local governments are driving the increased adoption of IP-based security and surveillance solutions. With its extensive portfolio of innovative products and services, and collaboration with key government entities, Axis is playing a crucial role in advancing smart city agendas across the region. The company’s open platform also allows for easy integration between many different technologies and IoT devices on a single platform, which helps mitigate one of the major challenges in smart city projects. Besides participating in the exhibition by displaying Axis network solutions for improved security, Axis will also be responsible for video surveillance, access control and intercoms, as part of the broader security infrastructure, for the Sweden Pavilion. By merging technology and data, Axis’s solutions for the future empower city authorities to better understand and manage key areas of urban life, including the environment, mobility, and public safety, ultimately creating better cities to live in. Axis will also be hosting high-impact events during the expo, touching on topics like dependable technology for a changing world and the power of partnership. Interact with the Axis team, explore innovation, and create opportunities at the World Expo 2020 www. expo2020.axis.com

14

O CTO B E R 2021

ETTIENE VAN DER WATT, Regional Director, Middle East & Africa at Axis.


CHANNEL

(Left to right) Moe Bux, Sales Director, Credence Security; Adhish Pillai, Practice Lead Cybersecurity, Finesse Direct; Marie Ah-Choon, Channel Executive, Credence Security; and Garreth Scott, Managing Director, Credence Security.

Zero Trust vendor ColorTokens partners with Finesse providing visualisation of IT infrastructure In a move to empower Middle East businesses with a fresh approach to coping with the escalating number of cyberthreats, ColorTokens, an innovator in Zero Trust-based cybersecurity solutions, has partnered with Finesse, a Dubai-based Information Technology, IT, system integrator. The Covid-19 pandemic has driven organisations to fast-track their digital transformation initiatives and embrace cloud solutions to adapt to the new normal. However, the digital shift has given rise to the proliferation of data breaches and ransomware attacks in 2020. The UAE alone saw a 250% increase in cyberattacks, targeting businesses across multiple sectors. This sharp increase in cyber incidents has prompted customer demands for a fresh approach to security. ColorTokens offers an integrated approach to understanding and mitigating cyberthreats across networks, endpoints and applications through its award-winning Xtended ZeroTrust Platform, which comprises Xshield, Xprotect, and Xaccess. ColorTokens enables organisations to accurately assess and drastically improve their security postures, ensur-

ing cyber-resiliency across cloud and hybrid environments. Xaccess, the newest addition to the Xtended ZeroTrust Platform, is ColorTokens’ solution for Zero Trust secure access for remote employees, third parties, or contractors from distributed locations as they connect with their cloud or datacentre-based applications or data. Like Xshield and Xprotect, Xaccess is infrastructure-agnostic and cloud-delivered to support unlimited, scalable access control regardless of resource and end-user location. With this partnership, Finesse can give regional customers the ability to instantly visualise and segment their entire IT infrastructure, proactively protect endpoints, and contain and respond to zero-day attacks, all while seamlessly integrating with existing security tools. Finesse specialises in delivering bespoke digital solutions around Business Intelligence, BI, analytics, Robotic Process Automation, RPA, blockchain, security and more, to over 300 customers across sectors such as Banking, Financial Services and Insurance, BFSI, education, energy, healthcare and public sector among others.

O CTO B E R 2 0 21

15


CHANNEL

CyberKnight partners with Appgate to distribute Zero Trust solutions in Middle East

To address customer challenges related to secure network access, CyberKnight has signed an agreement with Appgate, the secure access company, to distribute Appgate SDP, an industry-leading Zero Trust Network Access solution, in the Middle East. Appgate SDP offers scalable, secure access across cloud, legacy, hybrid and IoT environments to enable digital transformation, reduce risk and improve user experience for its customers. Appgate SDP’s comprehensive, enterprise-grade feature set makes resources invisible, strengthens access controls and simplifies network security. Appgate was recently named a Leader in The Forrester New Wave: Zero Trust Network Access, Q3 2021. Appgate received a differentiated rating, the highest possible, in six criteria, including deployment flexibility, non-web and legacy apps, ecosystem integration, client support, connector capabilities and product vision. “Current remote access methods, like VPNs, are dated. Furthermore, attacks are becoming more advanced and multi-faceted, so organisations increasingly need a multi-layered approach to combat them. We are excited to join forces with Appgate to offer Middle East customers with a market-leading ZTNA solution that provides

AVINASH ADVANI, Founder and CEO at CyberKnight.

dynamic, identity-centric, context-aware precision access, reducing the attack surface by making resources invisible while enabling business agility at scale,” commented Avinash Advani, Founder and CEO at CyberKnight.

Trend Micro launches Partner Demand Programme WeDiscover across MENA Trend Micro has launched its Channel Partner Demand Generation Programme, WeDiscover with a focus to strengthen its market presence across the Middle East and North Africa, MENA, region. The programme is designed to help partners leverage Trend Micro solutions while helping them differentiate their services, build new security expertise, and grow profitable businesses as they meet customers’ needs in a dynamic security market. The evolved demand generation initiative provides a well-designed framework for channel partners to identify unexplored markets, investigate newer revenue streams and accelerate sales. We Discover Programme highlights: l Robust commitment from Trend Micro: Seamless collaboration among Business Management, Sales, Marketing, and technical teams

16

O CTO B E R 2021

with the committed partners. In addition to the flexibility to choose from a range of Trend Micro solution portfolios to effectively generate opportunities. l Maximise partner opportunities: WeDiscover programme helps partners to identify opportunities and close the deal within a period of 180 days. l Empower partner success: Comprehensive marketing tools, co-branded collaterals, and digital marketing support for the partner to assist end-to-end customer journey effectively. l Earn Rewards & incentives: Motivate partner’s team members with exciting merchandise via TrendSetter partner incentive programme, WeDiscover Tools, Online rewards payouts, enablement programmes and Solution Offering Packages.



TRENDS

56% of biggest cyber incidents linked to web applications according to F5 report Web application exploits are the biggest cybersecurity risk facing organisations today, according to new research by The Cyentia Institute. The conclusion forms part of a new— and first of its kind—F5 Labs-sponsored report entitled The State of the State of Application Exploits in Security Incidents. Drawing heavily on the Cyentia Research Library as well as input from a range of other datasets, the report is the industry’s most comprehensive multi-source analysis yet of both the frequency and role of application exploits. A key driver behind the report’s publication is to progress how the cybersecurity industry as a whole uses disparate piece of research to piece together the bigger picture. In the report, The Cyentia Institute found that 56% of the biggest cybersecurity incidents from the past five years tie back to some form of web application issue. Responding to

RAYMOND POMPON, Director of F5 Labs.

these incidents cost more than $7,6bn, which represents 42% of all financial losses recorded for extreme cyber loss events. Web application attacks were also the leading incident pattern among data breaches for six of the last eight years.

In addition, The Cyentia Institute discovered that the average time-to-discovery for incidents involving web application exploits was 254 days – significantly higher than the 71-day average for other extreme loss events that were studied. 56% of all known losses for the largest web application incidents over the last five years were attributed to state-affiliated threat actors However, one of report’s most eye-catching discoveries was that 57% of all known losses for the largest web application incidents over the last five years were attributed to state-affiliated threat actors. This alone caused $4,3bn in damages. The data and reports analysed by The Cyentia Institute also revealed a consensus on key recommendations for security measures, which The Cyentia Institute summarises as, fix your code, patch your systems, double up your creds and watch your back door.

One in three industrial computers subject to malicious activity in H1 2021 says Kaspersky According to Kaspersky ICS CERT, almost one in three industrial computers was subject to malicious activity in H1 2021. During the first half of 2021, cybercriminals intensively used various types of spyware and malicious scripts while performing their attacks. These types of threats are growing for the second six-month period and pose a big challenge to industrial control systems. Attacks against industrial organisations are particularly dangerous as cybercriminals might steal data and money and disrupt the established system of production. An increase in the diversity of threats to such networks indicates the growth of the attackers’ interest in them and, consequently, an increase in the need to reliably protect them. According to the Threat Landscape for Industrial Automation Systems Report, Kaspersky security solutions blocked over 20,000 malware

18

O CTO B E R 2021

variants during the first six months of 2021. To find out more about how the ICS threat landscape changed during the reporting period, Kaspersky researchers analysed various types of malwares used during cyberattacks against industrial systems. They subsequently found that the percentage of spyware and malicious scripts used against ICS has grown continuously over the past half a year. In fact, spyware Trojan-Spy malware, backdoors and key loggers, which is mostly used to steal money, are up by 0.6% in the United Arab Emirates. At the same time, malicious scripts grew by 2.7%. Threat actors use such scripts on various websites hosting pirated content to redirect users to sites which distribute spyware or malware designed to mine cryptocurrency without the user’s knowledge.


TRENDS

Bad Bots account for staggering 40% of Internet traffic according to Barracuda Once used primarily by search engines, automated bots now account for nearly twothirds of all Internet traffic. This is according to new research by Barracuda, which found that bad bots, which carry out a range of malicious activities including web and price scraping, inventory hoarding, account takeover attacks, Distributed Denial of Service, DDoS, attacks, and more, now account for a staggering 40% of all Internet traffic. Over the last year, owing to lockdowns and a growing emphasis by organisations on offering digital services, consumer’s utilisation of online shopping and other online services has skyrocketed. Attackers have been quick to attempt to exploit this popularity and Barracuda’s researcher found that eCommerce applications and login portals are now most targeted by advanced persistent bots. While the Internet activity of bad bots now exceeds that of humans, attackers have been developing these automated programs

in a manner that mimics human activity. Most notably, Barracuda’s research found that bad bot behaviour peaks during work hours, closely mirroring trends in human Internet utilisation. This is in sharp contrast to good bots are not trying to circumvent security defences and therefore maintain traffic rates that are fairly constant through the day. Though the rise of public cloud has had an undeniably positive impact, it has also empowered cybercriminals. Barracuda’s research shows that most bot traffics now comes for the two large public cloud providers, Amazon Web Services, AWS, and Microsoft Azure, in roughly equal measure. Barracuda’s report titled, Bot attacks: Top Threats and Trends, Insights into the growing number of automated attacks, explores emerging traffic patterns, live examples of bot behaviour and detection, and the steps organisations should take to protect their business.

Malware software trick users into executing it.

Kaspersky observes campaign to distribute dropper that executes malicious programme Even with more ways to play games, from new consoles to in-browser options and mobile games, demand for Personal Computer, PC, games persist. So does a gamer’s desire to play them for free, often by finding and downloading cracked versions of games. However, such shortcuts often come at a cost, with users installing dangerous malware instead of the desired game. Sometimes, cybercriminal groups go as far as setting up a network of websites, which are meant entirely for distribution of such malware, as was the case in the latest campaign discovered by Kaspersky. Kaspersky researchers observed a massive, well-coordinated campaign, which distributed a dropper, a program that secretly executes a malicious program, dubbed Swarez. The dropper was delivered through dozens of fake warez websites, platforms that specialise in free distributed copyrighted materials, which are considered to violate copyright law.

Owing to lockdowns attackers are quick to exploit.

These websites distributed malware under the guise of cracks for different software, including anti-malware, photo or video editing software, and fifteen popular computer games. Users in 45 countries across the world were attacked by such files disguised as games. After a chain of redirects from the warez website, the users downloaded a ZIP archive with password protected ZIP file and a text document with the key to unpack it. The installation process looked complicated enough for users to be tricked into thinking they were installing the game they were looking for. In reality, the users downloaded the Swarez dropper, which, in turn, decrypted and executed a Taurus Trojan-Stealer, a paid stealer, which has many functions and is flexible and configurable. The malware is capable of stealing cookies, saved passwords, autofill data from browsers, and data related to crypto wallets. It gathers information about the system, .txt files from the user’s desktop and can even take screenshots. One of the concerning aspects of the campaign was how easy it was to reach the right targets. Cybercriminals optimised their websites for specific search keywords, and in some cases, managed to get their malicious sites into the top three results of popular search engines.

O CTO B E R 2 0 21

19


TRENDS

86% believe IT security in UAE has skills necessary to handle challenges, Citrix survey 82% of Information Technology, IT, decision makers working in banks and financial service institutions, FSIs, in the UAE are under pressure to level up their security protocols, according to new research from Citrix. This comes as 72% see IT security risks in the industry increasing since the start of the COVID-19 pandemic. Employees are most likely to be pressurising their organisation to increase security, with 67% of IT pros reporting pressure from this group, followed by customers, 48%, then government 45%, and shareholders, 31%. Perhaps in response to these demands, 66% of respondents report that security has become a priority in their organisation over the past 18 months. They join the further 31% who report that it has been a priority for years. However, despite the increase in cyberattacks and the changing demands and pressures upon them; 95% of IT decision makers claim they are comfortable with their IT security provisions, with 25% of those saying they are very comfortable. 86% also believe that the IT security teams in their organisations have all the skills necessary to handle challenges. This confidence may come, at least in part, from the fact that many organisations are replacing their traditional Virtual Private Network, VPN, solutions with Zero Trust, cloud-based services. 46% of respondents have already implemented this, with another 49% planning to do so in the next 12 months. A further 6% plan to follow suit in the longer term. The biggest drivers behind this decision are improving end user experience, 42%, having an agile and secure remote work strategy, 39%, consolidating multiple point products, 36%, and more on-premises solution to the cloud, 35%. In addition, 90% of IT decision makers report that they are satisfied with the digital workspace solutions their organisation has used to support remote work, over the past 18 months. 54% of respondents implemented these digital workspace solutions in response to the mandate to work from home in March 2020, while a further 42% already had them in place prior to the pandemic. The remaining 4% plan to provide their teams with digital workspace solutions in the future. Of the other technologies that organisations have in place to support remote working, the popular are virtual desktops and apps, 67%, video conferencing, streaming, 62%, and emails, 57%. Whilst the majority of IT decision makers feel they have the right teams in place to support their organisations’ current security posture, there may be challenges on the horizon. 87% of respondents admit that they will need to hire externally to get the right skills in the future, and 87% feel that at some point, IT security teams in their organisation will need to be entirely reskilled. Additionally, the research uncovers some gaps in wider security training for employees of banks and FSIs. 31% of respondents say that security training for all employees at their organisation is provided less than once a year, with 1% admitting it is provided every six years or less.

AMIR SOHRABI, Area Vice President for Emerging Markets, Citrix.

20

O CTO B E R 2021


TRENDS

34% of UAE SMBs chose to preserve jobs as top priority according to Kaspersky A recent Kaspersky survey on the challenges facing small and medium businesses at the beginning of the pandemic reveals preserving jobs was the top priority for almost a third of organisations across the UAE 34%. However, the most prioritised challenge was the introduction of new technologies to ensure the smooth running of business under these new circumstances 62%. Studies show that business performance is directly impacted by employee satisfaction. During the pandemic, work satisfaction and engagement among employees became more crucial than ever before, especially for small businesses affected hard. A strong team is more likely to be resistant to the crisis and better able to cope through lockdown, risks of infection and uncertainty about the future. As a result, team retention has become a priority for companies,

even though many have faced budget cuts 46%, reduced pay or working hours 42%, or temporarily closed offices or branches 42%. The same holds true today, with 42% of organisations planning to increase personnel costs such as wages and benefits in the coming year. Bringing salaries up to the pre-COVID-2019 level or even increasing them should help businesses retain talent, negating the need for recruitment. The preservation of jobs and employee satisfaction, among other factors, were dependent on how employers adapted to new and extreme working conditions. As such, the top priority for most companies 62% was to provide staff with new technologies, equipment, communication and collaboration services to switch business from offline to online and let employees work remotely or in a hybrid model.

Kaspersky detects 1,500+ fraudulent resources aimed at crypto investors, crypto mining Since the beginning of the year, Kaspersky has detected more than 1,500 fraudulent global resources aimed at potential crypto investors or users who are interested in cryptocurrency mining. During this period, the company also prevented more than 70,000 user attempts to visit such sites. The most common schemes used by cybercriminals included: * Creating fake cryptocurrency exchange websites: in this case, the user is allegedly given a coupon for replenishing an account on a crypto exchange. However, to use it they

must carry out a verification payment of usually no more than 0.005 bitcoin about 200 US dollars, which becomes the cybercriminals’ profit * Sending messages about fake sales of video cards and other equipment for mining: to purchase equipment, the user needs to make an advance payment. After providing it, the author of the ads stops communicating * Creating phishing pages with various content to steal private keys, which allow cybercriminals to gain access to all digital assets associated with a crypto wallet. Typically, cybercriminals locate sites in popular domain zones: .com, .net, .org, .info, as well as in zones where domain acquisition is cheap:. site,. xyz, .online, .top, .club, .live. A distinctive feature of phishing and other types of cryptocurrency fraud is the high level of detail on phishing websites. For example, on fake crypto exchanges, real data, such as bitcoin rates, is often loaded from existing exchanges. Attackers understand that people who are investing or are interested in this area are often more tech-savvy than the average user. Therefore, the cyber crooks make their techniques more complex in order to get data and money from these people.

O CTO B E R 2 0 21

21


Protecting Your Information

OUR SOLUTIONS Email Security, Archiving, Business Continuity

Digital Risk Protection / Brand Protection

Encrypted USB Drives / Cloud Storage

Data Classification & DLP

SIEM / Threat Intelligence Feed

DNS Security / Network Access Control

Managed Secure File Transfer (SFTP)

Privileged Access Management (PIM/PAM)

Network Monitoring & Configuration Management

Hardware Security Module (HSM) / Encryption

PKI for IoT & OT / MFA / IAM

Insider Threat Monitoring / Prevention

Endpoint Security / EDR / Ransomware Protection

Robotic Process Automation / Workload Automation

Zero Trust / Deception Technology

SSL Certificates / Digital Signatures

Cybersecurity Training and Simulation Platform

DDoS Protection / WAF

Enterprise Mobility Management (EMM/ MDM)

Web Application Vulnerability Scanner

Meet The Team


COVER STORY

NEXT GENERATION SOLUTIONS AND BEST PRACTICES FOR CISOs Top cyber security executives look at next generation solutions and recommendations for CISOs.

O CTO B E R 2 0 21

23


COVER STORY

ACRONIS

Using AI for behavioral malware is a powerful defense Using behavioral anti-malware with Active Protection with artificial intelligence has emerged as an important defense against hackers and support for CISOs.

A

cronis has developed a unique and holistic approach to cyber protection composed of five vectors: Safety, Accessibility, Privacy, Authenticity and Security SAPAS. Data protection or cyber security alone are not enough anymore. SAPAS allows for a well-rounded comprehensive protection experience going beyond traditional backups or classical Antivirus solutions which only focus on one part of the issue. For IT users working to modernise their cyber protection, it’s time to rethink digital defenses in order to avoid cyber threats and data loss. Abandoning traditional solutions and approaches can be a difficult thing to do but maintaining an IT infrastructure which is protected, is even more technically and financially challenging without the right protection. Outdated strategies and products are no match for today’s requirements. Both businesses and individuals need to evolve to cyber protection in order to anticipate and defeat cyber-attacks. That is why behavioral anti-malware like the one found in our products, with Active Protection, and powered by artificial intelligence AI, has emerged as an important defense against hackers and a great support to CISOs’ fight against cyber threats. Active Protection uses both AI and machine learning to identify malware by how it behaves, it looks for suspicious activities, as opposed to only matching it against a known threat database. The way we work, connect, and communicate has changed dramatically. Businesses must support IT solutions for employees in traditional office environments as well as those working from home. Remote work tools are a common and growing target for cybercriminals. Vulnerabilities in these tools may present an attack vector that allows cybercriminals to skim transferred data, inject code, or even access corporate systems through a backdoor. Companies mostly base their key decisions on data and the need to trust this data. Cybercrime is a growing threat, but because people

24

O CTO B E R 2021

FOR

MAREVA KOULAMALLAH,

Head of Marketing and Communications Middle East and Africa, Acronis

Everyone in an organisation is a potential threat and should be kept informed of risks and how to avoid them are becoming more cautious, cyber criminals are using smarter approaches as well. There is organised crime for physical attacks and there are now organised crimes for cyber-attacks as well. Most of the email-borne threats come from unpatched systems and software which allow for targeted malware attacks. An integrated cyber-protection software allows the disruption of these attacks at various stages depending on the type of attack at play, by providing an in-depth defense. First, users need patch management to help ensure that the software is

CISOs Companies should focus on training their workforce with the latest tools and decision makers need to be comfortable using data processing tools as well, in order to not rely on staff for analysis. It is not only a matter of security experts and IT professionals. Everyone in an organisation is a potential threat and should be kept informed of risks and how to avoid them.

up to date, if the attack still happens, it will stop the malware from running using both a traditional signature-based approach and a modern AI-based detection. Finally, if none of the protections work and if the data is still encrypted, it can be recovered from a secure remote backup. The main challenge in cyber security is that too many things are happening at once. Technologies that will solve the problem either by integrating segregated products under common management and reporting, by providing AI-based automated incident response, or better sorting the incoming flow of security alerts and removing false positives will have a significant impact on cyber protection. ë


COVER STORY

AXON TECHNOLOGIES

Most critical technology is attack surface identification The most significant change is organisations have extended attack surfaces outside of their control and more cloud is used, the more points to attack are presented.

A

xon Technologies offers a holistic approach to cybersecurity by considering the complete Threat Landscape and then scoping the solutions to fit. Axon can move forward with a predictive intelligence-driven and resilient cyber defense service customised to the organisation’s needs and goals. There are inherent dangers with the cloud, it’s not yours to start with, and nothing around it is yours or in your control, overlooking that the improvements provided by the cloud are lower cost to operate and increased speed to deploy. As for AI and analytics, Cognitive Insight. The ability to use new data to make predictions to improve performance and in real-time detect patterns in vast volumes of data and interpret their meaning, such as fraud and other misuses. The most significant change seen is that organisations have extended their attack surface outside of their control; the more cloud is used, the more points to attack are presented to Threat Actors, making their work easier. On top of that, organisations send internal assets into end users’ homes, making an assault on them even more readily available. This extended attack surface includes remote access points VPN and portals. The increased volumes of breaches and attacks against them are now well documented. Firstly, increased cyber hygiene; is an overlooked area responsible for the vast majority of attacks and breaches. The second area is to significantly increases visibility across all digital domains within the organisation. The more visibility granted; the greater security is increased. This visibility allows for better insights into business alignment, resulting in improved performance and attainable and deliverable goals back to the Board. One of the most critical technologies needed is attack surface identification, com-

FOR

DAVID BROWN,

Security Operations Director, Axon Technologies

There are inherent dangers with the cloud, it’s not yours to start with, and nothing around it is yours or in your control

CISOs Firstly, increased cyber hygiene; is an overlooked area responsible for the vast majority of attacks and breaches. The second area is to significantly increases visibility across all digital domains within the organisation. The more visibility granted; the greater security is increased. This visibility allows for better insights into business alignment, resulting in improved performance and attainable and deliverable goals back to the Board.

monly known as Digital Footing. This thinking is mirrored by companies such as Microsoft. They acquired the global attack surface identification and management leader to secure their accelerated digital transformation challenged by the increasing frequency of cyberattacks. The more organisations move to a remote workforce, cloud, distributed cloud, and mesh cloud, the more they increase their attack surface. This increased threat space must be known, visible, managed, and kept current. ë

O CTO B E R 2 0 21

25


COVER STORY

BARRACUDA NETWORKS

Making robust email-security available to all businesses There are multiple areas in the wake of the pandemic that warrant more attention as part of any effort to proactively reduce the total number of incidents.

C

ybersecurity is essential. But at Barracuda we believe that the key challenges CISOs face with security solutions - complexity, cost, management overheads and the negative impact they could potentially have on end user experience and productivity – are all avoidable. This was the premise on which Barracuda was started as our mission was to make robust email-security available to all businesses. We have since expanded on this and today, our mission is to protect and support our customers for life. In line with this, Barracuda provides over 200,000 customers with easy, comprehensive, and affordable solutions for email protection, application and cloud security, network security and data protection. Social engineering attacks: An average organisation is targeted by over 700 social engineering attacks each year of which phishing accounts for the large majority 49%, followed by scamming 39%. The majority 43% of these phishing attacks impersonate Microsoft, while WeTransfer 18%, DHL 8% and Google 8% are also popular brands with attackers. Email remains a top threat vector as 1 in 10 social engineering attacks is business email compromise BEC. Ransomware: Barracuda researchers saw a 64% increase in attacks, year over year with attacks on corporations and businesses making up over half 57% of all ransomware attacks. The cost of ransomware is also increasing as 8% of the incidents had a ransom ask less than $10 million, and 14% of the incidents had a ransom ask greater than $30 million. Automated attacks on applications: Organisations are struggling with bad bots, broken APIs, and supply chain attacks. In our recent ‘The state of application security in 2021’ study, we found that on average, organisations were successfully breached twice in the past 12 months as a direct result of an application vulnerability. 44% of respondents said bot attacks con-

26

O CTO B E R 2021

FOR

TONI EL INATI,

RVP Sales, META and CEE, Barracuda Networks

72%

of respondents said bot attacks contributed to a successful security breach that exploited a vulnerability in the organisation’s applications

CISOs Cybersecurity is essential. But the key challenges CISOs face with security solutions - complexity, cost, management overheads and the negative impact they could potentially have on end user experience and productivity – are all avoidable.

tributed to a successful security breach that exploited a vulnerability in the organisation’s applications. Businesses are struggling to keep up with the pace of these attacks, particularly newer threats like bot attacks, API attacks, and supply chain attacks, and they need help filling these gaps effectively. There are two areas in the wake of the COVID-19 pandemic that clearly warrant more attention as part of any effort to proactively reduce the total number of incidents that any cybersecurity team needs to manage. ë


COVER STORY

BCG

Using AI to sort 1 million security alerts per week

Sorting through 1 million alerts per week is simply not a human problem and AI and machine learning are the only hope to help drowning security teams.

W

ith so many threats and so few resources, any tech that helps security teams focus on security and not overhead or noise are very welcomed: Cloud, AI, and analytics are three such examples. Our large clients are managing 100-150+ different cyber solutions. That is a lot of integration and device, application overhead that cloud deployments help in terms of lessons learnt. Likewise, as large clients are swamped with millions of security alerts, AI and analytics are helping to comb through. Threat actors continue to improve their business models, especially with ransomware. When ransomware first made a big splash 5+ years ago, the business model was simple: hit as many victims as possible, as fast and as automated as possible, with low ransoms that most would be willing to pay. Today there is an entire criminal ecosystem around ransomware, with separation of duties between developer, attackers, negotiators. Victims are being targeted in customised ways including recruiting insiders; large ransoms are being negotiated in ways that feel more like eBay auctions or customer service chats and defenders are scrambling to fight back. Investments can then be ranked and put on a roadmap according their ability to move you from your current state to the target state as informed by the board’s risk tolerance. The average cyber-security team at our large clients must handle ~1,000,000 security alerts per week. In that sea of alerts, they must identify the ~4 incidents that warrant further investigation. It is therefore no wonder that mean time to identify attackers inside the network hovers over 200 days. Sorting through 1 million alerts per week is simply not a human scale problem. AI and Machine Learning are the only hope to help drowning security teams and, in many organi-

FOR

SHOAIB YOUSUF,

Partner, Boston Consulting Group BCG.

It is therefore no wonder that mean time to identify attackers inside the network hovers over 200 days

sations, it is already making an impact. The most mature organisations measure response time in minutes and not hundreds of days. Still, AI is a triple-edged sword. In addi-

CISOs CISOs need to develop an asset inventory for their respective organisations. At early maturity levels, take a pragmatic approach to focus on inventorying and protecting the most critical assets – the crown jewels. The board must set your overall risk tolerance, which should then inform decisions on which assets and which threats to prioritise. Then do a thorough assessment, asking tough questions, and not merely checking boxes. This should give you an honest view of your current position.

tion to being a resource for defenders, AI is also a tool for attackers and a new kind of business asset that needs special protection. The cybersecurity arms race between defenders and attacks shows no signs of slowing down. ë

O CTO B E R 2 0 21

27


COVER STORY

CLOUD BOX TECHNOLOGIES

CISOs must re-evaluate policies aligning with business As companies move towards digital transformation to improve business, they cannot ignore security needs and will have to take essential decisions.

C

loud Box Technologies provides IT Solution to large Corporates, government and BFSI sectors with years of technical expertise in Middle East and Africa since its inception in 2010. To provide the right solutions the company has partnered with global vendors. Over a period of time, it has grown and developed four distinct business units catering to solutions for Cloud Services, IT Infrastructure, Security and software and Managed Services. The present-day scenario has given in-depth experience where Cloud Box Technologies has seen several organisations migrating to the Cloud to be able for gather additional speed in adapting to Cloud based business operations. Organisations are taking conscious and strategic decisions to implement easy to deploy solutions that will enable them to manage business from anywhere in the world. AI and ML have transformed the way organisations can forecast businesses which enables to them to process millions of data which also help in providing vital insights as well as provides them the possibility to help them made predictions for business growth and operations. Also, AI-powered analytics guides CISOs to put in place a strong strategy for an effective and proactive security planning and response. The pandemic has pushed organisations for early adoption of technologies and has hastened the process to embrace digital transformation and IT,OT convergence which are under pressure to be put into place at a faster than normal pace. The situation has also ensured that security has become paramount with quicker security preparation and controls as required. The cyber threat landscape has increased where cyber criminals are becoming more creative and are making quick changes to their strategies on a regular basis. It calls for organisations that are challenged to step-up their cyber stance and ensure that they are continuously evolving with the current landscape.

28

O CTO B E R 2021

FOR

SAJITH KUMAR,

General Manager, Enterprise at Cloud Box Technologies.

AI and ML have transformed the way organisations can forecast businesses which enables to them to process millions of data What is also evident is that the situation has brought to the forefront how business leaders must be aware of how the business can be impacted without proper security policies in place and work closely with CISOs to have strong security practices and processes in place. As companies move towards their digital transformation goals to improve business and make it more efficient, they cannot ignore the security needs. CISOs must re-evaluate their security policies to ensure they are aligned with today’s business and cyberthreats. They will

CISOs Along with board members, CISOs are required to focus on different aspects including, securing cloudbased infrastructure, instill a strong cybersecurity culture across the organisation, have a strong and secured infrastructure to support remote work culture and build on cyber resiliency to future proof the organisation.

have to take essential decisions and look for new and innovative tactics to create a security strategy that fits their business needs. Technologies to watch out in next 24 months include, Cloud and Infrastructure centric solutions including, Hyperconverged infrastructure, Collaboration and Instant Messaging, Big Data, IOT and Edge Computing and 5G networks. While under Information Security, there is expected growth of Cloud security, Artificial Intelligence, Virtual Reality VR, Augmented Reality AR. Some of the security software that will see growth will include Digital Forensic Analysis AI and Machine Learning for real-time Threat Management Solutions of the technologies, Robotic Process Automation RPA which will drive the business moving forward. ë


COVER STORY

dU

Network reliance reaches highest ever point in 12 months EITC has broadened scope of its IT investments, accelerating in zero-trust, secure access service edge, identity governance, and data security controls.

D

igital transformation has been crucial for enhancing the security and resilience of networks for UAE enterprises. Today’s digital landscape comes with various new threat vectors, and having the countermeasures required to address and dispel them is essential. EITC has always been committed to ensuring enterprise customers acquire services that measure up to the highest security standards. Advancements in the digital world have further empowered the organisation to fulfil this obligation, backed with the latest industryleading, state-of-the-art security controls that provide UAE enterprises with secure, reliable, and constantly accessible services. Upon reflection, EITC has not left any stone unturned in relation to security for enterprises. This approach has positioned the company at the forefront of security and privacy not only for enterprises, but also subscribers and EITC service delivery platforms. Looking ahead, EITC will continue with its enduring quest to upscale security posture and further restrict new and emerging threats. Despite the turbulence witnessed in recent times, positive outcomes have transpired following the outbreak, including enhanced network infrastructure security. The pandemic facilitated a revised security approach, one that included secure remote access and connectivity strategies. From an EITC standpoint, the zerotrust concept introduced was a major paradigm shift in terms of the company’s thought process. This served as a critical foundation for taking effective and decisive measures to develop an enhanced security posture on multiple fronts, with user identity, multi-factor authentication, posture-based admission control, and various network segmentation strategies all upgraded. Efforts in this direction were also complemented by continuous awareness and security posture analysis efforts, which enabled EITC to fulfil its ongoing compliance lifecycle vision and ensure network infrastructure is more

FOR

SALEEM ALBLOOSHI,

Chief Technology Officer, du.

secure than ever. In addition to more robust security controls and CICD pipelines, micro-segmentation, and container security controls, DEVSECOPS principles and cloud access security broker CASB and application programming interface API security gateways will also be prominent security control mainstays. It is important to appreciate that traditional network security controls have already been commoditised, which is an implicit factor in any modern IT architecture design. As the digital landscape continues to evolve and expand, so do windows of opportunity for hackers and the likelihood of cybersecurity breaches. Network reliance has reached its highest ever point over the last 12 months with people and businesses operating virtually, and the probability of such scenarios transpiring has further exacerbated consequently.

CISOs

Considering that digitisation and digitalisation are the prominent trends in the industry today, it is likely that application-related security controls will be among the network security technologies driving transformation for IT security organisations in due course. It is a near certainty that this scenario will transpire, especially when the features and functionalities that these solutions include are considered.

As such, EITC has broadened the scope of its IT investments, accelerating timeframes in several areas, including zero-trust, secure access service edge SASE, identity governance, and data security controls. The last year has witnessed vendor technology landscape reform in terms of integration prioritisation, with vendors adapting to recent operating environment changes by converging various capabilities into one integrated solution. Success here will ensure vendors provide customers with the freedom to choose what features they require based on specific threat vectors and cost considerations and projections. ë

O CTO B E R 2 0 21

29


COVER STORY

DELL TECHNOLOGIES

Security should be intelligent, automated, everywhere For security organisations, growing their expertise and being equipped with enhanced offerings, they must address increased concerns amongst end users.

T

oday’s exponential data growth, rise of multi-cloud strategies and modern applications have created new challenges requiring businesses to ensure that every part of their organisation is protected. Dell Technologies works closely with regional CISOs and IT managers to identify potential vulnerabilities with its industryfirst essential infrastructure solutions from the edge to the core to the cloud for safety and security transformation. Applications that previously required human intelligence, including data analytics, complex processing, and visualisations are now augmented by powerful AI,ML and analytics, allowing for quick turnaround and response time. AI,ML are equipped to identify vulnerabilities and mitigate potential security breaches, as they can detect patterns and isolate critical data from ransomware and other sophisticated threats. In addition to helping CISOs become more efficient at deterring future attacks, these algorithms give new insights and allow businesses to move forward with confidence. Over the last 12 months, the scale, sophistication, and modus operandi of cyberattacks has increased greatly, calling for a modernised approach to cyber resiliency. There has been increased incidents of cyberattacks with employees becoming targets of ransomware, malware and phishing links. CISOs have increased investment in cybersecurity and strived to maintain cyber hygiene to tackle these threat actors. Organisations have had to set in place remote security plans including multi-factor authentication, and also train their employees on the safe security practices of working remotely and using new platforms. With the increased adoption of cloud, organisation have also had to make sure that they are wary of misconfiguration, unauthorised access, and migration issues by having set cloud security

30

O CTO B E R 2021

FOR

MICHEL NADER,

Senior Regional Director, Data Protection and Cyber Recovery Division, MERAT, Dell Technologies.

strategies in place. In this new normal, security should be intelligent, automated, and built into everything, everywhere - especially now with increasing remote workforces. For end user security organisations, growing their expertise and being equipped with enhanced cybersecurity offerings to address the increased concerns among end users is essential. Advances in big data analytics, artificial intelligence, machine learning and data security will impact products and solutions for

CISOs

CISOs need to have both proactive risk and defense strategies, as well as incident response and recovery set in place to ensure business continuity. Next generation AI technologies that are able to detect and respond to attacks before they happen will also be key for the future. As the role of the CISO is changing rapidly, they are becoming more involved with the business to provide value in the long run.

end-users. Embedded hardware authentication, to validate user’s identities and protect endpoints, will continue to transform how security is used. Also, with 5G deployments on the rise, increased security standards and protocols between 5G and IoT devices will be essential. For instance, PowerProtect Cyber Recovery solutions and services from Dell Technologies provide the highest levels of protection, integrity, and confidentiality for customer’s valuable data and critical business systems and are a critical component of a comprehensive Cyber Resiliency strategy. ë


COVER STORY

GARTNER

High integration, automation, and orchestration capabilities Position the enterprise for a secure future by choosing technologies that offer high levels of integration, automation, and orchestration capabilities.

W

hile the digital technologies have helped businesses become more agile and data more accessible, they are also bringing unprecedented levels of disruption. The old patterns for protection are just not fully applicable to public cloud computing, digital democratisation, and radical outsourcing. Hence Security and risk management leaders needs to reframe their security and risk management plans to keep ahead of the challenges it might bring. Over the past year, the typical enterprise has been turned inside out. COVID-19 has rapidly accelerated the modernisation of information technology. Much of the workforce formerly working in an office have shifted en masse to working from their homes. As more devices access sensitive company information in the cloud from home offices, the threat landscape increases. Organisations are accelerating their digital transformation journey at a profound rate to accommodate the new reality. Security and Risk Management leaders must develop a culture of cyber judgment and align this culture with evolving talent needs. CISOs must prioritise customers and market-facing executives including the CFO, CMO and CEO in communication and stakeholder relationship plans. Position the enterprise for a secure future by choosing cybersecurity technologies that offer high levels of integration, automation, and orchestration capabilities.

SOME BEST PRACTICES Plan security technology selection and adjust old processes for the new reality of permanent remote or hybrid work by creating a cybersecurity mesh foundation based on security analytics, intelligence and triggering, distributed identity fabric, and policy management and orchestration. Invest in how better to secure identities. Plan for vendor consolidation by evaluating

FOR

RAJPREET KAUR,

Senior Principal Analyst, Gartner.

Security and risk management leaders needs to reframe their security and risk management plans to keep ahead of the challenges

the internal and external factors which drive the need for vendor consolidation and speak to cybersecurity risk in a business context to make it relevant to stakeholders who drive

CISOs Plan security technology selection and adjust old processes for the new reality of permanent remote or hybrid work. Plan for vendor consolidation by evaluating the internal and external factors which drive the need for vendor consolidation. Identify use cases for privacy-enhancing cryptography techniques by accessing data processing activities that require the use of sensitive or personal data. Assess the different tools that must be used for machine ID management.

decision-making. Identify use cases for privacy-enhancing cryptography PEC techniques by accessing data processing activities that require the use of sensitive or personal data. Add breach attack simulation BAS to security resilience programmes alongside other methods of managing security exposure. Assess the different tools that must be used for machine ID management. ë

O CTO B E R 2 0 21

31


COVER STORY

MANDIANT

Arrival of the evolved ransomware attack Multifaceted extortion is a collection of tactics including deployment of encryption, theft of sensitive data, mass dissemination of data to name-and-shame.

D

igital technologies are continuously improving the functionalities of business solutions, and cyber security is no different. Mandiant Automated Defence combines data from your security stack with data science and machine learning capabilities to triage alerts, automatically eliminating events that don’t matter and revealing the ones that do. Since its inception, Mandiant has tracked more than 2,400 threat groups, including 650+ newly tracked since 2020. In the last 12 months, the way ransomware attacks are conducted has changed, resulting in different business consequences and how we protect against them. Earlier ransomware attacks referred to malware encrypting files to disrupt normal business functions. The popular strategy to thwart such attacks included creating a solid offline backup to minimise the risk of business discontinuity. The evolved ransomware attack, which Mandiant has termed – multifaceted extortion is a collection of tactics including deployment of encryption, theft of sensitive data, mass dissemination of data to name-and-shame. Attackers are now even deploying additional coercive tactics – such as DDoS, harassing employees and business partners or publicising their attacks in the media to extort ransom payments. As economies continue to recover from the disruption, cyber security spends will be increasingly scrutinised. CISOs need to understand if their technology is deployed optimally, threats are being detected and blocked or if security settings are configured correctly. Therefore, security validation is essential to find out whether they are getting a good return on investment. Security validation provides quantifiable data to the business on the effectiveness of their cyber security controls. As remote, hybrid working remains just as popular in 2021 and in the foreseeable future, validation will help

32

O CTO B E R 2021

FOR

GORDON LOVE,

Vice President MEA, Mandiant.

Mandiant has tracked more than 2,400 threat groups, including 650+ newly tracked since 2020 answer questions such as: l Are there any gaps in the remote infrastructure? l Do people with higher privileges still need them Organisations in the Middle East are at a higher risk of cyber-attacks due to the geopolitical situation and the rapid adoption of digital transformation. To defend against the growing threat of cyber-attacks, CISOs need to continue to utilise the right technologies, but also more importantly, external threat intelligence services to enhance existing cyber defences. Threat intelligence will remain as relevant

CISOS Extended detection and response engine uses decision automation to recall events that occurred in the past, correlating this with threat intelligence to enrich incidents for escalation and remediation. CISOs can thus free their people and resources to focus on what’s important and improve their overall security posture and be able to stop attacks before they impact the organisation.

and as significant in the coming two years. Intelligence will provide valuable insight to organisations of all sizes regarding visibility into the latest threats directly from the frontlines. CISOs will continue to seek out intelligence to threats relevant to their industry or vertical. Threat intelligence provides several benefits to CISOs, including the ability to make informed decisions, prioritise vulnerabilities and exposures by focusing on the highest risk first; access threat actor indicators, tactics, and behaviours to reduce alert fatigue, and quickly surface malicious attacks and seamlessly integrate threat data into existing detection tools. ë


17-21 OCT 2021

17-20 OCT 2021 D U B A I

W O R L D

T R A D E

C E N T R E

T R U LY, T H E WORLD'S BIGGEST TECH SHOW OF THE YEAR 4 0 0 0 + C O M PA N I E S F R O M 140+ COUNTRIES, 7 0 0 + S TA R T U P S A N D 4 5 0 + L E A D E R S L I V E O N S TA G E .

# G I T E X 2 0 2 1

G I T E X G L O B A L

Platinum Sponsors

Silver Sponsors

Bronze Sponsors

VIP Majlis Sponsor

World's fastest mobile network

Innovation Partner

GITEX Conference Sponsors

Organised by


COVER STORY

MILESTONE SYSTEMS

Hyper automation is the idea anything can be automated A robust AI platform will be key to facilitate performance, scalability, reliability and will be used in various disciplines to offer value and optimisation.

T

hanks to the COVID-19 pandemic, several businesses are looking to re-purposing their cameras and add on new functionalities, including different kinds of purpose-built analytics such as mask-detection, social distancing measurements, crowd counting and more. Based on Milestone Systems’ open platform video technology, end-users and integrators can create a tailored end-to-end solution. Milestone Tech Partners provide best-of-breed interoperable solutions for any situation or demand. With AI and the roll-out of 5G, the video surveillance industry has reached an important crossroad. Manufacturers can now choose to solely focus on their own products and profits, or to move forward in another direction that emphasises building partnerships, to increase flexibility and long-term value for businesses and society. Video tech is increasingly used not only to keep people, cities, and businesses safe but to also generate information for marketing, environmental and efficiency purposes. The onset of the pandemic saw an average of 375 new threats per minute and a surge of cybercriminals exploiting the pandemic through COVID-19 themed malicious apps, phishing campaigns, malware, and more. Pandemic-related subjects like testing, treatments, cures, and remote work topics were used heavily to lure targets into clicking on a malicious link, download a file, or view a PDF. Owing to this, digital safety and transformation accelerated in no time — aiming to keep businesses afloat and to protect data of all entities always involved. Pandemic has taught us that adaptability and flexibility are essential for any organisation looking to succeed. It was not as difficult for an organisation to adapt to the new normal way of working if they had already embraced digital transformation with concrete measures on cyber security. The implementation of smart business processes will continue to play a key

34

O CTO B E R 2021

FOR

HAIDER MUHAMMAD,

Community Manager Middle East, Turkey, and Africa Community Sales EMEA, Milestone Systems.

With AI and 5G, the video surveillance industry has reached an important crossroad role after the pandemic, and cyber security will have to be prioritised to reduce the overall business risk and improve profitability. Employees returning to their workplaces may have noticed a few differences on how technology has been adopted to monitor their hygiene, face mask detection to ensure they are wearing their masks and automated alerts in

CISOs CISOs will need to keep looking for new and innovative ways to create a security strategy that fits our new normal. Re-evaluating and prioritising a few core capabilities is an essential step in securing business-critical data and systems and facilitating new digital transformation initiatives.

case workplace protocol violations are detected. The collection and use of such data are the Internet of Behaviour. Such data coming from different sources and platforms will continue to operate the businesses in a flexible and resilient manner. A robust AI engineered platform will be key to facilitate performance, scalability, and reliability. AI will be used in various disciplines to offer value and optimisation for business operations. Hyper Automation is the idea that anything can be automated in the organisation. Automated data platforms replacing the legacy processes to bring in better return on investment and efficiency in the organisations. The business that does not focus on optimised processes will be left behind. ë


COVER STORY

NETSCOUT

Threat actors continue to weaponise new attack vectors To sustain digital transformation organisations must realise that security is considered a key performance indicator along with traditional KPIs.

M

odern-day enterprise networks are complex, as they routinely encompass internal, branch office, virtual, and public cloud environments. The threat surface is expanding, and the number of cyber-attacks is increasing. NETSCOUT Omnis Security is an advanced threat analytics and response platform that provides the scale, scope, and consistency required to secure today’s digital infrastructure. This solution provides comprehensive and consistent network visibility and allows cybersecurity teams to conduct expedient and effective threat detection and response. Security teams can use Omnis Cyber Investigator to mine NETSCOUT Smart Data for real-time, high-quality insights that power highly contextual investigation and threat hunting. Cyber-attacks continue to make headlines almost every day, and threat actors continue to innovate new attack tactics. When it comes to threats, innovation happens swiftly and continuously, especially when it comes to parting unsecured organisations from their money. Distributed Denial of Service DDoS attacks continue to increase in prevalence, as cybercriminals target enterprise digital infrastructures. According to the recently published NETSCOUT threat intelligence report, adversaries launched approximately 5.4 million distributed DDoS attacks in the first half of 2021, an 11 percent increase from the same period in 2020. Adversaries have also developed new DDoS attack techniques designed to evade traditional defences. Moreover, ransomware gangs added triple extortion attacks to their service offerings. By combining file encryption, data theft, and DDoS attacks, threat actors have hit a ransomware trifecta designed to increase the possibility of payment. Attacks will only grow more complex, and threat actors will continue to discover and weaponise new attack vectors designed to exploit the vulnerabilities found in our digital world.

FOR

GAURAV MOHAN,

VP Sales, SAARC and Middle East, NETSCOUT.

The consequences for enterprises ranged from critical data loss to financial damage To sustain their digital transformation efforts and protect their businesses, CISOs and their organisations must realise that today, security is considered a key performance indicator KPI, along with the traditional KPIs for reliability, performance, and availability. Security teams must thus adopt technologies that speed up operations, optimise costs, and improve overall performance while protecting the integrity of the network. The Middle East has seen a surge of cyberattacks ranging from phishing, scams, data breaches, and ransomware in the past few months. The consequences for enterprises

CISOs

Companies need to make ongoing investments in security to adapt to today’s constantly evolving threat tactics. The more robust a defence is, the more capable a company will be to fend off the growing number of cyber threats. As companies race to the cloud and expand activities across a globally distributed digital ecosystem, they must also reinvent cybersecurity to defend this expanded threat surface. And for that, comprehensive network visibility is critical.

ranged from critical data loss to financial damage. Thus, smart technologies and solutions such as advanced threat detection and response platforms and analytics solutions will become more critical than ever. Moreover, hybrid cloud and on-premises, fully managed solutions encompassing threat intelligence and attack mitigation will also become more crucial. This will allow CISOs to protect critical infrastructures such as Internet circuits, routers, VPN gateways, and firewalls vital to enterprise operations. ë


COVER STORY

NOZOMI NETWORKS

CISOs need to understand convergence of IT and OT There is no better time for security decision makers to improve operational resilience by adopting integrated security strategies across IT and OT.

C

loud has removed the concerns of end users around capacity limitations, accessibility, and availability. This is giving them the freedom to operate in a manner they always wanted to. When you add AI and analytics into the mix, the end user now has platforms that scale as per their need while allowing them to better analyse what they do so they can make better immediate and future decisions. The pandemic has moved the workforce from the office to home and organisations had to relax their security policies to allow their employees to work from home and access corporate resources to be able to do their work. This has led to a significant increase in cybercrime across the globe. According to an Interpol Assessment, there has been a major shift in Cyber Crime targets during covid-19 from individuals and small businesses to large enterprises and critical infrastructure. This clearly underlines the importance of further investment in end-toend cyber security, especially in OT, which has been somewhat neglected over the years, as it is converging more and more with IT. Understanding and managing the convergence of IT and OT is a critical area for decision makers to skill themselves in. Organisations are no longer siloed and delivering on this converged strategy is what will differentiate decision makers and organisations. As IT and OT worlds rapidly converge, there’s no better time for security decision makers to seize the opportunity to support their organisation’s efforts to improve operational resilience by adopting integrated security strategies across IT and OT. Gaining a better understanding of OT systems and gaining specialised skills to better assess and support the unique requirements of industrial networks help strengthen security and resilience across IT, OT and IoT networks. 5G is one to watch. 5G will accelerate digital

36

O CTO B E R 2021

FOR

BACHIR MOUSSA,

Regional Director MEAR, Nozomi Networks.

According to an Interpol, there has been a major shift in Cyber Crime targets from individuals to large enterprises and critical infrastructure

transformation. 5G will give businesses constant access to faster, more reliable internet connectivity - a much needed tool to effectively

CISOs CISOs are responsible for the security of the whole organisation including OT. The vendor’s solution provides the CISO with visibility and security into the OT network allowing them to secure the OT network while having visibility into any threats and attacks. The vendor provides the CISO with the confidence to make the right decision for their OT environment while enabling them to converge IT and OT.

support remote work scenarios. It also opens the door to massive interconnectivity. Millions of devices, networks and data transfers supporting process flows and transactions. While this mass-scale connectivity will drive greater business efficiency, it also increases cyber risk and the potential for more significant breaches. Security strategies must evolve to meet the challenge. Solutions must scale and deploy quickly and endlessly as devices are added and support centralised management and monitoring. ë


COVER STORY

PALO ALTO NETWORKS

Rapid cloud migration is creating security gaps Businesses are planning for the next stage of cloud to gain advantages of agility, but security teams are still fixing issues of the first quick shift.

I

n 2021, Palo Alto Networks announced innovations to Prisma Cloud, increasing automation and detecting for hosts, simplifying compliance checks, and deepening visibility into malware threats. In addition, Palo Alto Networks announced the industry’s first cloud native attack dashboard that expands the MITRE ATTandCK framework and Unmanaged Cloud integration for Prisma Cloud and Cortex Xpanse. With Cortex Xpanse, organisations can more accurately recognise their unknown cloud assets, allowing a stronger cloud security overall. While the process is still the same, the environment and security has changed. In 2021, businesses are planning for the next stage of cloud to gain the real advantages of agility, but security teams are still fixing the issues of the first quick shift. The continuous migration at this pace will lead to security gaps, with an increase in cloud security incidents, at least for a while. Organisations will not have the luxury of putting off a cloud-centric cybersecurity strategy – and those that have had a cloud-first strategy are moving to a cloud-only strategy. According to Palo Alto Networks’ threat intelligence team, Unit 42, there was an average of 1,767 high-risk or malicious COVID-19themed domain names being created every day in 2020. In the past 12 months, there has been a rise of non-business or IoT devices coming into networks, from smart home devices, doorbells, TVs, digital assistants to connected teddy bears to medical devices and electric vehicles. All of this means the end device and those things around it become bigger risks of access into a business’s critical systems and information. Digital transformation has become an integral part of organisations, which has been further accelerated with the onset of the pandemic. It is best for CISOs to understand the business and current trends, manage risk and learn how to deprioritise. Boards also want CISOs to see the bigger picture of their organi-

FOR

HAIDER PASHA,

Chief Security Officer at Palo Alto Networks, Middle East and Africa.

There was an average of 1,767 high-risk or malicious COVID19-themed domain names being created every day in 2020 sations and work towards continuous improvement to further benefit the business. Digital transformation is not only changing the ways companies operate and interact with customers, but it has also changed the boards’ perception of CISOs and IT heads. The board now views CISOs, CIOs and IT heads along

CISOs In the next 24 months, the world will continue adapting to three key themes: faster connectivity speeds and further convergence of security and network-as-a-service Secure Access Service Edge; organisations will see the value of moving from liftand-shift approaches to the cloud to full native and multi-cloud solutions; the vendors workforce will look for more flexible and secure ways of working from anywhere.

with the wider team, as an important asset to organisations when it comes to strategic planning and decision-making. CISOs along with the wider team need to continue pitching the possibilities for technology such as cloud computing and AI to help create new services, improve efficiency and grow the business. Palo Alto Networks has recently added Bridgecrew by Prisma Cloud to the Multi-Cloud Drift Detection which will help the vendors users in the next couple of months to identify and flag discrepancies between how cloud resources were defined in infrastructure as code IaC and how they are currently configured in runtime. ë

O CTO B E R 2 0 21

37


COVER STORY

PROOFPOINT

Supplier risk, remote working, innovation, top priorities The top three priorities for UAE CISOs include addressing supplier risk 29%, supporting remote working 28%, and enabling business innovation 28%.

M

ost cyberattacks target people, not technology. In fact, more than 99% of cyberattacks require human interaction to be successful. Proofpoint’s approach to cybersecurity centres around people by stopping the threats that target them and providing the tools they need to stay safe and alert. With an integrated suite of cloud-based solutions, Proofpoint helps companies and their CISOs to stop targeted threats, safeguard their data, and make their users more resilient against cyber-attacks. Proofpoint’s differentiator is that it looks at cybersecurity with a people-centric view and focuses on solutions that protect an organisation’s most targeted individuals. The next 24 months will continue to see many technologies increase their use cases and adoption, including 5G, AI, automation, machine learning and many others. The top three priorities across the board for UAE CISOs over the next two years include addressing supplier risk 29%, supporting remote working 28%, as well as enabling business innovation 28%. Today’s threat landscape is characterised by attackers preying on human vulnerability. To stop these types of attacks, organisations need to deploy a solution that can stay ahead of the ever-changing landscape and adapt to the way humans act. Artificial Intelligence and Machine Learning are critical components in a robust cybersecurity detection strategy as they are faster and more effective than manual analysis and can quickly adapt to new and evolving threats and trends. AI platforms significantly reduce the cost and time spent by organisations on manually reviewing electronic communications to comply with government and industry regulations. The past 12 months brought new challenges for CISOs as long long-term hybrid work environments has made their organisation more

38

O CTO B E R 2021

FOR

EMILE ABOU SALEH,

Regional Director, Middle East, and Africa, Proofpoint.

77%

of CISOs in UAE believe they will be able to better resist and recover from cyberattacks by 2023 vulnerable to targeted cyberattacks, according to 66% of CISOs in the UAE that took part in Proofpoint’s 2021 Voice of the CISO report. Furthermore, 70% considered human error to be their biggest cyber vulnerability, proving that the work-from-home model necessitated by the pandemic has tested CISOs like never.

CISOs According to Proofpoint’s report, while 77% of CISOs in the UAE believe they will be able to better resist and recover from cyberattacks by 2023, there are still concerns when it comes to organisational preparedness with 72% of CISOs in the UAE feeling their businesses are unprepared to cope with a targeted cyberattack.

The report also revealed that when asked about the types of attacks they expect to face, insider threats 29%, phishing 28% and Business Email Compromise 25% topped the list for UAE CISOs. Despite dominating recent headlines, supply chain attacks and ransomware were of similar concern with 22%. Additionally, the rapidly changing threat landscape, accelerating transition to the cloud, ever-increasing content creation, and migration to Microsoft Office 365 will drive demand for Proofpoint’s cloud-based security compliance solutions. As technology advances, Proofpoint’s people-centric solutions will continue to protect people against advanced threats and compliance risks beyond traditional network perimeters. ë


COVER STORY

QUALYS

Cloud based security platforms are must have With improvements in AI and Analytics, cloud security platforms can sift through trillions of data points and distil them into actionable intelligence.

M

ultiple integrated applications process the telemetry collected by a set of specialised sensors across the organisations’ digital estate — on-premises, in cloud, containerised, mobile IT and OT. They will enrich the security context to deliver functional consolidation, resource optimisation, and operational effectiveness to achieve three results: building a security-oriented and updated asset inventory of the entire infrastructure, empowering the prevention with threat-based prioritised remediation of the vulnerable surface, and augmenting detection and response capabilities. If we look back about five years ago, to build a new service you would have needed to invest in rack space; provision the servers and storage; ensure the proper connectivity; install the software needed; and size the computational power for the growing data. Fast forward today, in the cloud, you can scale resources granularly to expand or to shrink the relevant part of your service: database, storage, computing power. AI will learn baselines and process immense quantities of data in no time. Analytics will derive the high-level situational awareness that you need to support strategic decisions. Security solutions are also tremendously benefiting from these trends! Cloud based security platforms are no longer a nice to have but a must have. With the amount of threat and incident related data that is collected and correlated, cloud is the only answer. With improvements in AI and Analytics, Cloud Security platforms like Qualys can sift through trillions of data points and distil them into actionable intelligence making the CISO’s life a lot easier and enabling companies to embrace digital transformation with open arms The last 12 months saw old perimeters disintegrate and the emergence of identity or the individual as the new security perimeter. Mobile computing happens on devices connected through networks that are much harder

FOR

MARCO ROTTIGNI,

Chief Technical Security Officer EMEA, Qualys.

Analytics will derive the high-level situational awareness that you need to support strategic decisions to control. The OT-verse is merging or clashing with a more modern, more resilient IT-verse; exposing vulnerable attack surfaces that, if compromised, have side effects beyond bits, into the world of atoms. Attackers and threat actors did react to these changes, targeting as usual the weakest links

CISOs The first step is to build an asset management system with security built-in and understand the threat and risk context of the new infrastructures. Second, increase accuracy of prevention with a riskbased prioritised remediation of the vulnerable surface. Third, augment your early detection capabilities and your response velocity and effectiveness to mitigate the risk of compromise. Finally, act on all the different environments composing your digital estate and provide situational awareness and expose the risk appetite to the board, in business terms that they understand.

- the user, who is now much more exposed than before because of a weaker security posture and the supply chain, as it is often easier to infiltrate than the final target. The most effective solutions will be the ones that do not require infrastructural overload with heavy on-premises installations, but instead, leverage the SaaS model and the cloud to deliver the needed scale and performance, on demand. ë

O CTO B E R 2 0 21

39


COVER STORY

SOPHOS

Protecting businesses from all types of threats

Sophos provide companies with products that prevent threats from infecting your devices and networks and has successful endpoint protection product.

S

ophos’ aim is to protect organisations of all types from cybercrimes which Sophos does it in a few ways. First, Sophos provide companies with products that prevent threats and unwanted software from infecting your devices and networks. Sophos has a very successful endpoint protection product called Intercept X. Sophos has an extended detection and response product used by advanced threat hunters to do security operations. Sophos has recently released a new next-gen firewall dubbed XGS to inspect encrypted traffic on the network security side. Cybercriminals are using TLS encryption to hide their malware, and Sophos has precise capabilities to inspect this traffic at wire speed, which is something most firewalls can’t do. Sophos provides a managed service like Sophos Managed Threat Response MTR that continuously monitors customer environments for those that do not have a security team, and a Rapid Response team to help companies who find themselves under active attack. Lastly, Sophos provides insight into current threats and adversary tactics, and advice on how to best protect yourself through our various outreach channels. During the pandemic, Sophos has seen continued growth in the social extortion side of ransomware. Most highly skilled ransomware groups have adopted the encrypt and leak extortion scheme pioneered by the Maze group in 2019 and some are even considering an exfiltration only model. Some ransomware groups have also taken advantage of the pandemic’s remote working conditions to cripple certain organisations, notably educational institutions who rely on remote learning. Overall, there have been less victims in 2020 but the lower volume has been offset by ever more damaging attacks and much higher ransom demands.

40

O CTO B E R 2021

FOR

HARISH CHIB,

Vice President, Middle East and Africa, Sophos.

Sophos provides a managed service like Sophos Managed Threat Response that continuously monitors customer environments

CISOs Doing security right is difficult. That’s why Sophos always say there’s no silver bullet in security. A good start, however, is building a solid security foundation. This includes having the right people, processes and tools in place to give you a fighting chance. A robust security culture ensures everyone is on duty when it comes to protecting the enterprise.

Endpoint Detection and Response EDR and Extended Detection and Response XDR are important tools for threat hunting. What these essentially do, is help organisations to hunt across their environment to detect indicators of compromise IOCs and indicators of attack IOA. Irrespective of the size of enterprises, native endpoint, server, firewall, and email security are foundational for any IT security strategy. Technology like synchronised security that integrates - native endpoint, server, firewall, and email security- is need of the hour as it delivers better protection – and better manageability – for organisations of any size. ë


COVER STORY

TENABLE

Disrupting attacks with adaptive user and data profiles CISOs need to invest in adaptive user and data risk profiles to disrupt attack paths by accounting for misconfigurations in Active Directory and the cloud.

T

he vendors market-defining innovations transform how cybersecurity is managed and measured in organisations across the globe. Vendors are building solutions that translate technical data into business insights to help security teams prioritise and focus remediation based on business risk. Using this intelligence, both CISOs and business leaders understand one another and more importantly understand what is needed to drive improvements and optimise security investments that ultimately reduce the risk to the business. Tenable is focused on enabling the vendors’ customers to see every asset and vulnerability across their entire modern attack surface, predict the vulnerabilities that will be leveraged in an attack on the assets that matter to the business and guide the vendors customers on where they need to act to address risk. The elastic nature of cloud environments allows organisations to be agile, responding to external factors by introducing new services quickly, making it possible to outpace competitors and, or offer competitive advantage. This has been evident in the last twelve months as organisations responded to work from home mandates, in some cases within hours, due to the pandemic. When it comes to cloud security, one key challenge is the driver. While the IT team is focused on functionality, speed, and efficiency. In contrast, the security team is looking to make sure that this ability does not introduce unnecessary or unacceptable levels of risk. Companies must return to the basics of cyber hygiene by leveraging vulnerability management and honest assessment of the challenges they face. This way they can understand where the risks exist within their infrastructure, however dynamic, remote, or short lived they may be, as well as establish an efficient process to measure overall risk and secure the network. Given the remote working hybrid model that

FOR

MAHER JADALLAH,

Senior Director Middle East, and North Africa, Tenable.

Tenable is focused on enabling customers to see every asset and vulnerability across their entire modern attack surface has shattered the network perimeter, organisations should look for solutions that afford complete and live visibility into the entirety of the attack surface — be they IT or OT, traditional on-prem or in the cloud — as the first step toward reducing overall cyber risk. If providing access to data, make sure you have a

CISOs Traditional perimeter security simply is not enough to protect multiple environments against today’s cybercriminals. This presents an opportunity for security leaders to rethink how they define risk, looking beyond software flaws and device compliance to achieve a holistic view of their dynamic and disparate environments. In tandem, they need to invest in adaptive user and data risk profiles to disrupt attack paths by accounting for misconfigurations in Active Directory and the cloud and step-up security based on changing conditions, behaviours, or locations.

mechanism to control that access and secure data in transit. As the workforce may not be using companyowned devices, it’s worth investing in an assessment solution that can check the security posture of all devices, regardless of ownership, connecting to the corporate network. Identify any with exploited vulnerabilities and either patch or remediate the risk - this could mean stopping the device connecting until it’s been updated. ë

O CTO B E R 2 0 21

41


COVER STORY

THALES

Opportunities and threats emanating from quantum computing While there is disagreement about the timeline, researchers anticipate dramatic advancements in quantum computing over the next five to ten years.

O

ne of the great successes of data security, especially over the last two decades, is encryption. It has grown in strength and sophistication enabling the existence of floodgates against the relentless flow of cybercrime. This can best be proven by the fact that most cybercrime now focuses on penetrating a system through human operators, using spearphishing and social engineering, for example, meaning that cracking encrypted data has proven too costly and time-consuming for threat actors, who will generally always seek the easier route. However, no ramparts can stand forever. Part of the CIO’s role will be to continue to assess the opportunities and threats emanating from quantum computing. While there is disagreement about the timeline, researchers and engineers anticipate dramatic advancements in quantum computing over the next five to ten years, current public-key cryptography solutions, which are developed using complicated mathematical formulas, provide reliable security based on the amount of computing power required to decipher them. It would take the world’s most powerful computers thousands of years to crack these solutions by brute force. However, a sufficiently large quantum computer would be able to break the cryptography tools in a manner of days or even hours. A recent IDC report sponsored by Thales, shows that 26% of organisations globally are in the process of operationalising their quantum computing plans, or will do so in the next 18-24 months. As much as quantum computing threatens to weaken existing security protocols, the same technology can be used to strengthen the defences of the near future. Increasingly, organisations are starting to contemplate a move to blockchain in the same way they did with the cloud over the past decade. Blockchain is a technology that uses a jury of connected computers to agree upon and

42

O CTO B E R 2021

FOR

SEBASTIEN PAVIE,

Middle East Regional Director for Data Protection Products, Thales. then record the transaction entries on numerous identical copies of a digital ledger that are then encrypted in a way that makes decryption and alteration of the records exceedingly costly in computing resources, time, and money. Blockchain is most associated with bitcoin and other cryptocurrencies, which is erroneous. Although cryptocurrencies do use blockchain for their mining and transactions, they are just one of a wide range of services and products that use it. Others include smart contracts, supply chain integrity, traditional financial transactions, vital document authorisation birth certificates, passports, mortgages and medical records, to name just a few. In just the same way the concept of the cloud grew from a single, theoretical publicly available storage area, we have seen the development of private clouds and hybrid models, large hyperscalers such as Amazon Web Services AWS and Google Cloud, as well as more regional cloud service providers CSPs more

CISOs Quantum computing and blockchain, AI and ML are all existing technologies, in their infancy perhaps, but by no means purely hypothetical. Thinking back to the summary of a CIO’s position, looking inward while the CTO looks outward, this places the CIO squarely in the line of responsibility to continue to work with the CTO to fully understand, strategise upon, and then deploy these technologies in the interest of their company’s future viability.

suited for data sovereignty and digital protection regulations. With cloud, it was the technology that counted – infinitely scalable, highly adaptable, and economically attractive – as opposed a single brand or model. With blockchain, the same will emerge. ë



DEEP DIVE

HOW FINANCE EXECUTIVES CAN HELP TO PROTECT THE ORGANISATION What is needed is a strategic approach to mitigating cybercrime risks and finance professionals can play a role in defining such an approach.

HANADI KHALIFE, Senior Director of MEA and India operations at IMA.

44

O CTO B E R 2021

C

ybercrime has been at the center of so much media attention that it has become perceived as a kind of familiar, omnipresent, and inevitable ill force that everyone simply needs to accept and learn how to live with. In fact, nothing can be further from the truth. Cybersecurity is a complex issue that can only be managed if businesses and individuals appreciate that they themselves have to accept a large part of the responsibility for it, because neither governments and law enforcement nor IT professionals can be relied upon to prevent it from occurring. It is now essential but no longer sufficient to understand and follow the basic rules of cyber-hygiene, as cyber-criminals constantly find new and inventive ways of perpetrating crime at many different levels. Given the powerful weapons in the arsenal of cyber-terrorists, one can assume that an attack today can unleash the kind of mayhem that was unimaginable a few years back. A case in point was the recent ransomware attack on the US pipeline which gave the world a vivid demonstration of the vulnerability of energy infrastructure to cyberattacks. US administration officials believe the attack was the act of a criminal group, rather than a nation seeking to disrupt critical infrastructure in the United States. Similarly, cyberattacks in the UAE and the wider GCC region have increased since the outbreak of the COVID-19 pandemic and this trend will continue in 2021 according to industry executives and analysts. In the region, the main reasons for surge in cyberattacks is the growth in online users, remote work culture, and vulnerabilities in digital communication networks. With the UAE being one of the leading economies in the Middle East, the nation-state has become the prime target for malicious actors, making it one of the most affected countries in the region, and accounting for the bulk of the COVID-19 themed attacks in the GCC. A key consideration for organisations is that cybersecurity is no longer a purely technical issue and has become so complex, that there is no single third party that a business can fully rely upon to stay secure. At the leadership level, it is increasingly falling to the CFO and his team to step up to the challenge and learn how to mobilise against and survive the tidal wave of cybercrime. As automation continues to play an ever-increasing role in what finance and other professionals have to do on a daily basis, cybersecurity is becoming inextricably linked to such fundamentally important tasks as protecting the safety and continuity of the business, ensuring confi-


DEEP DIVE

Cybersecurity is no longer a technical issue and has become so complex, that no single party can be fully relied upon

BASHAR SAIDI, CMA, ACMA, CIPP, Deputy Director, Support Services, Support Services Department, Arab Monetary Fund, UAE.

Another vitally important aspect of cybersecurity is closely linked with maintaining clients’ and customers’ confidence

dentiality of sensitive data, and helping clients to understand and manage a wide range of cyber-risks. Professional accountants and finance professionals can, and should, play a leading role in defining certain key areas of such an approach: creating reasonable estimates of financial impact that different types of cybersecurity breaches will cause, defining risk-management strategy, or helping their business establish priorities for their most valuable digital resources. They can also closely follow the work of governments and various regu-

lators, to have clear, up-to-date information on relevant legislation and on requirements for adequate disclosure and prompt investigation of cyber breaches. Another vitally important aspect of cybersecurity is closely linked with maintaining clients’ and customers’ confidence. Safeguarding clients’ trust and ensuring confidentiality of sensitive data is a vital task for any accountancy practice. Therefore, as the reliance on digital technologies and online collaboration continues to grow, cybersecurity must become a key focus and concern. This is especially true because cybercriminals often use the socalled lateral movement approach, whereby they might target an accountancy practice in order to use its breached IT system as a stepping-stone for subsequent attacks on the victim’s clients. Keeping things like this in mind, it must be accepted that no company is too small to become a victim of a cyberattack. What is needed, but is still often lacking, is a strategic approach to mitigating cybercrime risks. Professional accountants and finance professionals can, and should, play a leading role in defining certain key areas of such an approach. These include: Creating reasonable estimates of financial impact that different types of cybersecurity breaches will cause, so that a business can be realistic about its ability to respond to an attack and recover from it l Defining risk management strategy l Helping businesses establish priorities for their most valuable digital resources, in order to implement a layered approach to cybersecurity l Closely following the work of governments and various regulators to have clear up-to-date information on relevant legislation and on requirements for adequate disclosure and prompt investigation of cybersecurity breaches Solving cybersecurity problems is a complex technical discipline that is arguably better left to professionals; but what is very important is firm knowledge of the basics of safety. Gaps in such knowledge are a huge risk factor, as even one small gap is often enough for the enemy to get a foot into the door. The CFO and his team should therefore always be mindful of the old saying: a fool and his money are soon parted. Now, and for as long as the profession heavily relies on technology, no one can afford to be a cyber-fool. ë l

O CTO B E R 2 0 21

45


DEEP DIVE

HOW TO BUILD PROTECTION FROM LAYER 7 ATTACKS Layer 7 attacks are cheap to launch, expensive to mitigate and without protection, recovery from an attack can take from days to weeks. What is the ideal solution?

T RAJIV KAPOOR, Senior Product Marketing Manager, NGINX at F5

Proper DoS protection is vital to ensure users can access the services they need without interruption

46

O CTO B E R 2021

he earliest Denial-of-service DoS attacks flooded servers with requests for TCP or UDP connections so called volumetric attacks at the network and transport layers 3 and 4. Increasingly, though, DoS attacks use HTTP, HTTPS requests or API calls to attack at the application layer 7. Bad actors also launch distributed denial-of-service DDoS attacks by linking many computers into a botnet that sends requests. With DDoS attacks, the possible number of requests is greater, and the distributed nature of the attack makes it more difficult to identify the source of the requests and block them. Across the world, DoS attacks are on the rise and negatively affecting user experiences: l DoS attacks are among the most popular partly because of the proliferation of APIs l Layer 7 attacks have increased by 20% in recent years, and the scale and severity of their impact has risen by nearly 200% l The digital shift prompted by COVID 19 saw a surge in DDoS attacks in 2020 Layer 7 attacks abuse apps, APIs, and other application resources in ways that hamper user experience and prevent you from collecting revenue. Proper DoS protection is therefore vital to ensure users can access the services they need without interruption. A new kind of attack Layer 7 cyberattacks have evolved in response to the increasing complexity of the Internet and sophistication of application architectures. Volumetric attacks at Layers 3 and 4 – for example, UDP reflection, and ICMP and SYN flooding – are not as prevalent as they used to be. Why? Infrastructure engineers have had years to build defense mechanisms. That makes them more expensive for attackers, in terms of time and money, so they’ve moved on. However, Layer 7 attacks are more complex to design than network attacks, and many tools that can handle Layer 3,4 attacks don’t protect modern application architectures. Layer 7 DDoS attacks are more difficult to detect because bots and automation allow attackers to disguise themselves as legitimate traffic, especially when they’re using sophisticated security penetration tools. If a hacker can assemble a botnet – thousands of compromised machines under the hacker’s control – it’s easy to initiate attacks on a huge scale. When most attacks are made at the application layer, you need regular insight into application behavior to establish baselines that help determine if traffic is malicious, and without burdening your security team.


DEEP DIVE

Today, devices and applications are developed at unprecedented speed, and as environments shift into new landscapes, new vulnerabilities and opportunities for attacks arise. For instance, devices used every day are fast becoming smart devices. According to Omdia, the total number of devices on the Internet of Things IoT reached 23.5 billion in 2020 and will likely reach 27.8 billion by the end of 2021. The more devices there are, the more vulnerabilities are exposed. As phones, TVs, and refrigerators become connected IoT devices, security controls are often overlooked, and the lack of controls makes for easy exploitation in botnets. With new developments and 5G capability on mobile devices, DoS attacks have increased significantly. Modern landscapes require modern solutions. High cost of layer 7 attacks With the world on lockdown during most of 2020, consumers bought more products online, and enterprises had to accelerate their digital transformation to keep pace with demand. Unfortunately, cyber attackers exploited the increased reliance on the Internet, and DDoS attacks surged too.

Layer 7 attacks are more complex to design than network attacks and many tools that can handle Layer 3,4 attacks do not protect modern application architectures

Layer 7 attacks are cheap to launch, but expensive to mitigate for the site owner, and without protection, recovery from an attack can take from days to weeks. So, what is the ideal solution? What are the key components that protect against Layer 7 attackers? On a basic level, you need a tool that recognises when your site is under attack – something that’s able to distinguish between legitimate and malicious traffic. It must be able to do this not just in traditional environments with their more unified structure, but also in modern, distributed app architectures employ-

ing microservices and Kubernetes. With the shift away from monolithic applications, a new approach must be used that is as adaptive and dynamic as the modern environments it protects. This means DoS protection that works in both current and future landscapes. Today’s attackers are constantly changing their strategies, so attack prevention mechanisms must be able to observe changing user and service behavior and adapt continuously in response. Crucially, teams need adaptable and powerful protection, focusing on safety, security, and speed. This should include: l Seamless integration. Strong security controls that integrate seamlessly into modern infrastructure architectures is key. l High performance. A solution’s performance impact on customer experience and the application itself must be minimal to nil, both under normal conditions and during an attack. Continuous monitoring and real time signatures with zero day attack protection will ensure optimum application performance and effective attack mitigation. l Agile security. A solution needs to be integrated into continuous integration and development pipelines, removing operational inefficiencies by automatically baselining and entering blocking mode once new code is deployed. Security can then be automated to facilitate a ‘security as code’ integration with DevOps tools, which prevents it from slowing down app innovation. l Attack prevention. Cyber attackers may adjust their tactics, so a dynamic solution is needed. With embedded tools for learning from user and service behavior, Layer 7 security can react to attackers before any damage is incurred. Any behavior anomaly that is detected has a mitigation deployed automatically. l Reduced cost speed. CI, CD takes the deployment burden off developers so they can focus on delivering features, fast. It also enables emerging DevSecOps teams to integrate security into automated app delivery. No touch configuration enables cost effective protection at scale for distributed app and API environments like microservices and removes friction between DevOps and SecOps teams. Remember, when it comes to Layer 7 DoS protection, it’s essential to integrate flexible and adaptive products that can endure modern, ever changing landscapes. Business owners deserve the confidence that – with every digital shift – their site remains accessible, fast, and safe. ë

O CTO B E R 2 0 21

47


DEEP DIVE

BLOCK THE LOADER, BLOCK THE RANSOMWARE Ransomware continues to be distributed via email and in 2020 and 2021 Proofpoint identified 54 ransomware campaigns distributing over one million messages.

R

SHERROD DEGRIPPO, Senior Director of Threat Research and Detection at Proofpoint.

48

O CTO B E R 2021

ansomware attacks still use email -- but not in the way you might think. Ransomware operators often buy access from independent cybercriminal groups who infiltrate major targets and then sell access to the ransomware actors for a slice of the ill-gotten gains. Cybercriminal threat groups already distributing banking malware or other trojans may also become part of a ransomware affiliate network. The result is a robust and lucrative criminal ecosystem in which different individuals and organisations increasingly specialise to the tune of greater profits for all—except, of course, the victims. According to Proofpoint’s 2021 Voice of the CISO report, 68% of surveyed CISOs in the UAE feel at risk of suffering a material cyberattack in the next 12 months and out of those 22% believe ransomware are one of the attack type they might face. Preventing ransomware via email is straightforward: block the loader, and you block the ransomware. Typically, initial access brokers are understood to be opportunistic threat actors supplying affiliates and other cybercrime threat actors after the fact, for example by advertising access for sale on forums. These criminal threat actors compromise victim organisations with first-stage malware like The Trick, Dridex, or Buer Loader and will then sell their access to ransomware operators to deploy data theft and encryption operations. According to Proofpoint data, banking trojans – often used as ransomware loaders – represented almost 20% of malware observed in identified campaigns in the first half of 2021 and is the most popular malware type. The versatile and disruptive malware Emotet previously served as one of the most prolific distributors of malware enabling costly ransomware infections between 2018 and 2020. However, international law enforcement disrupted the malware in January 2021, wiping out its infrastructure and preventing further infections. Since the Emotet takedown, Proofpoint observed consistent, ongoing activity from The Trick, Dridex, Qbot, IcedID, ZLoader, Ursnif, and many others in our data serving as first-stage malware payloads in attempts to enable further infections, including ransomware attacks. Over the last six months, banking trojans were associated with more than 16 million messages, representing the most common malware type observed in our data. In the last six months, Proofpoint identified almost


DEEP DIVE

300 downloader campaigns distributing almost six million malicious messages. Depending on the compromised organisation and its profit margins, backdoor access can be sold anywhere from a few hundred to thousands of dollars and can be purchased with cryptocurrency, most commonly bitcoin. Here are some of the most active threat actors: TA800 is a large cybercrime actor that attempts to deliver and install banking malware or malware loaders including The Trick, BazaLoader, Buer Loader, and Ostap. Its payloads have been observed distributing ransomware. TA577 conducts broad targeting across various industries and geographies. The activity observed by this actor increased 225% in the last six months. TA569 is a traffic and load seller known for compromising content management servers and injecting and redirecting web traffic to a social engineering kit. TA551 frequently leverages thread hijacking to distribute malicious Office documents via email and demonstrates broad geographic and industry targeting.

68%

of surveyed CISOs in the UAE feel at risk of suffering a material cyberattack in the next 12 months

TA570 is one of the most active Qbot malware affiliates, its activity is up almost 12% over the last six months. TA547 primarily distributes banking trojans to various geographic regions and over the last six months, the number of identified campaigns from this actor spiked almost 30%. TA544 regularly installs banking malware and other malware payloads.TA544 has been observed distributing Ursnif and Dridex trojans and has sent over eight million malicious

messages in the last six months. TA571 typically distributes more than 2,000 messages per campaign. TA574 distributed over one million messages in the last six months TA575 distributes malware via malicious URLs, Office attachments, and password-protected files. On average, it distributes almost 4,000 messages per campaign impacting hundreds of organisations. Ransomware continues to be distributed via email directly, as attachments or links in email, at considerably lower volumes. In 2020 and 2021 Proofpoint identified 54 ransomware campaigns distributing just over one million messages. Ransomware threat actors currently carry out big game hunting, conducting open-source surveillance to identify high-value organisations, susceptible targets, and companies’ likely willingness to pay a ransom. Working with initial access brokers, ransomware threat actors can leverage existing malware backdoors to enable lateral movement and full domain compromise before successful encryption. An attack chain leveraging initial access brokers could look like this: l A threat actor sends emails containing a malicious Office document l A user downloads the document and enables macros which drops a malware payload l The actor leverages the backdoor access to exfiltrate system information l At this point, the initial access broker can sell access to another threat actor l The actor deploys Cobalt Strike via the malware backdoor access which enables lateral movement within the network l The actor obtains full domain compromise via Active Directory l The actor deploys ransomware to all domainjoined workstations So far in 2021, Proofpoint continuously observes email-based threats including downloaders and bankers with multi-stage payloads that often lead to ransomware infections. The threat actors are conducting extensive reconnaissance, privilege escalation, and lateral movement within the environment before manually deploying the ransomware payload. One key metric to watch is dwell time. Short dwell times, high payouts, and collaboration across cybercriminal ecosystems have led to a perfect storm of cybercrime that the world’s governments are taking seriously. With new disruptive efforts focused on the threat and growing investments in cyber defense across supply chains, ransomware attacks will decrease in frequency and efficacy. ë

O CTO B E R 2 0 21

49


TRENDS

50

O CTO B E R 2021

Beyond Boundaries: The Future of Cybersecurity in the New World of Work commissioned by Tenable.


cpcaworld.com

#cpcaworld

Region’s top channel events opens award nominations 9th Dec 2021 Grand Ballroom, Rixos Premium, JBR, Dubai-UAE

Brought to you by

In association with


#ChangeX

2021 ROADSHOW Date: 05th - 06th December, 2021 Venue: Topaz Ballroom Fairmont Ajman, UAE 36+ COUNTRIES 4000 C-LEVEL EXECS 300+ SESSIONS 200+ EXHIBITORS

B R O U G H T TO YO U BY


Millions discover their favorite reads on issuu every month.

Give your content the digital home it deserves. Get it to any device in seconds.