January Issue 2023

2023 - A DIGITAL GROWTH YEAR

Hello Friends.

Happy New Year 2023 to all of you. With 2023 coming, there has not been much change in the geopolitical situation. Ukraine and Russia war has not ended, China has not been able to change the covid situation. Supply chain has not been streamlined, etc. This is the reason that the biggest consumer market North America is seeing sluggish momentum. On the contrary, there has been huge layoffs. In January 2023 only 37549 people have been laid off, which takes 74,930 in Q4’22 only. Big names in the spree of laying off people are Amazon, Microsoft, Google, Salesforce, Coinbase, and Amdocs, etc. Does it have impact on the middle east market. Yes. During 2020 -21, there were a lot of momentum around start-ups and SMEs around Information and technology in the MEA region – specially in UAE. They were thinking that it is a good place to have their base as the place provides single window clearance and conducive environment to operate. However, the external environment did not support them. Even if MEA is a very big market, yet it is not immune from the globalization. Every organization relates to mul-

tiple other organisations which are Europe and North American based. So, when those markets are not doing good, obviously it would have domino effect and the start ups which had big dreams related to big opening of the market, could not get that much support. On the other hand, the enterprises could sense the situation and did not take the new year with much enthusiasm as the people on the helms – the CIOs, CISOs, CTO, COO, were expecting nothing exceptional. Their stake on digitization has growth stronger. But one thing which has changed this year is the focus on the ESG (Environment, Social and Governance). If one looks at the this terminology, it is a reiteration of the objective of the organization. It means the goal is to make a healthy and green earth with justice and sensitivity to the employees. Starting from industry 1.0 to 4.0 or 5.0 is nothing much to reduce carbon from the earth, enhance quality of life, look at everything with utmost judiciously. Therefore, technologies which are leading to green technologies Net Zero are being idealised to be implemented. For example, the focus is on low-code / no-code, cloud computing, automaton, etc. However, cybersecurity is a bigger challenges now for every organization. Since there is enough uncertainty in the market, the cyber criminals are running amok. They are not making any distinction of organizations. They are trying to attach every organization irrespective of the country and region. So the biggest challenge for the C-Suite are no other big things but the safeguard their organization. On top of it, the country has its own privacy law; it means you have to report it to the authority. Last but not the list is development of skillsets. 2023 would be a year focussed on the skillset development also because now the CIOs are talking about agile IT, it means there would be a lot of different technologies which the internal workforce need to understand.

SUPPLEMENT QUOTES FROM TOP CIOS

PLUS Interviews and Case Studies

We would like to take feedback from the CIOs and OEMs and create our judgment on the same.

The supplement story of the magazine would have relevant quotes from the top CIOs in India.

Catch interviews, guest articles and case studies of recent applications from the Industry stakeholders, IT/ITES Vendors and IT leaders and CIOs from the Enterprise IT World CIO Community.

Publisher: Sanjib Mohapatra

Chief Editor: Sanjay Mohapatra

Managing Editor: Anisha Nayar Dhawan

Associate Editor: Balaka Baruah Agarwal

Sub Editor: Kumari Ambika

Art Director: Shadab Khan

Web Designer: Sangeet Kumar

Technical Writer: Manas Ranjan

MARKETING

Marketing Manager: Kunal Yadav

Events Marketing: Tanu Malik

SALES CONTACTS

Accent Infotech Media FZC. Business Center

Sharjah Publishing City, Free Zone Sharjah United Arab Emirates

EDITORIAL OFFICE

Accent Infotech Media FZC. Business Center

Sharjah Publishing City, Free Zone Sharjah United Arab Emirates

EMAIL CONTACTS

Group Editor: sanjay@accentinfomedia.com

Editorial Query: balaka@accentinfomedia.com

Video Interview Query: shaifali@accentinfomedia.com Advertisement Query: tanu@accentinfomedia.com

WITH

kunal@accentinfomedia.com For Events / Seminar / Webinar / Round table –Sanjib@accentinfomedia.com For CIOTV.LIVE – shaifali@accentinfomedia.com

IT WORLD MEA ROUND UP

UAE on track to record strongest annual GDP growth in over a decade

The latest in a series of quarterly economic reports released by Majid Al Futtaim, the leading shopping mall, communities, retail and leisure pioneer across the Middle East, Africa and Asia, reveals the UAE economy is on track to record its strongest annual GDP growth since 2011 – with Oxford Economics predicting growth of 6.8% for 2022 – a significant increase in the recorded actual growth of 3.8% in 2021.

According to the Q3 2022 State of the UAE Retail Economy report, the oil and non-oil sectors both played essential roles – with the biggest GDP driver being the oil sector, which saw a 13.4% increase driven by crude oil prices hovering around USD 100 per barrel for most of the third quarter. The non-oil economy also demonstrated robust growth, buoyed by the Government’s moves to create an investor-friendly environ-

ment, with a strong focus on both digital and creative industries, the results of which are reflected in the S&P Global UAE Purchasing Managers’ Index – which hit a three-year high in August.

While inflation remains top of mind for many consumers, there has been a decrease in the level of concern over the quarter, with 92% of residents still expressing some concern but saying they are adjusting to the new norm by practising caution in their purchasing. This is evidenced by the economic data showing that increasing results are being achieved across all key sectors of the economy.

The sharp rise of e-commerce continues, with sales projected to rise by 22% this year, exceeding USD 6 billion and putting the market on track to reach USD 9.2 billion by 2026.

DATA BRIEF

Worldwide PC Shipments Declined 28.5% in Fourth Quarter of 2022 and 16.2% for the Year- Gartner

60+ members with extensive experience in the technology domain and process consulting for small, medium and large enterprises.

Middle East Companies are Experiencing a Strong Post-Pandemic Rebound

Trend Micro joins forces with SCCC Alibaba Cloud

The annual working capital study by PwC Middle East indicates that businesses in the region have experienced a strong postpandemic rebound and revenues have risen above pre-pandemic levels. This resulted from the strong response taken by the governments in the region to overcome COVID-19, combined with the regional boost provided by the increase in oil prices, the positive impact of EXPO 2020 held in Dubai and the upcoming FIFA World Cup 2022 in Qatar.

The study outlines the underlying regional trends impacting the Middle East businesses to explain how companies can assess their working capital performance and related key indicators and start addressing their working capital efficiency.

This year’s review included 386 publicly listed companies in the Middle East and covers five years of key working capital trends (2017 to

2021), using data sourced from Capital IQ and analysed by PwC Middle East.

The Middle East businesses, like their global counterparts, have continued to experience disruption throughout 2021 and the first half of 2022 due to the global macroeconomic and geopolitical events. Inflation has been less severe in the region compared to other parts of the world, however the region remains globally connected and companies are having to pay higher prices for many imported materials, finished goods and services. These higher costs are trickling through balance sheets, increasing the amount of working capital tied up in operations.

There have also been continued delays in receiving orders, resulting in products being out of stock and lost sales, or companies planning strategic buffer stocks to anticipate volatility, which also ties up working capital.

CIO EVENTS

Trend Micro signed an MoU with Saudi Cloud Computing Company (SCCC) Alibaba Cloud to protect the enterprises of Kingdom of Saudi Arabia from the evolving threat landscape and to promote the localization of cybersecurity solutions in Saudi Arabia.

During a special ceremony at the inauguration of Trend Micro’s MEA HQ in Riyadh, SCCC Alibaba Cloud’s Chief Executive Officer, Eng.Talal Albakr, and Trend Micro’s Area Vice President and Managing Director for the Middle East and Africa, Dr. Moataz Bin Ali, signed the agreement in the presence of His Excellency Haytham Alohali, Vice Minister, Ministry of Communications, and Information Technology.

In 2022, Alibaba Cloud became the world’s first hyperscale cloud provider to enter the Saudi Arabian market, offering its services through Saudi Cloud Computing Company (SCCC). SCCC Alibaba Cloud and Trend Micro will collaborate to provide cutting edge solutions that benefit the customers of both companies.

MNH Sets Up for Digital Transformation Success with Nutanix

Cloud Infrastructure

S/HE SAID IT

“Amid global headwinds and increasing fears of a global economic slowdown, companies are keen to keep a tight rein on budgets across the board. For sales teams this will likely mean increased pressure to achieve more with less, which could be daunting for UAE sales teams who already feel that their roles are becoming more challenging.”

Mohamed Naser Al-Hajery & Sons Ltd. (MNH), one of Kuwait’s largest consumer services group, has leveraged Nutanix to enhance performance and availability of digital services and reduce TCO. Migrating to Nutanix ensures the performance and availability of critical digital applications, while reducing TCO by nearly 50%. Reduced complexity enables the IT team to refocus efforts on high-value initiatives that drive business outcomes.

Mohamed Naser Al-Hajery & Sons Ltd. founded in 1946 with a single ‘Kuwaiti Drug Store’, has now become a household name with over 100 brands in the healthcare, FMCG, perfumes and cosmetics, and food and beverage segments.

IT is the enabler of smooth operations of

the Group. To ensure the performance and availability of the various critical services and applications, MNH initially invested in a hyperconverged infrastructure (HCI) solution. Despite being from a leading vendor, it had several shortcomings that impacted the smooth operations of its various lines of business. “As a 24×7 operation with so many retail outlets, every minute of downtime translates to lost sales, frustrated customers, and a direct impact on revenues,” explained Jackson D’Souza CIO at MNH. “We were convinced HCI was the solution, but we needed the support of the best provider in the market.”

Having received an overwhelming number of positive reviews for Nutanix from his regional peers, the decision was clear to D’Souza.

“Digitization in the region and beyond, paves the way for a surge in cyber threats at all levels across organizations. With companies rigorously adopting hybrid and remote working models, indispensable business devices such as laptops and mobile phones are now more vulnerable than before.”

Art Gilliland, CEO of Delinea

“The reduction of ransomware attacks is an encouraging sign, but organisations need to make sure they keep their guard up against this constant, evolving threat.Staying vigilant by maintaining a strong least privilege approach backed by stronger password protection, authentication enforcement, and access controls can help continue this downward trend.”

EDGNEX Breaks Ground on Data Centre Facility in Riyadh, KSA

AmiViz has been certified as a Great Place to Work

AmiViz is proud to announce that it has been certified as a Great Place to Work after a thorough and independent analysis conducted by Great Place to Work Middle East. This certification is based on direct feedback from employees, provided as part of an extensive and anonymous survey about the workplace experience.

AmiViz has always been a believer in the spirit of people and the company has been able to create a platform that provides them with a flexible working environment where any member of the team can thrive, irrespective of their role in the company. Working with leading global brands and serving international markets, it is important that AmiViz offers a great workplace to all its employees.

Commenting on the achievement,

EXECUTIVE MOVEMENT

the COO for AmiViz, Ilyas Mohamed said “It has always been our endeavor to take care of employees and work as a team so that we can create an environment where everyone takes pride in their work. We have a clear mission to help people create, transform, and grow. I am glad that our efforts have helped us earn the trust of our employees to create a great workplace culture that delivers not just outstanding business results but also job satisfaction.”

“The Great Place to Work certification is a validation of each and every employee in our company, which has tirelessly worked hard to create a work culture that is imbibed with integrity, respect, and compassion. We would like to thank every team member of AmiViz for making this possible,” Ilyas added.

EDGNEX,

facilities. EDGNEX’s data centre will support the KSA’s Vision for 2030 by providing a foundation for local and regional digital transformation and innovation, while aiming to attract global multi-nationals to the country.

EDGNEX is the most recent investment of Hussain Sajwani, Emirati businessman and founder of DAMAC Group.

The data centre will be located at Industrial City 2 which is just 19km from the city centre and 47km from the airport. The facility’s close proximity to Riyadh’s city centre will provide low-latency access to the entire KSA market, and customers will benefit from high-fibre density and connectivity options. The new data centre will have a maximum IT load of 20 Megawatts (MW) and sit on a 17,720 sqm plot. The facility will be ready to go live in Q3 2023.

“The KSA is one of the most exciting and dynamic ICT markets in the MENA region. The government of the KSA has demonstrated its commitment to innovation and we are proud to be supporting its long-term vision for digital adoption. We want to help attract hyperscalers and innovators from around the world and give them a foundation for growth in the Kingdom,” said Niall McLoughlin, Senior Vice President of parent company DAMAC Group.

GLOBAL UPDATE

Dragos ceo & co-founder robert m. Lee to address global audience at the world economic forum in davos

sion, directly linked to the ongoing work of the Centre for Cybersecurity of the World Economic Forum.

Dear CEO,: Ideas to Transform the Top Companies and Our World

CEO and Co-founder of Dragos Robert M. Lee is returning as a speaker at the World Economic Forum (WEF) Annual Meeting in Davos, Switzerland, for the session “Securing Critical Infrastructure.”

Cyberattacks on critical infrastructure target IT and Operational Technology (OT), impacting the range of functions those technologies support. As attacks become more sophisticated, it is imperative for the global community to treat cybersecurity risk as a systemic challenge that requires collective decision-making and coordinated action across the private sector, governments, and civil society. How can business and political leaders mobilize a collective response to safeguard critical assets and mitigate systemic damage? Lee will share his perspective during this ses-

Also at Davos, Lee will participate in the multilateral meeting on Operational Collaboration Against Cybercrime, and help guide the dialogue around cybersecurity, cyber resilience, and digital trust during the Meeting for the Centre of Cybersecurity. Lee is an active contributor to the World Economic Forum and returning Davos speaker. He previously spoke on Cyber Security of Critical Infrastructure at the Davos Annual Meeting 2022 during the Global Cybersecurity Outlook. Lee is a member of the WEF Cybersecurity Leadership Community and the WEF Subcommittee on Cyber Resilience for the Oil and Gas and Electricity Communities. He contributed to the WEF white paper for Cyber Resilience in the Oil and Gas Industry, “Advancing Supply Chain Security in Oil and Gas: An Industry Analysis” and published the WEF article, “Cybersecurity has much to learn from industrial safety planning.”

PRICE US$ 24.79 (HARDCOVER)

WHERE AMAZON.COM

Dear CEO” is a collection of letters to global leaders to sustain greatness based on comprehensive research and a deep understanding of the evolution of the market and world. It includes letters to Mr. Elon Musk in respect to the Hyperloop project, Mr. Jeff Bezos with reference to Amazon’s new financial services, Mr. Joe Biden, the president of the U.S., regarding the broken education system, Mr. Xi Jinping, the president of the People’s Republic of China, as to the growing new generation of leaders, and other global organizations. Now is the time to make a new bold move.

Matrix to Present its World Class Security and Telecom Solutions at Intersec, Dubai

Matrix is all set to participate in the 24th Edition of Intersec, happening in Dubai. At this prestigious event, Matrix will put forth its comprehensive range of security products and solutions from the domains of IP Video Surveillance, Access Control, and Time-Attendance. In the domain of Telecom, Matrix will bring forth its business-class communication products and solutions.

Matrix invests in technological advancements to resolve customer concerns and prioritize their satisfaction. And, to this end, it deploys assets and resources intensively to research, design, and

manufacture world-class solutions. With 30+ years of industrial experience, Matrix boasts of holding 60+ products in its comprehensive range of security and telecom solutions with 1 Million+ customers globally in 50+ countries.

With proactive video surveillance taking priority for organizational safety and security, Matrix will showcase its superior cameras at this event. With lens resolutions ranging from 2MP/ 5MP/ 8MP, its bullet, dome, turret, and PTZ cameras boast high-quality images in low-light operating conditions. With UL Certification, a global

standard for safety, and NEMA Certification for protection against environmental hazards, Matrix cameras provide proactive security for organizations with global standards.

HPE (Aruba) Positioned as a Leader for 17 Years Running in 2022 Gartner Magic Quadrant

HPE (Aruba) has been positioned in the Leaders Quadrant in Gartner Inc.’s latest “Magic Quadrant for Enterprise Wired and Wireless LAN Infrastructure.” Additionally, in the Gartner companion report “Critical Capabilities for Enterprise Wired and Wireless LAN Infrastructure,” Aruba scored among the three highest scoring vendors across all five Use Cases, with the highest scores achieved for Remote Branch Office and WLAN-Only Refresh/ New Build Use Cases.

A complimentary copy of the Gartner Magic Quadrant for Enterprise Wired and Wireless LAN Infrastructure is available here and the Critical Capabilities report is available here.

For customers looking to accelerate digital transformation projects, replace older infrastructure and enhance their network security posture, Aruba was evaluated and recognized as a Magic Quadrant Leader for both the Ability to Execute and Completeness of Vision.

Invixium has announced its participation at Intersec 2023. Invixium has maintained a presence at the show since it first launched as a company at Intersec 2013. The company will also introduce IXM VERTU, a modern access control reader capable of reading RFID cards along with mobile credentials, in addition to showcasing its market-leading portfolio of biometric solutions.

Invixium technology partners will also showcase their joint integrations at their respective stands. Genetec, TiSO, IDCUBE Systems and LenelS2 will be focusing on access control featuring IXM TITAN, while TRAKA will display their key management system integrated with Invixium’s IXM TFACE.

“Our participation at Intersec 2023 is a landmark for us as we mark the 10-year anniversary of our company’s launch at the show back in 2013. While it’s been a tremendous journey of innovation and success, we’re excited for our future and the future of biometric solutions which we will spotlight at the show,” said Shiraz Kapadia, CEO & President at Invixium. “Over the years, in true Invixium tradition, we’ve been bringing our innovations to customers and partners across the Middle East region. This year is no different as we focus on helping our customers better manage their access control and workforce management demands – regardless of how complex or traditional their needs are.”

Visitors to the show will get to experience the latest from Invixium including IXM VERTU, their flagship IXM TITAN, the most advanced face recognition access control device ever engineered and the highly versatile dual-biometric, IXM TFACE.

SANS SEC401 Enhances Cybersecurity Expertise in Bahrain

SANS Institute, the global leader in cybersecurity training and certifications, has announced the SANS SEC401 Bahrain January 2023 training program, to be held in person at the Intercontinental Regency Bahrain from January 14 – January 19, 2023.

SANS SEC401 Bahrain offers in-person as well as virtual training that will provide students with the necessary skills and techniques to defend their organizations against security breaches and thwart future attacks.

Data and finances are the biggest and most exposed cybercrime sectors in Bahraini enterprises, according to a recent report by ResearchGate. As a result, organizations

may see significant declines in several areas, including reputational damage (29%), delays in time (26%), customer loss or churn (16.4%), and more.

“Cybersecurity is most effective when it is tailored to each organization; consider the uniqueness of an organization, its employees, and its specific security requirements. It is vital, therefore, for those responsible for keeping a firm’s systems secure, for knowing the elementary principles of cybersecurity, and understand how to apply it to their organization’s needs best,” says Ned Baltagi, Managing Director, Middle East and Africa at SANS Institute.

DIGEST

MANDARIN ORIENTAL AND VALTECH TAKE LEAD IN POST-PANDEMIC TRAVEL REBOUND WITH ENHANCED DIGITAL CUSTOMER EXPERIENCE

Valtech has partnered with Mandarin Oriental Hotel Group to launch a new digital experience. Mandarin Oriental had the foresight to invest early and put themselves at the forefront of the industry in preparing more personalized digital experiences to greet increased post-COVID traveler demand, which is forecasted to continue to increase sharply through 2026. Partnering with Valtech to transform its online presence in the heart of the pandemic resulted in an initial relaunch in time for the first travel surge in December 2021. This rapidly showed results; the average revenue per booking increased by more than 40% and engagement behaviors rose more than 10%.

SOPHOS IS THE TOP RANKED AND SOLE LEADER FOR COMPREHENSIVE XDR SOLUTIONS

Sophos announced that its Sophos Intercept X Advanced with XDR solution has been named the top-ranked and sole leader in the Omdia Universe report for comprehensive extended detection and response (XDR) solutions. The global research company ranked Sophos’ product the highest in nearly all capabilities categories – excelling above competitive offerings with industry-best threat response, deployment, management, pricing, and licensing – with Sophos Intercept X Advanced with XDR delivering “a dominant showing in Threat Response and Resolution.”

ESET RESEARCH DISCOVERS STRONGPITY APT GROUP’S ESPIONAGE CAMPAIGN TARGETING ANDROID USERS WITH TROJANIZED TELEGRAM APP

ESET researchers identified an active StrongPity APT group campaign leveraging a fully functional but trojanized version of the legitimate Telegram app, which despite being non-existent, has been repackaged as „the “Shagle app. This StrongPity backdoor has various spying features: its 11 dynamically triggered modules are responsible for recording phone calls, collecting SMS messages, collecting lists of call logs, and contact lists, and much more. These modules are being documented publicly for the very first time. If the victim grants the malicious StrongPity app notification access and accessibility services, the app will also have access to incoming notifications from 17 apps such as Viber, Skype, Gmail, Messenger, and Tinder, and will be able to exfiltrate chat communication from other apps.

Confluent to Acquire Immerok

Cortical Ventures.

With Immerok, Confluent plans to accelerate the launch of a fully managed Flink offering that is compatible with its market leading managed Kafka service, Confluent Cloud. Thanks to Flink, Kafka Streams, and ksqlDB offerings available natively on Confluent, customers are expected to soon have access to the three leading stream processing tools designed specifically to process and enrich data in real time.

Solutions by stc Awards Nutanix ‘Data Center Partner of the Year’

Confluent has signed a definitive agreement to acquire Immerok. Immerok is a leading contributor to Apache Flink, a powerful technology for building stream processing applications and one of the most popular Apache open source projects. Immerok has developed a cloud-native, fully managed Flink service for customers looking to process data streams at a large scale and to deliver real-time analytical insight. Immerok leadership includes multiple Flink Project Management Committee members and Committers for the open-source technology, and would add extensive stream processing expertise to the Confluent team upon the closing of the transaction. Immerok’s investors have included Cusp Capital, 468 Capital and

Data streaming is essential to competing in today’s digital-first world, enabling businesses to connect their many different applications, data systems, and SaaS layers in real time. With a unified and constantly up-to-date view of their data, businesses can deliver streamlined workflows, more automation, and ultimately, superior customer experiences and more efficient business operations.

“Stream processing plays a particularly critical role in data streaming,” said Jay Kreps, co-founder and CEO, Confluent. “Stream processing enables organizations to clean and enrich data streams to derive actionable insights from their data in real time. Our planned acquisition of Immerok will accelerate our ability to bring one of the most popular and powerful stream processing engines directly into Confluent.

Nutanix has been presented with the ‘Data Center Partner of the Year’ award by solutions by stc, as a sign of the close collaboration between the two companies. solutions by stc and Nutanix have been partnering to assist organizations in the Kingdom of Saudi Arabia, particularly in the public and telco sectors, with their cloud computing initiatives as part of their overall digital transformation strategy. solutions by stc, the leading enabler of digital transformation and the number one IT service provider in the Kingdom of Saudi Arabia, provides clients with integrated technology solutions through a broad portfolio that enhances their day-to-day operations. Its core ICT services are designed to enable, manage and scale businesses. Elaborating on the partnership and the award, Talal Al-Saif, Senior Manager Sales Public Sector, Saudi Arabia at Nutanix says, “Saudi Vision 2030 aims to transform Saudi Arabia into a globally competitive ICT hub, with modern technologies and an empowered information society.

Huawei Datacom Named a Leader in the 2022 Gartner Magic Quadrant

Huawei has been named a Leader in the 2022 Gartner Magic Quadrant for Enterprise Wired and Wireless LAN Infrastructure, the only non-North American vendor positioned in the Leaders Quadrant. Huawei takes it as a milestone and believes it is yet another testament to the global recognition of Huawei’s full lineup of network offerings. Huawei’s wide range of solutions include the CloudCampus 3.0 Solution, CloudEngine series switches, AirEngine Wi-Fi Access Points (APs), and iMaster NCE automatic and intelligent network management platform.

As an excellent supplier in the global enterprise wired and wireless LAN infrastructure market, Huawei has a holistic set of enterprise wired and wireless LAN infrastructure offerings. Featured products and solutions include the end-to-end CloudCampus Solution across LANs, WLANs, and WANs, feature-rich CloudEngine series switches, award-winning AirEngine Wi-Fi APs, and field-proven iMaster NCE automatic and intelligent network management platform. To date, these products and solutions have served millions of customers worldwide across indus-

tries, gaining high praise in the process.

Huawei remains committed to the global enterprise market, and constantly innovates to set the benchmark for enterprise networks in terms of simplified network architecture, best-in-class hardware design, agile software delivery, and flexible business models.

“We are really competing against ourselves, we have no control over how other people perform.”

Turtlefin expands its presence in UAE

Microsoft for Startups graduates third cohort of B2B tech startups from GrowthX Accelerator program

Microsoft for Startups Middle East, in partnership with the Abu Dhabi Investment Office (ADIO), today graduated the latest cohort of tech startups from its GrowthX Accelerator program. The conclusion of the cohort was celebrated during a Demo Day event, hosted at Abu Dhabi’s financial centre, Abu Dhabi Global Market (ADGM), with attendees including startup founders, government officials, investors, business leaders and stakeholders from the regional entrepreneurship ecosystem.

Run as part of a strategic partnership between ADIO and Microsoft for Startups, GrowthX is specifically designed to empower growth-stage B2B startups ranging primarily from Seed to Series A stages to grow and scale in Abu Dhabi. The program features weekly sessions from Microsoft experts, as well as regional and global leaders in business and technology. The 12 startups in this cohort hail

from across the Middle East, Turkey and Pakistan, and are developing solutions in E-commerce, EdTech, Fintech, HRtech, and Insurtech. The companies in this cohort are Fortyguard, Ilmversity, Klickit, MonSpark, Pisano, Poilabs, Raabtaa, Supercommerce, Vita Virtues, Xina AI, Edraak Systems, and Pay Caps.

Eng. Abdulla Abdul Aziz AlShamsi, Acting Director General at ADIO, said, “The rapid pace of digital transformation is an opportunity to continually find new technological solutions to global challenges. The GrowthX Accelerator is a proven platform to identify and empower innovative startups to achieve scale and impact. We congratulate all the graduates on completing this program and look forward to seeing how they leverage the tools gained to accelerate their growth and enhance the regional startup landscape.”

Turtlefin, India’s leading Insurtech platform announced its partnership with Compass Insurance Brokers LLC, one of the biggest financial solution providers in the UAE, to create a unified and seamless platform to enhance their distribution capabilities in UAE markets. Through this partnership, Turtlefin will enable Compass’s distribution teams to access the required information seamlessly and customize proposals for clients.

Turtlefin will provide access to its extensive, technology-driven solutions to become more efficient and provide cost-effective solutions. This will help in reducing proposal creation time by more than 50% and increase the sales efficiency by 30% along with better customer experience.

Turtlefin will enable Compass’s vast distribution network to access all retail insurance products on its platform. Additionally, Turtlefin is also looking at providing its capability of digital prospecting and E-skilling with a vision to support and empower its network of advisors. This will strengthen the engagement of Compass Advisors with their customers and empower them with necessary tools to cater to their customer’s insurance needs.

Speaking on the occasion, Amreesh Kher, Chief Partnership Distribution Officer, Turtlefin said, “This partnership exemplifies our belief in the opportunities in the Middle East markets with an aim to bring about transformation in the insurance distribution ecosystem. With our commitment to improve the distribution network and the insurance ecosystem, we are confident that our capabilities and interesting growth trajectory will further enable a future that will be beneficial for the entire community.”

Delinea: That Attacks are Down 61% from the Previous Year

As per Delinea published 2022 State of Ransomware Report, Cyber-attacks using the popular compromising tactic have declined significantly over the past 12 months compared to the previous year, and fewer companies are paying ransoms. Still, there are red flags in the annual report related to spending, planning, and using cybersecurity tools available to combat ransomware.

The survey of 300 US-based IT decision makers, conducted on Delinea’s behalf by Censuswide, found that only 25% of organisations were victims of ransomware attacks over the past 12 months, a stunning 61% decline from the previ-

ous 12-month period when 64% of organisations reported being victims. Furthermore, the number of victimised companies who paid the ransom declined from 82% to 68%, which could be a sign that warnings and recommendations to not pay ransoms are being heeded. Larger companies are much more likely to be victims of ransomware, as 56% of companies with 100 or more employees said they were victims of ransomware attacks.

Along with these positive results, the survey also raised concerns that a potentially reduced threat could lead to complacency. Budget allocations for ransomware are in decline, as only 68%

of those surveyed said they are currently allocated budget to protect against ransomware versus 93% during the prior year. The number of companies with Incident Response Plans also declined from 94% to 71%, and only half are taking proactive, proven steps to prevent ransomware attacks such as enforcing password best practices (51%) and using Multi-Factor Authentication (50%).

“Piyush Chowhan is a digital evangelist with a passion for transforming businesses with the use of technology. With over two decades of experience working with global consumer and retail companies, he has an excellent track record of delivering results and creating value across organizations. His vision is creating innovation-focused digital strategies to maximize today’s opportunities and prepare organizations for future disruptions. His passion for working with startups and innovation-led companies has given him the edge to create digital assets for organizations with the use of the latest technologies like Analytics, Cloud, and Artificial Intelligence. He has been a widely recognized leader in digital transformation and has been a much-wanted speaker at over 100 global events. He is an avid writer and his thought leadership is published in multiple magazines and portals. He is also mindfulness practicioner and conducts sessions on mental and wholistic wellbeing.”

– A YEAR OF RECKONING FOR 2 0 23 DIGITAL

TRANSFORMATION

023 is going to be to be a tough year for business with clouds of recession looming around but can be important year for digital change. COVID accelerated digital adoption in all form across enterprises, but the impact of this change is seen in varied forms across organizations. Customer facing companies who could not change fast are on the verge of collapse, while other large established industries are figuring out how to adopt to this new world. Digital is now at the core of every enterprise strategy discussion with the level of adoption showing varied trend.

2023 is going to be first full year for digital initiatives to measure ROI and CIO’s will be on tremendous pressure to prove the business case for digital projects. 2023 is a make or break year for digital leaders as they need take this opportunity head-on to prove their mettle. We ran a survey across Digital leaders in Middle east and nearly 2 in 3 leaders said

“CIO’s need to think beyond large monolithic ERP applications and embed best of breed cloud applications.”

CIO, PANDA RETAIL COMPANY – SAVOLA GROUP

PIYUSH CHOWHAN

How CIO’s need to prepare for leading digital change and what are their challenges. Here is an in-depth of analysis by Piyush Chowhan, CIO, Panda Retail Company – Savola Group

DIGITAL SPEND TRENDS FOR 2023

their budgets will increase more than 10% which is quite encouraging.

This clearly reflects the importance of digital, but the expectations will also become more sharper on delivering the ROI. CIO’s need to clearly prioritize these spends to deliver the right return by demonstrating Total Cost of Ownership Models. A discussion with CEO highlighted that businesses are not shy of taking risks by initiating large digital projects but expectations on faster returns are higher by the board. CIO’s need to perform a very balancing act by prioritizing business goals and adopt the mantra of “doing more for less”. We did a survey of CIO’s to identify trends and priorities to plan for 2023 better.

5 TOP TRENDS FOR 2023

• 2023 will be more Volatile – The Ukraine War, Inflation, Global recessions and many more challenges pose huge threats to global economies. This reality was reflected in more than 87% of CIO’s stating that volatility and uncertainty will be high in 2023.

• Digital Strategies will become more focused – Digital Strategy will become more aligned towards business goals. Boards will ask managements to publish their digital strategies to their shareholders to delivery growth

• Transition from IT to “Digital” – Enterprises will move focus from traditional IT projects

to strategic digital spending. Technology spend on strategic digital projects will move significantly to approximately 40% for progressive companies in 2023.

• Enterprise agility will become more visible – Enterprises will embrace agile ways of working which will lead to better alignment of delivery between IT and business

• Digital divide will increase in 2023 –Enterprises with higher digital adoption will start seeing the flywheel effect which will accelerate the divide amongst digital laggards.

CIO’s will have a great opportunity to demonstrate leadership in defining their priorities

on the face of the above trends. Our survey highlighted the 10 areas of focus which will define their roadmap in 2023 to demonstrate digital value delivery.

1) Transition to Product Based (from project based) IT Delivery – IT teams needs to be re-aligned from project-based delivery to Product based delivery structures. If your teams are already structured in product structure it would be good to provide sharper focus towards speed, with smaller teams delivering much higher quality products to the business. This will align the outcomes towards business operations thereby easy to measure effectiveness of delivery

2) Focus on Cloud Native applications for Application Modernization – CIO’s need to think beyond large monolithic ERP applications and embed best of breed cloud applications. This will help value delivery faster and make the application landscape scalable and flexible. Application modernization is a going to be a key initiative which will differentiate your longterm vs tactical strategy.

3) Enable Data Democratization by shifting to modern data platform – CIO’s should focus on building modern cloud based data platform by transitioning from on Premise traditional data platforms which are limiting. The IT teams should work with various business units to enable use of data for decision making by using not only internal data sources but external as well. CIO’s should look at no-code extensible platforms which enable quick data rich solutions for business users to get faster ROI. Our survey did show that enterprises are going to significantly increase their spend on data by more than 20% over the past year which will create limelight for the data team in 2023.

4) Accelerate Agile adoption in IT and business teams – Agile delivery models have been proliferated across teams and 2023 should see far deeper adoption with tools which help measure productivity of teams. Advanced tools which foster collaboration between business and IT teams for definition of Epics and stories will help teams delivery much faster and “delivery more for less”

5) Enhance your “Intelligent Enterprise

strategy” – 2023 CIO’s should look away from point RPA solutions to develop a clear strategy towards building an intelligent enterprise strategy using custom built solutions. This should involve having AI enabled automation which are connected to the enterprise core solutions using data platform layers. RPA solutions should be embedded with workflow solutions to have seamless data sharing and fast decision making.

6) Create a Security first culture - As cyber security becomes a “Board topic” CIO’s need to foster “Security first behavior” across development and infrastructure teams of the enterprise. Zero Trust solution should be deployed with periodic assessment of all vulnerabilities to define the security posture of the enterprise. 2023 should see consolidation of security tools to be more cyber resilient by improve better observability by implementing a robust security framework.

7) Nurturing Digital Talent – While the digital talent way of 2021 has subsided its time for CIO’s to have a clear strategy to nurture digital talent by identifying open innovation structures. CIO’s need to focus on Product Management skills, Agile leadership and deep technology skills by making them business focused. CIO’s should focus on Digital Employee experience to enable better productivity and collaboration platforms to help faster delivery throughput.

8) Sharpen Cost Focus for better ROI – Our survey of CIO’s have shown that digital spending will increase by more than 20% for large number of enterprises but the business is asking for faster value realization. CIO’s need to focus on optimizing cloud costs which have shot up as more cloud

application become part of enterprise landscape. Product teams need to prioritize features which lead to better ROI which are aligned to enterprise business goals.

9) Improve Business Intimacy – Business dynamics are changing at fast pace and business goals are sharper now. Digital enabled outcomes will be more demanding in 2023 hence CIO’s need to work very closely with business teams to understand the priorities, challenges, processes and investments to deliver in tandem. CIO’s need to be cognizant of the fact that traditional systems were not aligned to new digital ROI models hence they must adopt new applications to align with the priorities. CIO Survey did highlight increasing pressure from 70% business leaders asking faster ROI.

10) Encourage Hybrid Working Models –Remote working during COVID had pushed employees to newer working environment which are getting rationalized with normalcy prevailing. CIO’s should do the balancing act in this hybrid working models to balance the physical collaboration vs remote productivity. Agile working with focus on collaboration tools can help provide right metrics for measurement of productivity to deliver faster. CIO’s should bring in business team in the overall collaboration ecosystem to ensure that delivery and productivity metrics are shared with clear visibility for building trust.

CIO’s are going to be more critical in achieving the business goals for 2023 and there is no better time to demonstrate the power of digital. The 10 priorities which were highlighted before can charter a path for aligning resources and energy in the coming year.

“CIO’s are going to be more critical in achieving the business goals for 2023 and there is no better time to demonstrate the power of digital.”

SOME OF THE CHALLENGES THAT CXOS FACE IS ABOUT MANAGING RISKS, RESILIENCE, BUSINESS CONTINUITY

In the digital journey of the customers, the ecosystem partners play a major role. From offering products to create solutions to offer services, the ecosystem does everything. Bulwak being a VAD has a major play in the journey. We spoke to Jose Menacherry, Designation : Managing Director, Bulwark Technologies. Excerpts

What is the state of Digital transformation market in the region?

Digital transformation in the Middle East, like in the rest of the developed world is seeing an explosive growth. This is not just businesses trying to re-invent themselves to adopt AI or Cloud in order to stay competitive, we are seeing Government entities embracing Digital transformation in a big way.

Briefly tell us how Bulwark is enabling digital acceleration?

Digital acceleration has opened up avenues for hackers and state sponsored attack groups to mount sophisticated attacks via penetration and reconnaissance activities that is going unnoticed. Bulwark being a VAD in the cyber security space, is educating the market – both end users and the channel community on the apparent risks to slow adoption of security practices. The market needs to keep pace with the digital growth by adopting secure practices and tools such as MFA, patching, anti-phishing, security awareness programs to counter such threats. Bulwark is providing the necessary security measures to give confidence to organizations adopting Digital transformation.

What are the challenges of CXOs that Bulwark is trying to mitigate?

Some of the challenges that CXOs face is about managing risks, resilience, business continuity measures that they need to consider whilst adopting Digital Transformation of their businesses to stay competitive. With the market now operating in hybrid mode having data on premise and in cloud, CXOs need to consider comprehensive solutions to mitigate risks arising out of such

initiatives. Bulwark, with 23 years of cyber security experience is well poised to advise CXOs in considering industry best practise to address attack surface management, risk return ratio, cyber resilience to name a few.

What are the core competencies of Bulwark and how is it different from others in the competition?

Bulwark’s core competencies include being able to identify the gaps in the security landscape and promoting vendors and their solutions to address this gap. Bulwark also takes pride in maintaining long term relationships with enterprise partners to jointly address the ever growing threats and expanding attack surface. We act as a single point of contact between multiple security vendors, making it easier for partners and customers to purchase, implement and manage solution addressing the data security / cybersecurity concerns. We participate in a number of 3rd party events such as GITEX, GISEC, eCrime Congress, Black Hack MEA and other customer focused and partner focused events for different verticals to show case the latest technologies available in the industry that help mitigate cyber risks.

Apart from Cyber Security, which other technologies that Bulwark is offering to the market?

Cybersecurity is our core focus. Apart from that, we do have RPA solution to automate the recurring activities and thereby reducing the human involvement, avoiding errors and delays. Other solution are email backup, storage security, network monitoring, configuration management, MDM / EMM etc.

Have you created any technology practice within for the convenience of the customers, if yes, pls? Elaborate on this?

First of all, security is an ongoing process rather than a one time activity. We try to identify the customer pain points and suggest solutions accordingly. For eg. we collaborate with organizations in banking & finance sector in the region for automating file their transfers securely and fully encrypted, meeting compliance requirements like encryption of data in motion and rest, without

“We try to identify the customer pain points and suggest solutions accordingly. For eg. we collaborate with organizations in banking & finance sector in the region for automating file their transfers securely and fully encrypted, meeting compliance requirements like encryption of data in motion and rest, without any manual intervention and carried out in a highly secure manner.”

any manual intervention and carried out in a highly secure manner. We help them to achieve the process by using one of the solution called GoAnyWhere MFT from Fortra. Similarly, we have solutions for meeting various compliance requirements for different industries for keeping

their PII data and other confidential information safe and secure, at the same time ensuring availability of data for business processes.

do you support the customers?

Cyber security requires constant re-skilling of talent and skills to be able to keep up to date with the emerging threats. Bulwark has partnered with vendors such as Cyberbit to address the skilling gap in cyber security, providing a platform for SOC teams, security researchers and analysts to pitch their skills against a myriad of threat scenarios. Cyberbit closely follows the MITRE attack frame to provide a comprehensive environment for individuals to test their skills as one to one or team based approach.

Bulwark offers a range of value-added services, helping customers and partner to understand our solution portfolio better, undertaking demos & PoC, implementation services, certification training and offering extended warranties, service level contracts etc. all through our focused channel partners.

Final message for the customers?

Bulwark has been in the cybersecurity space for 23 years now and instrumental in introducing latest and niche technologies to the region. We have been instrumental in evaluating new technology products based on the security needs of customers and commit to support customers with proper expertise. We thank all the customers, channel partners and vendors for their continued support and for the long term trust & association with Bulwark.

“Bulwark being a VAD in the cyber security space, is educating the market – both end users and the channel community on the apparent risks to slow adoption of security practices.”

MANAGING DIRECTOR BULWARK TECHNOLOGIES

Skilling is one of the major challenges for the customers, how

Aruba Predictions Six Major Networking Trends for 2023

As we enter 2023, the events of the last couple of years have left their mark with staffing shortages, inflationary pressures, supply chain disruption, and geo-political unrest. These dynamics have accelerated or even forced business transitions and, in some cases, caused a rethinking of fundamental business models. The network now plays an even stronger role, powering the transformation journey that’s needed to thrive during uncertainty and preparing organizations for what comes next in 2023

Prediction 1: By the end of 2023, 20% of organizations will have adopted a NaaS strategy

With tightening economic conditions, IT requires flexibility in how network infrastructure is acquired, deployed, and operated to enable network teams to deliver business outcomes rather than just managing devices. Migration to a network-as-a-service (NaaS) framework enables IT to accelerate network modernization yet stay within budget, IT resource, and schedule constraints. In addition, adopting a NaaS strategy will help organizations meet sustainability objectives since leading NaaS suppliers have adopted carbon-neutral and recycling manufacturing strategies.

Prediction 2: Built-in security replaces bolt-on Reducing cybersecurity risk has become a core operational concern. Transformation to a more automated security architecture is an IT imperative. No longer can organizations bolt-on perimeter firewalls around the network to protect against threats and vulnerabilities. Security must be built-in to every aspect of the network infrastructure from Wi-Fi Access Points to LAN, campus and data center switches, WAN gateways, and extending into the cloud. Zero trust and SASE frameworks will become more intertwined, not only to protect from threats but to apply micro-segmentation across the complete IT stack including users, connected devices, applications, network services, compute, and storage platforms.

Prediction 3: Location services enable new business models and greater efficiency

Challenging skilled labor markets and recurring supply chain issues will force companies to become more efficient, productive, and resourceful. Pivoting towards achieving situational awareness of assets, inventories, work in process, workers, customers, contractors, and supply chains will enable better control of costs, resources, quality, and intellectual property. This will require merging information technology (IT), Internet of Things (IoT), and operational technology (OT) data with contextual information about the environment. A new focus will be placed on obtaining

the accurate location of work activity and assets, the identity of people and machines, the real-time applications being used and by whom or what, and the security posture of every device and machine.

Prediction 4: IT will consolidate operations onto a single, centralized network and security management platform

More diverse digital technology (IoT) is being deployed by enterprises to improve user experiences and to streamline IT operations. At the same time, employees and customers expect a better integrated real life/digital experience no matter what the enterprises’ business model is. These dynamics have added complexity to both the network and security and have made managing the infrastructure more complex. With an intensified focus on end user quality of experience while increasing protection from cyberattacks, IT will look to a single centralized management system with visibility across the network and the ability to configure edge-to-cloud QoS and security policies.

Prediction 5: SLA measurements will be based on User Experience not box uptime and link availability

IT must optimize their networks to meet hybrid working requirements. Businesses will have dedicated teams whose priority is to ensure a seamless end user digital experience for employees and customers. Adapting to a client-based view rather than a network view requires complete end-to-end visibility and application-level insights to know if the quality of experience is meeting end user expectations or not. Tight control of network performance is no longer sufficient. Being able to identify and troubleshoot application response time and performance issues rapidly and remotely will be essential to ensure a seamless end user digital experience no matter where users connect.

Prediction 6: AIOps shifts from primarily offering insights to delivering automated remediation

With AI, cloud adoption, and access to vast amounts of data now common in enterprise-class network management solutions, automation takes center stage. Identifying the clustering of similar error symptoms across a full-stack network is leading to orchestrated workflows that will more readily give IT organizations the option to allow solutions to automatically remediate an issue. The need to streamline IT efficiency and do more with less is driving human-assisted workflows, which will enable administrators to examine recommended changes and their impact, and then enable remediation of on-going occurrences into production.

“With AI, cloud adoption, and access to vast amounts of data now common in enterprise-class network management solutions, automation takes center stage.”

VECTRA AI

Skills Shortage will Become a Talent War

Amid a growing attack surface, the skills shortage and rise of unknown threats, Vectra AI has today released its predictions for 2023. In this piece Christian Borst and Brian Neuhaus, CTO, Americas at Vectra AI have outlined a range of trends that they believe will have a big impact on the cybersecurity industry next year

Supply chain attacks will continue but hackers will look beyond the ‘usual suspects’ to cause havoc: Attackers will continue to cause maximum disruption in the form of supply chain attacks, but instead of targeting key suppliers, they will look beyond the ‘usual suspects’ to gain access into networks. For instance, this could include legal or accounting firms. A holistic approach may help turn the tables on the matter: supply chain means partnership — partnership means collaboration and supporting each other. Only as a ‘mesh’ interconnected structure with consistent resiliency can companies thrive in the digital economy. This includes ensuring that they review the security policies of all those in the chain.

“Next year, organisations will face more unknown cyber. threats targeting on-premises systems, cloud infrastructure, and SaaS applications.”

Organisations will use automation to recover from ransomware attacks: Traditional restoration procedures following a ransomware attack are both costly and time consuming for organisations; this is why in 2023 we will see organisations look to automation, via infrastructure as code (IaC), to reduce downtime. Through IaC, organisations can develop scripts that enable key infrastructure to self-heal so they can automatically return to action. Ultimately rebuilding broken infrastructure from scratch is a far quicker process than restoring as a result of automation.

Increased analyst fatigue and resignation will see the tides turn away from protecting the castle walls to detection and response: Attackers are continuing to breach the castle walls, creating fatigue and eventual resignations amongst cybersecurity professionals. Instead of working on preventing these attacks from happening and to prevent employee burnout, we will see a needed shift to focus on reducing the impact of an attack. This means building resilience within the organisation covering people, process and technology and focusing on early detection and sound response as opposed to protection & prevention.

Multi-Factor Authentication (MFA) will continue to be a prime target for attackers: With identity attacks on the rise, in 2023 attackers will continue to take advantage of vulnerable MFA methods. As companies continue to roll out MFA, attackers will continue to take advantage, either by flooding end users with requests to brute-force their way in, or by skilled phishing campaigns. End users will be the ones directly targeted by attackers. This means not just organisations, but also consumers will need to be more aware than ever of the risks to their digital identities. Meanwhile, organisations must ensure they have tools in place to detect suspicious login activity and stop it in its tracks.

Attackers will begin to steal and keep encrypted data to decrypt in a post quantum world: Advances in quantum computing will force the hand of security leaders in 2023 to start thinking about this sensitive encrypted data in a post-quantum world. However, this approach will also grab the attention of attackers, and instead of bypassing encrypted data that was previously safeguarded, they will attempt to grab the data and keep it stored for sale or to be later decrypted.

Defenders should not rest on the laurels of encryption and start to take note of what NIST is doing in post quantum encryption this year for action in the coming years.

As the war for talent increases, security companies will need to develop creative ways to recruit and retain workers: As an industry that is no stranger to burnout and stress, cybersecurity companies will have to ensure they can demonstrate they are an attractive outfit to work for. This is in order to fend off competition from tech companies that can often offer lucrative salaries and superior work-life balance. To achieve this, cybersecurity companies must adopt a more forward-thinking approach, this could include offering flexible working arrangements, performance incentives and health and wellness policies.

Private and Public sector will batten down the hatches against nation state cyberattacks: Cyber warfare will remain a real threat in 2023, from a broader use of known TTPs to an unknown equity of zero days just waiting for the strategically right moment to deploy against one’s foes.

Leaders of private and public sector organisations will start to really pay attention, investing more in the incident response and speed at which vulnerabilities are being handled in the coming year to limit the blast radius of such a cyber weapon. Posture, detection, and quick response will be paramount this coming year.

Software and IOT device labelling take a foothold: Labels should state clear facts about the privacy and information security parameters of the product and organisation. One key piece of information on labels should be how long a company will support its software, because a physical device may outlast the time a product is supported.

Christian Borst, EMEA CTO at Vectra AI commented, “Next year, organisations will face more unknown cyber threats targeting on-premises systems, cloud infrastructure, and SaaS applications. The skills shortage is worsening too, causing analysts to becoming overloaded and burnt-out. Combined, this is creating a perfect storm, leaving organisations more vulnerable to a breach. Organisations must adopt an effective detection and response strategy that reduces the burden on analysts, prioritising the most high-risk alerts. This means using tools that can identify the suspicious behaviours that an adversary will exhibit as part of an unfolding attack, flagging up these signals so organisations can stop an attack before it becomes a breach.”

“While the threat landscape might seem daunting, there are technologies out there to give organizations the decided advantage, but action has to be taken now. Regional SOCs need to introduce AI into their security mix — AI that eliminates the noise found in most of today’s IT environments,” Brian Neuhaus, CTO, Americas at Vectra AI added. “The right data, analysed the right way, will open the door to a new era of visibility and control for security teams. In this Attack Signal Intelligence framework, cyber actors’ TTPs [tactics, techniques, and procedures] become more obvious and allow security professionals to be more effective threat hunters.”

“The right data, analysed the right way, will open the door to a new era of visibility and control for security teams.”

TOP TIPS FOR SECURITY – AND PRIVACY – ENHANCING HOLIDAY GIFTS

Think outside the (gift) box. Here are a few ideas for security and privacy gifts to get for your relatives – or even for yourself. Some don’t cost a penny!

Thanks to a decade or more of big-name data breaches, global privacy scandals and consumer rights legislation like the GDPR, we’re all more aware of cybersecurity and privacy issues today. And now that many of us are working more from home and our personal and work lives have begun to blur, the stakes have raised somewhat. No-one wants to end up in front of HR because their reused passwords were stolen and used to hack a corporate database, for example.

Our personal data is of great value not just to advertisers and data brokers, but even more worryingly, to cybercriminals. Unfortunately, there are many ways for nefarious individuals to get hold of it. They could use phishing attacks to target us directly. They may hide info-stealing malware in mobile apps, gaming torrents or other legitimate-looking software. Or they might use previously breached data to obtain our credentials and hijack our accounts. When it comes to advertisers and data brokers, much of the data slurping and selling is done silently in the background, often thanks to third-party cookies for better ad targeting or user experience.

Understandably, many of us want to mitigate the impact of these threats. So why not give the gift of better security and privacy and help your loves ones make some practical steps towards better protecting their personal information online?

But let’s first mention something that is a must these days and surely you have it covered already: comprehensive security software. You know by now that you and your family should use a security solution from a reputable provider on all

your devices. Smartphones and tablets – which have been among the most popular holiday tech gifts for a while now – also need comprehensive protection from device-, network-, web- and app-based threats. If a device is connected to the internet, then there’s a possible risk malware could find its way onto it. And once on there, the malware could be used to steal your data, lock down your machine for extortion, or for other nefarious ends.

Now onto a few less obvious ideas for gifts for your relatives – or even for yourself! Admittedly, not all of the below will be the ideal fodder for a traditional Christmas list – not least because some are free to use or difficult to buy or gift-wrap for others – but each is worthy of your attention. Or perhaps just think of it as a list of things to add to your cyber-hygiene practices, on top of these bad security and privacy habits you could consider shedding in the new year?

▪ Secure Wi-Fi router: All of us have a wireless router in our homes, but we’re probably using one provided by our ISP. Many of these leave a lot to be desired when it comes to security, for example, not accepting long and strong passwords, failing to notify when critical updates are available, or having ‘things’ like UPnP or WPS enabled. A better option would be to choose a small business router designed for security and if possible, consider setting up a virtual private network on it and so avoid installing a VPN on each device. Which brings us to the next point…

▪ Virtual private network (VPN): These

handy tools reroute your traffic via a secure encrypted tunnel so that the site you visit can’t identify you. A VPN is useful for enhancing privacy and security – blocking ISPs, government spooks, hackers and advertisers from spying on you – and is particularly important if you’re out and about using public Wi-Fi networks. However, not all VPNs are created equal. Free services may sell your data to make money, while those with servers located in specific countries may pressure the provider to hand over data. Independent research is required to find the right choice.

▪ Password manager subscription: Many of us have so many accounts and apps online today that we need to use easy-to-remember passwords, and often share the same credentials across multiple accounts. The problem is that if just one of these ends up in the hands of hackers, it may imperil all of them, as the bad guys can use automated “credential stuffing” tools to try and unlock your other accounts protected with the same password. With a password manager you can easily create and store unique and strong passwords or passphrases for each site. The manager will remember them for you, whereas all you need to remember is a

single password called “master password”.

▪ 2FA hardware-based key: Two-factor or multi-factor authentication (2FA/MFA) offers protection from password-stealing threats by providing another layer of user authentication. Although dedicated MFA apps can also do this, another option is a physical hardware key like these. After enrolling it in each site you want to use, simply insert the key (usually into a USB port) to log in subsequently. If a criminal doesn’t have your key, they won’t be able to impersonate you.

▪ Laptop privacy screen: Hybrid working means more of us will be travelling to the office again. That means more opportunities for shoulder surfers to see what we’re typing on our way to work. A privacy screen is the obvious solution, only letting light filter out from the display at narrow angles, thus reducing the chances of in-person snooping.

▪ Webcam cover: Webcam hacking, also known as camfecting, isn’t unheard of. Cybercriminals or ‘just’ peeping Toms can hijack other people’s front-facing cameras through various means, including Remote Access Trojans (RATs) or vulnerability exploits. They could then use the stolen material or recordings for fraud or extortion,

among other crimes. A sliding webcam cover can, therefore, come in handy. Other simple countermeasures involving placing a piece of tape over the lens when the camera is not in use, or unplugging the camera if it’s an external one.

▪ Privacy-enhancing email: Email was not originally built with security in mind. And now there’s a secondary risk: that the providers themselves are snooping on your data to sell to advertisers or share with government agencies. Once again, numerous alternatives to the main players have sprung up in recent years with a focus on security and privacy. That not only means messages are encrypted by default, but the providers make money from premium subscriptions rather than advertising, and are located in a country unlikely to share information with the US authorities if that’s a concern for you.

▪ Secure messaging apps: These are unlikely to be on many of our Christmas lists, given that the apps are usually free to use and difficult to gift wrap. But it’s worth checking the one you’re using is optimized for security and privacy and provides end-to-end encryption. That means even if government or law enforcers ordered a provider to turn over customer data, they could not. Ensure

the feature is turned on, as it may not always be by default. While you’re at it, consider tweaking the app’s settings further for even better privacy and security.

▪ Anti-tracking software: As privacy concerns have grown among the populace, the market has responded with ad and tracking blockers. As the name suggests, they’re designed to protect your browsing activity from unwanted monitoring by ensuring any invasive or potentially malicious ads don’t appear on your screen.

▪ Pro-privacy search engine: Major search engine makers generate their profits by selling advertisers access to your search history, so that they can target ads. Many users will be fine with this level of intrusion if it means more relevant ads. For those who aren’t, there are plenty of alternatives now on the market – and they’re free and can, of course, be used from your regular web browser – or even from, for example, the Tor browser if you want to up the ante further. Let this holiday season be also a time of security and privacy awareness. By taking small steps like those above, we can keep our information safer

and make life harder for opportunistic fraudsters.

AXIS

The technology trends affecting the security sector in 2023

Physical security market in 2023 is also going through a lot of technology evolution. Read the views of Johan Paulsson, CTO at Axis Communications on the same

The fact that technology has become pervasive in our personal and work lives is not news. This is largely due to the benefits that new technologies bring to business and citizens around the world in delivering new, more effective, and increasingly efficient services.

However, the depth of technology’s integration into our lives, advances in its capabilities, and heightened awareness of its implications in society are also greater than ever and continue to accelerate.

Given this, many of the broad macro trends around the globe – spanning geopolitical issues, economic uncertainty, environmental concerns, and human rights – have implications for all technology sectors, the security industry included.

Ours is a sector making use of increasingly intelligent technology, one inherently involved in collecting sensitive data, and as impacted by geopolitical issues affecting international trade as any. Yet we’re still resolute in our view that our innovations will create a smarter, safer world.

These are the six key technology trends that we believe will affect the security sector in 2023.

A move towards actionable insights

The increasing application of AI and machine learning have seen a focus on the opportunity for advanced analytics in recent years. Moving forward, the shift in focus will move from the analytics themselves, to the actionable insights they deliver in specific use cases. It’s less about telling you something is wrong, and more about helping you decide what action to take.

A key driver for employing analytics to deliver actionable insights is the huge increase in data being generated by surveillance cameras, along with other sensors integrated into a solution. The data (and metadata) being created would be impossible for human operators to interpret and act upon quickly enough, even with huge and costly increases in resources.

The use of analytics can drive real-time actions which support safety, security, and operational efficiency.

From prompts to call emergency services in the case of incidents, to redirecting traffic in cities to alleviate jams, to redeploying staff in busy retail outlets, to saving energy in buildings through more efficient lighting and heating, analytics are recommending, prompting, and even starting to take the actions that support human operators.

Beyond ‘live’ actionable insights, analytics can support in

forensic analysis post-incident. Again, given the vast amount of data being created by surveillance cameras, finding the relevant views of a scene can take significant time. This can hinder investigations and reduce the likelihood of suspects being found. Assisted search addresses this issue, helping operators quickly find individuals and objects of interest among hours of footage.

Finally, proposed actions promoted by analytics are increasingly forward-looking. Downtime in industrial sites and factories can be costly. A combination of sensors allows intelligent analytics to propose preventative maintenance ahead of outright failure.

“From analytics to action” will become a mantra for 2023.

Use case-defined hybrid architectures

As we’ve highlighted in previous technology trends posts, it’s now commonly accepted that a hybrid technology architecture is best-suited for security systems, mixing on-premise servers, cloud-based compute, and powerful edge devices.

No one architecture fits all scenarios, however. But here lies the solution: first assess what needs to be addressed in your specific use case, and then define the hybrid solution that will meet your needs. A number of factors need to be considered.

Undoubtedly the advantages of advanced analytics embedded in surveillance cameras on the edge of the network are clear to see. Analysis of the highest-quality images the instant they are captured gives organisations the best chance to react in real-time.

Equally, the data generated by surveillance cameras is now useful beyond the real-time view. Analysis of trends over time can deliver insights leading to operational efficiencies. This analysis often demands the processing power found in on-premise servers or the cloud.

And of course, there are the requirements – often define by regulation – around data privacy and storage that vary from country-to-country and region-to-region. These can define the difference between on-premise storage and the use of the cloud.

What’s essential is not to tie yourself to a single architecture. Remain open, give yourself the flexibility to create the hybrid architecture best suited to your specific needs.

The emergence of cybersecurity sub-trends

The importance of cybersecurity is also highlighted through the requirement to remain compliant. For instance, the proposed European Commission’s Cyber Resilience Act will place greater demands on producers of hardware and software across all sectors to ensure the cybersecurity of their products, through fewer vulnerabilities at launch, and better cybersecurity management throughout the products’ lifecycles. The security and surveillance sector will, of course, be included.

The Act demonstrates both the importance and the complexity of cybersecurity. No longer can it be seen as one subject, but rather several interlinked areas.

“The use of analytics can drive real-time actions which support safety, security, and operational efficiency.”

CTO, AXIS COMMUNICATIONS

JOHAN PAULSSON

2023 Technology Predictions from Cloudflare

From May of 2021 till now there has been huge momentum in digital transformation; therefore the growth in the adoption of Zero Trust Security. John Engates, Field CTO at Cloudflare further predicts that there is a need of Chief Zero Trust Officer

The Rise of Chief Zero Trust Officer

Over the last several years, ransomware, data breaches, and other cyber campaigns have been hugely disruptive and cost organizations and governments millions. In response, the Biden administration issued an executive order in May of 2021 to implement a Zero Trust security architecture across the federal government. While recent reports from the US Government Accountability Office (GAO) show some agencies are on track, others appear to be falling behind. When governments need to move quickly and cut across organizational boundaries, they often appoint a czar to take charge of a particular program and see it through to implementation or execution.

As private sector organizations embrace digital transformation and move their operations to the cloud, they too are looking to zero trust to help provide a robust and secure network infrastructure. Secure Access Service Edge (SASE) has emerged as a clouddelivered convergence of network access and security services and is a common approach for enterprise zero trust adoption. The challenge however is that in many organizations, responsibility for networking and security live in different parts of the organization and these groups often rely on different vendors in their respective areas. Breaking down the silos between security and networking teams and choosing the right tools, products, and vendors to align with desired b usiness outcomes is critical to implement zero trust in larger enterprises.

As pressure to implement zero trust intensifies, I predict that a role analogous to a “Chief Zero Trust Officer” will emerge within some large organizations. This person will be the zero trust czar for the enterprise and will be the individual responsible for driving a company on its zero trust journey. Their job will be to bring together siloed organizations and vendors and ensure that all teams and departments are aligned and working toward the same goal. If resistance is encountered, the zero trust czar should have the backing of senior leadership (CIO, CISO, CEO, Board of Directors) to make decisions quickly and cut across organizational boundaries to keep the process moving ahead. Whether the very bold title of Chief Zero Trust Officer becomes reality or not, an empowered individual with a clear mandate and a singular focus may just be the key to getting zero trust across the finish line in 2023.

2023 Sees the Death of “The Password”

Phishing attacks continue to be a significant problem for com-

panies around the world. Even with regular security awareness training, users will eventually click a wrong link and fall victim to an attack. And unfortunately most cyber attacks begin with a phishing email.

Cloudflare itself was attacked this year by a sophisticated, targeted SMS-based phishing attack. A total of 76 Cloudflare employees received the phishing link in text messages on their phones. Three employees fell for the attack and clicked the link and entered their credentials. But unphishable, multi-factor authentication in the form of FIDO2-compliant security keys in conjunction with zero trust access prevented the attacker from breaching our systems. Other companies that used less secure time-based one-time passwords (TOTP) weren’t as lucky, and many were breached by the same attackers.

Username and password authentication even when combined with common forms of multi-factor authentication is just not enough anymore. Enterprises can enable stronger FIDO2compliant security keys along with zero trust access today if they’re using a system like Cloudflare’s to make it much tougher on attackers.

But the best way to protect most users and their credentials may be to remove the burden on the end user altogether. The FIDO alliance envisions passwordless sign-in everywhere. Logins will use your face or fingerprint instead of the old usernamepassword combo. A FIDO sign-in credential, sometimes called a “passkey”, will make it easier on users and harder on the attackers. If there’s no password to steal, hackers won’t be able to harvest credentials to carry out their attacks. We predict many websites and applications will adopt passwordless login using the FIDO Alliance passkey standard beginning in 2023.

The Cloud Takes on Compliance Governments around the world are rolling out new privacy regulations. In Europe, the General Data Protection Regulation (GDPR) which became enforceable in 2018 gives individuals more control over their personal data and how it’s used. Other countries worldwide are following suit and using GDPR as a model. In the US, there are five states with new consumer privacy laws that take effect in 2023 and more states are considering legislation. And at the federal level, lawmakers are slowly putting forward their own privacy regulations with the American Data and Privacy Protection Act (“ADPPA”) which is an online privacy bill that aims to regulate the gathering and storing of consumer data.

Companies must now understand and comply with this patchwork of regulations as they do business globally. How can organizations hope to stay current and build compliance into their applications and IT systems?

We believe the majority of cloud services will soon come with compliance features built in. The cloud itself should take the compliance burden off companies.

“I predict that a role analogous to a “Chief Zero Trust Officer” will emerge within some large organizations.”

FIELD CTO, CLOUDFLARE

ARUBA’S SUSTAINABILITY FRAMEWORK

To get to net zero, organizations must extend their view beyond their own operations’ emissions to the emissions created by their products and services used by customers

PHIL MOTTRAM

As the leader for Aruba, HPE’s Intelligent Edge business, I spend a good portion of my time talking to customers and partners about the strategic goals of their businesses. Our conversations typically cover a wide range of business concerns such as workforce productivity, operational efficiency, automation, and network security, yet recently rising to the top of this list is sustainability.

Increases in governmental regulations, skyrocketing energy prices, and the impact of extreme environmental events in their communities are forcing companies to evaluate their carbon footprint and to find ways to reduce their emissions to become net zero by 2050. While some companies are further along than others, a recent Forrester survey found that 58% of Global Fortune 200 companies have named a sustainability lead, and 55% have established greenhouse gas emission targets.

To get to net zero, organizations must extend their view beyond their own operations’ emissions to the emissions created by their products and services used by customers. Aruba recognizes we have a shared responsibility to our customers, and in addition to innovations in our product designs, we are actively pursuing additional ways of helping our customers reduce emissions generated by network operations.

As I previously highlighted, Aruba’s focus is on enabling efficient IT operations with the goal of minimizing environmental impacts across the product lifecycle and reducing the total cost

of ownership for our customers. We approach efficient IT using the following framework:

▪ Energy efficiency — Deliver an optimum level of power, storage, and connectivity with the lowest possible input of energy.

▪ Equipment efficiency — Maximize IT processing power and storage capabilities with fewer IT assets.

▪ Resource efficiency — Engineer products to work efficiently within data centers and at the edge, while requiring the least amount of support equipment and staff for power conversion, cooling, and resiliency.

Maximizing efficiency in each of these categories requires a modern network architecture designed for agility and performance at scale. Every element of the ecosystem contributes to the overall efficiency of the network, and when considering the sustainability attributes of individual products, we look at three main functions:

▪ How they are made – Activities related to creation, production, and lifecycle management

▪ How they work – Operational properties that optimize power efficiency and performance

▪ How they are used – Use cases that help customers lower their carbon footprint

How Aruba products are made

How a product is made has a significant effect on its value to our customers, including features

supported, quality of service offered, cost of ownership, and environmental impact. When developing a new product, Aruba considers every element of the product lifecycle, including design, material composition and acquisition, production, packaging, transportation, and post-use disposition to ensure they meet our customers’ evolving needs and expectations.

How Aruba products lessen their environmental impact:

▪ Our products are free of heavy metals and ozone depleting components

▪ New products are designed to use lowhalogen PCBs

▪ Our products are engineered to be easily recycled

▪ All products are manufactured in compliance with strict regulatory and HPEdirected requirements

▪ Our product packaging is comprised of up to 80% recycled materials

▪ We also offer valuable lifecycle management services that alleviate the burden of managing and responsibly dispositioning network assets. With global reach and the largest technology recovery centers in the world, HPE offers IT asset lifecycle solutions to help customers reclaim asset value, simplify lifecycle management activities, and create circularity as they migrate to HPE GreenLake for Aruba.

How Aruba products work

Equally as important to the performance and sustainability profile of our products is how they work. We use innovations that enable maximum power efficiency such as power management features, platform operation, built-in intelligence, streamlined workflows, and standards compliance.

How Aruba products work more sustainably:

▪ Patented intelligent power management features in Aruba access points minimize power consumption by consuming an average of only 50% of the total power capacity in real world deployments.

▪ Energy efficient Ethernet and the use of 80+ certified power supplies on Aruba switches reduce power consumption by 50% and – up to 80% or more during periods of low data activity.

▪ Cloud-based network management hosted in energy-efficient data centers is reported to be 3.6 times more efficient than traditional enterprise data center operations. The AI and automation in Aruba’s management platform, Aruba ESP (Edge Services Platform), diagnoses network issues in real time, accelerating IT response, lowering help desk tickets, and enabling efficient power usage. Inefficient networks are analogous to leaky water pipes. Just as leaky pipes waste water, inefficient networks waste energy. A network draws power to operate. For example, by using AIOps, you can eliminate 75%

of your helpdesk tickets, improve the efficiency of your network, and reduce the amount of wasted power and human capital (which can be better spent on strategic initiatives) that would otherwise be spent on resolving network anomalies. Client authentication issues, inefficient load balancing, switch port errors, and a host of other network issues lead to unnecessary power consumption.

How Aruba products are used

It is also important to examine the ways our customers leverage our products to deliver value to their businesses, including secure high-performance connectivity that empowers workforce productivity, streamlined workflows that drive IT resource optimization, and additional applications that enable control of key resource consumption.

For instance, Aruba’s network management console consolidates multiple functions on a single cloud platform, simplifying IT workflows and reducing the number of point solutions. Our customers can avoid purchasing additional hardware, power, and HVAC resources.

Aruba Central also enables Zero Touch Provisioning of equipment, which allows devices to be centrally configured, shipped to remote locations and easily installed, eliminating the need to send skilled technicians to remote locations. Not only is this process more efficient, but it also lowers greenhouse gas emissions by 650g CO2 for every kilometer not driven.

There are also innovative IoT applications that

enable efficient resource management and smart office improvements - including sensors that monitor power, lighting, cooling, and water to name a few. Aruba’s network architecture enables direct connection of these devices through Bluetooth, Zigbee, and PoE ports on APs. Having a direct connection not only enables customers to broaden the mechanisms used to make their corporate environments more efficient, but also eliminates the need for overlay appliances that would increase cost, carbon emissions, and lifecycle management activity.

While I’ve noted a few sustainability-focused innovations, there is much more to be done, and we are just getting started. As an industry leader in sustainability, HPE has committed to become net zero by 2040, with an interim goal of lowering Scope 3 emissions - those generated by our customers while using our products - by 42% by 2030. As an integral part of HPE, Aruba actively supports these goals.

To accelerate momentum, we have mobilized cross-organizational teams to further investigate and develop sustainable features, responsible supply chain solutions, and Tech for Good initiatives that will improve the sustainability profile of how our products are made, how they work, and how they’re used. I am excited about the great work being done by these teams, and I look forward to sharing more with you in the months to come.

Ransomware Attackers Don’t Just Want your Data, Now They are After the Backups Too

Today in the world of cloud computing, there is an unbridled growth in the Ransomware Attackers and no one is able to trace the modus operandi of the attacks.

Rick Vanover, Senior Director of Product Strategy, Veeam explains how the things are becoming bad to worse

ansomware remains a significant cybersecurity threat for government agencies as ransomware attackers evolve methods to escape detection. The ultimate goal for attackers is not simply to exfiltrate and encrypt data to force victims to pay their ransom, but to totally remove an organization’s ability to recover from such an attack.

Attackers are now taking new approaches to achieve this objective, both in making their intrusions more difficult to detect or by adding new targets, such as data backups, to completely hobble an organization.

To help guard against some of these tactics, organizations must develop robust data backup strategies that allow for fast and complete data recovery and immutable contingency plans to ensure potential ransomware attacks can be mitigated.

Encrypting smaller portions

Ransomware groups looking to infiltrate systems have a few challenges. Once they locate and exploit a vulnerability, they have to obtain and encrypt as much data as they can before either launching a ransomware attack or being detected by the system’s safeguards.

attack can impact critical infrastructure.

Securing data as ransomware evolves

Even as ransomware tactics evolve, the best cybersecurity methods continue to be some of the most traditional ones—solid software patch management and cyber hygiene education. Both strategies will help reduce an organization’s risk of ransomware exposure, especially in a remote work environment.

A strong software patch management strategy limits the software vulnerabilities attackers can exploit to launch a ransomware attack, challenging attackers before they can even get into the system. Quickly deployed software patches and updates lower the odds that attackers will be able to access a network’s data. Though the tactic seems simple, it’s often an area organizations can improve.

Encrypting data takes time, and the longer an attacker is in a network, the higher the chances they will be detected. A new technique, intermittent encryption, mitigates this challenge. By encrypting portions of the data small enough to evade detection, attackers can still render a file unusable by an organization without the decryption key. They do this by encrypting every 12 or 18 bytes of data, varying the times of day in which they do it and how much they encrypt, so attackers can evade automated detection tools and stay in the network longer.

Stealing the backup

Once bad actors have encrypted enough data to launch a ransomware attack, some are now looking to improve their odds of payment by also claiming an organization’s backup repositories as well.

Backups kept on an open network or one with weak password credentials and no multi-factor authentication are likely targets. For example, if backups are authorized by a primary Active Directory domain, then attackers will try to compromise that domain to gain access to both the backup and the production data. Such attacks often target financial services, health care and public sectors where a ransomware

Additionally, cyber education needs to improve. Employees are often the weakest link that allows the attack to get started. Everyone within an organization should be able to recognize common infiltration approaches, such as phishing emails or social engineering tactics. Even with improvements in these areas, the reality is that ransomware attacks will continue to happen. As ransomware evolves, backup strategy becomes particularly crucial. A short cut approach to data backup isn’t sufficient when the backups themselves are the targets.

Organizations need to thoroughly develop and plan their backup and data protection strategies. This means putting in place a strategy that takes into account evolving tactics and practicing planned steps to take in the event of a ransomware or other cybersecurity incidents. Practice is the only way to identify potential wrinkles in the plan, familiarize stakeholders with their roles and the technology they may need to use, and ensure a high-stress cyber response scenario isn’t the first time the plan is read.

Strong data management strategies can be summarized with the numbers 3-2-1-1-0. This means maintaining three copies of important data; on at least two different types of media; with at least one of these copies being off site; including one data backup that is air-gapped, offline or immutable—hackers can’t compromise what they can’t touch. Zero errors should be present following automated backup testing and recoverability verification, organizations deploy a multi-contingency plan to ensure their data can be recovered, regardless of a ransomware attack. As long as bad actors can find ways to profit from ransomware and other cybersecurity exploits, there’s no doubt their tactics will continue to evolve. While ransomware groups remain innovative and resilient, organizations must do the same. The combination of strong basic cyber hygiene, employee education and a well-thought-out data management and backup strategy serves as the strongest defense against dynamic cyber attacks.

“Encrypting data takes time, and the longer an attacker is in a network, the higher the chances they will be detected.”

SENIOR DIRECTOR OF PRODUCT STRATEGY, VEEAM

Five trends that will shape the evolution of enterprise digitisation in 2023, according to ServiceNow

As per ServiceNow experts, by 2023, ESG will be an integral part of business strategy — a new way of doing business. Cathy Mauzaize, VP South EMEA, ServiceNow sums up the thought process of the company

everal of the company’s experts agree that companies are facing a very complex, volatile and uncertain macro environment and the focus in the coming year will be more on digital transformation and acceleration for the sake of efficiency and return on investment.

ServiceNow (NYSE: NOW), the leading cloud-based digital workflow company, has identified five key vectors that will shape the future of business strategies in 2023. As an enterprise cloud platform and services provider, ServiceNow has long observed and analysed which technology priorities will drive organisations’ strategic objectives in the near future, and its experts say that in 2023, the complex macroeconomic backdrop will drive business transformation for efficiency and return on investment, while growth in emerging technologies will slow.

By 2023, ESG will be an integral part of business strategy — a new way of doing business, not just a list of frameworks, standards and guidelines that are far removed from an organisation’s objectives. According to ServiceNow’s experts, companies that continue to treat ESG criteria as external to their organisation will face a constant lack of resources and difficulty in delivering responses in line with the growing expectations of customers, employees and investors.

Datafication: a driver of business transformation

According to Cathy Mauzaize, ServiceNow’s VP South EMEA and one of the company’s experts on macro trends: “2023 will be primarily focused on companies continuing to implement technologies that will enable them to prioritise business agility. This year, we will see that investment in solutions to address emerging ESG challenges will continue to be a business priority, as well as a focus on implementing technologies that will continue to transform the way we work to retain talent and continue on the path of growth. In addition, the focus on introducing new technologies, such as the metaverse, will continue to grow, to help cultivate and maintain employee engagement in an increasingly challenging and hybrid macro-environment.”

Redeployment of budgets for efficiency

In the face of runaway inflation, investments in smart digital assets will be a huge deflationary force. Technology will become an even more critical business asset as organisations are already shifting the focus of investment towards technology processes and systems that generate results faster. In fact, according to an IDC survey, 95% of senior executives are already implementing a “digital first” strategy in their business model, because it is proven that digital companies’ revenue growth is twice that of traditional companies.

Amid continued economic turmoil, artificial intelligence (AI) and data analytics will become more prominent in 2023, with businesses looking to invest to streamline processes, automate and increase efficiency levels. In areas such as information and document categorisation, AI and machine learning can turn a simple, routine task into a source of high business value by extracting and automating information flows and processes to deliver value-added information and save employees’ time. In addition, we will increasingly see a “feedback” loop that will promote new investments as companies that have invested in these technologies see a positive return that drives them to innovate further.

The war for talent will be more pronounced

Several surveys show that even in times of economic uncertainty, the war for talent is far from over. This means that, for both employees and companies, having the new skills demanded by the market will become increasingly important. Companies will have to become more aware and invest in training and improving the hard and soft skills of their professionals. This aspect is particularly relevant for retaining the talent of Generation Z, which is very demanding in terms of being able to update its knowledge and skills in order to perform its work and strengthen its professional career.

The metaverse for creating hyper-personalised experiences at work

Evolution

of

ESG as an integral part of business strategy

Starting in 2023, managerial interest in emerging technologies, in particular the metaverse, will increase steadily. While the complex macroeconomic context may slow down the adoption of these new technologies, the future will be increasingly virtual and the metaverse will play a key role in retaining talent in an increasingly hybrid and challenging environment, where immersive and 3D experiences will help foster social connections between workers connected from different locations and reinforce the creation of a more efficient organisational culture. As the metaverse evolves, companies will look for digital platforms that connect metaverses to each other and to the real world, so that the two universes, physical and virtual, are not isolated and continuity of data and experiences can be maintained across platforms, systems and worlds.

“This year, we will see that investment in solutions to address emerging

ESG challenges will continue to be a business priority.”

MIDDLE EAST FINTECH A HOTBED OF INNOVATION

The Middle East region is an emerging market for fintech innovation spurred by government initiatives to boost the financial services sector. This is a key strategy of the Gulf economies to facilitate a shift from a disproportionate reliance on the energy sector and government spending. By providing an enabling regulatory environment for fintech investments, the region wants to diversify into private sectorled spending and innovations.

The rise of fintech in the region is aided and abated with reliable connectivity and smart phone penetration. The number of mobile Internet users in MENA exceeded 300 million in 2021, with penetration due to reach 50% of the population by the end of 2022, according to GSMA. Much of the economic and social activities in the region was sustained during COVID-19 due to the mobile networks.

The Middle East offers tremendous opportunities for digital banking as large number of the adult population is unbanked or underbanked. In fact, the Arab Monetary Fund says that almost 50% of the population is unbanked and if the extended region comprising North Africa is considered the unbanked population becomes a huge 70% of the total population.

But the flip side is that the MENA region presents an attractive and growing market for digital banking services with a large youthful population. Of the total 450 million people, about half of the population is younger than 25 years old. In UAE, for instance, already more than 50% of the population uses digital wallets.

The digital payments market in Middle East & North Africa Digital is expected to grow at a CAGR of 15.39% between 2021-26 as per Mordor Intelligence. Saudi Arabia expects that 70 percent

of its payment transactions will be digital by 2030.

The COVID-19 pandemic played a disruptive role in people’s lives forcing a shift towards digital banking channels. This march was primarily led by the millennials embracing leading technology platforms such as Google, Netflix, or Amazon as an integral part of life—from buying groceries and medicines to games and entertainment, people relied on digital payments for all kinds of transactions.

Small wonder then the fintech sector has witnessed robust VC investments—according to reports during the first half of 2022, fintech investments in MENA has already reached $819M which is twice as much during the previous year and crypto investments in MENA reaching $187M during the same period.

Government and Regulatory Support

Governments in the region are clear that a robust technology-led financial services sector will steam roll the economic engines of growth. The objective is to support economic diversification by attracting investments into fintech to support financial organizations access modern technologies, while also enabling the larger population to access banking and financial services via new-age financial tools and platforms.

According to Deloitte the fintech industry in Middle East is growing at a CAGR of 30% with innovations in payments, InsurTech, RegTech, compliance, open banking, block chain, etc.

Many governments in the region are supporting the fintech ecosystem with regulatory support and initiatives such as free zones to foster innovation. This includes Dubai International Financial Centre (DIFC), and regulatory sandboxes such as DIFC’s Innovation Testing License (ITL), Egypt fintech sandbox and SAMA regulatory

sandbox in Saudia Arabia. The region is also showing strong openness to crypto, with UAE and Bahrain leading the way in crypto adoption and regulation.

In 2016, Abu Dhabi Global Markets was the first fintech lab in the region to be launched (ADGM RegLab), followed by the Dubai International Financial Centre (DIFC) Fintech Hive and the Central Bank of Bahrain. In 2018, SAMA, the Central Bank of Saudi Arabia, and the Central Bank of Kuwait also launched regulatory sandboxes. The governments of Qatar and Oman also have similar initiatives in place.

For long, governments in Middle Eastern countries have positioned the region as a financial services center setting up hubs in Dubai, Abu Dhabi, Riyadh and Manama. The Dubai Emirate had set up an early fund of USD 100 million in 2017 to incubate and foster fintech start-ups and last year the Emirate launched another fund with a similar budget. These initiatives have made UAE a leader in the region with more than 863 fintech start-ups as on January 2023.

The UAE is by far the leading player in the fintech market with early regulatory initiatives such as National Innovation Strategy, Artificial Intelligence Strategy and Emirates Blockchain Strategy providing a solid boost to spur overall entrepreneurship, with particularly focus on banking and financial technology.

The Dubai hub has reached full capacity incubating early to growth-stage startups such as Yap, Beehive, Tabby, Xpence, Stake, Rain and Bayzat as well as Thunderbird School of Global Management, part of Arizona State University.

Saudi Arabia has also witnessed fast growth of the sector with the 37 percent increase in the number of active fintech companies in 2021 and $347bn investments. The Financial Sector

Fintech in Middle East is growing rapidly with innovations in payments, mobile solutions, compliance, RegTech, InsurTech and Open banking

Development Program was launched in 2017 to provide an enabling regulatory environment for financial institutions to spur private sector investments in advanced capital market and boost financial planning.

The Saudi initiative has significantly strengthened the financial sector, including a robust Saudi Stock Exchange which had a hugely successful IPO of Saudi Aramco; digital payments and the insurance sector. The country wants to reduce cash transactions and by 2025 move to 70% cashless payments.

Similarly, Bahrain’s startup ecosystem has benefitted from a number of significant initiatives and reforms as part of the Economic Vision 2030, including a reduction in the minimum capital required for starting a business, measures to enable onshore crowdfunding and a regulatory sandbox. In as early as 2018, Bahrain Development Bank (BDB) had successfully closed its

US$100m fundraising round.

The Qatar government has introduced a number of programs and initiatives to support local startups and attract fintech investments as a hub of global activity. The Qatar Development Bank (QDB) published a whitepaper in 2021 with a vision to make Qatar a global hub of financial activities. Other notable initiatives include the Qatar Fintech Strategy by the Qatar Central Bank which seeks to nurture startups in association with QDB and Qatar Financial Center, the financial services free zone in Doha.

Fintech Market in Middle East

Zand is one of the earliest start-ups in the region. The UAE-based entity has become the first fully digital bank in the region combining both retail and corporate banking. The Bank is now focusing on value-added products and services starting with cards, current accounts,

remittances, portfolio finance management and lending for retail clients and supply chain finance and bilateral loans for corporates, expanding its product portfolio going forward.

At the same time, Zand is also partnering with fintechs for most of its offerings to reduce the time-to-market and scalability as service and product differentiation.

Traditional banks have been actively pursuing the digital banking initiatives. Abu Dhabi Islamic Bank is at the front when it comes to digital offerings and its mobile app is rated as the preferred app by customers. Most of its customers are using digital channels, especially the mobile app due to its scalability and ease of use.

Mamoun Al Homssey, CIO, Abu Dhabi Islamic Bank, “The banking sector is progressing very fast in terms of different innovations and banks are offering many digital services in order to acquire more customers. All banks want to be unique in their offerings, competition is very high and everybody is trying to prove their capabilities in order to acquire more customers and more business”

Traditional banks are pursuing a mobile first strategy to keep pace with customer demands. For instance, Emirates NBD’s Liv a lifestyle banking app and NOW a mobile banking app by Mashreq are witnessing huge adoption uptake. In Qatar, QIB offers a video banking service while other banks such as Doha Bank, Commercial Bank of Qatar (CBQ), Dukhan Bank, Ahli Bank, HSBC Qatar all offer mobile banking services.

“The banking sector is progressing very fast in terms of different innovations and banks are offering many digital services in order to acquire more customers. All banks want to be unique in their offerings, competition is very high and everybody is trying to prove their capabilities in order to acquire more customers and more business.”

This imperative is reflected in strategy of Abu Dhabi Islamic Bank. “Customers can use whichever channel they find convenient but our strategy was always mobile-first – this is all powered by the different infrastructure we have. We are already going to the cloud. We have moved more loads to the cloud. And most of our customers started using those different applications from there which means that this is giving us an advantage from an availability point of view, security point of view and richness of functionality.”

“The competition is encouraging banks to innovate more and provide better services to the customers. We are trying to find common grounds with those different competitors and see what are the common grounds that we can agree together and co-create together in order to provide better services to the customers,” elaborates Mamoun Al Homssey.

Speaking about the appeal and vision behind Abu Dhabi Bank’s mobile application, Mamoun Al Homssey, says, “Our mobile app has been awarded many rewards in this regard because we are facilitating the customer journey in a very structured way without complicating it where we feel simplicity is power. Our mobile app offers different functionalities to serve the customer 360 degrees from a service perspective and customers

can do whatever they want.”

Innovation As Differentiation

Given that the uniqueness of offering is key, banks and digital platforms are vying to outdo in terms of features and functionalities. Banks are now focusing on offering new level of services in the digital journey wherein customer can talk to the mobile app and do the services.

Rise, a privately-founded financial services platform in 2017, has been specifically designed for expatriate workers with new capabilities to empower the unbanked people. Recently the company has launched ‘ Xare ’a new product targeting more than one billion people worldwide with a free-to-use mobile app to enable anyone, anywhere, to instantly share access to the account and credit card with friends and family, whilst maintaining total control over how the hard-earned wages are spent and without sharing any sensitive information.

MyFatoorah, a Kuwait-based digital payments platform, simplifies payments by creating invoices and collecting payments. Established in 2014, it was an early market entrant and has a solid presence in Eygpt, Saudi Arabia, Bahrain, Oman, Qatar and Jordan and has consolidated its position through partnerships with all major banks to facilitate fast deposits.

Even seemingly routine tasks like a visit to the branch is made exciting with innovative ideas. For instance, Abu Dhabi Islamic Bank is making the visit exciting by design a café-like experience. “For the branches also, we are digitalizing the customer journey because we feel the customer sometimes wants to visit the branch and talk to our staff. Our branches are fast becoming like cafes so that they can talk with our staff and do their services in a very pleasant way without taking a lot of their time as everything is automated.”

Fintech Set the Pace for Disruption

As individual fintechs become bigger and enter the market as full-service banks they will continue to be a disruptive force in the banking system, leveraging technology to offer new products and service customers better and faster.

Fintechs will likely lead the adoption of ‘metaverse’ to deliver new customer experiences while also pushing the digital footprint to deliver integrated customer experiences rather than focusing on physical presence. The success of the fintechs will result in market expansion and have a ripple effect across sectors as it will provide confidence that any corporate can enter the segment and make it work by effectively harnessing technology.

“The fintech competition is encouraging banks to innovate more and provide better services. We are trying to find common grounds with those different competitors so we can co-create together to provide better services to the customers.”

PROTECTING YOUR ORGANIZATION FROM EMOTET AND THE OMNATUOR MALVERTISING NETWORK

In the last edition of our Quarterly Cyber Threat Intelligence Report, Infoblox brings into focus and provides insights into two major cyber threats that organizations should be aware of – Emotet and Omnatuor Malvertising Network

MOTET

Emotet is a notorious malware family that has evolved significantly over the years: from a simple banking trojan to a botnet to an infrastructure for content delivery. Infoblox has been monitoring Emotet and providing insights on its activity all along. Emotet has been around since 2014. It survived its January 2021 takedown by law enforcement agencies from the Netherlands, UK, and US and from Germany, France, Lithuania, Canada, and Ukraine. During the takedown, Emotet was offline for 11 months. The frequency of Emotet-related malspam campaigns increased from January to May 2022 as the malware authors changed techniques to evade Microsoft’s increasing countermeasures on VBA Macro security. The Max Planck Institute for Plasma Physics was attacked on 12 June 2022, and recent reports put Emotet back at the top of the list of malware families with impact that spans the globe. A consistent feature of Emotet has been its use of email as a delivery vector. Microsoft Office documents have been the attachments of choice, and Excel files have been the most prevalent of these documents.

Infoblox’s analysis indicates that the actors behind Emotet have made some attempts to

protect the network from further takedowns. Perhaps unsurprisingly, the use of compromised websites and of email as a delivery vector has persisted, and this has enabled us to reliably identify and track Emotet’s activity. Infoblox’s view of the threat landscape affords a detailed understanding of not only the current prevalence of Emotet in malspam, but also of the location and services used in its infrastructure.

As our company continues to research and monitor Emotet’s behavior, it will provide protection by denying access to the compromised domains used to host the Emotet payload, and it will offer vital, actionable intelligence on Emotet’s C&C infrastructure.

We recommend the following actions for protection from this kind of an attack:

▪ To mitigate the risk of infection from known threats, keep security software up to date and patched.

▪ Conduct security awareness training in the organization. It is important for everyone to be up to date with the latest techniques used by attackers to trick users who receive malicious emails.

▪ Enhance network perimeter security. 99% of successful attacks involve some type of network communication. Having the

right tools in place can help identify and minimize the impact of a threat like Emotet before they cause damage

OMNATUOR MALVERTISING NETWORK –Hijacks Browser Settings to Spread

Riskware

For some time, the Infoblox Threat Intelligence Group has been tracking a malvertising network (the “Omnatuor Malvertising Network”) that not only abuses push notifications, pop-ups, and redirects within a browser but continues to serve ads even after the user navigates away from the initial page. Omnatuor has been dismissed by the security community as adware, a label that implies the activity is largely a nuisance. This naive response underestimates the danger of the potential threat posed by malvertising in general, and the Omnatuor actor in particular. In addition to its ability to persist, the network delivers dangerous content.

The Omnatuor actor takes advantage of WordPress vulnerabilities and is effective at spreading riskware, spyware, and adware.

In order to access entire content, click: shorturl.at/oxDFW

“Omnatuor has been dismissed by the security community as adware, a label that implies the activity is largely a nuisance.”

Load Balancing Traffic to Applications in Kubernetes Cluster

For the DevOps teams, K8s provides a common platform, but there are challenges when the applications get accessed by the end users. Amr Alashaal, Regional Vice President – Middle East at A10 Networks, discusses about it and suggests the solutions

Kubernetes (also known as K8s), the container orchestration tool originally developed by Google, has fast become the platform of choice for deploying containerized applications in public clouds and private clouds.

For the DevOps teams, K8s provides a common platform for deploying their applications across the different cloud environments, abstracting the intricacies of the underlying cloud infrastructure, and allowing them to focus on their tasks. For organizations, this translates into flexibility to deploy the applications in the cloud that best meets the needs of customers, while optimizing costs at the same time.

This flexibility to deploy applications in any cloud, however, creates the challenge of making them accessible to end users in a reliable and consistent manner.

For example, as an application is moved from a private to public cloud (such as AWS or Azure), how do you ensure the same level of accessibility, performance, reliability and security, as in the private cloud?

For making applications accessible to the end users, Kubernetes supports the following options:

NodePort: In this, a port is allocated on each node (known as NodePort) and the end users can access the application at the node’s IP address and port value. With this option, you have to manually configure a load balancer to distribute traffic among the nodes.

LoadBalancer: Like NodePort, this option allocates a port on each node and additionally connects to an external load balancer. This option requires integration with the underlying cloud provider infrastructure and hence, is typically used with public cloud providers that have such an integration.

This tight integration, however, makes moving an application from one cloud provider to another difficult and error prone.

Ingress Controller: K8s defines an Ingress Controller that can be used to route HTTP and HTTPS traffic to applications running inside the

cluster. An Ingress Controller, however, does not do away with the requirement of an external load balancer. As in the case of the load balancer, each public cloud provider has its own Ingress Controller that works in conjunction with its own load balancer. For example, Azure’s AKS Application Gateway Ingress Controller is an Ingress Controller that works in conjunction with the Azure Application Gateway. This again makes the access solution specific to a cloud deployment.

Clearly, none of the above options provide a truly cloud-agnostic solution. Also, while using a cloud provider’s custom load balancing or Ingress Controller solution may be quick and easy in the short term, overall, it increases the management complexity and inhibits automation as you now have to deal with multiple different solutions.

A desired solution would have the following key attributes:

Cloud-agnostic: The solution should work in both public and private clouds. This means it should be available in different form factors (such as virtual, physical and container), so that it can be deployed in a form that is optimal for that environment.

Dynamic configuration of load balancer: The solution should be able to dynamically configure the load balancer to route traffic to the Pods running inside the Kubernetes cluster as the Pods are created and scaled up/down.

Support automation tools: The solution should support automation tools for integration into existing DevOps processes such as CI/CD pipelines.

Centralized visibility and analytics: The solution should provide centralized visibility and analytics. This would enable proactive troubleshooting, fast root-cause analysis, leading to a higher application uptime.

“Kubernetes (also known as K8s) has fast become the platform of choice for deploying containerized applications in public clouds and private clouds.”

Why You Need Integrated Security and AIOps That Spans the Network

Combining a cybersecurity mesh architecture with AIOps can provide a level of automated detection and response that is impossible in traditionally siloed environments. CHRIS HINSZ –SENIOR DIRECTOR, PRODUCTS & SOLUTIONS MARKETING AT FORTINET, explains why

complex a network becomes, the more likely it is to have problems. A perfect storm of accelerated digital initiatives, user demands for better experiences, and the expansion of hybrid workforces mean networks are more complicated to manage than ever.

Many organizations have hybrid networks that span on- and off-premises environments. Trying to manage these fluid, adaptive, performancehungry, and perimeter-less networks has stretched many IT teams to the breaking point.

NOC teams track network availability, performance, trends, and other data using various tools, but the number of solutions on a large complex network generate so much information, it’s almost impossible to sift through.

components such as SD-WAN and WAN gateway devices and ties everything together with a single operating system and management console. This convergence makes it possible for organizations to leverage wide-ranging AI and ML in Fortinet FortiAIOps. Convergence also decreases the WAN bandwidth consumption for AIOps data. This AIOps platform can systematically ingest the vast amount of network data being produced, so IT teams can move toward being proactive instead of spending their time on post-incident debugging tasks.

etwork operations center (NOC) staff are tasked with not just keeping the network up but also keeping it working well, so users remain happy. But the more

Over time, more solutions have started using artificial intelligence (AI) and machine learning (ML) to deal with the massive amounts of data. AI-based management tools for IT operations (AIOps) are designed to maximize network visibility, improve response times to anomalies, and reduce ticket volume by making it possible for NOC staff to proactively remediate network issues.

The problem is that it’s often difficult to find solutions that cover everything. Organizations that are struggling to manage complex networks need a converged network and security platform that also takes advantage of AIOps. Combining a cybersecurity mesh architecture with AIOps can provide a level of automated detection and response that is impossible in traditionally siloed environments. By taking this approach, organizations can maximize network visibility, improve response times to anomalies, and reduce ticket volume by proactively remediating network issues.

The Fortinet Difference

Unlike many vendors, Fortinet uniquely converges networking and security across the LAN, wireless LAN, and wide-area network

Fortinet is the only vendor capable of integrating both security and AIOps across the entire network. When it comes to AIOps, Fortinet has a number of advantages both in terms of our history and our overall approach to cybersecurity.

Fortinet has spent the past decade honing our AI and ML technology, and today FortiGuard Labs can analyze more than 100 billion security events per day from more than 6 million devices. This data then informs the more than 1 billion daily security updates to Fortinet’s products, which work to identify zero-day threats and malware, reduce the number of false alarms, detect insider threats, and enable both automated and human cybersecurity responses.

FortiAIOps is built upon Fortinet’s long history of AI and ML innovation and is able to seamlessly span the entire network across LAN, SD-WAN, wireless LAN, including 5G gateways, because the Fortinet suite of networking, connectivity, access, and security solutions have all been organically designed from the ground up to interoperate as a single platform.

Integrating Security and AIOps Across the Network

With Fortinet, all networking and security elements already share information, so instead of having 20+ individual views into small segments of the network, you have a common view of everything.

“Every alert in FortiAIOps includes a recommended resolution.

It can help predict failures based on trained ML models and detect probable root causes by periodically reviewing configurations.”

SENIOR DIRECTOR, PRODUCTS & SOLUTIONS MARKETING, FORTINET