Tech Features
The Urgent Relevance of Cybersecurity for Organizations: Three Key Messages
By Iris Lorscheid, Professor for Digital Business & Data Science at University of Europe for Applied Sciences, Campus Hamburg
In an increasingly digital world, the importance of cybersecurity for organizations cannot be overstated. As we navigate through 2024, cyber threats are evolving at an alarming rate, and the need for robust security measures has never been more pressing.
This article aims to highlight the critical relevance of cybersecurity for organizations and present three essential messages that every organization should heed to protect their assets and maintain trust.
Message 1: Cybersecurity is a Non-Negotiable Priority
In today’s landscape, where data breaches and cyber attacks are becoming routine headlines, treating cybersecurity as an optional or secondary concern is a recipe for disaster. Every organization, regardless of its size or industry, must recognize that cybersecurity is a fundamental aspect of its operations. Here’s why:
Cyber attacks can lead to substantial financial losses. The costs associated with data breaches, including regulatory fines, legal fees, and the expense of mitigating the damage, can cripple an organization. For instance, in 2024, Dell faced a breach affecting 49 million customers, which not only dented their reputation but also resulted in significant financial repercussions.
When an organization suffers a data breach, the immediate fallout often includes a loss of customer trust. Customers expect their personal information to be safeguarded, and any compromise can lead to a loss of confidence that is difficult to rebuild. This erosion of trust can have long-lasting effects on customer loyalty and brand reputation.
Cyber attacks can disrupt business operations, leading to downtime and loss of productivity. Ensuring robust cybersecurity measures can help prevent such scenarios and maintain smooth operations.
Actionable Steps
To make cybersecurity a priority, organizations should:
- Allocate adequate resources and budget for cybersecurity initiatives.
- Implement comprehensive security policies and procedures.
- Regularly assess and update security measures to address evolving threats.
Message 2: Human Element is Key to Cybersecurity
While advanced technologies and sophisticated security systems are crucial, the human element remains a critical factor in cybersecurity. Human error is often cited as a leading cause of data breaches, making it essential to focus on training and awareness. Here’s why the human element matters:
Cybercriminals frequently use social engineering techniques to manipulate individuals into divulging sensitive information. Phishing emails, for example, are designed to trick recipients into clicking malicious links or providing confidential data. AI will play a key role in pishing attacks in the near future. Training employees to recognize and respond to these threats is vital.
Not all threats come from outside the organization. Insider threats, whether intentional or accidental, can be just as damaging. The Data Breach Investigation Report already identified in 2021 that 22% of cyber security threats are caused by internal actions. Employees with access to sensitive information can inadvertently or maliciously compromise security.
Employees may unknowingly fall victim to phishing attacks. AI algorithms can analyze vast amounts of data to identify vulnerabilities and create targeted attacks that are harder to detect by employees and defend against.
Encouraging good cyber hygiene practices among employees can significantly enhance an organization’s security posture.
Actionable Steps
To leverage the human element effectively, organizations should:
- Conduct regular cybersecurity training and awareness programs.
- Foster a culture of security awareness where employees feel responsible for protecting the organization.
Message 3: Proactive Measure are Essential for Cyber Resilience
In the face of ever-evolving cyber threats, a reactive approach to cybersecurity is insufficient. AI can automate the process of launching cyber attacks, enabling attackers to execute a higher volume of attacks with greater precision. This automation reduces the time and effort required to conduct attacks, increasing the scale and frequency of cyber threats. AI-powered botnets can automatically scan for and exploit vulnerabilities across thousands of systems simultaneously, overwhelming traditional security defenses.
Continuous monitoring of network activity allows organizations to detect unusual behavior and potential threats in real-time. Advanced security information and event management systems can provide valuable insights and enable quick response to incidents. AI-empowered security systems can defend AI-empowered attacks.
Overall, AI continues to be a double-edged sword in the realm of cybersecurity. While AI enhances security measures through advanced threat detection and response capabilities, it also empowers cybercriminals to launch sophisticated attacks. AI-driven attacks can adapt and learn from defensive mechanisms, making them more challenging to combat. Organizations must leverage AI to strengthen their defenses while staying vigilant against AI-powered threats.
Conducting regular security audits and vulnerability assessments helps identify and address weaknesses before they can be exploited. This proactive approach ensures that security measures are always up to date and effective against current threats.
Here is why being proactive is crucial:
Having a robust incident response plan in place is essential for minimizing the impact of a cyber attack. This plan should outline clear procedures for identifying, containing, and recovering from incidents. Regularly testing and updating the plan ensures readiness when an attack occurs.
Cybersecurity is not just an individual organization’s concern. Collaboration with industry peers, government agencies, and cybersecurity experts can provide valuable threat intelligence and enhance overall security. Sharing knowledge and resources can help organizations stay ahead of emerging threats.
Actionable Steps
To build cyber resilience, organizations should:
- Invest in continuous monitoring and advanced threat detection systems.
- Conduct regular security audits and vulnerability assessments.
- Develop and regularly update a comprehensive incident response plan.
- Collaborate with external partners for threat intelligence and best practices.
Conclusion
As we progress through 2024, the relevance of cybersecurity for organizations is more apparent than ever. By treating cybersecurity as a non-negotiable priority, recognizing the critical role of the human element, and adopting proactive measures, organizations can protect themselves against the growing tide of cyber threats. These three key messages—prioritizing cybersecurity, leveraging the human element, and being proactive—are essential for maintaining security, trust, and resilience in today’s digital landscape. It is imperative that organizations of all sizes and industries take these messages to heart and implement robust cybersecurity strategies to safeguard their future.
Tech Features
How Cyber Risks Have Become Business Risks
By Alain Sanchez, EMEA CISO, Fortinet.
Cyber risk is business risk. Anything that threatens IT threatens the company. We have become extremely dependent upon our digital assets. As a result, business leaders need to realize the magnitude of the change. The essence of what visionaries have shared with me in the last couple of months shows how much cybersecurity is now a permanent topic of discussion among chief information security officers (CISOs) and their corporate leadership.
Assessing Cyber Risks
Perhaps the most crucial role of the CISO is to rank cyber risks by order of actual impact.
Part of this assessment requires understanding the priorities inside the organization’s value chain and securing them accordingly. The second challenge is to look beyond the organization and see how outside forces may impact it. And among these external forces, we find the compliance framework. These new laws and regulations are necessary.
This very duality, good and complex, challenges many IT departments. They must ask themselves: How do we integrate legal considerations into what used to be a pure technological battlefield? The solution is to start from the top. The board of directors should always have this duality in mind. The more directors know about cyber risks and government regulations, the better. Consider the European Union’s Digital Operations Resilience Act (DORA). This legislation is focused on the European banking and financial system.
Mitigate Risks
In the past, resilience was more of a technical concept. It was about bringing back the servers. Today, it is a legal requirement documented by an auditable plan. We have moved from a series of technical steps to a contractual re-establishment of critical services.
Four types of considerations underpin these plans:
- • Prioritized recovery: A very delicate ranking that can only be established through a regular exchange between the board and the operations team. The board’s sign-off is crucial here. Otherwise, who would ever qualify their own activity as noncritical? However difficult to establish, this ranking is truly a fascinating exercise that brings the CISO and team to the heart of the business.
- • Defending strategies: Assessing the right combination of products, services, staffing, and processes is crucial. Less is more in this matter. After years of accumulation, cyber officers have realized the hard way that a maelstrom of products and vendors was not very efficient. The next era of security will happen via convergence, not addition.
- • Offer options: This is about providing information and an array of solutions in which, ultimately, the board makes the call. It is part of the CISO’s job to offer scenarios as a series of documented steps: investment 1, timeline 1, benefits 1, and risk 1. Then, the CISO can suggest a second and a third sequence of the above. Choosing how to proceed is the board’s job. This way, the CISO becomes an empowered execution lever for a consensual decision instead of being pinpointed as the only one to blame for the results.
- • Executive leadership: The CISO needs to report directly to the CEO, otherwise the job is a “widow maker.” The consequences of unclear or diluted support go beyond the discomfort of the position; the survival of the company is at stake. In 2024 and beyond, submitting cybersecurity to any other consideration than the company strategy is a major governance mistake. Like the Titanic shipbuilders who traded rescue boats for rooms on the sundeck.
Cybersecurity is not only about avoiding icebergs. It is a holistic approach that embraces all the active and passive security dimensions into one integrated platform. Holistic here does not mean monopolistic. Legacy, old-school, best-of-breed, and point solutions are facts of life. However, the number of technologies, vendors, processes, and the magnitude of digital transformations call for simplification. Too often, this maelstrom turns into major incidents that operate as wake-up calls. Then the question is not about the 1 million dollars we did not spend, but about the 100 million dollars we just lost.
Tech Features
Provisioning and Deprovisioning – A Guide to Stronger Identity and Access Management
By: Christopher Hills, Chief Security Strategist, BeyondTrust
Across the Middle East, CIOs and CISOs huddle together to determine ways of making their organizations more secure so that digitalization can align with the vision of business leaders. No enterprise can afford to shut itself off from the digital economy. Whether it operates locally, regionally or globally, a business must build trust. And to do that, it must master the art of identity management. Therefore, it must understand the importance of provisioning and deprovisioning.
Provisioning is the name we give to the granting of privileges. This is a more granular process than onboarding, in which a new user account is created. Each user may have privileges granted at any time. And we should remember that not all users are humans — employees, contractors, customers, and so on. Privileges may be assigned to service accounts, machinery, and other resources. The purpose of provisioning is to maintain access while accounting for security and compliance standards.
To meet modern security standards, however, deprovisioning is just as important. Again, this does not just occur during offboarding. Privileges can be revoked all the time. Not because of a loss of trust in the person or asset that held them, but because it is best practice. Effective provisioning and deprovisioning is the foundation of a robust identity-centric security solution.
Covering the bases
Both are important. Overprovisioning can lead to a junior employee or overlooked service having unnecessary privileges, and under-deprovisioning can lead to a range of invisible issues such as unmonitored or orphaned accounts, or stale privileges. Special care must also be taken when adding or removing accounts to user groups — which carry with them a predetermined set of privileges —because these actions amount to provisioning and deprovisioning.
Any active account is a potential entry point, so it should come as no surprise that security best practice lies in minimizing the number of accounts and the access privileges they hold. If an account is no longer needed — an employee has resigned, a project has come to an end, or a range of other scenarios — then it should be disabled, deleted, or its rights downsized. Threat actors rely on organizations not following this simple practice.
Tools and tricks
Robust IAM will also include just-in-time (JIT) provisioning, which goes hand in hand with PoLP. When deprovisioning occurs, the timely revocation of access also occurs. Regularly reviewing and adjusting access rights is best practice because it prevents unnecessary permissions being exploited by malicious parties inside or outside the organization. All unused accounts should be placed in a disabled state and removed from all relevant security groups until such time as they can be reviewed and, if appropriate, deleted.
Identity and access management cannot be effective without the right tools to simplify provisioning and deprovisioning. This is because looking after the end-to-end lifecycle of identities, privileges, and entitlements is a complex task that has grown even more complex since the region’s mass migration to hybrid and multi-cloud environments. Identity management tools can streamline the creation, maintenance, and deletion of human and non-human accounts. Governance management tools enforce policies that limit access based on the assigned privileges. Lifecycle management tools are useful for ensuring (from onboarding to offboarding) that privileges always fit the role of an account owner. Privileged access management (PAM) enforces PoLP and provides a useful integration hub for other tools so that IT and security teams have single-pane control over everything that may impact identity security.
In a modern setting, provisioning and deprovisioning tools must offer automation and user behavior analytics, which means they must incorporate some flavor of AI or machine learning. To be consistent with the implementation of PoLP and other governance policies, variants of AI are necessary to minimize human error. Granting and revoking access rights in a company of even moderate size is a constant process that responds to changes in personnel and circumstances. While some of these situations may be subject to planning, others, such as real-time behavioral anomalies, are not. Threats can arise at a moment’s notice and only AI offers a practical option for timely response.
Be strong
Having established provisioning and deprovisioning as the keys to strong IAM, enterprises will find they can implement more effective lifecycle management of identities, privileges, and entitlements. As with any new measure, ongoing reviews will uncover any additional requirements, and adjustments can be made to cover new regulations, new assets, or new business models. As the identity landscape fluctuates, so should provisioning and deprovisioning strategies.
Define roles clearly. If an account owner does not need access to a resource, do not grant it (PoLP); and if they do, wherever possible, grant access only for as long as it is required (JIT). Disable and delete accounts where appropriate and monitor access across the entire ecosystem as often as is practical — quarterly or annually.
Following the guidance laid out here will strengthen your identity security posture. The modern threat actor is always on the lookout for gaps in your defenses. Unfortunately, these often take the shape of overprovisioned identities or abandoned accounts that have not been adequately addressed. The good news is that by applying the steps above, you can shore up defenses and protect the enterprise from the worst of the threats beyond its walls.
Features
Robust patch management. In the fight against ransomware, it’s time to get back to basics
By Saeed Abbasi, Product Manager, Vulnerability Research, Qualys Threat Research Unit (TRU)
In the Arab Gulf region, ransomware has become an epidemic. Since 2019, Saudi Arabia has been a top target for RansomOps gangs. And the GCC remained the most affected territory in the Middle East and Africa, as of 2023, showing a 65% increase over 2022 for instances of victims’ information being posted to data-leak sites. According to the Known Exploited Vulnerabilities (KEV) catalog, maintained by the Cybersecurity and Infrastructure Security Agency (CISA) under the U.S. Department of Homeland Security, approximately 20% of the 1,117 exploited vulnerabilities are linked to known ransomware campaigns. Attackers have become more relentless and more sophisticated, just as regional security teams have become more overworked and overwhelmed by their new hybrid infrastructures.
In today’s climate, senior executives approach discussions about cyber risk with the expectation of hearing unfavorable news. Indeed, matters have escalated of late with the emergence of human-mimicking AI. We used to take comfort in the fact that at least artificial intelligence could not be creative like people could. But that was before generative AI came along and left us speechless — with delight or dread, depending on our day job. For security professionals, it is the latter because every new technology that arrives will eventually get exploited by threat actors. AI and its generative subspecies can make it easier to find vulnerabilities, which implies there will be a surge in the volume of zero-days. And GenAI can pump out convincing phishing content at a scale unreachable by human criminals.
But in a break with tradition, I offer good news. In the daily struggle with ransomware threats, the answer lies in the daily fundamentals of IT admin. Patch management is the keystone of cyber resilience. As each vulnerability becomes known and fixes are released, that dreaded countdown begins again. Whether threat actors have beaten vendors to the punch by publishing an exploit before the patch was released or not, organizations must be prepared to act strategically when fixes become available. It may be that a patch fixes an error that poses no risk to the enterprise, in which case patching would not have much impact on reducing cyber risk. Hence, organizations need to look at prioritizing patching the assets that cause the most existential risk to the company, maximizing their patch rate (a measure of how effectively vulnerabilities are addressed) and minimizing their mean time to remediation (MTTR) for such “crown jewel” assets.
Windows mean doors
The Qualys Threat Research Unit (TRU) uses these metrics often in anonymized studies of organizations’ cyber-readiness. Our 2023 Qualys TruRisk Research Report found that weaponized vulnerabilities are patched within 30.6 days in 57.7% of cases, whereas attackers typically publish exploits for the same flaws inside just 19.5 days. That 11-day window is where our concerns should be concentrated. It should spur us to revisit patch management and — if we have not already — to integrate it into our cybersecurity strategy so we can start to close our open doors to attackers.
If we imagine a graph of MTTR plotted against patch rate for every vulnerability, then we can imagine four quadrants, defined by combinations of “high” or “low” for our two metrics. Our sweet spot is in the bottom righthand corner, where patch rate is high and MTTR is low. We could call this quadrant, the “Optimal Security Zone”. If a vulnerability is in this zone, we are unfazed by it. It is low-risk because it is patched and resolved quickly. In the top right, we find that patch rate is still high, so we call this the “Vigilant Alert Zone”, but incidents take a longer time to remediate (high MTTR). But while this is a higher source of concern, it is less worrying than if a vulnerability falls in the bottom left quadrant — the “Underestimated Risk Zone”. Here, we find overlooked vulnerabilities (low patch rates) but unexpectedly short remediation times. These flaws can quickly become risks if left unaddressed. Finally, we come to our red-flag quadrant, the “Critical Attention Zone” (top left), where vulnerabilities have low patch rates and take a long time to resolve.
Combining metrics like this can give us important crossover information that allows us to triage our patch management effectively. By exploring the critical areas first, we can examine overlooked vulnerabilities and discover either that they pose little threat and are less of a source of concern, or that they could lead to a ransomware incident, in which case they become a top priority on our to-do list. With RansomOps groups now leveraging advanced automation tools, the importance of optimal patch management cannot be overstated. Ensuring that systems are updated and secure is critical to prevent potential vulnerabilities.
Action stations
Starting today, then, GCC organizations should look to their vulnerability management strategy and determine an approach that is able to stand up to armies of threat actors, working as a unified industry, equipped with advanced AI, to disrupt, disable, and damage the region’s innovative spirit. We all need to make sure that our vulnerability gaps are closed and our defenses tightened against these malicious actors. Technical and business stakeholders must collaborate on crafting roadmaps that make sense to their operational uniqueness.
The hope remains that one day, cyber criminals, a persistent threat today, will be effectively countered by innovative security technologies. However, we must confront the fact that attackers are becoming more sophisticated, their campaigns are escalating in scope, and the resources available for cybersecurity defense are often constrained.
The solution does not lie in an unknowable panacea, but in the day-to-day fundamentals — robust patch management that uses the four-quadrant principle and aims for the highest possible patch rate and the shortest possible resolution time. The top practitioners in any field — sports, business, the arts — will always extol the virtues of the fundamentals. If it works for them, then why not for us? So, let’s get back to basics and send the ransomware actor packing.
-
Tech News2 months ago
Denodo Bolsters Executive Team by Hiring Christophe Culine as its Chief Revenue Officer
-
Tech Interviews6 months ago
Navigating the Cybersecurity Landscape in Hybrid Work Environments
-
Features4 months ago
Security in the Cloud Age: Combating Risks with Hybrid Cloud Solutions
-
Tech News6 months ago
Brighton College Abu Dhabi and Brighton College Al Ain Donate 954 IT Devices in Support of ‘Donate Your Own Device’ Campaign
-
Tech Features3 months ago
The Middle East to Lead with Next-generation Mission Critical Communication Advancement
-
Automotive7 months ago
Al-Futtaim Automotive Builds On 23-Year Legacy of Trust & Leadership in UAE’s Pre-Owned Car Market to Sell Over 25,000 Used Vehicles in 2023
-
Tech News9 months ago
Senet enters MENA’s Competitive Gaming Scene with ‘skill-to-earn’ Platform
-
Tech Features8 months ago
How Telecommunications Providers Can Best Tackle DDoS Attacks