SPECIAL SUPPLEMENT BY
VO LU M E 0 5 | I S S U E 5 | O C TO B E R 2 0 2 3
STEPHAN BERNER CEO, Help AG
HELP AG
LEADING THE
CHARGE In the realm of cybersecurity, Help AG emerges as a stalwart defender, shaping the future of digital safety.
PRESENTS
16 A P R I L - Q ATA R | 17 A P R I L - PA K I S TA N 18 APRIL - KSA | 23 APRIL - UAE APRIL - EU | APRIL - US
BROUGHT TO YOU BY
OFFICIAL MEDIA PARTNERS
IN ASSOCIATION WITH
BROUGHT TO YOU BY
CH ANNE L PARTNER CON CL AVE & AWARDS 2023
N ove mbe r 2 0 23 |
KSA & UA E
POSSIBILITIES THROUGH OPPORTUNITIES
# C P CAWO R L D
C P CAWO R L D. C O M
Info@gecmediagroup.com
+ 971 4564 8684
PUBLISHER TUSHAR SAHOO TUSHAR@GECMEDIAGROUP.COM
EDITORIAL
Meeting Industry Demands!
A
s we navigate the intricate web of the digital age, one thing becomes abundantly clear – cybersecurity is non-negotiable. The digital realm continues to evolve at an unprecedented pace, and with this evolution comes new threats, challenges, and opportunities. In this special GITEX issue of Cyber Sentinels magazine, we are honoured to feature Stephan Berner, CEO of Help AG, who is at the forefront of leading the charge in the cybersecurity landscape. With his insights, Help AG has become synonymous with excellence in the cybersecurity domain. In this issue, we delve deep into Stephan Berner's vision for Help AG and how the company continues to redefine leadership in the industry. In an environment where digital threats are everevolving, the role of cybersecurity vendors becomes crucial. We explore how vendor-driven cybersecurity ANUSHREE DIXIT solutions have adapted to the ongoing demands and anushree@gecmediagroup.com expectations of the industry. From addressing the lack of enterprise skilled resources to combating increasing regional threat levels and dealing with the rising cost of ransomware and remediation through Artificial Intelligence and Machine Learning and automation, we examine how these solutions have evolved to protect organisations in an increasingly connected world. We also take a closer look at the challenges and innovations surrounding API security in a connected world. In this issue, we provide glimpses from the prestigious World CIO 200 Summit Grand Finale that took place in September. This event brought together top technology executives and leaders to celebrate their contributions to the industry and offered valuable insights into the future of technology leadership. GITEX, one of the largest technology exhibitions in the Middle East, is just around the corner. Explore the cutting-edge innovations, insights, and trends that will shape the future of technology. Recognising excellence and innovation in the channel partner ecosystem, the Channel Partners Conclave Awards (CPCA), happening on 8th November in UAE and 22nd November in KSA, promises to be a must-attend event for industry professionals. Get ready for an evening of celebration and recognition at the GEC Awards, happening on 16th October, where outstanding achievements in technology will be honoured against the backdrop of a captivating Jazz theme. In this special GITEX issue, we aim to provide you with valuable insights, thought leadership, and a glimpse into the exciting events shaping the technology landscape. Stay informed, stay secure, and stay inspired as we continue to explore the ever-evolving world of cybersecurity and technology. Happy reading!
CO-FOUNDER & CEO RONAK SAMANTARAY RONAK@GECMEDIAGROUP.COM GLOBAL HEAD, CONTENT AND STRATEGIC ALLIANCES ANUSHREE DIXIT ANUSHREE@GECMEDIAGROUP.COM ASSISTANT EDITORS REHISHA PE REHISHA@GECMEDIAGROUP.COM SEHRISH TARIQ SEHRISH@GCEMEDIAGROUP.COM GROUP SALES HEAD RICHA S RICHA@GECMEDIAGROUP.COM PROJECT LEAD JENNEFER LORRAINE MENDOZA JENNEFER@GECMEDIAGROUP.COM SALES AND ADVERTISING RONAK SAMANTARAY RONAK@GECMEDIAGROUP.COM PH: + 971 555 120 490 DIGITAL TEAM IT MANAGER VIJAY BAKSHI PRODUCTION, CIRCULATION, SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM CREATIVE LEAD AJAY ARYA SENIOR DESIGNER MADAN SINGH GRAPHIC DESIGNER JITESH KUMAR SEJAL SHUKLA DESIGNED BY
SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM PRINTED BY Al Ghurair Printing & Publishing LLC. Masafi Compound, Satwa, P.O.Box: 5613, Dubai, UAE Office No #115 First Floor , G2 Building Dubai Production City Dubai United Arab Emirates Phone : +971 4 564 8684 31 FOXTAIL LAN, MONMOUTH JUNCTION, NJ - 08852 UNITED STATES OF AMERICA PHONE NO: + 1 732 794 5918 A PUBLICATION LICENSED BY International Media Production Zone, Dubai, UAE @copyright 2013 Accent Infomedia. All rights reserved. while the publishers have made every effort to ensure the accuracyof all information in this magazine, they will not be held responsible for any errors therein.
CONTENTS OCTOBER 2023
COVER STORY
LEADING THE
14-18
CHARGE
Innovate. Automate. Elevate.
STEPHAN BERNER CEO, Help AG
CISO OPINION CORNER
07
09
ZAHEER KADIR KAZI
SHEIKH AMZAD
Vandana Global Ltd.
32-44 / EVENTS
20
22
26
29
46
NEHA YADAV
MURTAZA LIGHTWALA
NANDOR FEHER
MEHZAD SAHAR
MOAYAD ALGHANMI
48
51
57
62
65
AMIR AKHTAR JAMILI
SUZAN AL GHANEM
KHALIL ULLAH SIDDIQUI
ZAHID SHEIKH
MOHAMMED FEROZ KHAN
Ministry of Interior, UAE
Confidential.
K-Electric Limited
National Clearing Company of Pakistan 06
Environment Agency – Abu Dhabi
O CTO B E R 2023
Positivo Tecnologia SA
Al Baraka Bank (Pakistan) Limited
Group of Companies in the Manufacturing Industry
Hutchison Ports Pakistan
King Abdullah Economic City
TotalEnergies
CISO OPINION CORNER
BUILDING TRUST AND CYBERSECURITY IN TODAY'S BUSINESS LANDSCAPE How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterpris cyber security decision makers in the area of DX and TCO? Trust is essential in the modern digitalised business environment: trust in brands, trust in relationships, and confidence in technology. It is not worthy of your confidence if you do not comprehend how something operates or how it manages your data. In cybersecurity, where trust is essential, greater transparency and long-term relationships with consumers should be prioritised. Many organisations are caught between a rock and a hard place during these difficult situations. Businesses have had to adjust to new digital realities by establishing everything remotely (and as quickly as possible), while cybercriminals have gained momentum and the capacity to extend the pool of individuals to target and the instruments at their disposal. As a result, clients require cybersecurity assistance now more than ever before. In times of instability, companies value stability above all else - not just from vendors, but also from vendors' partners. When a client sees that a partner's business is steady and growing, they are more
“Today's major and emerging firms, as well as small organisations, have mostly transitioned to using cloud platforms.”
ZAHEER KADIR KAZI Information Security Senior Specialist Ministry of Interior UAE
O CTO B E R 2023
07
CISO OPINION CORNER
likely to trust the services being offered. This entails investing consistently in increasing the quality of your services, as well as providing consistent customer support Clients must always be given the highest service and assistance. To do this, factors such as actively investing in enterprise product development and improving dedicated expertise become critical. How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of cloud vulnerabilities? Cloud vulnerability management refers to the ongoing practice of discovering, reporting, and mitigating security threats discovered on the cloud platform. To ensure data and application safety, strong cloud security procedures with a comprehensive cloud vulnerability management system must be implemented. Today's major and emerging firms, as well as small organisations, have mostly transitioned to using cloud platforms. This allows such firms to be less concerned about safe physical data storage facilities because everything is stored on cloud servers. A complacent cloud vulnerability is provided by the vendor when they successfully manage to address the key vulnerabilities associated with the cloud such as: 1. Human Error Vulnerabilities 2. Network Vulnerabilities 3. Procedural Vulnerabilities 4. Operating System Vulnerabilities It should be highlighted, however, that while the cloud has revolutionised storage and working efficiency, it is not without drawbacks. These are undesired hostile attempts in which hackers attempt to infiltrate the cloud and get critical information. How have vendor driven cyber security solutions adapted to the lack of enterprise skilled resources, increasing regional threat levels, and increasing cost of ransomware and remediation through AL, ML, and automation? Artificial Intelligence (AI) and Machine Learning (ML) have evolved into significant competitive advantages in today's environment. These technologies are quickly becom-
08
O CTO B E R 2023
ing the industry standard for managing data, streamlining and improving operations, and strategically positioning firms in their respective industries. When selecting a cybersecurity company, the most crucial factors to evaluate are product and service quality, as well as cyberthreat expertise. Such a tendency is verified by the evolution of the threat landscape, which is exacerbated on the one hand by the emergence of APT assaults, and on the other by the fact that malware not expressly designed to infiltrate corporate networks inflicts major harm on huge firms. Customers today expect sophisticated protection from a vendor with a high degree of experience that has been demonstrated globally. Many businesses are turning to artificial intelligence (AI) and machine learning (ML)powered technologies to help their teams automate triage, investigation, and remediation operations at scale. One of the key advantages of AI/ML technologies is that they help to address the existing cybersecurity skills gap. Organisations lack sufficient personnel with the necessary skill sets to operate comprehensive security operations around the clock. This can make integrating AI/ML technology more challenging in the short run, but the long-term advantages significantly outweigh the expense of overcoming this early inertia. How have enterprise security decision makers progressed in their relationships with enterprise business heads? In recent years, the cybersecurity sector has seen several storms. Companies are being more cautious in their approach to budget allocation as global economic uncertainty intensifies. Naturally, this will have repercussions for how firms treat their cybersecurity investments now and in the future. They will be more cautious when evaluating the available alternatives and will actively seek evidence that
a vendor can handle their unique problem. An integrated marketing strategy must be built totally around the demands, experiences, and expectations of a potential customer, cybersecurity suppliers must thus have a 360-degree perspective of their consumers' behaviour and modify their plan appropriately. Understanding the characteristics that drive vendor and product awareness, as well as selection and purchase habits, enables cybersecurity companies to flourish in an increasingly competitive marketplace. How has the relationship between enterprise security decision makers and the C-suite progressed in the last 12-24 months? Perhaps the greatest significant developments in enterprise security over the last two decades have not been in technology but in perception. While dazzling new technological gadgets rarely fail to pique management's interest, establishing the security case for acquiring them is an entirely different story. Because the security function is now seen as a fundamental component of business operations in many firms, it is important to keep the C-Suite involved. Communication is essential for improving an organisation's cybersecurity posture. The C-suite must develop effective communication techniques, reporting back to security personnel on the impact of their work and soliciting their support for the business vision. Similarly, it is critical to provide avenues for security personnel to communicate their realities and difficulties to leadership. Putting an emphasis on teamwork and communication to help overcome the legacy of previous failures. Establishing a clear route ahead for IT and security that reaffirms their shared objective goals will assist both sides in succeed while also easing any apparent friction that may arise from career concerns. A cohesive approach aids in the demonstration of aims and targets, confirming that a chain is only as strong as its weakest link ë
CISO OPINION CORNER
EMPOWERING ENTERPRISE CYBERSECURITY: TRENDS AND INNOVATIONS How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterpris cyber security decision makers in the area of DX and TCO? Collaboration and information sharing between vendors and enterprises have also improved to foster a proactive approach to Cybersecurity. They now prioritise integration with DX initiatives, providing seamless protection for cloud-based and IoT environments. Cybersecurity solutions have also embraced AI and Machine Learning to enhance threat detection and response capabilities. They offer more comprehensive threat intelligence
“Cybersecurity solutions have also embraced AI and Machine Learning to enhance threat detection and response capabilities”.
SHEIKH AMZAD
Head Infra & Information Security Vandana Global Ltd.
O CTO B E R 2023
09
CISO OPINION CORNER
and real-time monitoring, enabling quicker response to emerging cyber threats. They emphasize user-friendly interfaces and reporting tools to help decision-makers gain better insights into their security posture, facilitating informed decisions. These developments collectively empower enterprises to navigate the complex landscape of Cybersecurity in the age of digital transformation more effectively. How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of cloud vulnerabilities? Enterprise cyber security decision-makers' needs and vendor-driven solutions have also embraced a more modular and customizable approach. This allows organisations to tailor their security stack to specific cloud vulnerabilities and compliance requirements. Real-time threat remediation, such as automated patching and isolation, has become a standard feature. Vendor-driven solutions also facilitate security audits and reporting to simplify compliance verification for decisionmakers. Additionally, solutions emphasise zero trust principles, ensuring least privilege access and micro-segmentation within cloud environments. Cloud-native identity and access management features enhance authentication and authorisation. These advancements
10
O CTO B E R 2023
empower enterprises to navigate the complex cloud security landscape effectively. How have vendor driven cyber security solutions adapted to the lack of enterprise skilled resources, increasing regional threat levels, and increasing cost of ransomware and remediation through AL, ML, and automation? They heavily leverage AI and ML algorithms for threat detection and mitigation, reducing the reliance on human expertise. Automation is integral, with solutions automating routine tasks, incident response, and threat hunting. Vendor-driven platforms increasingly support threat intelligence sharing and collaboration, fostering a community-based defence approach. This multifaceted adaptation not only addresses resource constraints but also bolsters organisations against rising regional threats and the financial burdens associated with ransomware attacks. How have enterprise security decision makers progressed in their relationships with enterprise business heads? The relationship between enterprise security decision makers and business heads has matured into a dynamic partnership focused
on achieving both security and business objectives in a rapidly changing digital landscape. This shift involves proactive communication, aligning security strategies with business goals, and demonstrating the value of security investments in terms of risk reduction and business continuity. They also seek to strike a balance between security and user experience, understanding that overly restrictive measures can hinder productivity and innovation. Overall, the relationship has transformed from a barrier to business agility to an enabler of growth and resilience How has the relationship between enterprise security decision makers and the C-suite progressed in the last 12-24 months? In the past 12-24 months, the relationship between enterprise security decision makers and the C-suite has deepened significantly due to escalating cyber threats. The C-suite now expects security leaders to not only prevent breaches but also to have robust incident response plans in place. This includes clear communication strategies and tested disaster recovery measures. Security decision makers integrate privacy with Cybersecurity, collaborating to meet GDPR and CCPA requirements. During this time, security leaders and the C-suite have embraced a united front in tackling cyber risks, and adapting to changing threats and regulations. ë
C
M
Y
CM
MY
CY
CMY
K
BT magazine.pdf
1
27/09/2023
6:06 PM
C
M
Y
CM
MY
CY
MY
K
Unlock Endless Possibilities with Video Collaboration
VISIT THE LOGITECH STAND AT
STAND: H1.D90
EXPERT BYLINE
The Security Imperative: Protecting APIs in a Connected World APIs, though not a new concept, have become essential in enabling the interaction of various software components through defined protocols. If we start from the common sense that covid crisis has boosted Digital Transformation efforts worldwide, it´s safe to state that web application programming interfaces (APIs) are the connective tissue enabling that growth. APIs are certainly not a new concept: The term was coined in the 1960s, and the idea is nearly as old as computing itself. In very simple terms, an API is a mechanism for two or more software components to interact with each other using protocol(s). Categorizing APIs: Varieties and Classifications There are different types of web APIs based on access, architecture, protocols, etc. Web APIs, those interfaces usually presented as XML
or JSON formats, emerged more than 20 years ago, with early XML interchange formats evolving into simple object access protocol (SOAP), and eventually representational state transfer (REST) gaining traction as a set of guidelines for creating stateless APIs. API Security This way, the rise of web and mobile-based offerings requiring data sharing across multiple companies’ products increased digital transformation, and mobile applications’ reliance on APIs fuelled that growth. On top of that, the advent of microservices architecture, where an application is broken down into loosely coupled individual services,
NEHA YADAV
Cyber Security Advisor Confidential
FLAVIO CARVALHO
Chief Information Security Officer Iberia Group Crédit Agricole
12
O CTO B E R 2023
EXPERT BYLINE
continues to increase reliance on APIs due to the communication mechanism between microservices. Therefore, the rapid boost in the usage and dependence on APIs in modern application architectures is the key factor in the increased attention on API vulnerabilities among bad actors as well as security researchers. It’s not a coincidence that many of the most serious API security issues, in terms of potential records breached and data involved, have occurred in the past few years, despite API usage extending much further back. Mid-size enterprises count on around 10,000 APIs in use, and this number growing to 15,000+ in large enterprises. In addition, organisations with in-house application development, even small organisations and startups heavily rely on APIs, using thousands of them. In all cases, the average growth rate for API usage is over 200% on a yearly basis. When we look at security issues around APIs, we see data breaches, Distributed Denial of Services (DDoS) and the plague of legacies – zombie APIs, unknown or shadow APIs as top concerns. In the same way that good old CMDBs and asset inventories are important, so are API inventories. But, in reality, that is quite important and rare at the same time. Shadow APIs are the ones created outside the formal process and/or undocumented.
A CISO's Approach to API Security Serving as a CISO, we often battle a lack of visibility and proper information. As always, we can only secure what we know that exists. So, the first and foremost concern is to have in place a formal process, supported by upper management that allows proper API management, supported by a well-documented, dynamic inventory. That alone is no minor task, so prepare for a long and difficult road until this point. Regarding the inventory itself, no matter if you start slow, try to include the most obvious APIs in a static way. It's a start. The important point is to educate yourself on the topic, look for software alternatives and evolve over time. Also, everyone traditionally talks about the OWASP top ten for applications, but how about OWASP top ten for the APIs? “The lack of visibility and lack of documentation highlights the security blindspot that APIs pose to organisations,” said Edward Roberts, Vice President of Marketing at Neosec. So, once we develop ourselves in the topic as well as our visibility on our APIs and its management process, we naturally stand in a better position to secure our organisations in that field. Serving as a CISO in Europe, the main concern is data leak, since privacy laws (such as GDPR) impose large fines for
incidents of this kind. Regular dynamic application security testing or fuzzing – frequency defined by policy, classified by risk is a great starting point. Such tests attempt to pass malformed input to an API to test for injection vulnerabilities around input validation issues, such as SQL injection, command injection, or cross-site scripting. They also attempt to identify broken authentication or a failure to properly identify and validate a user or entity, or authorisation that ensures the authenticated user or entity has rights to access certain data. Both management and API rate limiting are other important security measures, that help organisations avoid abuse of APIs (usually by over usage). Anti-DDoS features are key, not only to protect APIs but generally speaking, and also include WAF and geo-blocking rules, a combination using for years in different organisations and geographies. As with everything else around security, there's no silver bullet. APIs are a very important security topic, growing fast and oftentimes under-protected. Let´s evolve our organisation's protection and ourselves on the matter, there are alternatives for all kinds of business, regardless of their size or geography. Start it today.ë
O CTO B E R 2023
13
COVER STORY
An exclusive interview with Stephan Berner, CEO of Help AG
LEADING THE
CHARGE
Innovate. Automate. Elevate. In a rapidly evolving digital landscape where cybersecurity is paramount, Help AG emerges as a beacon of excellence and a redefiner of leadership.
STEPHAN BERNER CEO, Help AG
Stephan established Help AG ME in 2004,
From cloud computing to artificial intelligence, IoT, and more, Help AG now leverages e& enterprise's extensive portfolio of solutions to deliver even greater value to its clients
and as its CEO, he has steered the company to exceptional growth. He leads Help AG's strategic initiatives to elevate investments, expand business activities, and foster essential partnerships across the MEA region. Stephan is widely recognized for his prowess in building successful enterprises from the ground up, driven by his unwavering commitment to value creation, scalability, and sustainability. His entrepreneurial spirit and relentless drive have played a pivotal role in Help AG's remarkable achievements. Stephan's leadership philosophy revolves around fostering innovation, empowering teams, and driving transformative change. With a keen eye for emerging technologies and market trends, he continues to guide Help AG towards new frontiers, ensuring the organisation remains at the forefront of the rapidly evolving cybersecurity landscape. Stephan is not just a CEO but a visionary leader who has been instrumental in Help AG's enduring success.
14
O CTO B E R 2023
COVER STORY
In an era where the digital landscape evolves at breakneck speed, the need for robust cybersecurity has never been more critical. As organizations navigate the complexities of the hyper-connected world, one company has consistently emerged as a leader in the field – Help AG. With a legacy spanning nearly two decades, Help AG has not only withstood the test of time but has also shaped the future of cybersecurity. Cyber Resilience in a Changing World While the World Economic Forum spotlighted cyber resilience as a paramount priority in 2023, Help AG distinctly stands out as a formidable leader in this crucial sector. The company's emphasis on security by design and its commitment to partner with clients, rather than merely selling solutions, empower organisations to thrive in the digital age. A Legacy of Cybersecurity Excellence Founded in 2004, Help AG embarked on a mission to fortify the digital realm, and its journey has been nothing short of extraordinary. Over the years, it has evolved from a promising startup to a powerhouse in the cybersecurity sector. In 2015, Help AG pioneered managed security services, setting a standard that others would later follow. In the 2023 IDC MarketScape Managed Security Services Vendor Assessment (GCC),
Acknowledgment as a leader in the IDC MSS Marketscape is a testament to our commitment to pioneering cybersecurity solutions and defining industry benchmarks. Our comprehensive portfolio leverages the best of people, processes, and technology, combining human intelligence with the power of automation. This allows us to offer our clients an unparalleled level of service, making us the preferred choice for organizations in the region.
Help AG resoundingly emerged as a "Leader." This recognition is a testament to Help AG's strategic vision and steadfast commitment to safeguarding digital ecosystems. As organisations increasingly turn to MSS providers to address their security needs, Help AG's position as a leader reinforces its role as an industry trailblazer. The company’s outstanding position in terms of both capabilities and strategies serves as a visual representation of the team's hard work and dedication. The verdict is clear – Help AG stands as Numero Uno in the MSS landscape, a testament to the company's commitment to securing the digital frontier. Innovation at the Core What sets Help AG apart is its steadfast dedication to innovation. It doesn't merely keep pace with industry trends; it sets them. The Help AG's philosophy of "Innovate, Automate, Elevate" reverberates through every facet of its operations. The company's forwardthinking approach has enabled it to introduce
cutting-edge technologies and processes, from embracing the cloud before it was in vogue to championing secure access services. Central to Help AG's innovative prowess is its dedicated service development arm. This team embodies the agile concept-to-market approach, continually pushing the boundaries of what's possible in cybersecurity. They develop a wide array of services tailored to meet the evolving needs of customers in the digital age. What truly distinguishes Help AG is its flexibility in operational models. These innovative services are not locked into a single approach. Instead, they customize them to suit the unique requirements of each customer. Whether it's a capital expenditure (CAPEX) or an operational expenditure (OPEX) model, Help AG ensures that customers have the flexibility to choose what works best for them. What truly distinguishes Help AG is its flexibility in operational models. These innovative services are not locked into a single approach. Instead, Help AG customises
Source: IDC MarketScape: Gulf Cooperation Council Region Managed Security Services Vendor Assessment, 2023 IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of ICT suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. The Capabilities score measures vendor product, go-to-market and business execution in the short-term. The Strategy score measures alignment of vendor strategies with customer requirements in a 3-5-year timeframe. Vendor market share is represented by the size of the icons.
O CTO B E R 2023
15
COVER STORY
1995
Independent CSOC established in the UAE
Regional office established in Abu Dhabi
Founded in Germany
2004
2015 2009
Help AG Middle East established with headquarters in Dubai
Help AG is the ideal partner for organizations that require not only a comprehensive portfolio of managed security products and services but also regional experience and multi-country intelligence. This is particularly pertinent for entities operating in sectors such as the government, critical infrastructure, energy, utilities, healthcare, and banking, which must adhere to stringent local regulations and compliance requirements in the UAE and Saudi Arabia. Source: IDC MarketScape MSS Assessment 2023 (GCC)
them to suit the unique requirements of each customer. Whether it's a capital expenditure (CAPEX) or an operational expenditure (OPEX) model, Help AG ensures that customers have the flexibility to choose what works best for them. This adaptability underscores their commitment to customer satisfaction and their ability to make cybersecurity simpler and more accessible. In a world where cybersecurity threats continually grow in sophistication, having the right team with the right skills is paramount. Help AG constantly invests in its people, nurturing a team of experts who are not just knowledgeable but also forward-thinking. This investment in
16
O CTO B E R 2023
100+ zero-day findings to its credit
2017 2016
Expansion into KSA with an office in Riyadh human capital has become a cornerstone of their approach, ensuring that clients have access to the best minds in the cybersecurity field. Intelligent Automation and Human Intelligence: A Harmonious Blend Help AG seamlessly fuses intelligent automation and human intelligence. In a world where cybersecurity demands constant adaptation, this synergy stands at the core of the brand’s success. Intelligent automation is at the heart of Help AG's operational prowess. It enhances agility, elevates threat detection and response, and ensures every action taken is consistent, timely, and driven by intelligent analysis. This technology-driven approach not only optimizes processes but also fortifies their clients' cybersecurity defenses with a level of resilience and adaptability that is second to none. Yet, Help AG understands that technology alone cannot guarantee success. The company's distinctive people-centric philosophy underscores the importance of human intelligence. The company's cybersecurity solutions are not just about technology; they are about building enduring partnerships and delivering tailored solutions that cater to the unique needs of each client and partner. A testament to this innovative approach is UNIFY, a seamlessly integrated platform within Help AG's Managed Detection and Response (MDR) subscription. UNIFY not only enables effortless integration with thirdparty data and products but also complies with local data regulations. “UNIFY goes beyond conventional security controls, offering advanced analytics, automation, and health and hygiene monitoring. UNIFY serves as a
2018
Over 100 employees onboard
collaborative bridge, fostering omnichannel communication between our clients and experts”, says Stephan Berner. “UNIFY empowers clients with centralized dashboards, comprehensive attack visibility, enriched threat intelligence, and intelligent analysis across the entire security landscape. With its robust Security Orchestration, Automation, and Response (SOAR) capabilities, UNIFY streamlines threat intelligence management, end-to-end case handling, unified attack visibility, and nextgeneration analytics”, he adds. Through UNIFY, Help AG isn't just redefining cybersecurity platforms; it's setting new standards for customer expectations. Help AG delivers a service-centric cybersecurity paradigm that isn't just future-ready but leads the industry with a pioneering vision of intelligent automation and human intelligence working hand in hand. Cultivating a Security Culture While innovation and technology are vital, Help AG recognizes that a strong security culture is equally essential. In today's digital landscape, cybersecurity is not solely the responsibility of IT departments; it's a collective effort that involves every member of an organization. Help AG emphasizes the importance of fostering a security-conscious mindset among employees. “A robust security culture goes beyond compliance; it's about instilling a sense of responsibility and awareness in every team member. Training and awareness programs are integral to the company’s approach, ensuring that employees are not just users of technology but guardians of security. This commitment to a security culture empowers organisations
COVER STORY
y s
The KSA CSOC goes LIVE
Launch of Help AG as a Service
2020
2021 2021
Acquired by e&, becoming the cybersecurity arm of e& enterprise
Recognized as a MSS "Leader" in IDC MarketScape (GCC)
2023 2022
Introduction of Cyber Edge X, an SSE offering
to proactively identify and mitigate threats, making cybersecurity a shared responsibility”, says Stephan. Ensuring Compliance and Governance Help AG's commitment to compliance extends far beyond mere adherence to regulatory standards. Compliance is viewed as a fundamental element of their cybersecurity strategy, deeply embedded in the organizational DNA. Their unwavering dedication to maintaining the highest standards of information security, business continuity, and quality assurance sets Help AG apart in the industry. Safeguarding Information Assets through ISO 27001 One of Help AG's strongest pillars of compliance is their ISO 27001 certification, a globally recognized standard reinforcing their commitment to safeguarding information assets. This certification provides them with a comprehensive framework for managing the security of information assets. Systematically implementing best practices, policies, and controls, they uphold the confidentiality, integrity, and availability of data. This approach not only bolsters clients' trust in Help AG's security measures but also empowers them to proactively identify and mitigate security risks. Their rigorous adherence to ISO 27001 enhances their ability to safeguard against data breaches, cyberattacks, and operational disruptions. In today's dynamic world, ensuring business continuity is paramount for Help AG. They adhere to ISO 22301 standards to ensure operational resilience during disruptions,
2023
Attained SOC Capability Maturity Model (CMM) certification at risk-driven Level 3
ensuring uninterrupted service delivery and preserving their reputation as reliable partners. Help AG is not just prepared for the unexpected; they are well-practiced in managing potential risks and minimizing disruptions to their clients' operations. ISO 22301 serves as a testament to their dedication to client satisfaction, reliability, and their ability to deliver consistent value under any circumstances. Aligning Services with Business Risk: SOC-CMM Level 3 Another recent milestone exemplifying Help AG's commitment is achieving the highest level of SOC-CMM certification, level 3 risk-driven. This certification underscores their dedication to infusing risk and intelligence into decision-making, aligning their services with business risk and the evolving threat landscape. “With a strong emphasis on agility, adaptability, and continuous improvement, our SOC demonstrates a full SOC lifecycle management approach. Help AG Cyber Defense Center is one of the world's first SOCCMM certified operations, a testament to our team's exceptional expertise and unwavering dedication”, says Stephan. Elevating Solutions: Quality Assurance (QA) and Quality Control (QC) Quality is a non-negotiable aspect of Help AG's compliance strategy. They implement rigorous Quality Assurance (QA) and Quality Control (QC) measures to validate every incident they handle. This meticulous approach guarantees that the solutions they deliver are of the highest caliber, minimizing risks and optimizing outcomes. Quality assurance isn't just a checkbox for Help AG; it's a commitment
to excellence that defines their approach to cybersecurity. People-Powered Excellence At the heart of Help AG's success lies its globally diverse team of cybersecurity experts. Celebrating a rich tapestry of nationalities and backgrounds, Help AG fosters a culture of collaboration that drives innovation beyond borders. In the UAE and Saudi Arabia, Help AG is a staunch supporter of Emiratisation and Saudization, actively nurturing local talent with opportunities for career growth and mentorship. Through structured internship programs, the organisation bridges the gap between theoretical knowledge and practical application, providing a platform for the next generation of cybersecurity professionals to flourish. Help AG's well-defined career development pathway, combined with a culture of cross-disciplinary exploration, ensures that every team member experiences personal and professional growth. Competitive compensation, a vibrant corporate culture, and continuous training create an environment where individuals not only thrive but also contribute to the company's exceptional median employee tenure of 3 years. The organisation's dynamic performance review process, characterized by open dialogues and timely feedback, further facilitates continuous growth and improvement. Help AG's commitment to talent development extends beyond internal initiatives, with partnerships established with renowned institutions such as the University of Wollongong in Dubai, reinforcing the organisation's dedication to nurturing the next
O CTO B E R 2023
17
COVER STORY
generation of cybersecurity experts. Over the years, Help AG's commitment to assembling a powerhouse team of experts paid off. Their roster of cybersecurity professionals grew to become one of the largest in the industry. These experts weren't just employees; they were passionate advocates for security, dedicated to safeguarding the digital assets of their clients. Help AG's people-centric approach is the driving force behind its position as a cybersecurity leader, where excellence knows no boundaries. Transformation for Success The year 2020 marked a pivotal moment in Help AG's journey, as it underwent a transformational acquisition by the region's largest service provider. This strategic move
not only injected much-needed financial stability into the company but also opened doors to a vast and diverse customer base while augmenting resources. During this transformative period, Help AG continued to shine. It remained steadfast in delivering unparalleled cybersecurity services and innovative solutions, further solidifying its position as an industry leader. With Etisalat's transformation into e&, Help AG's trajectory took an even more ambitious turn. e&, now a global technology and investment powerhouse, offers Help AG unparalleled resources and a global reach. With a presence
in over 16 countries and a commitment to expanding further, e& provides Help AG with a significant competitive edge. This newfound advantage extends beyond geographic reach. Help AG now has access to a treasure trove of service provider intelligence, investment capabilities, and a diverse array of cuttingedge technologies. “From cloud computing to artificial intelligence, IoT, and more, Help AG now leverages e& enterprise's extensive portfolio of solutions to deliver even greater value to its clients”, says Stephan Berner. “Being part of one of the region's most reputable and forward-thinking brands has
With a strong emphasis on agility, adaptability, and continuous improvement, our SOC demonstrates a full SOC lifecycle management approach. Help AG Cyber Defense Center is one of the world's first SOC-CMM certified operations, a testament to our team's exceptional expertise and unwavering dedication.
not only contributed to company’s success but has also accelerated its growth trajectory. This strategic alliance has propelled our company into the global arena, firmly establishing it as a cybersecurity leader poised for even greater achievements”, he adds. In the current landscape, Help AG serves approximately 500 large enterprises and government entities across the region. Help AG's journey from a startup to a cybersecurity powerhouse is a testament to its unwavering commitment to excellence, innovation, and the cultivation of a security culture. As the digital landscape continues to evolve, Help AG stands as a beacon of leadership, ensuring that organizations can embrace digital transformation with confidence. With a visionary leadership team, a dedicated workforce, and a relentless pursuit of cybersecurity excellence, Help AG is poised to shape the future of secure digital landscapes. ë
18
O CTO B E R 2023
DRIVING OPERATIONS AND PERFORMANCE EXCELLENCE YOUR PARTNER FOR
Cloud & Digital Transformation
Enterprise Applications
Analytics & Automation AI & ML as a Service
Cyber Security Solutions
Management Consulting, Advisory and Quality Assurance
An unit of
“Delivery centres in US, Middle East and India”
Phone: +971528732716 | Email: hello@opx america.com | www.opxtechnology.com
CISO OPINION CORNER
THE SURGE IN CYBER ATTACKS: THE EVOLVING CYBERSECURITY SOLUTIONS As cybersecurity risks evolve, so too does the landscape of available solutions. Simplifying cybersecurity messages and aligning them with business objectives is essential in today's landscape.
NEHA YADAV
Cyber Security Advisor Confidential
20
O CTO B E R 2023
CISO OPINION CORNER
How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of DX and TCO? Vendor driven cyber security solutions have actually adapted quite well to the ongoing demands and expectations of enterprise cyber security decision makers in the area of DX & TCO. Especially with the startup culture, the smaller fishes are more accommodating in terms of configuration modifications to customise the solutions based on the customer requirement(s). Also, they are quite adjusting in terms of the pricing of the solutions. Overall, in the past five years or so, there has been a huge boom in terms of the number of options to choose from for solving the same cyber security risk(s). How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of cloud vulnerabilities? Vendor driven cyber security solutions has made an effort to adapt to the ongoing demands and expectations of enterprise cyber security decision makers in the area of cloud vulnerabilities. When it comes to cloud security, we still do have a gap and I really do believe that we need to talk about this topic more. There are some grey areas sometimes about the shared responsibility model. The vulnerability management from a cloud standpoint needs more attention
and shall be considered as a bare minimum and shall be included in the most basic packages as well because sometimes it is challenging to get approval for a separate module like a security hub that takes care of vulnerability management. Also, there is still a lot to be done to reduce false positives in this area. How have vendor driven cyber security solutions adapted to the lack of enterprise skilled resources, increasing regional threat levels, and increasing cost of ransomware and remediation through AL, ML, and automation? Vendor driven cyber security solutions have actually adapted to the lack of enterprise skilled resources, increasing regional threat levels, increasing the cost of ransomware and remediation through automation. Vendors have done a commendable job in bringing up tailored solutions for addressing cyber security risk(s) in an automated way to ensure security operations can be done with minimum resources. A very small example of running phishing campaigns is that you don't necessarily need to set up an instance and configure it on your own but you can simply rely on certain tools where phishing campaigns can be done very easily just from a front-end perspective. Also, the SOAR technology has helped us to deal with known incidents based on playbook configurations. Cyber insurance has become more common which helps companies better deal with financial losses. How have enterprise security decision makers
progressed in their relationships with enterprise business heads? This can be quite subjective and different for each company/sector as still security decision makers are challenged about fixing vulnerabilities and/or patching. I believe the key is to well calculate risk and position security as a business enabler tool. We're no longer the geek guys that are only concerned in saying no. We must position security as a business booster, never the other way around. In general, the rise in cyber-attacks with the resulting losses and also more role-based security awareness, has made the enterprise business heads more clear about the need for security. How has the relationship between enterprise security decision makers and the C-suite progressed in the last 12-24 months? Again, this can be quite subjective and different for each company/sector as still the C-suite does officially accept some cyber security risks. In general, the rise in cyber-attacks with resulting losses has made C-suites realise that the business could face huge financial losses or even shut down due to a critical security incident and/or attack. It's on us to cut off the mambo jambo technical jargon, simplify our message, and always stick with the business. As a cyber security advisor and a person connected to some great folks in space, I can say that we still have a long way to go! ë
O CTO B E R 2023
21
CISO OPINION CORNER
DEMONSTRATING THE LONG-TERM VALUE OF CYBERSECURITY Vendor-driven cybersecurity solutions have undergone significant evolution to meet the ever-evolving demands and expectations of enterprise cybersecurity decision makers. How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of DX and TCO? Vendor-driven cybersecurity solutions have had to adapt significantly to meet the ongoing demands and expectations of enterprise cybersecurity decision makers in the context of Digital Transformation (DX) and Total Cost of Ownership (TCO). Here are some ways they have evolved:
Integration with DX Initiatives: Vendors have recognised the need to align their cybersecurity solutions with an organisation's DX efforts. This means ensuring that security measures don't hinder digital transformation but rather enable it. This includes making security solutions more modular and easily integrated with existing infrastructure and cloud-based services. Scalability: As enterprises grow and expand their digital footprint, cybersecurity solutions must scale accordingly. Vendors now offer solutions that can scale both horizontally and vertically, allowing organisations to adapt to changing needs without incurring excessive costs. Automation and AI: The increasing complexity of cyber threats has made automation and AI indispensable in cybersecurity. Vendors have incorporated machine learning and AI-driven technologies into their solutions to better detect and respond to threats in real time. This not only enhances security but also reduces the workload on cybersecurity teams. Cloud-Centric Solutions: With the shift to the cloud, cybersecurity solutions have had to adapt to protect cloud-based assets and applications. Vendors now offer cloud-native security solutions that provide robust protection for data and applications in the cloud, while also being cost-effective. Compliance and Regulatory Support: Cybersecurity regulations and
MURTAZA LIGHTWALA
General Manager - Cybersecurity K-Electric Limited
22
O CTO B E R 2023
CISO OPINION CORNER
compliance requirements have become stricter. Vendors have responded by offering solutions that help enterprises meet these requirements more easily, reducing the risk of fines and legal issues. TCO Considerations: Enterprise cybersecurity decision makers are more concerned than ever about the Total Cost of Ownership. Vendors have had to demonstrate the long-term value of their solutions by offering transparent pricing models, reducing hidden costs, and emphasising the ROI of their products. User-Friendly Interfaces: Decision makers expect cybersecurity solutions to be userfriendly and provide clear visibility into security postures. Vendors have improved their user interfaces to provide better insights and easier management of security policies. Threat Intelligence and Information Sharing: Vendors now offer threat intelligence platforms that help organisations proactively identify emerging threats. Additionally, they promote information sharing and collaboration within the cybersecurity community to collectively defend against cyberattacks. Zero Trust Architecture: With the rise of remote work and mobile devices, the concept of Zero Trust has gained prominence. Vendors are developing solutions that enforce Zero Trust principles, ensuring that trust is never assumed, regardless of where users or devices are located. Managed Security Services: Many vendors now offer managed security services, recognising that not all enterprises have the in-house expertise to manage complex cybersecurity solutions. This reduces the burden on internal IT teams and can be more cost-effective. How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of cloud vulnerabilities? Vendor-driven cybersecurity solutions have adapted to the ongoing demands and expectations of enterprise cybersecurity decision makers in the area of cloud vulnerabilities in several ways: Cloud-Native Security: Vendors have developed cloud-native security solutions specifically designed to address vulnerabilities unique to cloud environments. These solutions provide real time visibility, control, and protection for cloud resources, including virtual machines, containers, and serverless functions.
API Security: As cloud services heavily rely on APIs (Application Programming Interfaces), vendors have enhanced their offerings to include API security solutions. Container Security: With the widespread adoption of containerisation and orchestration platforms like Kubernetes, vendors have developed container security solutions that can identify and mitigate vulnerabilities in containerised applications and ensure secure container deployments. Serverless Security: As serverless computing becomes more popular, vendors have created security solutions tailored to serverless architectures. Identity and Access Management (IAM): Vendors offer robust IAM solutions that help organisations manage user access to cloud resources. Compliance and Configuration Management: Cloud security solutions now include tools for assessing and enforcing compliance with industry regulations and best practices. Threat Detection and Response: Vendors have integrated advanced threat detection and response capabilities into their cloud security solutions. These solutions use machine learning and AI to identify suspicious activities and automate responses to mitigate potential threats quickly. Cloud Access Security Brokers (CASBs): CASBs have gained importance in securing cloud environments. Vendors offer CASB solutions that provide visibility into cloud usage, enforce security policies, and protect data as it moves to and from cloud applications. Multi-Cloud and Hybrid Cloud Support: Enterprises often use multiple cloud providers or maintain hybrid cloud environments. Vendors have adapted by offering solutions that provide consistent security controls and visibility across all cloud environments. Risk Assessment and Remediation: To help decision makers prioritise vulnerabilities and remediate them effectively, vendors have integrated risk assessment capabilities into their solutions. User-Friendly Dashboards and Reporting: Vendor solutions now offer user-friendly dashboards and comprehensive reporting features. Collaboration and Integration: Vendors encourage integration with third-party security tools and cloud platforms, enabling organisations to build a holistic security ecosystem. This collaborative approach enhances overall cloud security. Cost Optimisation: In addition to security,
vendors have incorporated features for cost optimisation within their cloud security solutions. How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of cloud vulnerabilities? Vendor-driven cybersecurity solutions have significantly adapted to address the challenges posed by the lack of skilled resources, increasing regional threat levels, and the rising cost of ransomware and remediation through the integration of Artificial Intelligence (AI), Machine Learning (ML), and automation. Here's how they have adapted: Automated Threat Detection and Response: AI and ML algorithms are used to automatically detect and respond to threats in real time. This reduces the reliance on scarce cybersecurity experts, as the system can analyse vast amounts of data and identify anomalies or suspicious activities independently. Behavioural Analysis: AI and ML enable solutions to establish baselines for normal user and system behaviour. When deviations occur, such as unusual network traffic patterns or unauthorised access attempts, the system can trigger alerts or automatically take remedial actions. Predictive Analytics: Predictive analytics powered by AI can forecast potential threats and vulnerabilities, allowing organisations to proactively bolster their defences. Security Orchestration and Automation: Security orchestration platforms leverage automation to streamline incident response workflows. These platforms can automatically contain threats, isolate compromised systems, and initiate incident response processes, reducing the need for manual intervention. User and Entity Behaviour Analytics (UEBA): AI-driven UEBA solutions analyse user and entity behaviours to identify insider threats and compromised accounts. Threat Intelligence Integration: Many cybersecurity solutions now incorporate threat intelligence feeds that are continuously updated with information about regional threat levels. Ransomware Detection and Prevention: AI and ML algorithms are employed to identify patterns associated with ransomware attacks. This enables early detection and prevention of ransomware incidents, reducing the likelihood
O CTO B E R 2023
23
CISO OPINION CORNER
of costly ransom payments. Incident Investigation: AI-driven solutions can speed up incident investigation by correlating data from various sources and identifying the root cause of security incidents. Cost Reduction: Automation and AI-driven solutions can significantly reduce the overall cost of cybersecurity operations by minimising the need for a large cybersecurity workforce. This is particularly valuable in regions with a shortage of skilled cybersecurity professionals. User-Friendly Interfaces: Solutions are designed with user-friendly interfaces to ensure that even non-experts can effectively manage and monitor security systems, reducing the reliance on highly skilled personnel. Cloud-Based Security Services: Many vendors offer cloud-based security services that are easier to deploy and manage, reducing the burden on in-house IT teams and making advanced security capabilities accessible to organisations with limited resources. Managed Security Services: Vendors offer managed security services where they provide cybersecurity expertise as a service. How have enterprise security decision makers progressed in their relationships with enterprise business heads?
The relationship between enterprise security decision makers and business heads has evolved significantly in recent years. Here are some key ways in which this relationship has progressed: Alignment with Business Goals: Enterprise security decision makers have shifted from being perceived as obstacles to business goals to becoming strategic partners. They now actively align security initiatives with the broader business objectives. Risk Communication: Security decision makers have improved their ability to communicate security risks and their potential impact in business terms. They provide clear and actionable information to business heads, enabling them to make informed risk management decisions. Executive-Level Reporting: Security teams now provide executive-level reports and dashboards that offer a high-level view of the organisation's security posture. Business Continuity and Resilience: Security leaders have played a vital role in enhancing business continuity and resilience. They collaborate with business heads to develop and test incident response and disaster recovery
24
O CTO B E R 2023
plans, ensuring the organisation can quickly recover from security incidents. Involvement in Strategic Planning: Security decision makers are increasingly involved in strategic planning discussions. Budget Collaboration: Business heads and security decision makers collaborate on budgeting and resource allocation. This ensures that cybersecurity receives the necessary funding to address evolving threats and support digital transformation efforts. Compliance and Regulatory Guidance: Security leaders help business heads navigate the complex landscape of cybersecurity regulations and compliance requirements. Vendor and Technology Evaluation: Security teams are often consulted during the evaluation of new technologies and vendors. They assess the security implications of new solutions and help business heads make informed procurement decisions. Training and Awareness: Security decision makers work with business heads to promote a culture of cybersecurity awareness throughout the organisation. Incident Response Planning: Business heads collaborate with security teams to develop and refine incident response plans. Measuring Security's Impact: Security leaders are expected to measure and communicate the impact of security investments. They use key performance indicators (KPIs) and metrics to demonstrate how security initiatives contribute to the organisation's success. Security as a Competitive Advantage: In some cases, security is viewed as a competitive advantage. Security decision makers work with business heads to highlight the organisation's commitment to cybersecurity, which can be a selling point for customers and partners. How has the relationship between enterprise security decision makers and the C-suite progressed in the last 12-24 months?
I can provide some general trends and expectations regarding how the relationship between enterprise security decision makers and the C-suite may have progressed during that time frame based on historical trends: Increased Visibility and Engagement: Over the last couple of years, there has been a growing recognition of the importance of cybersecurity due to high-profile cyberattacks and increased remote work. This likely led to greater visibility for security decision makers at the C-suite level.
Elevated Cybersecurity as a Strategic Priority: The C-suite has likely elevated cybersecurity to a more prominent strategic priority, recognising that it has become a critical business risk. Security leaders may have been involved in strategic planning discussions to ensure that cybersecurity aligns with overall business objectives. Regular Reporting and Metrics: The C-suite may have demanded more frequent and comprehensive reporting from security decision makers. Metrics and key performance indicators (KPIs) related to cybersecurity might have been used to assess the organisation's security posture and the effectiveness of security investments. Resilience and Incident Response Focus: Given the increasing sophistication of cyber threats, the C-suite may have placed a greater emphasis on incident response and business resilience. Collaboration on Budget and Resource Allocation: The C-suite and security decision makers might have collaborated on budgeting and resource allocation for cybersecurity initiatives. Regulatory Compliance and Risk Management: With the introduction of new regulations and the evolving threat landscape, the C-suite may have relied on security leaders to provide guidance on compliance and risk management strategies to avoid legal and financial consequences. Digital Transformation and Innovation: As organisations continue to embrace digital transformation and innovation, the C-suite and security decision makers would have worked together to strike a balance between security and agility. Board-Level Engagement: Some organisations have increased board-level engagement with cybersecurity. Security leaders may have presented to the board of directors to provide updates on security initiatives and the organisation's cyber risk profile. Investment in Advanced Technologies: The C-suite might have supported investments in advanced cybersecurity technologies such as AI, ML, and automation to enhance security capabilities and threat detection. Security as a Competitive Advantage: Some organisations view robust cybersecurity as a competitive advantage. It's important to note that the specific progress in the relationship between security decision makers and the C-suite would vary depending on the organisation's industry, size, and unique cybersecurity challenges. ë
2024 09 FEB - UAE 11 FEB - KSA 09 MARCH - MUMBAI 11 MARCH - CHENNAI MARCH - SINGAPORE
BROUGHT TO YOU BY
OFFICIAL MEDIA PARTNERS
IN ASSOCIATION
CISO OPINION CORNER
ENHANCING CYBERSECURITY AMIDST EVOLVING CHALLENGES
“Security leaders now have a louder voice in strategic discussions”.
NANDOR FEHER
CISO Positivo Tecnologia SA
26
O CTO B E R 2023
CISO OPINION CORNER
How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of DX and TCO? With the surge in Digital Transformation, cybersecurity solution providers are recognising enterprises' heightened concerns about financial impacts, particularly Operational Expenditure (OPEX). In response, they're honing in on understanding the corporate landscape, optimising tool usage, and integrating automation and machine learning. This unified approach curtails tool sprawl, benefiting both DX and TCO. Such adjustments aim to align with cybersecurity decision-makers' strategic priorities, who also support DX and control costs in the digital age. How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of cloud vulnerabilities? As cloud migration speeds up, associated risks rise. Vendors are offering Security as a Service (SaaS) solutions, supporting fasting integration with lower upfront costs. Notables are Cloud Workload Protection Platforms (CWPPs), Cloud Security Posture Management tools (CSPM) and CASB solutions. Furthermore, automation, AI, and ML are incorporated to strengthen cloud security, facilitating agile and effective responses to emerging threats and bolstering secure cloud adoption. How have vendor driven cyber security solutions adapted to the lack of enterprise skilled resources, and increasing regional threat levels, increasing cost of ransomware and remediation through AL, ML, and automation?
The shortage of skilled cybersecurity talents is deepening. To address this, organisations are gravitating towards esteemed cybersecurity communities like OWASP and ISC(2) for expertise and best practices. Active participation in collectives, conferences, open-source contributions, and social media interactions provides valuable insights. Vendors aren't just investing in AI, ML, and automation but
also championing training and upskilling, harmonising with the collaborative approach these communities offer. How have enterprise security decision makers progressed in their relationships with enterprise business heads? Collaboration between enterprise security decision-makers and corporate leaders has notably evolved, with cybersecurity emerging as a strategic pillar. This ascent to a strategic level reflects an understanding that cybersecurity goes beyond the technical, becoming a business priority. As businesses digitise, corporate leaders are not just investing in detection and response but also emphasising rapid recovery and business continuity. The need for a proactive stance is clear, ensuring decisions made today fortify a company's future cyber resilience, securing business continuity and competitive edge.
How has the relationship between enterprise security decision makers and the C-suite The escalating frequency and severity of cyberattacks have vaulted cybersecurity to the top of organisational priorities. This has led to increased resources and enhanced backing from senior management. With attacks impacting beyond direct costs, encompassing reputation and customer trust, firms are becoming more discerning in choosing vendors, seeking those with a robust security culture and proactive stance. Board awareness has resulted in the inclusion of security decision-makers early in technology adoption, like AI and ML. Security leaders now have a louder voice in strategic discussions, exerting more influence in decisions, and fostering the company's sustainable growth. This heightened and focused alignment is crucial for ensuring business continuity and proactivelyshaping cyber defences for the future.ë
O CTO B E R 2023
27
CISO OPINION CORNER
EXPERT ADVICE
CISO OPINION CORNER
CISOS AS STRATEGIC PARTNERS: THE TRANSFORMATIVE SHIFT
“CISOs now engage regularly with CEOs, CFOs, and other executives to provide comprehensive risk assessments and strategic recommendations”.
MEHZAD SAHAR
Group CISO Group of Companies in the Manufacturing Industry
O CTO B E R 2023
29
detection and response, alleviating the burden on overstretched security teams. Furthermore, they provide predictive analytics to proactively identify regional threats and enhance defense strategies. This holistic approach not only mitigates the cost of ransomware but also addresses resource constraints, aligning with the evolving needs of cybersecurity leaders in today's high-risk landscape.
How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of DX and TCO? Vendor-driven cybersecurity solutions have evolved significantly to meet the everchanging demands of enterprise cybersecurity decision-makers within the context of Digital Transformation (DX) and Total Cost of Ownership (TCO) considerations. These solutions now prioritise seamless integration with existing infrastructures, reducing TCO by minimising the need for costly overhauls. Moreover, vendors emphasise scalability and flexibility to accommodate the dynamic nature of DX initiatives. They offer comprehensive threat intelligence, proactive threat detection, and advanced analytics to enhance security posture. The focus has shifted towards userfriendly interfaces and customisation options, empowering decision-makers to tailor solutions to their specific needs. This adaptability and alignment with DX and TCO concerns highlight the maturation of vendor-driven cybersecurity offerings.
enterprise cybersecurity decision-makers amidst the escalating concerns surrounding cloud vulnerabilities. Today's solutions prioritise cloud-native security features, integrating seamlessly with diverse cloud platforms to safeguard critical data and applications. They emphasise real-time monitoring, rapid threat detection, and automated response mechanisms to mitigate cloud-specific risks efficiently. Furthermore, vendors have expanded their offerings to provide comprehensive risk assessment and compliance management tools tailored to the nuances of cloud environments. This adaptability ensures that cybersecurity decision-makers can confidently navigate the complex landscape of cloud vulnerabilities, aligning vendor solutions with their heightened expectations for cloud security.
How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of cloud vulnerabilities? Vendor-driven cybersecurity solutions have evolved to address the evolving demands of
Vendor-driven cybersecurity solutions have responded adeptly to the challenges posed by the scarcity of skilled resources, rising regional threat levels, and the growing cost of ransomware attacks and remediation. These solutions have embraced cutting-edge technologies like Artificial Intelligence (AI) and Machine Learning (ML) to augment limited human resources. Automation plays a pivotal role in rapid threat
30
O CTO B E R 2023
How have vendor driven cyber security solutions adapted to the lack of enterprise skilled resources, and increasing regional threat levels, increasing cost of ransomware and remediation through AL, ML, and automation?
How have enterprise security decision makers progressed in their relationships with enterprise business heads? Enterprise security decision-makers have made significant strides in their relationships with enterprise business heads. Rather than functioning as isolated entities, they now collaborate closely to align security objectives with overall business goals. This evolution stems from a growing recognition of the critical role security plays in ensuring business continuity and reputation protection. Security leaders have become trusted advisors, facilitating open communication and transparency. They engage in risk discussions, enabling informed decisions that balance security measures with operational efficiency. This partnership fosters a culture of security awareness throughout the organisation, enhancing resilience and positioning security as an integral part of business strategy. How has the relationship between enterprise security decision makers and the C-suite Over the past 12-24 months, the relationship between enterprise security decision-makers and the C-suite has undergone a transformative shift. Heightened cyber threats and regulatory pressures have elevated cybersecurity discussions to the C-suite's top agenda. CISOs now engage regularly with CEOs, CFOs, and other executives to provide comprehensive risk assessments and strategic recommendations. This collaboration has resulted in increased budget allocation for cybersecurity initiatives and a deeper understanding of security's integral role in business operations. As a result, CISOs have transitioned from being mere security guardians to valued strategic partners, actively shaping business strategies to ensure resilience in the face of evolving threats.ë
Redington
Re-Imagine the Future of Digital Distribution with Redington's B2B E-Commerce
Faster and Simpler Way of Doing Business
Everything You Need in One Place
Enhanced & Seamless Experience
Scan the QR Code to know more
Visit us at GITEX Global 2023 (16-20 Oct) - Hall 5, Stand A1
CISO PROFILE
Championing excellence in cybersecurity at the
Grand Finale of World CIO 200 Summit
The Grand Finale of the World CIO 200 Summit, which was held from September 17 to 19 at the Marriott Hotel Boulevard in Baku, Azerbaijan, was a prestigious event that brought together 200 Chief Information Officers and Chief Information Security Officers from 50 countries worldwide. It served as a global gathering of top-level IT executives, fostering discussions, collaborations, and insights to navigate the ever-evolving digital landscape. The World CIO 200 Summit Grand Finale, a prestigious gathering of global IT leaders, celebrated the pinnacle of excellence in cybersecurity leadership during its grand finale event. This year's summit showcased the best and brightest Chief Information Security Officers (CISOs) from around the world, recognized their outstanding contributions, and facilitated critical discussions on cybersecurity strategies. The summit provides a platform for thought leadership, networking, and recognition of excellence in the field of information technology and cybersecurity. The event began with a rejuvenating yoga session, setting the tone for a day of mindfulness and innovation. Ronak Samantaray, Co-founder
32
O CTO B E R 2023
& CEO, GEC Media Group expressed his enthusiasm for the event and emphasized the importance of collaboration and knowledge-sharing in the ever-evolving technology landscape through his event welcome note. Thought leaders shared their visionary insights, followed by tech leaders discussing the latest trends and advancements in the industry. The award session celebrated outstanding achievements in the world of technology, honoring exemplary CIOs and organizations. Workshops and roundtable discussions provided a platform for in-depth knowledge exchange and networking opportunities, making this summit an unforgettable gathering of the brightest minds in the tech world. The participants were privileged to experience a sequence of thought leadership sessions that not only sparked inspiration but also nurtured personal development, sparking lively conversations about the boundless potential residing within each of them. John Mattone, a renowned Executive Coach and one of the Co-Founders of ILEC, held the audience spellbound with his profound insights into leadership growth and the art of executive coaching. The thought leadership session of Sandy Bassil, Managing Partner of LiTT, left a significant impact on the event,
joining a series of sessions that ignited discussions about the limitless potential within each participant. One of the captivating thought leader sessions at the event was presented by JPierre-Edouard Sottas, PHD, who delved into ‘The Longevity Blueprint: Achieving Peak
Performance Across Lifespan.’ Another thought leader session that left a lasting impression was delivered by Marcel Kampman, Founder Happyplaces Project. Creative idealist. Strategist. Writer. Speaker. Creactivist. Filmmaker. titled "How to Be
an Astronaut in Your Own Space." Another notable thought leader session during the event was led by Ektaa Sibal, focusing on "Code Wellness: Empowering CIOs & Their Teams for Success."
O CTO B E R 2023
33
EVENT
Visionary Thought Leaders
Empowering Tech Leaders: Insights from the Tech Sessions
The tech sessions served as an invaluable knowledge-sharing platform. Charbel Zreiby, Dell Technologies, in his session titled "Unlock Your Status Quo With Generative AI," Charbel Zreiby, a distinguished expert from Dell Technologies, delved into the transformative power of Generative AI and how it is reshaping industries by pushing the boundaries of innovation. Ali El Kontar, Founder & CEO, Zero & One captivated the audience with his
34
O CTO B E R 2023
presentation, "The Art of Possible." He explored the limitless possibilities that emerge when we harness technology and creativity, shedding light on the future of innovation. Amr Elkessi, Regional Channel Manager, Middle East, Commvault, his session, "Data Protection Redefined," provided valuable insights into the evolving landscape of data protection and how organizations can adapt to meet the challenges of a digital age. Rajesh Radhakrishnan, Entrepreneur,
Director of F9 Infotech, Cloud Visionary, shared his thoughts on "Innovate, Elevate & Empower." His session inspired attendees to embrace innovation and seize opportunities in the ever-changing tech landscape. Naveen Hemanna, Regional Head META, Xoxoday, explored the strategy of "Building A Total Digital Rewards Strategy That Works," shedding light on the importance of employee motivation and engagement in the digital era.
Swami Brahmaviharidas, an esteemed Spiritual and Humanitarian Leader, honored with his presence and officially introduced the remarkable publication, BOTS: The Book of Titans. This extraordinary book transcends mere success stories; it stands as a testament to the unwavering commitment to excellence within the realm of information technology. The exploits of these 200 CIOs have not only reshaped industries and propelled technological progress but have also brought about transformative global change. Their narratives serve as a wellspring of inspiration for both current and future generations of technology leaders.
O CTO B E R 2023
35
EVENT
Workshops: Empowering CIOs for a Digital Future
The grand finale featured two outstanding workshops that stole the spotlight. John Mattone conducted a workshop titled "Intelligent Leadership by LiTT," which empowered leaders to confidently navigate
36
O CTO B E R 2023
today's complex world with a winning mindset. During this session, participants immersed themselves in the intricacies of Design Thinking, acquiring valuable skills vital in the swiftly changing landscape of
business. The workshop emphasized key elements like empathy, ideation, prototyping, and iteration, which are the foundation of successful Design Thinking practices.
EVENT
Concurrently, the "Design Thinking Innovation - Fundamentals" workshop led by Sunny Gambhir, Designer-in-Chief, Windmill delved into the creative process of solving complex problems through innovation. In a world
marked by constant volatility, uncertainty, chaos, and ambiguity, leadership has transitioned into a new paradigm. The workshop underscored that skills once considered the 'new normal' are now indispensable for leaders
at all levels. These critical skills encompass effectively managing remote teams, leading and navigating change with precision, and employing problem-solving techniques that yield a significant impact.
O CTO B E R 2023
37
EVENT
Middle East CISO Conclave Awards
As a highlight of the grand finale, the World CIO 200 Summit conferred the CISO Awards upon 25 exceptional individuals who have demonstrated exemplary leadership in the field of cybersecurity. These CISOs have consistently upheld the highest standards of security excellence, protected their organizations and contributed to the broader cybersecurity community. CISO who has made a significant impact beyond their own organization.
38
O CTO B E R 2023
The recipient has actively contributed to the cybersecurity community through knowledge sharing, mentoring, public speaking, or involvement in industry organizations. Their efforts have helped raise awareness and improve cybersecurity practices on a broader scale. This recognition is exclusively for CISOs hailing from the dynamic technology landscapes of Qatar, the United Arab Emirates, and the Kingdom of Saudi
Arabia. The CISO Awards aim to recognize and honor the leadership, expertise, and commitment of CISOs who have consistently demonstrated excellence in managing and enhancing cybersecurity measures within their organizations. As the world continues to navigate the challenges of the modern cybersecurity landscape, these CISOs serve as beacons of inspiration.
EVENT
SWISS GRC Roundtable The Swiss GRC Roundtable provided a unique opportunity for attendees to delve into the critical aspects of Governance, Risk Management, and Compliance (GRC). Esteemed experts led discussions on how organizations can effectively navigate the complexities of GRC to ensure their operations are secure, compliant, and resilient in an era of constant change. Swiss GRC, the leading software company
in the development and implementation of GRC solutions hosted an enlightening roundtable event at the grand finale of The World CIO 200 Summit 2023 discussing the 'Latest Trends, Challenges, and Best Practices in GRC.' The event brought together industry leaders, experts, and innovators from various sectors to explore and share insights into the ever-evolving landscape of GRC.
The Swiss GRC roundtable featured a diverse panel of speakers who delved into critical topics related to GRC, shedding light on the current state of the industry and the path ahead. The Swiss GRC roundtable provided a platform for attendees to network, exchange ideas, and gain valuable insights into addressing the intricate GRC challenges of today's business environment.
O CTO B E R 2023
39
Fireside Chat with CISOs: Insights from Industry Leaders The Fireside Chat with CISOs featured candid conversations with prominent CISOs who shared their experiences,
40
O CTO B E R 2023
insights, and strategies for success in the cybersecurity field. Attendees gained valuable perspectives on emerging threats,
security trends, and leadership in the face of evolving challenges. The CISOs discusses the latest
cybersecurity threats and trends, offering attendees a real-time understanding of the evolving threat landscape. CISOs may highlight specific incidents or attacks and share strategies for mitigating these risks. The World CIO 200 Summit Grand Finale stands as a testament to the commitment
of cybersecurity professionals worldwide, showcasing their achievements and dedication to safeguarding digital assets and information. Dr. Erdal Ozkaya, Chief Cybersecurity Strategist, CISO, Xcitium, Syed Abdul Qadir, Executive Director Technology and Cyber Risk, PwC Pakistan,
Flavio Carvalho, CISO, Group Crédit Agricole, Moayad Alghanim, Director of Information & Cyber security, King Abdullah Economic City take part in an engaging Fireside Chat at the Grand Finale of The World CIO 200 Summit 2023 at Baku, Azerbaijan.
O CTO B E R 2023
41
2024
EVENT
TRANSFORMATION IN
SECURITY NETWORKING BUSINESS APPLICATIONS IT & COMPUTING TRANSFORMATION IN
TRANSFORMATION IN
TRANSFORMATION IN
02 MAY - UAE 09 MAY - KSA
EVENT
The Global Finalist 200 Awards
DX Inspire Awards
O CTO B E R 2023
43
EVENT
Preferred Partner Awards
Country Ambassador Awards
The sponsors of the event had not only provided financial support but had actively engaged in the summit's mission, demonstrating a shared commitment to advancing technology leadership on a global scale. The Title partners of the event were Mindware and Dell Technologies. Moto Challenge Partners were Logitech and Microsoft. Platinum Partners include Zero&One, F9 Infotech, StorIT and Commvault. Gold Partners were Paessler, Connor, Swiss GRC, Ramco and Redington. The Knowledge Partners include GCF Academy, Litt, Wind-
44
O CTO B E R 2023
mill and Intelligent Leadership. The Majlis Partner was Quixy and Silver Partners were Truspeq, CloudHost, BITS, emt, Finesse, Forcespot and Claroty. The Entertainment partners were Jabra and Alpha Tech. Digital reward partner was Xoxoday and Registration partner was ITQAN. Conversational AI Partner was Twixor and AI Applications Partner was V Group Inc. and Cybersecurity Partner was Spire Solutions. Supporting partners were Acronis, HPE Aruba, HTP, +971 Cyber Security, DigitalTrack and Spade Infotech. Finally, the Global Strategic
Partners were CAAS and OPX Technology. As we conclude this grand event, we reflect on the exceptional dedication and leadership of these CISOs. They represent the best in the field, and their impact will continue to resonate, setting new standards for cybersecurity excellence and inspiring others to follow in their footsteps. The World CIO 200 Summit remains committed to fostering innovation, collaboration, and excellence in technology and cybersecurity, ensuring a secure digital future for all.
CISO OPINION CORNER
CISO OPINION CORNER
How Cybersecurity Solutions are Redefining Protection in a Digital World In recent years, the field of cybersecurity has undergone a remarkable transformation, driven by unprecedented advancements in vendor-driven cybersecurity solutions.
MOAYAD ALGHANMI
Director of Information & Cyber Security King Abdullah Economic City
46
O CTO B E R 2023
CISO OPINION CORNER
How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of DX and TCO? In recent years, vendor-driven cybersecurity solutions have undergone significant advancements. These solutions have embraced cloud-based architectures, integration capabilities, automation, and enhanced visibility. Additionally, they now provide robust reporting and analytics functionalities. This progress has empowered organizations to swiftly and effortlessly adopt security solutions, efficiently scale them based on requirements, and reduce reliance on multiple-point solutions. The automation of security tasks has not only increased operational efficiency but also freed up valuable staff time. Furthermore, the improved visibility and analytics capabilities enable organizations to promptly identify and remediate security risks, while also assessing the effectiveness of their security investments through measurable metrics. How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of cloud vulnerabilities? Cybersecurity solutions are rapidly evolving to become more cloud-native, automated, and intelligence-driven. These advancements offer organizations enhanced visibility and control over their cloud environments, addressing the unique security challenges that arise in the
cloud. By embracing cloud-native architectures, these solutions seamlessly integrate with cloud platforms, enabling centralized security management and reducing the need for labour-intensive operations. Automation plays a crucial role, automating routine security tasks and enabling swift response to threats. The intelligence-driven aspect leverages advanced analytics and machine learning to detect and mitigate emerging threats in real time. This holistic approach empowers organizations to efficiently protect their cloud assets while optimizing operational efficiency and resource allocation. How have vendor driven cyber security solutions adapted to the lack of enterprise skilled resources, increasing regional threat levels, and increasing cost of ransomware and remediation through AL, ML, and automation? By providing AI and ML driven solutions to automate many of the tasks that are currently performed by human security analysts, such as threat detection and response. This can free up skilled resources to focus on more strategic tasks. Also, by providing threat intelligence services to proactively improve security defences and reduce the risk of a successful attack. How have enterprise security decision makers progressed in their relationships with enterprise business heads? Cybersecurity decision makers have made significant progress in their relationships with
enterprise business heads by positioning cybersecurity as an enabling function rather than a showstopper. They have recognized the need to align security objectives with business objectives, emphasizing the role of cybersecurity in facilitating innovation, growth, and competitive advantage. By engaging in open and collaborative discussions, security leaders have gained the trust of business heads, demonstrating that effective security measures can be implemented without hindering productivity or stifling innovation. This shift has fostered a culture of proactive risk management, where security is seen as a business enabler, ensuring the protection of critical assets while enabling the organization to seize opportunities and drive success. How has the relationship between enterprise security decision makers and the C-suite progressed in the last 12-24 months? The C-suite has become increasingly engaged with security leaders, understanding the critical role of cybersecurity in business operations. This shift has led to more collaborative and strategic discussions, where security decisionmakers are given a seat at the table to provide insights and guidance on risk management. The C-suite has begun to view cybersecurity as a business priority rather than just an IT concern, resulting in increased investment, improved communication, and alignment of security objectives with overall business goals. This evolving relationship signifies a growing recognition of the importance of security in achieving organizational resilience and success. ë
O CTO B E R 2023
47
CISO OPINION CORNER
CYBERSECURITY EVOLUTION AND COLLABORATION IN THE DIGITAL AGE How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of DX and TCO? Vendor-driven cybersecurity solutions have adapted to enterprise cybersecurity decision-makers' demands in DX & TCO by prioritizing integration with cloud and IoT environments, embracing AI and machine learning for automated threat detection, offering real-time threat intelligence, and providing user-friendly interfaces. This evolution is supported by statistics revealing that global cybersecurity spending exceeded $160 billion in 2021, with over 80% of organisations planning to implement AI for threat detection and 83% of workloads moving to the cloud by 2023. Additionally, 74% of organisations recognise the significance of threat intelligence in their cybersecurity strategies. These trends align vendor solutions with modern, costeffective cybersecurity.
How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of cloud vulnerabilities? Vendor-driven cybersecurity solutions have adapted to cloud vulnerabilities by offering customizable approaches that align security measures with specific risks and compliance requirements. They enable real-time threat remediation through automated patching and isolation. For example, Forrester Research's "Cloud Security Posture Management (CSPM), Q3 2022" found that organisations using CSPM tools remediated vulnerabilities 4.5 times faster. Similarly, Gartner's "The Gartner Magic Quadrant for Cloud Security Posture Management (CSPM) Tools, 2023" reported a 5x faster remediation rate. These improvements signify the effectiveness of vendor-driven cybersecurity solutions in meeting the demands of enterprise cybersecurity decision-makers when it comes to addressing cloud vulnerabilities.
“Collaborative efforts on data protection, often driven by regulatory compliance, secure customer data and regulatory adherence”. AMIR AKHTAR JAMILI
Chief Information Security Officer National Clearing Company of Pakistan
48
O CTO B E R 2023
CISO OPINION CORNER
How have vendor driven cyber security solutions adapted to the lack of enterprise skilled resources, increasing regional threat levels, and increasing cost of ransomware and remediation through AL, ML, and automation? Vendor-driven cybersecurity solutions combat resource shortages, regional threats, and rising ransomware costs by integrating AI, ML, and automation. They autonomously identify and mitigate threats, reducing reliance on human expertise and streamlining tasks. Cybersecurity Ventures predicts global ransomware costs to reach $265 billion by 2031. IBM's "Cost of a Data Breach Report 2023" shows a 27% cost reduction with AI-driven security tools, noteworthy given the $4.45 million average breach cost in 2023. These solutions foster threat intelligence sharing and collaborative defences, effectively addressing resource constraints and bolstering resilience against escalating regional threats and ransomware's financial impact.
How have enterprise security decision makers progressed in their relationships with enterprise business heads? Enterprise security decision makers have strengthened their relationships with business leaders through proactive communication, ensuring alignment with business goals. They've integrated security strategies with broader business objectives, highlighting the positive impact of security investments. Decision makers effectively demonstrate the value of security investments by reducing tangible risks and ensuring business continuity. Collaborative efforts on data protection, often driven by regulatory compliance, secure customer data and regulatory adherence. Recognising the need for a balanced approach between security and user experience, they work together to maintain productivity and innovation. This collaborative transformation enhances growth and resilience in the evolving digital landscape through policies, tailored solutions, training, and incident coordination.
How has the relationship between enterprise security decision makers and the C-suite progressed in the last 12-24 months? In the past 12-24 months, collaboration between security decision-makers and the C-suite has surged. Escalating cyber threats heightened executive cybersecurity awareness, emphasising robust incident responses with communication strategies and disaster recovery tests. Privacy and cybersecurity integration is evident, ensuring regulatory compliance. This cooperative effort extends to jointly tackling cyber risks across security strategy, incident response, and compliance. Notable advancements include security leaders actively engaging in C-suite meetings, influencing business decisions, boosted cybersecurity investments, and heightened C-suite backing for security initiatives. This evolving partnership strengthens organisations' cyber defence and regulatory compliance capabilities. ë
O CTO B E R 2023
49
Accelerate Intelligent Outcomes Everywhere with AI to Win We are witnessing the rise of artificial intelligence (AI) at an unprecedented pace and scale, with a market forecast to reach the $500 billion mark in 2023*. Dell Technologies and NVIDIA have the AI-optimized end-to-end solutions to help you adapt to the enormous change being driven by increasing amounts of data, advancing technological capabilities and the large-scale adoption of connected devices.
Illuminate the opportunity Identify, curate and activate high-value data Enable effective data access, scale and control across your organization from edge to core to cloud to create measurable value Put AI to work anywhere in any way Power your choice of AI workloads with modern IT infrastructure that supports on-premises, cloud or hybrid environments with protection across boundaries Achieve success at any scale AI-optimize your business with AI solutions and analytics at any scale to match growing data and as your use cases change *IDC Forecasts Companies to Increase Spend on AI Solutions by 19.6% in 2022. IDC, Feb 2022.
Partner CTA Add Partner Logo
CISO OPINION CORNER
Evolving Cybersecurity Strategies for an Increasingly Digital World The modern digital landscape is marked by an unprecedented surge in global threats, necessitating a proactive and adaptive approach to cybersecurity. In this era of digital dominance, enterprises are compelled to seek smarter, more innovative cybersecurity solutions to safeguard their invaluable data and ensure organizational resilience.
SUZAN AL GHANEM
Section Head – Organizational Resilience and Business Continuity Environment Agency – Abu Dhabi
O CTO B E R 2023
51
CISO OPINION CORNER
How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of DX and TCO? Based on an understanding of the historical trends of the previous and current global threats, the requirements and needs of enterprise cyber security decision makers to protect crucial organizational data, as threats and risks have increased since the pandemic cyber-attacks have increased extensively, cyber security decision makers seek smarter security solutions so that organizations become more resilient to strive and survive these ongoing threats. The world has gone completely digital, therefore cyber security solutions must have the ability to adapt and become more innovative and especially with strong artificial intelligence. How have vendor driven cyber security solutions adapted to the ongoing demands and expectations
52
O CTO B E R 2023
of enterprise cyber security decision makers in the area of cloud vulnerabilities? By continuously enhancing the capability and preparedness through awareness, and ongoing best practices as attackers are getting more creative, cyber security solutions must always be ahead of the game to tackle current and future threats; with the utilization of effective corporate future foresight methodologies, framework and new approaches, organizations will always be susceptible to cyber threats if not have the capability to mitigate them in a safe manner. How have vendor driven cyber security solutions adapted to the lack of enterprise skilled resources, increasing regional threat levels, and increasing cost of ransomware and remediation through AL, ML, and automation? By supporting organizations in terms of providing them with further innovative cyber security solutions, it is important to educate
them on these threats and vulnerabilities, having reasonable and practical solutions that meet their needs and requirements. How have enterprise security decision makers progressed in their relationships with enterprise business heads? Business heads have become more confident with the support of the enterprise security decision makers, keeping them up-to-date, trained and having ongoing testing and exercises to boost their capabilities and preparedness for current and future threats. How has the relationship between enterprise security decision makers and the C-suite progressed in the last 12-24 months? With all the ongoing threats, enterprise security decision makers and the C-suite have and continue to work together to ensure the resiliency and survival of their organizations. ë
52
CISO OPINION CORNER
CISO OPINION CORNER
Meeting the Evolving Demands of Enterprise Decision Makers In today's fast-paced digital era, where businesses are constantly evolving, the role of cybersecurity has never been more critical. Enterprise cyber security decision makers are faced with an ever-expanding array of challenges.
EMERSON MOLINA
Project Manager Information Security & Cyber Security
54
O CTO B E R 2023
CISO OPINION CORNER
How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of DX and TCO? Providing more comprehensive, flexible, agile, scalable, easy-to-use, and cost-effective solutions drives the vendors to adapt to the ongoing demands and expectations of enterprise cyber security decision makers in the area of DX and TCO. While vendors have focused on providing solutions that are easy to use and manage (with intuitive interfaces and automation capabilities) to meet the demand in DX, they also have recognised the need to provide cost-effective solutions that offer value for money such as modular or customizable solutions (on need basis where enterprise pay only for what they need), easy to deploy and maintain, reducing the overall cost of ownership. How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of cloud vulnerabilities? What’s common with the cyber security solutions the vendor provides is the ability to specifically address the unique security challenges associated with cloud computing when it comes to auto-detection, auto-remediation of vulnerabilities, and auto-scaling of the security resources up or down based on demand. But what separates a good vendor driven cyber security solutions provider among others that drives the decision makers is on how well the solutions can be customised to meet the unique security needs of different cloud-based applications and workloads. How have vendor driven cyber security solutions adapted to the lack of enterprise skilled resources, increasing regional threat levels, and increasing cost of ransomware and remediation through AL, ML, and automation? I like the fact that vendors are becoming competitive by incorporating AI and ML technologies into their cybersecurity solutions as these technologies can help automate many of
the routine tasks associated with cybersecurity such as threat detection and response, vulnerability management, and incident response. Since these solutions are highly automated and can be easily integrated into existing IT environments, this can help to reduce the workload on enterprise cybersecurity teams and enable them to focus on more strategic tasks. How have enterprise security decision makers progressed in their relationships with enterprise business heads? In the past, cybersecurity was often viewed as a separate and isolated function within the enterprise with little interaction or collaboration between security teams and business heads however, there has been a growing recognition in recent years that cybersecurity is a critical business function and requires close collaboration between security teams and business heads. This has led to a shift in the way that enterprise security decision makers approach their relationships with business
heads, working more closely with business heads to understand their business goals and objectives, awareness on the risks and threats that the organisation may face, and made the business heads understand security strategies that are aligned with the overall business objectives. How has the relationship between enterprise security decision makers and the C-suite progressed in the last 12-24 months? With the increasing frequency and severity of cyber-attacks, regular communication and collaboration between security teams and C-suite executives progressed a lot which has highlighted the need for a more strategic and integrated approach to cybersecurity. This has also led C-suite executives to become more engaged in cybersecurity discussions and have begun to take a more active role in shaping the enterprise's cybersecurity strategy and a greater recognition of its importance in the organisation. ë
O CTO B E R 2023
55
CISO OPINION CORNER
CISO OPINION CORNER
Tailoring Security Measures to Business Needs In today's rapidly evolving digital landscape, enterprises are faced with a multifaceted challenge - how to achieve growth and innovation while effectively managing the cost of doing business, all the while safeguarding against a growing array of cyber threats.
KHALIL ULLAH SIDDIQUI
Head of Information Security Al Baraka Bank (Pakistan) Limited
O CTO B E R 2023
57
CISO OPINION CORNER
services with regional and local environments has also resulted in better suited automated solutions capable of delivering cost effective countermeasures to detect and respond to ransomware and other cyber threats. In essence, these solutions and services enable businesses to successfully defend against new threats while controlling costs and optimising resources.
How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of DX and TCO? In today’s world, the digital landscape is evolving, requiring strategically focused initiatives from enterprises so as to balance growth, innovation and the cost of doing business. With increasing cyber threats, demands on understanding and managing the cost of cybersecurity initiatives have also increased. However, with the advancement in technology, AI and cloud computing, cyber security solutions and services have also evolved. Digitalisation has paved the way for adaptable and affordable methods to mitigate security risks. Such solutions offer simplified management and accelerated threat response with friendly interfaces. This adaption is not only scalable but also aids in managing cybersecurity costs effectively while balancing innovation and security for decision-makers. How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of cloud vulnerabilities? Businesses are turning more and more towards cloud services with the aim of keeping operating costs low. However, this is a very critical area in terms of overall security and continuity
58
O CTO B E R 2023
of the services. Certain cross border laws and regulations only add to its complexities. Nevertheless, cybersecurity solution providers have reacted to enterprise concerns with respect to cloud computing risks. They now offer services that concentrate on safeguarding cloud systems through multi-tier approaches, strong cloud-based data encryption, threat monitoring, detection, and automated responses. Adaptation and increased use of AI & ML in the area of cloud security and prevention have also improved significantly in recent times, thus meeting the expectation of security incident detection and response while keeping the cost to a bare minimum. How have vendor driven cyber security solutions adapted to the lack of enterprise skilled resources, increasing regional threat levels, and increasing cost of ransomware and remediation through AL, ML, and automation? Increased focus on managed services and cyber security solutions provided by vendor have eased up pressure on organisations in terms of talent acquisition and retention. Such services & solution coupled with advancements in AI, RPA and ML result in better utilisation of resources, increased productivity and sustainable solutions, which otherwise would have been challenging due to the lack of enterprise skilled resources. There is now less need for sizeable cybersecurity teams across the enterprise. Adaptation of these solutions &
How have enterprise security decision makers progressed in their relationships with enterprise business heads? They now collaborate and communicate more and more as they now recognise how crucial cyber security is to the company's overall reputation, customer trust and resultant success. This increased coordination results in enterprise security decisions that are better suited for business enablement and customer experience while maintaining security considerations around data security, protection and privacy. Today, business leaders through these collaborated exchanges offer products and services that are tailored according to the security appetite of an enterprise. Candid and open discussions between decision-makers and stakeholders ensure that security measures do not impede, but rather boost productivity and growth desired by business heads. As a result, security and technology both are viewed as a tool for company expansion rather than a barrier. How has the relationship between enterprise security decision makers and the C-suite progressed in the last 12-24 months? The C-suite and enterprise security decision makers have connected more and more over the past 12 to 24 months resulting in progress marked by improved relationship and decision making at the top. Senior and top executives are now aware of the sensitive role cybersecurity plays in protecting their enterprise due to the ever increasing cyber threats locally and globally. Security leaders now get a moreprominent presence and recognition by way of regular interaction and reporting lines to the CEO and Board, which in turn paves the way for effective preventative security. This change represents a better fit between security guidelines and overarching enterprise governance. ë
CISO OPINION CORNER
CISO OPINION CORNER
Addressing Risks, Cloud Vulnerabilities, and Technology Integration
“The more the industry is moving towards digital transformation, the more we are carrying the risk of vulnerabilities”.
S. M NAVAID RAZA NAQVI
Chief Information Security Officer Habib Metropolitan Bank Limited
60
O CTO B E R 2023
CISO OPINION CORNER
These technologies have enhanced threat detection, automated incident response, improved behavioural analytics, and offer cost-efficient options. However, these solutions cannot address the risk of a lack of skilled resources, as Human Resources are required to operate these technologies, therefore we must invest in enterprise skills development programs and focus on talent retention policies.
How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of DX and TCO? As there is a significant rise in Digital Transformation across the globe in every industry sector, the Vendor-driven cybersecurity solutions have also been significantly evolved and are being offered by the vendors to meet the rising demands of enterprise cybersecurity decision-making when it comes to Digital Transformation and its Total Cost of Ownership. These cybersecurity solutions are scalable, easy to integrate, compatible with cloud models, contain AI and automation, fulfils compliance and reporting requirements, and help in user education. Therefore, the vendor-driven cybersecurity solutions have been adapted to meet the evolving demands and expectations of enterprise cybersecurity decision-makers in the area of DX and TCO. How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of cloud vulnerabilities? The more the industry is moving towards digital transformation, the more we are carrying
the risk of vulnerabilities. However, opting for a cloud model for the digital services or products to Transfer the risks to the cloud service providers, does not address the risk as cloud models also have their own vulnerabilities. Vendor-driven cybersecurity solutions can help enterprise cybersecurity decision-makers to effectively address the unique challenges posed by the cloud environment and to address the evolving demands and expectations regarding ctoud vulnerabilities, as such solutions are evolved and have capabilities like; cloud-native tools, continuous monitoring, automation, integrations, compliance enforcement, threat intelligence, user-friendly interfaces, and scalability. How have vendor driven cyber security solutions adapted to the lack of enterprise skilled resources, increasing regional threat levels, and increasing cost of ransomware and remediation through AL, ML, and automation? The Vendor-driven cybersecurity solutions have responded to the challenges posed by the lack of skilled resources, rising regional threat levels, and the escalating cost of ransomware and remediation by integrating advanced technologies like Artificial Intelligence, Machine Learning, and Automation. However, if these technologies are not being utilised, they will not address such risks.
How have enterprise security decision makers progressed in their relationships with enterprise business heads? Enterprise security decision makers have progressed in their relationships with business heads by fostering collaboration, emphasising risk communication, participating at the management level, leveraging security as a competitive advantage, and planning for incident response. This shift reflects a more integrated and strategic approach to cybersecurity within organisations. However, this relationship can be more collaborative, as stills enterprise security decision makers are more focused on security control implementation regardless of its impact on the businesses. Therefore, security decision makers need to align the enterprise security objectives with enterprise business objectives and recommend the controls to reduce risks to an acceptable level and support business objectives. How has the relationship between enterprise security decision makers and the C-suite progressed in the last 12-24 months? The relationship between enterprise security decision makers and the C-suite has progressed in the last 12-24 months due to heightened cybersecurity awareness, increased CISO role prominence, board-level engagement, collaborative strategy development, regular reporting, resource allocation, digital transformation alignment, cyber insurance considerations, and a focus on regulatory compliance. This evolving relationship reflects a growing recognition of cybersecurity as a critical business priority. However, it requires more involvement and support from the Board and Senior Management and CISO role should participate at the ManCom levels, as “Cybersecurity is Everyone’s Responsibility”. ë
O CTO B E R 2023
61
CISO OPINION CORNER
From Threats to Insights: Threat Intelligence Shaping Cybersecurity As businesses embrace the digital evolution, so too must the vendors that supply the essential tools and services to safeguard their interests. How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of DX and TCO? With the current fast-paced digital transformation, the vendor is also evolving their solutions to cater to the requirements of their customer in terms of DX and total cost of ownership. Vendors have enhanced threat intelligence and automation capabilities to address the evolving threat landscape. From the client/customer’s perspective, cost-effective cybersecurity solutions are widely accepted.
ZAHID SHEIKH
Head of IT & Information Security Officer - MEA Hutchison Ports Pakistan
62
O CTO B E R 2023
CISO OPINION CORNER
How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of cloud vulnerabilities? In organisations, there is a very high rate of cloud adaptability due to scalability, agility, and easiness. The cyber security vendors are collaborating with the cloud providers to provide the tools for continuous monitoring, threat detection and data encryption specific to cloud environments. They provide real-time dashboards for visibility and compliance reporting. How have vendor driven cyber security solutions adapted to the lack of enterprise skilled resources, increasing regional threat
levels, and increasing cost of ransomware and remediation through AL, ML, and automation? The vendors are now providing SaaS cyber security solutions like Managed Detection and Response (MDR) or SOC. Now, organisations can deploy these solutions without having inhouse expertise. The use of AI and ML helped address the shortage of skilled resources in cyber security. Whereas these solutions are more effective than humans in detecting and monitoring the threats and vulnerabilities. How have enterprise security decision makers progressed in their relationships with enterprise business heads? After the Covid 19, the gap between security decision-makers and enterprise business heads has been reduced. They knew that they had to
work together to achieve their organisational goals. Cyber security decision makers are now actively engaged with business leaders to understand their priorities and risk appetite. How has the relationship between enterprise security decision makers and the C-suite progressed in the last 12-24 months? In the last few months, the relationship between enterprise security decision-makers and the C-suite has deepened significantly. The recent increase in cyber security threats and their sophistication have made cyber security the number one priority of C-Suite. There has been active participation of enterprise cyber security decision-makers with CEO and board members. C-suite realises the importance of cyber security for the continuity of their business. ë
O CTO B E R 2023
63
#TimeForSports
CISO OPINION CORNER
GEC
JOIN CORPORATE CHAMPIONSHIP
BADMINTON CRICKET CYCLING FOOTBALL SWIMMING TENNIS TABLE TENNIS GOLF TEAM BUILDING TASK TUG OF WAR ATHLETIC FITNESS CHALLENGE BOWLING VOLLEY BALL BASKET BALL PADDLE GO KARTING
FUN & THRILL WEEKENDS challenge yourself
PARTICIPANTS
3000+
SPORTS
15
techpluschallenge.com
MATCHES
150+
CISO OPINION CORNER
BUILDING A RESILIENT SECURITY FRAMEWORK In an era where our world is rapidly evolving into a digital landscape, the success and relevance of companies hinge on their ability to execute effective Digital Transformation initiatives
MOHAMMED FEROZ KHAN
Head of IT Security, Compliance & Projects TotalEnergies
O CTO B E R 2023
65
How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterpris cyber security decision makers in the area of DX and TCO? Our world is becoming increasingly digital and how a company carries out its DX initiatives determines its competitiveness and relevance today. Digital transformation is the integration of digital technology into every key area of a business that impacts the fundamentals of its operations and its value delivery to customers. The four stages are: ∙ Data Migration ∙ Modernization of Data and Application ∙ Implementation of Modern Analytics ∙ Apply AI & ML for Innovation For most organisations, determining the total cost of ownership (TCO) for cybersecurity is not an easy task. Lowering cybersecurity costs while simultaneously reducing risks can be even harder. However, there is a way forward for leaders who are working to optimize their investments—and it’s all about managing risks, resources and time. One reason cybersecurity TCO is notoriously difficult to calculate is that leaders and organisations tend to be very focused on acquisition costs. Often, the first question raised is, “How much did this cost us to buy?” Yet acquisition cost is only one component of TCO. The operational and execution costs are other, often less understood, elements of the equation. Although some organisations are getting better at understanding the costs behind the operational curtain, it remains a challenge for many others. How have vendor driven cyber security solutions adapted to the ongoing demands and expectations of enterprise cyber security decision makers in the area of cloud vulnerabilities? A cloud security assessment evaluates an organisation's cloud infrastructure for the following: Overall security posture. Organisations should employ cloud service policies, encryption, Access Control Lists (ACLs), application gateways, Intrusion Detection Systems (IDSs), Web Application Firewalls (WAFs), and Virtual Private Networks (VPNs) to safeguard their cloud assets. While cloud providers offer many cloud-native
66
O CTO B E R 2023
security features and services, supplementary third-party solutions are essential to achieve enterprise-grade cloud workload protection from breaches, data leaks, and targeted ∙ Identity and Access Management (IAM) policies ∙ Service provider security features ∙ Compliance ∙ Documentation ∙ Exposure to future threats How have vendor driven cyber security solutions adapted to the lack of enterprise skilled resources, increasing regional threat levels, and increasing cost of ransomware and remediation through AL, ML, and automation? In risk management, AI/ML has become synonymous with improving efficiency and productivity while reducing costs. This has been possible due to the technologies' ability to handle and analyse large volumes of unstructured data at faster speeds with considerably lower degrees of human intervention. Ethical Concerns: AI raises ethical issues, including data privacy, algorithm bias, and potential misuse of AI technologies. Lack of Creativity and Empathy: AI lacks human qualities like creativity and empathy, limiting its ability to understand emotions or produce original ideas. How have enterprise security decision makers progressed in their relationships with enterprise business heads? 5 critical elements to build security: Security strategy, infrastructure, policies, training, and investments. Management must be involved because they must decide on the strategy as well as the investments that are needed.
Security is a technical, specialized activity, resulting in lower influence than broader generalist activity managers. As an area of technical specialized activity, security is considered a business enabler. This specialization means that at a corporate level, security has a constrained degree of influence when compared to general managers who work across multiple business activity areas and demonstrate higher degrees of business influence. While security’s operational activities span the organisation, its risk management diagnosis activities are siloed, therefore giving an impression of broader influence than it achieves at senior decision-making levels. The study found a disconnect between the literature and the industry perception of the organisational positioning and subsequent influence levels of organisational security. How has the relationship between enterprise security decision makers and the C-suite progressed in the last 12-24 months? “The C-suite must establish effective communication strategies, reporting back to security staff about the impact of their work and eliciting their buy-in to the organisational vision”. Organisations should prioritise cybersecurity awareness programs that cater to the C-suite and provide them with the necessary knowledge and skills to make informed decisions about cybersecurity strategies, investments, and risk mitigation measures. Cybersecurity is not just the responsibility of IT and security teams; it requires a collaborative effort across the entire organisation, including the C-suite. The report emphasises the need for open communication channels and regular interactions between IT teams and the C-suite to ensure that cybersecurity risks are properly understood, assessed and addressed at the highest level of the organisation. ë
MAY-SEPTEMBER 2024
UNVEILING ON 16TH OCTOBER 2023
A paradigm shift in digital leadership OF THE CIO, FOR THE CIO, BY THE CIO Break free from the traditional grind Kickstart your entrepreneurial journey with minimal risk Establish your personal brand
w w w.ia mca a s .co m