With the problem of hacking and its consequences on enterprise only exacerbating, CNME rounds up the views and tips from some of the region’s leading cybercrime experts on how organisations in the Middle East should be tackling the issue.
There is very little doubt in both the business and IT arenas that cybercrime is not something to be taken lightly.
On the contrary, industry experts resoundingly agree that protection from it should be a top IT priority.
“Obviously no country is immune to the risk of a cyber attacks, but the Middle East’s natural resources and influence its countries have on geo-political stability make organisations in the region prime targets. Being aware and being able to actually defend against such threats are two different things. Organisations around the world face the same obstacles when it comes to cyber security,” says Jason Mical, Director of Network Forensic, AccessData.
Companies should not consider themselves immune to cybercrime but be vigilant and arm themselves against the wave of attacks hitting the region, according to Florian Malecki, Senior Product Marketing Manager EMEA, Dell SonicWall.
“Outdated network security is not good enough in Middle Eastern companies and recent attacks in the region should be a reminder that the latest in network security is essential. There is the belief that cyber attacks are a Western problem and this attitude needs to be revaluated. Whether a Fortune 500 company, SMB or a government organisation, everyone is on the list of cyber thugs,” Malecki says.
Nicolai Solling, Director of Technology Services, help AG, believes the world’s dependence on the Middle East’s oil and gas industry makes the region even more vulnerable.
“If you take out the ability to produce oil and related products, serious disruption can be done to the world economy. Furthermore the technical framework around energy production has been shown to be slightly less secure, making the control networks vulnerable,” Solling says.
“A second very important topic is that the Middle East has had significant political changes over the last decades and especially the last couple of years, where cybercrime and the IT platforms have become a part of the battlefield. With that in mind it means that the cybercrime picture here in the Middle East is very serious and we need to take the appropriate measures to handle this,” he adds.
Julian Lovelock, VP Product Marketing, HID Global, believes the increasingly rapid emergence of more sophisticated malware makes it critical for institutions to urgently ramp up their security efforts.
“This will make it more difficult and costly for cybercriminals to scale their attacks, both for their own benefit, as well as that of their customers,” Lovelock says.
Increase in attacks
Over the past five years, there has been a significant increase in targeted attacks in enterprises in the Middle East causing data loss worth millions of dollars.
Today, malware is a multibillion dollar industry where hacktivists are well-funded and indulge in focussed attacks driven by geopolitical or financial motives, says Haritha Ramachandran, Programme Manager, ICT Practice, MENA, Frost & Sullivan.
“These attacks are more sophisticated and therefore the challenge to manage the network is further complicated. It is extremely important for enterprises to understand and realise the criticality of these advanced and persistent threats and take every necessary step for prevention before the threat can do irredeemable damage,” he adds.
It has taken some devastating examples to occur for Middle East organisations to fully recognise the seriousness of cybercrime. Now the most pressing point is how to stay protected.
Mical says organisations need to implement technology that allows them to take a more proactive approach to cyber security.
“Unfortunately, I think most organisations are still investing heavily in preventative solutions and alerting solutions, taking a reactionary stance. These technologies are inherently handicapped in that they can only detect exploits that have been defined,” he says.
“The focus needs to shift towards integrated analysis capabilities and solutions that provide visibility across their enterprises into both data traversing the network and living on individual computers across the enterprise. This will allow them to detect the known, respond faster and remediate more efficiently,” he adds.
Ramachandran agrees with the proactive approach and says it can be accomplished through a combination of people, process and technology.
“Every company must clearly define and disseminate their security policies, automate policy enforcement and incorporate detailed auditing and reporting systems across the length and breadth of the organisation. Enterprises should also have a clear idea of the level of security assurance of the technology they are going to deploy or invest in. For example, in order to ensure maximum security, organisations should deploy technology with highest level of security rating that will protect the critical information against the most sophisticated and determined attacks,” he says.
Sameel Kazi, Project Manager, StorIT, believes protection can be only done if organisations are aware of the nature of a possible threat, so the best thing to do is to have systems upgraded, ready to deal with the possibility of a threat and to lower the trust level at all possible critical levels.
But despite the fact that network attacks are evolving, Joe Wang, CEO, WatchGuard, says standard security best practices are still affective when applied diligently.
“Defence-in-depth, which is the idea of layering multiple security controls on top of each other, is still a very effective strategy to preventing many attacks. While new attacks may be able to sneak past one of your defence, another control may catch it down the line,” Wang says.
“Organisations also need to invest in solutions with good visibility and manageability features. Attacks may sometimes find a ‘backdoor’ into your network, so you need real-time visibility tools that can inform you when there is an anomaly or strange events. Finally, the best security in the system is worthless if it’s too difficult for you to setup. Select security controls with good manageability features to ensure you can figure out how to configure the control properly,” he adds.
In terms of solutions, enterprises should look at what layers of security have been implemented and where they are weak, according to Ray Wizbowski, VP Strategic Marketing for online authentication and enterprise security, Gemalto.
“In order to gain good perspective into the system weaknesses, companies could employ an ethical hacker to try and find a way into the system. This will reveal where technology, policy, and/or process improvements need to be addressed. Strong user identity is also critical and will provide a solid foundation to build access controls to systems and applications,” Wizbowski says.
Solling adds that the solutions are entirely dependent on the requirements and risk of the organisation’s business unit.
“Obviously there are specific areas which gives a lot of security value to organisations, including Internet content control and inspection, e-mail security, antivirus and other client related aspects. However, the correct policies and procedures, and understanding the risks, will allow the organisation to make sure the investments cyber security get the most affect,” he says.
Lovelock agrees that while there is no magic bullet, having a true, multi-layer strong authentication will help ensure the highest level of security possible.
“Multiple authentication factors work best when placed at each critical access layer, such as Windows login, VPN, internals servers, and in front of cloud applications. In this way, even if one user is untrustworthy or one machine compromised, hackers are still inhibited,” he says.
As well as implementing the right solutions, it is also important for organisations and their employees to always carry out general best practices.
“IT needs be vigilant and take preemptive steps against attacks. Gartner states that attacks such as Distributed Denial-of-Service (DDoS) attack mitigation should be a standard part of business continuity and disaster recovery planning, and should be included in all Internet service procurements when the business depends on the availability of Internet connectivity. To do so effectively, a business must be forewarned, prepared and resilient against attack,” Malecki says.
One of the most critical practices once the security architectures are in place is the education of end users, according to Wizbowski.
“Security policies are only as good as the users who follow them. With solid policies in place and users fully educated, then the only thing left is to ensure the network is segmented and data is classified and stored using a high level of encryption. By segmenting the network, then based upon a strong identity foundation previously discussed, access can be controlled based upon the users access privileges,” he says.
Kazi concludes: “Preaching security is the biggest hankering and should be avoided. Security is stealth and has to be treated that way. However, what organisations should do is to dedicate enough resources and authority, which should be accountable for the complete upkeep of cyber security.”
Only time to tell what the future holds for cybercrime and security, but most indications point to the unfortunate inevitability that it will probably get worse before it gets better. It is the responsibility of the organisations to be prepared for that.