Page 1

ISSUE 28 | JUNE 2018


Cyber warfare


AI and cybersecurity








FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015)



The Cyber Exposure Company

Publishing Director Natasha Pendleton +971 4 440 9139 EDITORIAL Managing Editor Michael Jabri-Pickett +971 4 440 9158 Online Editor Adelle Geronimo +971 4 440 9135 Contributing Editors James Dartnell +971 4 440 9153 Janees Reghelini +971 4 440 9167 Glesni Holland +971 4 440 9134 DESIGN Senior Designer Analou Balbero +971 4 440 9140 Designer Mhar Delaben +971 4 440 9156 ADVERTISING Group Sales Director Kausar Syed +971 4 440 9130


Senior Sales Manager Sabita Miranda +971 4 440 9128 Sales Manager Nasir Bazaz +971 4 440 9147 Business Development Manager Youssef Hariz +971 4 440 9111 PRODUCTION Operations Manager Shweta Santosh +971 4 440 9107

Why cloud systems need a security boost

DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh Photographer Charls Thomas Maksym Poriechkin +971 4 440 9100


Published by

Registered at Dubai Production City, DCCA PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Al Ghurair Printing and Publishing Regional partner of

© Copyright 2018 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.

THE LANGUAGE OF SECURITY Security leaders need to evolve the way they communicate the business value of cybersecurity






THE DIGITAL BATTLEFIELD How national conflicts extend to the cyber world



Why cybersecurity and IT resilience are vital for transport systems

BUSINESS Malwarebytes’ Anthony O’Mara sheds light on a new malware called cryptojacking

LOOKS CAN BE DECEIVING Fidelis Cybersecurity’s Rolan Daccache on why deception defence is the next step towards cyber resilience.

IS AI THE FUTURE OF CYBERSECURITY? How AI-based machine learning will affect IT security


SAUDI ARABIA WARNS CITIZENS AGAINST WHATSAPP SCAMS Saudi Arabia’s Communications and Information Technology Commission has warned users of the popular messaging platform WhatsApp to be wary of hackers sending malicious messages through the app. “Users are advised to enable two-step verification to protect their accounts from any digital breakthroughs,” the (CITC) said. “Also do not click on any link until you have verified the source of the link, and make sure you do not disclose your personal information and phone number to any untrusted sites.” A large number of WhatsApp users in Saudi Arabia have reportedly had their accounts hacked, and in some cases have suffered financial losses as a result. “CITC tweeted this warning to raise awareness regarding many fraudulent messages through WhatsApp,” spokesman Adel Abu Haimed told Arab News. CITC encourages users to enable two-step verification to keep their accounts safe.

1M+ UAE consumers fell victim to online shopping scams

Source: Norton Cybersecurity




Dubai Airports has recently signed a new partnership to enhance customer experience and operational efficiency at security check points at Dubai International (DXB) and Dubai World Central (DWC). Together with the Dubai Police General Department of Dubai Security, Dubai Airports signed a Memorandum of Understanding with the International Air Transport Association, IATA, and Airports Council International, ACI, to become part of their joint initiative on Smart Security. The initiative aims to bring specific and measurable improvements in security effectiveness, operational efficiency and passenger experience at airport security checkpoints through better use of technology, process innovation, and the use of risk-based security concepts. The MoU will pave the way for Dubai Airports, together with airlines, control

authorities, regulators and solution providers, to benefit from the knowledge and lessons gained through trials and research activities at other participating airports. Buti Qurwash, Vice President of Security at Dubai Airports, said, “We manage the world’s busiest international airport with more than 90 million passengers passing through our facilities annually. To achieve our vision of being the best in customer experience as well as to provide the capacity to accommodate ongoing and future growth, it is imperative that we look to new technologies and processes to significantly reduce wait times and avoid queuing wherever possible. Our participation in the Smart Security initiative of IATA and ACI is a big step in that direction.” The Smart Security initiative will integrate solutions such as advanced screening equipment, lane automation and centralised image processing.

CYBER-ATTACKS IN UAE DOWN, SAYS TRA The cases of cyber-attacks in the UAE are down by 48 percent during the first four months of 2018, WAM reported. Citing figures form the Telecommunications Regulatory Authority, the report highlighted that cyber incidents in the current year have reached 155, compared to 297 attacks during the same period of 2017. The decrease from January to April reflects the significant success of the “National IT Emergency Response Team” of the Telecommunications Regulatory Authority, TRA, in deterring hacking attempts. According to the TRA’s statistics, cyberattacks during the first four months of the

current year mainly targeted government and private sector websites. Forty-five cyber-attacks involving fraud and phishing were recorded during that period, and a further 26 cyber-attacks aimed to leak information. The other attacks involved defamation and other purposes. The authority’s statistics also showed that 85 attacks had a medium impact, 35 had a low impact, and 35 attacks had a major impact. The TRA’s list of major cyber-attack risks includes the vulnerability of Internet Explorer, the smart installer of Cisco, hidden programmes included in Microsoft updates, the Ziklon programme, and the ransom programme for the known e-cloud.


MICROSOFT, GOOGLE DISCLOSE NEW CHIP FLAWS Cybersecurity researchers have reportedly found a new security flaw that affects a wide variety of modern computing chips and is related to the Spectre and Meltdown chip flaws that emerged in January. According to a report by Reuters, the newest chip problem, known as Speculative Store Bypass or “Variant 4” because it’s in the same family as the original group of flaws, was disclosed by security researchers at Microsoft and Alphabet Inc’s Google on Monday. Though the flaw affects many chips from Intel, Advanced Micro Devices and Softbank Group’s ARM Holdings, researchers described the risks as low, partly because of web browser patches already issued earlier this year to address Spectre. The Meltdown and Spectre flaws, which

emerged in January, can allow passwords and other sensitive data on chips to be read. The flaws result from the way computers try to guess what users are likely to do next, a process called speculative execution. In its research findings, Microsoft said that patches issued for common web browsers earlier this year greatly increased the difficulty of carrying out an attack with the newly discovered flaw. Chips from Intel, AMD and ARM all have patches available, either directly from the makers or through software suppliers such as Microsoft. Intel said it expects a performance slowdown of between 2 percent and 8 percent from the patches, and ARM said it expects a slowdown of between 1 percent and 2 percent. However, Intel said that because of the low risk of a real-world attack, it would ship its patches turned off by default, giving users the choice whether to turn them on. AMD also advised leaving the patches turned off due to the difficulty of carrying out an attack.


Facebook has reportedly suspended “around 200” applications on its platform as part of an investigation into misuse of private user data. In a blog post, the social media giant said that it has investigated thousands of apps after it emerged that Cambridge Analytica had harvested information about 87 million users without their knowledge. “The investigation process is in full swing,” said an online statement from Facebook product partnerships vice president Ime Archibong. “We have large teams of internal and external experts working hard to

investigate these apps as quickly as possible. To date thousands of apps have been investigated and around 200 have been suspended – pending a thorough investigation into whether they did in fact misuse any data.” He added that should they fine evidence that the suspended apps or other apps did misuse data, they will banned from the social media site and they will notify users. The revelations over Cambridge Analytica have prompted investigations on both sides of the Atlantic and led Facebook to tighten its policies on how personal data is shared and accessed. Facebook made a policy change in 2014 limiting access to user data but noted that some applications still had data obtained prior to the revision. “There is a lot more work to be done to find all the apps that may have misused people’s Facebook data – and it will take time,” said Archibong. Cambridge Analytica, which announced it was closing earlier this month, has denied misusing Facebook data for the Trump campaign, and maintains its employees behaved ethically and lawfully.

KASPERSKY LAB TO SHIFT KEY OPERATIONS TO SWITZERLAND Russian cybersecurity firm Kaspersky Lab recently announced that it will move some its key operations, Eugene Kaspersky, including Kaspersky Lab customer data storage and software assembly, from Moscow to Zurich, Switzerland. The firm will shift operations such as customer data storage and processing for most regions, as well as software assembly, including threat detection updates. It will also open its first Transparency Center, which is aimed at ensuring full transparency and integrity within the firm’s operations. By the end of 2019, Kaspersky Lab will have established a data centre in Zurich and in this facility will store and process all information for users in Europe, North America, Singapore, Australia, Japan and South Korea, with more countries to follow. This information is shared voluntarily by users with the Kaspersky Security Network (KSN) an advanced, cloudbased system that automatically processes cyberthreat-related data. The firm’s CEO Eugene Kaspersky said he had received support from regional Swiss officials and the Swiss embassy in Moscow. “In a rapidly changing industry such as ours we have to adapt to the evolving needs of our clients, stakeholders and partners,” said Kaspersky. “Transparency is one such need, and that is why we’ve decided to redesign our infrastructure and move our data processing facilities to Switzerland. We believe such action will become a global trend for cybersecurity, and that a policy of trust will catch on across the industry as a key basic requirement.”




The big picture Cloud computing has come a long way over the years. As the adoption of cloud services and technologies increase, enterprises are driven to re-evaluate their current security methods.

he cloud is getting bigger and bigger, as a glance at the revenue figures for some of the biggest providers demonstrates vividly. Last year, IBM achieved a $17 billion turnover in its cloud business, a jump of almost a quarter on the previous year, with the final quarter’s figures up by nearly one third. Microsoft, another top cloud provider, meanwhile won $18.6 billion worth of cloud business in 2017, helped by almost a doubling in sales by its Azure platform. Cloud computing revenues worldwide have been forecast to jump from about $290 billion this year to around $380





billion in 2020, with annual growth averaging about one fifth. So, it seems that companies are embracing the cloud with a vengeance, some perhaps encouraged by the better deals that have resulted from the highly competitive marketplace facing cloud vendors. Yet for all the growth as companies look to strengthen ties with customers and make themselves more innovative, security remains a concern. One report published earlier this year by the Cloud Security Alliance (CSA), Top Threats to Cloud Computing Plus: Industry Insights, highlighted a dozen threats. Data breaches topped the list, which reports have noted, can affect a number of types of information that should be kept private, ranging from commercially to personally sensitive. Application vulnerabilities, mistakes and lax security measures are among the factors sometimes blamed for data breaches. While such breaches are often the first thing thought of when it comes to cloud security, they are just part of the picture. Other concerns highlighted by the CSA include account hijackings, the consequences of the actions of malicious insiders, data loss and denial of service. There are numerous others. But that does not mean that the cloud is riskier than the alternative of keeping data in-house.

In terms of security, cloud-based systems are as liable to attack as any other IT layer but the big providers are getting very good at understanding the issues. It’s not because somebody is a cloud provider that their computers are more secure. It’s because they have large teams whose mortgages are paid by defending against attacks. - Professor Vladimiro Sassone, University of Southampton in the United Kingdom

“Can any computer be attacked? The answer is yes. It’s difficult to exclude that because we discover attacks every day,” says Professor Vladimiro Sassone, of the Electronics and Computer Science Department at the University of Southampton in the United Kingdom. “In terms of security, cloud-based systems are as liable to attack as any other IT layer but the big providers are getting very good at understanding the issues. “It’s not because somebody is a cloud provider that their computers are more

The greatest set of security exposures within the public cloud are these deliberately opened up data shares. It’s a self-inflicted wound. - Jay Heiser, Gartner

secure. It’s because they have large teams whose mortgages are paid by defending against attacks.” As a result, Sassone is “reasonably able to trust them” to keep abreast of cybersecurity challenges and to cope better than those who lack a similar level of resources and in-depth expertise. As he puts it light-heartedly, “Google is better at security than my dad is.” “Either you keep your system off the Internet and you will be reasonably guaranteed no one will access it, or you keep it on the Internet,” he says. “At that point you put your data on a public cloud or your private computer. The risk is the same, but as a small company you have fewer tools to cope with the problem than a larger provider.” There is also likely to be a substantial cost penalty associated with trying to keep things in-house. It is, says Sassone, “so much more expensive” for mediumsized companies. “In terms of efficiency and cost there’s no comparison,” he says. So it is perhaps no surprise then that, as Andrew Martin, a professor of systems security at the University of Oxford’s Department of Computer 06.2018



Science, describes it, concerns over the cloud seem to have “settled down”. “A lot of companies have come to rely on the contractual guarantees they get from the cloud companies as satisfactory for their purposes. It depends on the business sector but, in general, it’s happening,” he says. A similar view is taken by Jay Heiser, research vice president at the IT and business consulting company Gartner, who says there has been “a significant increase in the amount of sensitive data that’s hosted in the public cloud”. “That is indicative of growing willingness to trust the public cloud,” he says. According to Heiser, the focus should not be just on the cloud providers themselves when it comes to security. Companies using their services too have a responsibility to take more care. “Most of the security concerns involve instances in which an organisation has chosen to share large amounts of sensitive data without strong authentication around it,” he says. As an example, he cites Amazon Web Services where, with “a few more steps”, privileges can be limited, yet “the majority of organisations” have chosen to freely share data “without much concern over access controls”. Heiser does not mince words when he talks about the consequences of this. “The greatest set of security exposures within the public cloud are these deliberately opened up data shares. It’s a self-inflicted wound,” he says. “It’s by far the biggest vulnerability and it’s something organisations need to be cognisant of; don’t let people share files publicly.” Given the rapid pace at which cloud computing has developed, it is perhaps no surprise that expertise in dealing with the security issues surrounding may be perceived to be lacking. Heiser notes that few security specialists grew up using the cloud. 8


As we get more and more sophisticated cloud services, it becomes harder for the user or the corporate customer to know who’s providing the services. A file-sharing service doesn’t necessarily own the service that provides the storage for that file sharing. They might rent the services from another provider. - Professor Andrew Martin, University of Oxford

“There are a core group of developers who have been using public cloud services for a number of years. They’re taking the lead within enterprises. The security people are struggling to keep up with them. I think that’s an issue,” he says. “I think it should be self-evident that if you want to do something sensitive, you should understand how to do it, but it’s becoming an increasingly embarrassing problem that this desire to use it exceeds the capability to do it safely and effectively.” These issues are likely to become more acute “as cloud computing morphs into computing”. “It’s on its way to becoming the default. It could be two years or 10 years, but it’s working its way towards becoming the default mode, which is raising lots of practical questions,” says Heiser. As well as putting strains on the cybersecurity experts in the private sector, the increasing complexity of the field is also causing issues for regulators, who can struggle to keep up with a fastchanging field that does not naturally operate within national borders. No wonder then that there is plenty to keep university researchers such as

Martin busy. Some of the current hot topics in cloud-based security concern supply chain management because, say, one cloud provider may be reselling its services to another. “As we get more and more sophisticated cloud services, it becomes harder for the user or the corporate customer to know who’s providing the services,” says Martin. “A file-sharing service doesn’t necessarily own the service that provides the storage for that file sharing. They might rent the services from another provider. “As a user of the commercial service, we don’t really know if the provider in a safe way or encrypting or accessing to another provider that you don’t have a contract with, potentially in another country.” There are many challenges ahead but, despite the concerns, organisations such as government departments are increasingly relying on the cloud. As Martin puts it, they often now “only keep the really sensitive stuff in house”. The cloud, it seems, is going to keep on growing.

17th September 2018 Habtoor Grand Hotel & Resort #FutureSecurityAwards tahawultech tahawultech tahawultech tahawultech

For sponsorship enquiries Natasha Pendleton Publishing Director +971 4 440 9139 / +971 56 787 4778

Kausar Syed Group Sales Director +971 4 440 9130 / +971 50 758 6672


Youssef Hariz Business Development Manager +971 4 440 9111 / +971 56 665 8683


Michael Jabri-Pickett Managing Editor +971 4 440 9158 / +971 50 668 3288


The language of security Cyber-attacks targeting organisations of all sizes are increasingly becoming common yet security leaders still struggle to get the resources they need.


s cyber-attacks continue to plague the IT and business landscapes, there simply is no room for lax practices, a concept that should be understood at all levels of the organisation. Organisations today still struggle to take tangible actions to shape their companies’ security strategies or investment plans. There is often a constant battle between business investments and security investments as most executives tend to prioritise initiatives that they deem more profitable. Globally publicised attacks such as the Yahoo and Equifax breach, and the WannaCry ransomware outbreak served as wake-up calls for C-suite executives. Business leaders can no longer ignore 10


the fact that just one serious security incident could significantly impact the bottom line and future growth of their company, and potentially even cost them their jobs. According to a recent study by Accenture, CEOs and boards now have direct responsibility over cybersecurity budgets. This means effective communications on cyber-risk for the CEO is now more important than ever for security teams. Information security leaders must continually compete to win the resources required to go beyond the basics and proactively manage risk. Worldwide IT security spending jumped nearly eight percent in the past year to top $90 billion, and it’s forecast to climb above $113 billion by 2020, according to Gartner.

“When you look back to 10-15 years ago, most companies don’t have CISOs or a cybersecurity team,” says Anthony O’Mara, vice president, EMEA, Malwarebytes. “Today, most organisations, in one form or another, have their own IT security function. This shows that business leaders are increasingly realising the value of cybersecurity. “However, for some business leaders, while they have an appreciation on cybersecurity’s importance they think there’s always a choice or a trade-off to be made. That’s why they prioritise mission-critical operations and bottomline profits.” Gulf Business Machines vice president, Intelligent Network Solutions, Security and Mobility,

Powered by

Hani Nofal, says that based on his conversations with IT and business leaders he found that communicating the importance of cybersecurity is no easy task. “Board meetings can be a nightmare for CISOs or security leaders in general,” says Nofal. “Because they are either called in that meeting due to a major disaster happened or they need to justify a cybersecurity budget.” Effectively communicating cybersecurity to executives and board members means speaking to them in terms they can relate to. Cybersecurity needs to be treated as a business function. It needs to be presented to boards and executives like any other business function within the business. “CEOs do not talk the technical language but we expect them to understand the cybersecurity is increasingly becoming a crucial business aspect across the globe,” says O’Mara. Security experts have tendencies to lose their audience or confuse them, often speaking too technically. If your board or executives doesn’t understand, they’re going to be more hesitant. “CISOs should highlight the business case for security in a broader business risk management context. This means excluding technical terminologies and scare tactics from the conversation. Explain that a cyber incident has the potential to hinder a company from performing tasks that make it profitable, which makes it a business risk rather than a mere IT issue,” adds O’Mara. Meanwhile, Nofal notes that the implementation of policies like the EU General Data Protection Regulation, which came into effect in May, have peaked awareness on security. “Cybercrime is the second largest threat in the economy,” he says. “With the implementation of GDPR, I believe the C-suite would be more welcoming to security projects, as these kinds of regulations emphasise the potential implications of lax security measures.” It’s time to put old tactics aside and get your leadership onboard with the


When you look back to 10-15 years ago, most companies don’t have CISOs or a cybersecurity team. Today, most organisations, in one form or another, have their own IT security function. This shows that business leaders are increasingly realising the value of cybersecurity. - Anthony O’Mara, Malwarebytes

need for robust cybersecurity budgets. “I think there are still CISOs today that need to evolve the way they communicate security,” says Mark Butler, CISO, Qualys. “Instead of just adding new policies, guidelines or controls, which are all important, they should also focus on how they can create business value through security. CISOs need to keep in mind that the security programme exists for the business. Therefore, the

systems and policies under it should complement the goals of the business,” he adds. As we’ve seen from the fall-out of recent major data breaches, security is everyone’s responsibility. Employees at all levels of the business need to be onboard for strategies to become effective and for investments to reap rewards. If cybersecurity isn’t on the CEOs agenda, they can’t expect it to be on their employees’ agenda.

Cybercrime is the second largest threat in the economy. With the implementation of GDPR, I believe the C-suite would be more welcoming to security projects, as these kinds of regulations emphasise the potential implications of lax security measures. - Hani Nofal, GBM




The digital battlefield


urn the clock back exactly a century and the First World War was still raging. Also known as the War to End All Wars – something, sadly, it was not destined to become – this was a conflict of incredible scale and suffering, especially as it was characterised by brutal trench warfare. But the military landscape was changing, with considerably more




sophisticated weaponry being employed, a pattern that was to continue after the war ended. Yet, for all the technological upheaval of the times, who then could have imagined how different the field of human conflict would look a century on? While there remain parts of the world blighted by conventional warfare, news reports today are just as likely to be about cyber warfare as military offensives. Whether it is alleged Russian interference in foreign elections, concerns over the digital vulnerability of key infrastructure such as power grids, or debates over the legal framework governing cyber-attacks, this is the new front line. But is it really warfare? Dr Mark Lacy, a senior lecturer at Lancaster University in the United Kingdom, who is currently writing a book on cyber warfare, says this is the subject of debate. Can cyberattacks or threats make states change their behaviour in the way that the threat of physical destruction can? “The way the military is developing digital infrastructure is central to warfare, but cyber war is maybe a misleading term,” he says. Instead, subterfuge, espionage and subversion might be better words, but whatever the terminology, the issue’s growing significance is undeniable: in

a world where so much has become digitised and connected so quickly, myriad new vulnerabilities have opened up for malign actors to exploit. “The big issue is knowing where the challenges are. We don’t necessarily know, because the technology is developing so rapidly and how we use it is developing so rapidly,” says Dr Lacy. The scale of the cyber warfare challenges western nations such as

When you use a cyber weapon, the enemy has the weapon and can use it and reuse it and perfect it. The enemy does an investigation and gets the code and can use it directly or can reverse engineer it and make it better or more difficult to detect. - Professor Sujeet Shenoi, The University of Tulsa, United States

the United States face were outlined in a recent briefing statement by James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, a cybersecurity think tank based in Washington, DC. Titled “America is losing the cyber war”, the piece outlined Scott’s view that in the United States “many public and private sector critical infrastructure networks remain vulnerable due to an abundance of outdated legacy systems, a disregard or ignorance of cyber-hygiene best practices” and other factors. Such deficiencies are not restricted to the United States. Indeed, one characteristic of cyber warfare is that what would otherwise be smaller, weaker actors can cause a major headache to supposedly more powerful rivals. This asymmetry means that it is not just hostile states that governments have to concern themselves with. “Non-state actors may increasingly be able to do more sophisticated things, for example terrorist groups in this new grey zone we’re entering into. Terrorist groups may have powers that previously only states had,” says Dr Lacy. 06.2018



Additional weaknesses may come from another form of asymmetry: in the way opposing nations may act. “I think the West is technologically superior, but the trouble is we’ve got norms and rules. We’re less eager to use these weapons, so we’re more diligent, we restrict ourselves in advance. The smaller actors go ahead and do these things and maybe we’re not fighting back in kind because we have norms,” says Professor Sujeet Shenoi, of The University of Tulsa, in Oklahoma, United States. It can also be more difficult for the victim of a cyber than a conventional attack to demonstrate, definitively, which state or organisation was responsible. Bringing individuals to justice is harder still. This was demonstrated by the US Department of Justice’s move earlier this year to indict a group of Iranians allegedly responsible for cyber-attacks on scores of American and foreign universities, plus dozens of private sector companies. As reports have noted, the suspects are in Iran and beyond the reach of the prosecutors. This has raised the prospect of an armed response to cyber-attacks, especially as a major cybersecurity offensive might, some have suggested, constitute an “armed attack” under international law. In order to prevent such potentially explosive scenarios, calls have been made for greater legal clarity on what the appropriate response might be. Cyber warfare is characterised by a faster pace of technological change than its conventional equivalent, and there is also a major difference in terms of access to technology. With conventional warfare, the attacked nation ends up, it is sometimes says, with just a hole in the ground where the bomb landed. But the victim of a cyber-attack may find itself with something far more useful. “When you use a cyber weapon, the enemy has the weapon and can use it and reuse it and perfect it,” 14


I think for the Middle East region particularly, cryptocurrencies can provide some opportunities for economic growth and development. - Dr Mark Lacy, Lancaster University in the United Kingdom

says Shenoi, who, nearly two decades ago, inaugurated a Cybers Corps programme at Tulsa to equip the US with cybersecurity specialists. “The enemy does an investigation and gets the code and can use it directly or can reverse engineer it and make it better or more difficult to detect. There’s no other weapon [where this happens], except maybe a biological virus.” When it comes to cyber warfare coverage in the international media, it is probably tensions between the West and the likes of Russia, North Korea, Iran and China that are most often discussed. But there are other potential cyber warfare flashpoints, including within the Middle East. For instance, Israel has heavily invested in cyber management and cyber warfare technologies, says Clive Jones, a professor of regional security at Durham University in the United Kingdom. Many of those involved are young people carrying out their military service. “They do three or four years in the army then often go into the private sector. These individuals are recruited back to do reserve duty. There’s this cross-fertilisation between the defence sector and the private sector. That gives Israel a kind of cutting edge,” says Jones. “Israel has put more into cyber and other high-tech infrastructure than most European countries.”

The Gulf states are keen to strengthen their cyber defence capabilities by investing in high-tech industry and forming ties with overseas defence companies. Over the longer term, education is seen as a priority for the likes of the UAE and Saudi Arabia to reduce their reliance on outside assistance. The UAE has expanded its tertiary education sector and has developed a more dynamic private sector, something that could be advanced further through new rules loosening restrictions on the foreign ownership of companies. “Buying in is one thing. There’s an old adage that you run fast to stand still. The Gulf states have to invest in their own technical education, their own infrastructure in terms of…start-ups,” says Jones. Looked at in the broadest way possible, Dr Lacy says there are a number of viewpoints on how cyber warfare will develop. There are highly concerned “catastrophists”; there are “realists”, who feel the dangers have been slightly hyped; and there are “techno-optimists”, who think that developing areas like artificial intelligence will counter many of the worse cyber threats. Such is the uncertainty, however, that membership of the various categories is highly fluid. “Most people I know shift every couple of months. It’s so hard to predict how this is going to play out,” says Dr Lacy.


On the right track W

hen we settle back in our seat on a train to read a book, gaze at the view outside or watch a movie on a laptop, it is easy to forget how many connected systems are at work around us. Connectedness by rail is about much more than the free WiFi that we use to surf the net or check our emails. Railways, and metro systems too, are a complex mix of information technology and operational technology that is open to many types of cyber-attack. Indeed, modern-day rolling stock may have more than 20 connected systems covering everything from CCTV to onboard retail, from location to ticketing. More broadly, control systems and signalling are also at play. Ensuring that such set ups are secure is a timely issue for the Middle East, because only in March this year officials indicated that, despite earlier delays, the Gulf states still wanted to push ahead with the Gulf Railway project, which will link GCC members. Many of the vulnerabilities in the railway industry are associated with the connections between multiple systems. “The main challenge is ensuring that when systems are interconnected, there is no additional exposure to components on either side which could affect the security of the system overall,” says Richard Thomas, a doctoral researcher working on railway cybersecurity at the University of Birmingham in the United Kingdom.

In a commentary last year, Thomas MacKenzie, of the cyber assurance company NCC Group, highlighted a number of key railway cybersecurity concerns, and pointed out that many are shared between different modes of transport. MacKenzie noted that a problem that rail rolling stock operators and car manufacturers may have in common is ensuring that the “end solution” – and not just the component parts provided by each supplier – is fully security tested. Echoing Thomas’s view, MacKenzie said that this is because the interfaces and communications between services or products are among the greatest risk areas. So, he argued that rolling stock operators and car manufacturers should test solutions as a whole,

because looking just at individual components is not enough. But this does not exempt suppliers from their share of responsibility, as they too have to consider safety early on. Other sectors, such as road transport as a whole (with its road sensors, traffic lights and other systems) and aviation face many of the same challenges, given that they too have become ever more digitised and connected. Shipping also is vulnerable, especially as vessels tend not to have the same level of redundancy built into their systems as aircraft have. Indeed, there have been warnings that since logistics in general is a low-margin industry, cybersecurity budgets can be squeezed and that the investments in the latest technology that are required to ensure that systems are robust may not be made.

The main challenge is ensuring that when systems are interconnected, there is no additional exposure to components on either side which could affect the security of the system overall. - Richard Thomas, University of Birmingham, United Kingdom




The challenge is to protect these diverse systems and to ensure isolation so, for example, somebody who hacks into the entertainment system cannot access the control or communications system cannot access the control or communications systems. - Chris Johnson, University of Glasgow, UK

The presence of many potential targets, such as carriers and freight forwarders, in what has been described as a fragmented industry is another source of weakness. As in other sectors, experts have said that transport cybersecurity is about more than purely technical solutions, such as malware detection systems and firewalls. Social engineering attacks that exploit vulnerabilities in human behaviour should also be considered. Many transport-related activities are just the type of thing that nation states looking to engage in cyber warfare may like to target. Aiming at key infrastructure can cause major disruption, especially because logistics operates as part of wider networks that include, for example, manufacturers. The considerable knock-on effects were illustrated by a widely publicised cyber-attack last year that hit the world’s biggest shipping operator, Maersk. Ports across the world were affected and logistics chains suffered disruption. When it comes to cybersecurity in the rail sector, Thomas at the University of Birmingham is looking at the risks of linking systems together and defining which actors would try to target particular components. His project is focused on EU legislation. “Over the last three years, we have carried out a formal analysis of the 16


train-to-trackside communications used to send movement authorities and location reports,” he says. “We were able to validate the protocol against security goals we set and identify potential areas for improvement in future iterations of the standard.” The research then looked at the cryptography in the train-to-trackside link to protect these messages to and from the train. These were found to use a custom cipher (a code based on a standard that adhered to International Organisation for Standardisation rules). “This work found that, in some cases, two different messages could have the same corresponding message authentication code,” says Thomas, adding that this represented an opening that could be exploited by an attacker. “The conclusion of that work was that alternative schemes should be made available which are more secure and offer flexibility to cope with future threats.” On a reassuring note, Thomas said that, to get a one percent chance of recovering the “key” used to generate the message authentication code, an attacker would need to listen to the “entire UK rail backbone” for at least 45 days. Discussions with regulators resulted in the decision that this particular system should not, however, be used for larger and faster applications, given that it is potentially vulnerable, albeit in a limited way.

“Our main thrust is to provide assurance and carry out detailed analyses of standards and systems with the aim of being able to build a framework which allows system owners to carry out a similar process for themselves,” explains Thomas. Work due to be published soon has created a modelling tool to allow system owners to define their system architecture, test strategies to improve security and identify the impact of interconnected systems. In aviation, Professor Chris Johnson, head of computing at the University of


Glasgow in the United Kingdom, said there can be pitfalls associated with trying to improve the security of systems. When a new attack method is identified, then the desire is to protect the system as soon as possible. Doing this can have consequences, however. “This creates pressure on the usual safety tests – if you rush to improve security, you might add a bug that damages safety,” he says. Just as with railways, the multiple connected systems that modern aircraft have create “new ways in”. Johnson notes that there is an array

of satellite and ground-based systems for navigation, air traffic management, the exchange of operational and maintenance date and for passenger entertainment and business support. There are also multiple on-board networks for avionics, passengers and other functions. “The challenge is to protect these diverse systems and to ensure isolation so, for example, somebody who hacks into the entertainment system cannot access the control or communications system cannot access the control or communications

systems,” says Johnson. “These use different technical standard, but there is a convergence of technology with pressures to reduce costs, so the future is uncertain, even if more people are spending more money to protect our aircraft.” But for all the cybersecurity concerns associated with various forms of transport, passengers should not worry unduly, Johnson indicated as he spoke to Security Advisor Middle East. “I am about to board a flight and I am not worrying about the cyber issues,” he says. 06.2018



ELIMINATING BLIND SPOTS As organisations embark on their digital transformation journeys they become increasingly exposed to numerous vulnerabilities. Maher Jadallah, regional director, Middle East, Tenable, discusses how they should re-think their approach to security. hat do you think is still lacking among enterprises today that make them vulnerable to cyber-attacks? We’re frequently asked what organisations can do to protect themselves from the latest attacks, whether it is ransomware or any Advanced Malware (APT). The first step is obvious – establish a solid cybersecurity strategy. You should know which assets are most critical to your operations, determine vulnerabilities and exercise good cyber hygiene practices in maintaining them. Use multi-factor authentication pervasively and make sure tight controls are in place to manage privileged accounts. Doing these “cyber basics” constitute a good foundation for defending against modern attacks such as ransomware and APT and it makes a huge difference. The most successful recent cyberattacks employed common methods that leveraged known vulnerabilities of organisations. Also, the increasing hyper-connectivity and waves of new technology, while creating huge opportunities, introduce new risks and




weaknesses across the organisation. Therefore, as businesses transform into the digital age, they must examine their digital ecosystem from every angle to protect their businesses today, tomorrow and far into the future.

as cloud, mobile devices, containers and web applications. This platform offers multiple applications that solve clear security challenges, such as vulnerability management, container security, web application scanning and more.

How have attack surfaces progressed and how does Tenable aim to help organisations address these changes? An asset is no longer just a laptop or server. It is now a complex mix of digital platforms and assets. These represent the modern attack surface where the assets themselves and their associated vulnerabilities are constantly expanding, contracting and evolving. This elastic attack surface has created a massive gap in an organisation’s ability to truly understand its Cyber Exposure at any given time. We call this the Cyber Exposure gap - the attack surface through which hackers come in and do damage. Our, a Cyber Exposure platform, is well-equipped to protect any asset on any computing platform. It helps eliminate blind spots with the industry’s most comprehensive visibility into traditional and modern assets, such

How should security teams, and organisations in general, evolve their approach to security? There is a need for a top-down approach as security should be viewed as a shared responsibility within the business. Organisations should consider having a collaborative approach ensuring that they engage with customers and employees by educating them on best practices to manage their personal attack surfaces. This entails companies being more transparent about their own security practices and holding themselves accountable for lapses. If they don’t make security a top business priority and they aren’t sensitive to these changing consumer patterns and needs, they risk losing customers. Enterprises must lead the way by practicing fundamental hygiene and enforcing a basic standard of care for their customers’ data.


l Reality

Blo ckch

17 September 2018, Habtoor Grand Resort, Dubai th

a in


Ajay Rathi Senior Director of IT Meraas Holding

Farid Farouq Director of IT Dubai World Trade Centre

Alia Al Hammadi Director of IT, Emirates Nuclear Energy Corporation

Herbert Fuchs Chief Information Officer ASGC

David Ashford Chief Information Officer The Entertainer

Jon Richards CEO

Faisal Ali Senior IT Manager Deyaar

HE Dr. Rashid Alleem Chairman, Sharjah Electricty & Water Authority and UAE Knowledge Ambassador

AI/ M a

Adam Lalani Group Head of IT Tristar



i at m o IT Aut

e a r ni n g eL n i ch


The Power of 4 Fourth Industrial Revolution Forum will put the spotlight on the most pressing business issues of our time. As humans learn to work with smart machines in the digital age, Power of 4 will explore the challenges and opportunities that organisations will face in the new digital era. Join the conversation with over 300 technology experts and find out how the world is being reshaped by a new dawn of technology. Registration is complimentary for the C-Suite please visit Hurry seats are limited. For speaking, agenda or sponsorship enquiries please contact: Publishing Director: or Mobile: +971 56 787 4778






Prevention is better than cure Gulf Business Machines’ VP for Intelligent Network Solutions, Security and Mobility Hani Nofal discusses why organisations need to rethink their cybersecurity strategies and shift their investments to more proactive tools and measures.





he Gulf region is on the verge of a massive digital disruption. With technological advancements high on the governments’ agendas, organisations in the region are increasingly investing in the latest solutions to enhance the way people work and live. However, as Gulf states continue to progress in their digital transformation initiatives they also become attractive targets to cybercriminals. Last year, over 20 organisations in Saudi Arabia were hit by a variant of the Shamoon virus. A notorious malware that crippled tens of thousands of computers at oil giant Saudi Aramco in 2012. It was also recently reported that a malware targeted the safety and control systems of a Saudi Arabian petrochemical company last year, an attack that could have triggered an explosion. In the UAE, the Telecommunications Regulatory Authority has recently recorded 155 attacks during the first quarter of 2018. While there is a significant decrease in incidents when compared to 297 cases during the same period last year, the TRA noted that GCC firms are increasingly being targeted by a varied range of cybercrimes, including phishing attacks, data leaks and ransomware among others. “The Gulf region is seen as an attractive target for cyber-attacks due in part to the number of large and strategically important companies based here,” said Nofal. High-profile cyber breaches kept the security teams of many organisations across the world on their toes during the past year. Ransomware attacks such as WannaCry and Bad Rabbit have disrupted multiple industries including healthcare, banking and finance, and logistics. Nofal said that organisations can expect this trend to continue and possibly get even worse this year. “A recent study by GBM has found that up to 41 percent of Gulf-based enterprises admitted to being breached at least once during the past year. This suggests

Machine learning and Artificial Intelligence technologies can accelerate the detection, prediction and response to cyber threats. - Hani Nofal, GBM

a significant surge in the activities within the threat landscape.” Although we have seen a move towards greater protection from these risks, including Dubai launching a cybersecurity strategy last year and Saudi Arabia setting up the National Authority for Cybersecurity, it is still not enough. Companies today must understand that preparation against a security breach should not be purely focused on defensive tactics, but rather it is important to invest in resources that facilitate detection and response. Nofal added that the level of maturity, when it comes to cybersecurity, has notably improved. “Our study revealed that 79 percent of organisations said their company currently has an effective security programme in place. This is a significant improvement from only 58 percent of firms last year,” he said. “However, we also found that while GCC companies may have security strategies in place, these are primarily still focused on traditional security, which is alarming.” According to Nofal, shifting the focus and investments from conventional reactive cybersecurity methods to prevention, detection and response is key to ensuring an effective security strategy execution. “We all need to accept that a security breach, no matter the size, will happen,” said Nofal. “Cyberattacks are getting more advanced and the motivation of threat actors is

increasing. Therefore, we should invest in tools and strategies that will help us anticipate and deter attacks. “Having said this, we can never guarantee 100 percent protection so it’s ideal to shift some investments into resources that will help us detect, respond, recover and learn from cyber-attacks.” Nofal said that emerging technologies such as artificial intelligence (AI) and machine learning are also garnering importance in cybersecurity. 62 percent of the organisations in UAE, Bahrain, Oman and Kuwait want to invest in artificial intelligence for cybersecurity to predict attacks better. “Machine learning and Artificial Intelligence technologies can accelerate the detection, prediction and response to cyber threats,” he said. “In addition, organisations should also consider how such technologies can complement functions such as human resources. AI can either help bridge the gap in human skills or create a new skill set requirement, which the new generation needs to be ready with,” explained Nofal. Ultimately, Nofal emphasised that we can no longer afford to centre on just one dimension of security. “It is not enough to adopt a silo approach,” he said. “As the rise in threat continues, the demand for a comprehensive and responsive cyber defence is also growing on a much grander scale than previously thought possible.” 06.2018



Mine your own business Anthony O’Mara, vice president, EMEA, Malwarebytes, sheds light on a new malware that’s on the rise and why having a multi-layered security approach is key to thwarting this threat.


mong the primary objectives of Malwarebytes is helping organisations detect and mitigate the threats that have managed to slip through defence systems. Do you believe conventional security solutions such as an antivirus are now becoming obsolete? Not necessarily, traditional solutions 22


such as an antivirus, while still instrumental, are simply no longer sufficient in keeping IT systems secure. I think as the threat landscape evolves the nature of cyber-attacks are becoming more sophisticated. This requires organisations to deploy a multi-layered approach to cybersecurity and if they’re not doing that then they will be highly at risk to vulnerabilities.

We can never be 100 percent secured from every cyber threat. But with a multi-layered approach, you can at least narrow down the possibility of being attacked. In your opinion, what kind of cyber threats should organisations be on the lookout for this year? The connected nature of Internet


We have seen a big rise in cryptojacking activities during the past year and it is one of the fastest growing cyber threat to date. While malicious cryptomining is far less dangerous to the user than an attack like ransomware, its effects should not be underestimated.

of Things devices makes it prone to vulnerabilities and we can expect threat actors to continuously attempt to exploit this. Last year, we have seen numerous ransomware incidents across the globe and this isn’t looking to slow down. People didn’t stop robbing banks just because banks got bigger vaults. They just found other ways to infiltrate it. It’s the same with cybercrime. As long as it is lucrative we can expect it to continue. Another emerging trend that is increasingly becoming attractive to cybercriminals is cryptocurrency. As the value of cryptocurrencies increases, we can expect malicious cryptocurrency mining to become mainstream. Malicious cryptomining or cryptojacking is when someone else is using your computer to mine cryptocurrency like Bitcoin. The collected coins go into the attacker’s account and not yours, which means they are essentially stealing your resources to make money. It can be done locally on the system or in the browser. This malicious activity takes advantage of your computer’s Central Processing Unit (CPU) and Graphics Processing Unit (GPU), running it at higher capacities. If such activity is running for a prolonged period of time it can potentially slow down every other process of your device, shorten the lifespan of your system, or ultimately damage your

machine. Besides stealing your resources and slowing down your systems, being cryptomined could also make you more susceptible to other malware. We have seen a big rise in cryptojacking activities during the past year and it is one of the fastest growing cyber threat to date. While malicious cryptomining is far less dangerous to the user than an attack like ransomware, its effects should not be underestimated.

attackers. The only thing we can do is be prepared for these attacks by integrating an end-to-end cybersecurity strategy, from detection to response and ultimately recovery, only then can we ensure business continuity. What can we expect from Malwarebytes moving forward? A big part of our team is focused on the technical side of the business as we are very committed to continuously improving our products. Most companies are centred on the sales and marketing side of the business, we concentrate on accelerating our technical capabilities to develop solutions that go beyond the norm and find new ways of protection. I believe that this is also our competitive edge in the market.

How can organisations best protect themselves against cryptojacking and other future cyber-attacks? Having a layered approach is always key. But it is important to note that as we get smarter, cybercriminals are also evolving. Just as soon as we find a way to stop them from exploiting one vulnerability, they find another one. It will always be a race between security teams and cyber06.2018



One year later: WannaCry outbreak By Ondrej Kubovič, ESET Security Awareness Specialist


t’s been a year since the WannaCryptor.D ransomware (aka WannaCry and WCrypt) caused one of the largest cyber-disruptions the world has ever seen. And while the threat itself is no longer wreaking havoc around the world, the exploit that enabled the outbreak, known as EternalBlue, is still threatening unpatched and unprotected systems. And as ESET’s telemetry data shows, its popularity has been growing over the past few months and a recent spike even surpassed the greatest peaks from 2017. The EternalBlue exploit targets a vulnerability (addressed in Microsoft Security Bulletin MS17-010) in Microsoft’s implementation of the Server Message Block (SMB) protocol, via port 445. In an attack, black hats scan the internet for exposed SMB ports, and if found, launch the exploit code. If it is vulnerable, the target will then run a payload of the attacker’s choice. This was the mechanism behind the 24


effective distribution of WannaCryptor.D ransomware across networks. Interestingly, according to ESET’s telemetry, EternalBlue had a calmer period immediately after the 2017 WannaCryptor campaign: over the following months, attempts to use the EternalBlue exploit dropped to “only” hundreds of detections daily. Since September last year, however, the use of the exploit has slowly started to gain pace again, continually growing and

reaching new heights in mid-April 2018. One possible explanation for the latest peak is the Satan ransomware campaign seen around those dates, but it could be connected to other malicious activities as well. Satan ransomware is malware threat which has been created by an unknown programmer or a hacker collective. According to the ransomware note and its payment gateway along with some security research, it is supposed to be used by various criminal

Microsoft’s implementation of the Server Message Block (SMB) protocol, via port 445. In an attack, black hats scan the internet for exposed SMB ports, and if found, launch the exploit code.


entities as a Ransomware-as-a-Service or RaaS platform. We must stress that the infiltration method used by EternalBlue is not successful on devices protected by ESET. One of the multiple protection layers - Network Attack Protection module - blocks this threat at the point of entry. This can be compared to a silent knocking on the door at 2AM testing if someone is still up. As such activity is most likely driven by malicious intentions, the entrance is securely sealed off to keep the intruder out. This was true during the WannaCryptor outbreak on 12th May 2017 as well as all previous and subsequent attacks by malicious actors and groups. EternalBlue has enabled many high-profile cyberattacks. Apart from WannaCryptor, it also powered the destructive Diskcoder.C (aka Petya, NotPetya and ExPetya) attack in June 2017 as well as the BadRabbit ransomware campaign in Q4 2017. It was also used by the Sednit (aka APT28, Fancy Bear and Sofacy) cyber-espionage

EternalBlue has enabled many high-profile cyberattacks. Apart from WannaCryptor, it also powered the destructive Diskcoder.C (aka Petya, NotPetya and ExPetya) attack in June 2017 as well as the BadRabbit ransomware campaign in Q4 2017.

group to attack Wi-Fi networks in European hotels. The exploit has also been identified as one of the spreading mechanisms for malicious cryptominers. More recently, it was deployed to distribute the Satan ransomware campaign, described only a few days after ESET’s telemetry detected the mid-April 2018 EternalBlue peak. The EternalBlue exploit was allegedly stolen from the NSA probably in 2016

and leaked online on 14th April 2017 by a group dubbed Shadow Brokers. Microsoft issued updates that fixed the SMB vulnerability on 14th April 2017, but to this day, there are many unpatched machines in the wild. This exploit and all the attacks it has enabled so far highlight the importance of timely patching as well as the need for reliable and a multi-layered security solution that can block the underlying malicious tool.




Looks can be deceiving Roland Daccache, senior regional sales engineer, MENA, Fidelis Cybersecurity, discusses why deception defence is the next step towards cyber resilience.


an you please explain what deception defence is and how it works? Despite advancements in traditional security stack solutions like anti-virus (AV), next-gen firewall (NGFW) and sandbox, attackers and advanced malware are slipping through the cracks. The need for better detection and response have driven the emergence of new segments like deception, which entails the use of decoys, traps and lures within networks. Deception technology is rapidly evolving as a very powerful post-breach defence. Deception technology uses adaptive threat intelligence to scan and determine critical assets within networks. Instead of searching in vain for the bad actor within oceans of data, deception technology distributes a variety of fake assets across workstations, servers and applications, learning the attackers’ techniques and delivering actionable alerts. Fidelis Deception goes a step further and creates evidence of credentials and connections from breadcrumbs throughout the network which are irresistible to attackers. This data both leads attackers toward the persuasive decoy network while simultaneously 26


creating validated threat intelligence that includes devices, data, and behaviour all designed to turn the tables on the attackers. They pursue the lures enabling organisations to detect and defend themselves against these attacks. This technology doesn’t require signatures or sandboxing to discover attacks that have bypassed your firewalls or anti-virus and are sitting in your network. This kind of cybersecurity measure is very instrumental for insider threat as well as for outside advanced attacks. How do deception technologies leverage machine learning and artificial intelligence? Machine learning is a very important aspect to consider when evaluating deception technologies. This is because you wouldn’t want a deception layer that is static, otherwise, it will be discovered by attackers. You want a deception technology that is adaptive. Deception combines contextual perspective with machine learning, sandboxing, threat intelligence and active deception defences to ensure effective threat detection across your entire enterprise. Fidelis automates threat response using incident response workflows and playbooks, integrated

Fidelis products, and the ability to terminate an attack in progress. Do organisations need to onboard new talents to be able to implement and manage deception-based cybersecurity? Absolutely not. The idea behind deception defence is aiding security teams as they increasingly become overwhelmed with alerts and false positives. You only have a limited amount of time to discover an attacker before it wreaks havoc inside your network, deception technologies reduce the dwell time of such attacks and detect them as soon as they make a mistake. Deception defence uses self-learning technology has a very low false positive ratio and very simple learning curve. This system does not require additional expertise and is very easy to use. How is the adoption of deception technologies so far? Organisations are currently making significant investments in next-gen firewalls, AVs, and advanced endpoint detection and response technologies among others. They are now looking for the next step. Deception is a key area that they are looking into and we can see this becoming one of the top investment priority for CISOs and CEOs.


Focal point Gary Miller, vice president, Cyber Security, Middle East, Thales, on strengthening its recently announced Cyber Hub in Dubai.


egional organisations are increasingly adopting a cybersecurity-first approach, as they realise how dire the consequences can be without one. Thales, a technology and services provider in the aerospace, defence, transportation and security markets, has recently announced a cybersecurity hub in Dubai, aimed to service the UAE and wider Middle East region. The Cyber Hub will harness Thales’ local expertise and use established methodologies as well as cyber training, simulation and threat intelligence to become a centre of excellence for cyber consulting services in the region.

Gary Miller, vice president, Cyber Security, Middle East, Thales, says that the firm is now in the process of recruiting a team and will have around 35 new professionals for the Hub by next year. “If the market demand increases, then we will increase the way we recruit. We will be using world-leading methodologies that we have developed in the UK and Paris. We spend around 20 percent of our revenues on R&D. This way we have niche products and methodologies in human cyber.” According to Miller, understanding the maturity of cyber-awareness within people in customer organisations is important. He adds, “We spend significant resources in advance threat

The main challenge is ensuring that when systems are interconnected, there is no additional exposure to components on either side which could affect the security of the system overall.

intelligence – anticipating the threat before it happens. We have our own white hat hackers, where we get them to think like hackers do and identify the possible vulnerabilities.” Thales’ Cyber Hub will be a consulting-led organisation initially. “We are here to understand the specific needs of this region and make sure that we deliver offers, advice, technology, insights, methodologies that are specifically aligned to this market,” Miller says. He goes on to say that “cybersecurity is a major challenge for the whole world.” “There is no region that is perfectly safe from security threats. However, we are developing an ecosystem and working collaboratively with academia, SMEs, start-ups as well as established businesses to improve our anticipation of those threats together. We are improving our abilities to eliminate the threat once it is known and the ability of our business to be able to respond to those threats in a timely manner.” Over the coming months, the market can expect to see a lot more developments and initiatives on advanced threat intelligence from Thales. “We are looking to introduce the best innovations coming from our R&D into this region,” Miller adds.




Future vision Hakan Ozyigit, regional director, Middle East, Security Systems, discusses how video surveillance systems are bringing advantages that are beyond security.


hat are the latest advancements in video surveillance technologies? In line with the regional drive towards smart services and intelligence-driven cities, we see the future as one that is increasingly characterised by Big Data and the Internet of Things (IoT). We are moving towards a reality which will see a plethora of devices and applications interconnected. IoT has laid the key foundation for the connected city and is finding its way into all walks of life. A Gartner study predicts that some 230 million homes worldwide will be intelligently connected by the year 2020. The IoT is changing the way we view video security, quite literally. Today, cameras are becoming an integral part of the vast digital connectivity infrastructure. As a result, surveillance cameras, in addition to a host of other devices, will be more intelligent, using smart criteria in real time determining which data to retain, in what form, and for how long. The logical next-step for security is to enable customers to interpret the data to start repurposing these huge amounts of video data. Furthermore, we can add deep learning capabilities to our cameras and finally the introduction of artificial intelligence in a couple of years from now. What are the factors organisations should consider when choosing video surveillance systems? Organisations need to keep the latest security requirements and trends 28


in mind when opting for new video surveillance systems. These days, video security data is increasingly connected across local and global networks. A growing number of cameras send their data to servers over the Internet – which makes it susceptible to compromise by digital intruders and hackers. As an example, because video data is often highly critical and sensitive, Bosch is driving a systematic approach that involves creating trust between the various video surveillance components. Our devices secure the data by encrypting it on hardware level to maximise data security by considering physical safety and cybersecurity simultaneously. We also support the setup of a PKI (Public Key Infrastructure) with a 3rd-party Certified Authority (CA) or our in-house CA Escrypt. Has the market completely transitioned from analog to IP-based cameras in the region? While the transition from analog to IPbased cameras is still ongoing, we have seen that IP-based cameras are seeing increasing and wide-scale adoption, as regional economic diversification initiatives get under way, new building and infrastructure projects come online and the installation of video surveillance solutions becomes mandatory. Firstly, IP systems provide better connectivity possibilities and the opportunity to take advantage of higher resolutions, remote connectivity and so on. With the introduction of built-in video analytics we also deliver customer the ability to utilise the hidden potential and

use 100 percent of the video security data, allowing this data to do far more for businesses than security alone. More and more video surveillance systems today are embedded with intelligence and analytics capabilities. Aside from security, what kind of benefits can this bring to businesses? A camera with built-in video analytics can analyse the whole scene in detail and provide vital information such as object type, direction, size, colour and speed, whilst the use of time stamps gives greater situational accuracy. Let us start thinking about the benefit of interpreting video data to allow it to do more for businesses than security alone. With built-in video analytics in surveillance cameras, organisations can easily provide relevant data for other uses, such as enforcing traffic regulations, enforcing no-parking zones, detecting vehicles driving the wrong way and delivering occupancy data for smart and more efficient parking. Surveillance systems can do far more than security alone. When idle, they can deliver interesting statistics like the number of people going into a certain area, analyse behaviour or assist in enforcing health and safety regulations, for example in case of a blocked emergency exit. Video security cameras need to be perceived as an integral part of the vast digital connectivity infrastructure. Intelligent sensors that have the ability to extract invaluable data to help businesses make improvements in the area of video security, and beyond.


Why good identity hygiene and analytics are key to cloud security by Mohammed Al-Moneer, regional director, MENA, A10 Networks


organisations – will unwittingly help them, often by using lax identity practices.

s cloud computing has matured, the benefits it delivers to organisations of all sizes are undeniable. Companies are enjoying agility, scale and speed like never before. And cloud adoption shows no signs of slowing. Gartner last month forecasted that worldwide public cloud revenue is set to grow 21.4 percent in 2018 to total $186.4 billion, up from $153.5 billion in 2017. With this huge growth in cloud adoption and the recent rash of cyberattacks targeting organisations across all industries, effective security in the cloud is paramount. Exposed APIs One way the cloud introduces new security risks to organisations is the underlying infrastructure that makes the cloud and cloud applications run, which consists of publicly exposed APIs. Why is that an important distinction? Because essentially, what makes APIs useful also makes them exploitable. APIs are built with fully exposed controls to support orchestration, management, automation and integration between solutions and applications. 30


This level of exposure makes them a rich target for exploitation, and can introduce another dimension of security challenges for businesses, as it expands the boundaries that were not part of traditional on-premise perimeters that enterprises are used to. It’s often noted that attackers will take the path of least resistance, and employees – sometimes even those in IT

Identity weakness is an open door There will always be employees who fall prey to phishing attempts, surf exploited websites, use unsecured free Wi-Fi networks in public and download other sketchy material. All of this behavior opens the door to potential attackers. At the same time, common infrastructure weaknesses are seen by attackers as the exploit of choice to land a beachhead within an organisation, such as using a SQL query to find cached credentials or finding an unpatched, publicly exposed server to exploit. And, of course, you have bad identity and password practices that are always enticing to threat actors – and there’s no shortage of employees who fall back to first initial-last name or password1234 as their password of choice. There’s no 100 percent ironclad way to prevent intrusion through exploiting identity, but you can slow them down. How? Through good identity hygiene. Some ways to implement this in your organisation include: Multi-factor authentication Additional layers of defense are


imperative. Threat actors can easily crack passwords, so the use of additional types of authentication, such as biometrics and tokens ensure tighter security.

can also use numbers and symbols to make cracking them that much harder. Mamma Mia! Your passphrase can be your favorite Abba lyric, if that’s your thing.

Passphrases over Passwords We’ve seen time and time again where weak passwords are cracked. A passphrase, however, makes it more difficult. Where a password is typically up to 10 letters, numbers and symbols, a passphrase, however, has a much longer character length to stymie possible attackers and commonly contains underscores to separate words in the phrase. Passphrases don’t have to be grammatically correct and they

Depreciate expired employee accounts Leaving accounts open for former employees or for services no longer in use opens a hole that is easily exploited. A good rule of thumb is to shut down expired employee accounts immediately to dramatically reduce the chance of a disgruntled former employee access the network. Monitor access logs It sounds like a no-brainer, but

knowing who accesses what and when can avoid catastrophe. Monitor access logs frequently for anomalies and to ensure end-users have the correct levels of access. Analytics to detect anomalies Analytics and the ability to detect security anomalies in the cloud are also imperative. Having a strong understanding of how applications are performing and their security posture can provide insight into levels of access and potentially flag a possible security issue before it wreaks havoc. Per-app analytics and security data coupled with strong identity hygiene will help ensure your cloud and cloud applications are both high-performing and secure.




HOW AI-BASED MACHINE LEARNING WILL AFFECT IT SECURITY By Rabih Itani, regional business development manager - Security, Middle East and Turkey at Aruba, a Hewlett-Packard company


rtificial Intelligence (AI) has been a hot topic of discussion in many industries for a while now, with healthcare, retail and hospitality, to name but a few, starting to speculate on the massive opportunities its development could bring to how their business is run, and how customers interact with those businesses. Many articles are already predicting the demise of human workers as a result of AI making inroads into our lives because we are on the verge of true artificial intelligence. But when it comes to the biggest challenges facing business, these technologies are yet to have their big breakthrough. This may all change as we progress into this information age, and for me, the first proof point will be IT security. Having grown into one of our biggest international threats of 2018 with attacks spanning the globe and affecting every country including Middle East ones, a new defence is being developed that will allow companies to tackle the latest threats as soon as they appear on the network. This new defence is based on machine learning, a key component of a security framework that can move as quickly as those who are looking to breach the network. Machine learning is a fundamental part of an AI system. Machine learning enables AI to detect patterns 32


in all sorts of data sources and create behaviours based on recognised patterns. How does machine learning improve security? IT teams today are faced with a moving security target. From the devices used by employees to do work, to the locations, we work in and the people, we send data to, our activities change day by day. It is important to understand, keep up with and protect against these moving goalposts. Security is number one on the agenda for CIOs around the world, as they move to protect their organisations against the malevolent attackers who are looking to breach the network and, typically, steal personal data. This can be a tall order for most IT staff that cannot predict the subtle changes that might take place within their network day to day. These could include hundreds of new devices signing up to the network, from employee-owned mobile phones to older temperate sensors, newly connected as part of an IoT strategy. The scale of the challenge is often just too vast when asking human IT teams to manage the data being shared by incoming and existing devices, which can easily reach into the thousands for a large enterprise. This is where machine learning comes into its own.

Using machine learning for UEBA (user entity and behavioural analytics), IT managers can create standard profiles for each device on the network. Sales managers get access to Salesforce anytime anywhere, finance teams get access to Financial Information Systems using specific devices at specific locations, and so on. The profile of each user becomes quickly personalised, and as soon as a user or entity behaves in a way that strays outside of their profile, the machine sees it, and raises the risk score of that user or entity and may accordingly send an alert, which in many cases will require the user/entity to re-authenticate. In the case of a malevolent attack, the intruder will be isolated from the rest of the network, to limit any potential damage that might have occurred. Machines are capable of analysing millions of individual packets of data plus thousands of system logs and possibly business context data (such as HR records), making a truly individual approach to security possible, which is more than can be said for the ability of a human IT team. With the machine doing the brunt of the monitoring work within the network, the human agent need not intervene until an entity risk score gets above threshold. This automatic monitoring offers IT staff exceptional


time savings, which means they can get on with tackling other IT issues throughout the organisation. Security’s positive impact on the workforce With AI based machine learning introduced in the workplace, security teams stand to benefit greatly. The technology isn’t here to replace the human element in security operations; it will augment the human’s intelligence, allowing staff to make better decisions based on the quality of the actions being proposed and the forensics data being furnished. Permissions, for instance, won’t be automated by artificial intelligence; it will flag the request to a human agent, who can use the information gathered, and knowledge of the actor, to make an informed decision. These developments could ultimately change the range of jobs on offer within IT security. Security staff will move from being the operational proponent within the network, to making the decisions that could determine the security of the network. On the other hand, the Security Manager might become the Policy Manager, determining the various policies and credentials necessary to access business networks. Whilst the approaches of human workers might change during the course of the roll-out of this technology throughout enterprises, their work will be no less important. They will still need to build security into the core of the network, regardless of the technology already in place. As the world moves into a state of ‘data as commodity’, the network is still the most important infrastructure to maintain and keep safe as it is the first line of defence. It’s time to start thinking about these developments as they become more prevalent because human IT staff need all the help they can get when combatting increasingly intelligent threats.

06.2018 33


LAYER BY LAYER The movement of applications and data to the cloud needs to be balanced by an equivalent investment into security solutions to protect those assets now being used from the cloud, explains Yasser Zeineldin, CEO of eHosting DataFort.


he lack of understanding of the importance of security in the cloud can be linked to going away for a vacation and entrusting the keys with a stranger. Any movement towards usage of applications and storing of data in the cloud needs to be balanced, by an equivalent investment in security solutions supporting that movement. The more critical the system infrastructure, data folders and business workloads being moved from 34


on-premises to in-cloud, the more rigorous security evaluation should be required to protect data through encryption and end-user access to applications. By default, cloud service providers tend to roll out shared security responsibility models around user access for their services. Budgeting for security in the cloud by end-users, starts by considering which applications and infrastructure elements will be hosted in the cloud. In a software asa-service model, the cloud provider

will usually guarantee the integrity and scalability of the hosted application, ensuring that there are seldom workload failures. However, end users need to opt for securing user identity and user access to applications in the public cloud, as well as data encryption, through their own additional investments. For infrastructure as a service, almost the entire security environment is left to the management of the end-user. Such investments must be sufficient to ensure that security standards


in the cloud are compliant with the organisation’s security policy, and also at par with those implemented on-premises. Global research surveys indicate that data breaches from the cloud remain the biggest concerns for end-users migrating to software as a service or infrastructure as a service. Swiss cheese approach A layered security approach uses multiple, different, security controls to protect underlying data and applications in the cloud from malicious threats. A layered approach is also part of a military strategy to slow down attackers, since they have to penetrate multiple and successive layers of defense. A layered security approach is also similar to a swiss-cheese model of defense. In the swiss-cheese model, each layer of cheese may have holes distributed in random across their surfaces. If each layer of cheese was the same, the holes would line up. But if the layers of cheese are different, each layer of cheese presents a varied distribution of holes, that when stacked on top of each other, do not line up. Almost, a perfect barrier. Much like the swiss-cheese model, a layered security approach, uses best of breed security solutions, from multiple vendors. When used in a consecutive fashion in layers, to fortify networks, applications, and data, a layered stack of solutions can offer a respectable defense in the cloud. The swiss-cheese layer model, attempts to protect weaknesses in the security layer above, by not having the same weaknesses within or in subsequent layers, rather having stronger protection in the corresponding positions where a weakness exists above. While sounding relatively straight forward in description, the swiss-cheese model does have its limitations unless implemented in a diligent fashion. If the approach of layering security solutions from multiple vendors is followed in an ad-hoc fashion and the various solutions are incompatible

The more critical the system infrastructure, data folders and business workloads being moved from onpremises to in-cloud, the more rigorous security evaluation should be required to protect data through encryption and end-user access to applications.

with each other, this may lead to more complexity and continuing weaknesses. And in essence, the swiss-cheese defense layer will fail. Using multiple solutions from a single vendor, on the other hand, improves interoperability and may offer a significant cost benefit. The best of breed approach, as a third alternative, is an attempted combination of the best of both worlds. This includes the best security solutions available for each layer, that are interoperable, cost effective, and fit into a holistic organisational security strategy and security policy. Implementing the swisscheese model does require operational planning and user training. CLOUD SECURITY The swiss-cheese layers required to secure a cloud platform can be categorised into three areas: System security This is typically securing the infrastructure plumbing including operating systems, networks, virtual machines, management dashboards, utilities and containers. Service providers that automatically apply patches and make updates are preferable since they are helping endusers to secure their environments. This

is mostly applicable to infrastructure as a service and platform as a service. Application security This is about enabling the IT department to limit the extent to which end users can use a cloud application, without following the organisation’s access and security policies. Once the IT department has visibility into user behaviour through policies, the next step is to apply multi-factor authentication and identity management. Multi-factor authentication uses multiple devices or applications to verify the status and presence of the end-user. Identity management creates a single-user sign-on, thereby securing the access of any end user, as well as applying the policies of the organisation, to any cloud based login. A virtual private network connection helps to secure access to any cloud login. All these measures help the IT organisation to gain control over user behaviour and not rely on the cloud service provider for this level of security. Data security Cloud service providers are not responsible for the security of the data generated by the end-user through usage of cloud applications. End-user data saved in the cloud needs to be encrypted and moreover, the keys for the encryption need to be available with the IT organisation. While moving data back and forth from the cloud, the data should remain encrypted during transfer. In summary, cloud security is not an afterthought. It is well built into the original security policy and is an extension of the on-premises, security policies into cloud based, application workloads and data creation. Since the stakes around cloud security are high, the responsibility needs to be shared between the cloud services provider and the end user organisation. A wellprepared, service level agreement will go a long way towards ensuring this important goal. 06.2018



SMART DEFENCES Alfredo Vistola, Senior Security Solutions Architect, F5 Networks, on how organisations can achieve better business intelligence with advanced web application firewalls.





pplication attacks damage your business. They can cause downtime and revenue loss, as well as destroy brand reputation. Compromises to enterprise operations leave employee and customer credentials vulnerable to hackers’ intent on profiteering from intellectual data property exploits. According to F5 Security Research, a website is hit by a critical exploit every 23 minutes. Today’s cybercriminals are extremely proficient using the latest automation tools to exploit web vulnerabilities. Therefore, eliminating malicious bot traffic is crucial to protecting business-critical applications. One of the key pieces of the puzzle here is a smart, advanced web application firewall (AWAF). This makes it possible to achieve better business intelligence by differentiating automated bot activity from real human engagements. It also enables businesses to leverage valuable threat behaviour analysis. The cost of complexity The Ponemon Institute’s Cost of Cyber Crime Study reports that the cost of a single cyber-attack can exceed more than a million dollars and many companies may experience hundreds of breach attempts in a single week. Application threats, in particular, are on the rise as organisations transition workloads to the cloud and encounter new levels of infrastructural and operational complexity. Often, in-house IT teams find it hard to keep pace with the latest cybercriminal techniques and struggle to adequately manage and protect apps and data. There is more urgency than ever before to do so. The EU General Data Protection Regulations (GDPR) changes the game with regards to data protection and usage, empowering citizens to take ownership

Application threats, in particular, are on the rise as organisations transition workloads to the cloud and encounter new levels of infrastructural and operational complexity.

of their credentials and prompting businesses to operate with greater digital responsibility. Non-compliance could mean severe financial penalties, in addition to bad publicity through naming and shaming. Organisations can no longer compromise on being compliant, so they will need to choose between employing specialised IT security teams in-house or offloading complex WAF policy management to an independent service. Advanced WAF According to F5’s 2018 State of Application Delivery report (SOAD), security remains a key concern in the cloud. 42 percent of surveyed customers in EMEA stated that applying consistent security policies across all company applications was the “most challenging or frustrating” aspect of managing multi-cloud environments. Meanwhile, 39 percent believe the biggest challenge is protecting applications from existing and emerging threats. SOAD concludes that such concerns have

led to an increase in Web Application Firewall deployments, with 61 percent now using the technology to protect their applications. An Advanced WAF means companies can adapt their security for web and mobile apps, whether on-premises or in the cloud whilst defending against malicious bots and exploits. AWAF also prevents malware from stealing credentials from victim devices and stops further credential theft related attacks like Brute Force or Credential Stuffing. In addition, it detects mobile app tampering and ensures app-layer DoS mitigation. The latter includes automated configuration tuning, client and server behavioural analytics, as well as real-time dynamic signatures. In addition, DevOps and NetOps teams can easily deploy app protection services in any environment that can be configured for individual applications. Other benefits of a full proxy WAF include the ability to isolate application traffic, services, and infrastructure resources to withstand client-side L7 attacks and server-side data leakage. Attacks are blocked as they happen., The interface is also simple enough to make quick alterations without taking services offline. Working smarter Organisations that deploy cuttingedge security technology are typically more confident when deploying apps to both in public and private clouds. Unlike standard WAFs, an AWAF solution is scalable and can manage the traffic to your site, smartly filtering automated visits and delineating actual human engagements. Eliminating large swaths of malicious bot traffic reduces workloads and results in quality data, which, in turn, delivers better business intelligence and smarter, faster, and safer operations. 06.2018



7 WAYS MIDDLE EAST FINANCIAL FIRMS CAN FEND OFF RANSOMWARE By Gregg Petersen, regional vice president, Middle East and Africa, Veeam Software


fter causing global chaos in May 2017, ransomware is currently keeping everyone in a state of constant security alert. Financial organisations are particularly at risk, targeted by approximately 13 percent of total attacks. Ransomware was reported as the number one vector of security risk in the financial sector in the 2016 SANS Survey, reported by 55 percent of the financial services firms surveyed. The outcomes of these attacks can be highly damaging. Hackers successfully extorted a total of up to half a billion dollars from more than 32 percent of financial institutions in 2016 alone. Here are seven best practices for ransomware resilience in financial services 1. Use different credentials for backup storage: Although this is a standard and well-known anti-ransomware best practice, it’s crucial to follow. The username context that is used to access backup storage should be closely guarded and exclusive for that purpose. Additionally, other security contexts shouldn’t be able to access the backup storage other than the account(s) needed for the actual backup operations. Do not use DOMAIN / Administrator for everything. 2. Start using the 3-2-1 rule: It essentially states to have three different copies of your media on two different media sites, one of which is off site. This will help address any failure scenario without requiring specific technology. 38


Moreover, to effectively prepare in the advent of a ransomware attack, you should ensure that one of the copies is air-gapped, i.e., on offline media. The offline storage options listed below highlight many options where you can implement an offline or semi-offline copy of the data. 3. Have offline storage as part of the Availability strategy: One of the best defenses against propagation of ransomware encryption to the backup storage is to maintain offline storage. There are numerous offline (and semioffline) storage options. These include: a. Tape: Completely offline when not being written or read from b. Storage snapshots of primary storage: A semi-offline technique for primary storage, but if the storage device holding backup supports this capability, it is worth leveraging to prevent ransomware attacks. It is important to consider that this strategy is not entirely failsafe and must be taken as only one of the key steps needed in ensuring ransomware preparedness c. Cloud: A great additional resource for resiliency against ransomware. For one, it’s a different file system, and secondly, it is authenticated differently. d. Rotating hard drives (rotating media): Offline when not being written to or read from 4. Leverage different file systems for backup storage: Having different protocols involved can be another way to prepare for a ransomware attack.

It’s imperative that users add backups on storage that require different authentication. 5. Achieve complete visibility of your IT infrastructure: One of the biggest fears of ransomware is the possibility that it may propagate to other systems. Gaining visibility into potential activity is a massive value-add. An Availability solution should have a pre-defined alarm that will trigger if there are a lot of writes and high processor utilisation, which is a typical ransomware pattern. 6. Let the backup copy job do the work for you: The Backup Copy Job is a great mechanism to have in order to create restore points on different storage and with different retention rules than the regular backup job. When the previous points are incorporated, the Backup Copy Job can be a valuable mechanism in a ransomware situation because there are different restore points in use with the Backup Copy Job. However, with the Backup Copy Job being a VBK file, it can also get infected with ransomware unless the copy is in a cloud, on tape or air-gapped. 7. Educate all employees on ransomware not just your IT staff: Social engineering and phishing schemes are effective when companies do not educate employees on the dangers of ransomware nor the specific activities that leave the company vulnerable. Establish a strong source of education, communication and support to ensure the entire company is equipped to avoid propagating a ransomware attack.

30th October 2018 Habtoor Grand Hotel & Resort Tahawul Tech Evolve Forum is your dedicated platform to engage, connect and influence over 300 business executives across industries seeking Digital Transformation Technology strategies and solutions. Partner with Evolve 2018 and build relationships with Digital Transformation decision-makers and influence the Digital Innovators of tomorrow.

To find out how your company can benefit from sponsoring TahawulTech Evolve Forum please contact: Group Sales Director: or Mobile: +971 50 758 6672

TO REGISTER PLEASE VISIT Hurry seats are limited.

#EvolveForum For sponsorship enquiries Kausar Syed Group Sales Director +971 4 440 9130 / +971 50 758 6672

Youssef Hariz Business Development Manager +971 4 440 9111 / +971 56 665 8683


Sabita Miranda Senior Sales Manager +971 4 440 9128 / +971 50 778 2771


Nasir Bazaz Sales Manager +971 4 440 9147 / +971 50 101 2027

REDEFINING technology transformation

+971 4 440 9100


Security Advisor Middle East | Issue 28  
Security Advisor Middle East | Issue 28