As cyberattacks increase, they are being designed to access, delete or extort an organisation’s or user’s sensitive data; making cybersecurity vital. Industry pundits share how resellers can help enterprises cement their cybersecurity posture. Organisations in the Middle East and Africa region have witnessed a significant increase in cyberattacks across industries – some of which have caused financial and reputational losses. Businesses have certainly amped up their security spending as the drive towards digitisation gathers speed and the threat landscape continues to evolve at an even rapid pace.
ALAIN PENEL, REGIONAL VICE PRESIDENT – MIDDLE EAST, FORTINET
An unforeseeable shift in network structures and attack strategies has been dropped on the cybersecurity industry in the last two years. As the COVID-19 pandemic continues to take its toll on organisations and individuals around the globe, the industry is now dealing with a threat landscape that’s become more intense, complex and saturated than ever before. Attackers are now more targeted toward the remote worker. According to the FortiGuard’s latest threat landscape report, we have found that while ransomware attacks have always been a significant concern for businesses, over the past several months they’ve become more prevalent and costlier – both in terms of downtime and damages. Also, phishing tactics are now far more sophisticated and have evolved to target the weak links found at the Edges of business networks. Many attackers are also using Machine Learning to rapidly craft, test and distribute messages with increasingly realistic visual content that triggers emotional distress in recipients.
Cyber criminals have also grown to understand technology better and have access to more sophisticated resources than they had in the past, making the task of protecting distributed resources more challenging than ever. Through the use of AI and Machine Learning tools, for example, cybercriminals are taking full advantage of the expanding attack surface and successfully bypassing traditional safeguards. Because of these advances in attack methods and technologies, IT teams are now struggling to stay ahead of things like updated ransomware and phishing threats that are being leveraged to compromise at-home IoT devices.
The role of the CIO or CISO is rapidly changing in many organisations. There is not a business strategy in organisations that does not involve some technology aspect and digital innovation (DI) is often the primary ingredient underlying the business initiative. The CIO is no longer an operational executive, but an orchestration executive. In a rapidly evolving marketplace, creating new approaches to product development, customer engagement and operations can mean the difference between success and failure for the company.
As a result of the COVID-19 crisis, CIOs and CISOs were put under incredible pressure to maintain Business Continuity with almost 100% of the workforce working from home, in just a couple of days. Many successful approaches that we have seen are based on a careful analysis of existing capabilities, so that instead of rushing to add new technologies they leveraged the potential of the solutions already in place. The beauty of revisiting what organisations have in light of business imperatives, is that you end up asking the right questions about what processes, data and apps are truly crucial to maintain business. This healthy reaction created some fruitful moments and consequently harmonised security practices across the branches, the core, and cloud-based infrastructures.
MAHMOUD SAMY, VICE PRESIDENT & MANAGING DIRECTOR – EMEA EMERGING MARKETS AND EASTERN EUROPE, FORCEPOINT
The IT and security teams have really come into the spotlight and earned recognition for being instrumental in leading their organisations’ transition to this new remote work environment. At board level, this transition forced them to see real value in Digital Transformation efforts across multiple areas in an organisation. As a result, the roles of CIOs and CISOs have developed and grown in importance.
Our current situation has forced a rapid shift towards supporting large groups of remote workers ushering in a new way of working. This forced rapid development has placed more importance on protecting users and data in hybrid IT environments. As users and data is everywhere, it has created a challenging reality for CISOs to secure users and data anywhere, at any time, on any device.
The main focus and on-going challenge is about protecting users and data in a distributed and diverse environment, one that bridges traditional on-premises infrastructures, including the home office, to multi-cloud and multi-SaaS ones.
That said creating an effective cybersecurity plan starts with assessing the current state of security in the organisation. Conducting a risk assessment can go a long way by identifying the data, devices, people, policies and the architecture that’s in place while planning for a worst-case scenario. The assessment would also highlight any weak spots and identify the areas where the CIO needs to add additional layers of security. A chain is only as strong as its weakest link and uncovering and managing risk is key. Once all the risks are identified, a portfolio of solutions, countermeasures are policies are implemented.
Many of our customers are going through a difficult transition, still dealing with the fallout of lockdowns and remote working changes. We helped our customers on their remote work journey as they implemented their Business Continuity plans and ensured their NGFW and VPN access was scalable, we took them through application access in their clouds, using a mixture of legacy and cloud apps.
The top priority must be to protect the Edge and avoid any security gaps as outlined above. One way to do this is through comprehensive Security-As-a-Service (SaaS) platforms. Forcepoint uses cloud-based security platforms that use behaviour analytics to understand human behaviour to proactively detect risk and secure data and IP. As mentioned, these incorporate both CARTA and SASE approaches as industry best practices.
SASE brings network and security to the cloud and this converged cloud security architecture brings data security, cloud access security, web security, network security, advanced threat protection, and Zero Trust networking – all under one platform. Organisations can adopt SASE architecture to secure all centrally important modules of the organisation. CARTA uses the premise that users need to be continually monitored for risk, starting with Zero Trust as the Edge. Forcepoint uses the CARTA risk adaptive approach to continuously detect and prevent insider threats.
GIORGIO GHERI, CTSO EMEA, QUALYS
Cybersecurity today is a global discipline as threats are growing in sophistication and frequency. Each organisation has a different core business and a peculiar customer interaction process, leading to different types of exposure. While core data must always be carefully protected – typically from ransomware or data-extracting techniques like SQL Injection – it is solely the activity of the company that determines the cybersecurity priority. For instance, Web threats for e-commerce companies, OTs for industrial companies, Remote Execution for Utilities, and so on.
Organisations of all types must also pay attention to the “value chain” they are part of, given that for sophisticated attackers, it’s much easier to attack the weaker link in a chain, versus a much stronger final target.
If we look at the security landscape today, there are hundreds, if not thousands, of vendors in the market. What is more concerning is that – on average – a small organisation uses 15 to 20 security tools, a medium-sized one uses around 70 and a large enterprise could be using up to as many as 130 different cybersecurity solutions. Many of these solutions are specialised, offering very niche functionality but all of them are producing an overwhelming number of events, logs, data.
The main pitfall to avoid is thinking that increasing efficiency of cyber defences and reducing budgets are incompatible. With increase in the number of areas to secure, going down the path of enhancing or adding point solutions – because they are supposedly sharper in finding and blocking threats – would be a mistake. What is needed is an accurate and automatic correlation and prioritisation of all threats and events taking place.
Given today’s complexity, if organisations only look at “how to better secure” their IT disciplines, they will soon realise that adapting their security plans to cater to upcoming sectors and threats is extremely difficult. They would very soon experience the need to continuously (and expensively) patch the design, leading to a clear loss of control and agility.
So instead, I would suggest using backward planning. Backward planning that focuses first on the final target (in terms of quality and tasks) and then on the process to get there, whatever the starting point is that allows to define a framework/standard where the security solutions can fit harmoniously, today and tomorrow.
The biggest concerns come from the expansion of the internal perimeter into a very fragmented geography where visibility, accuracy in detecting the vulnerable and exploitable surfaces, and prioritising remediation becomes much harder.Click below to share this article