Alain Penel, Regional Vice President, Middle East and Turkey, Fortinet discusses the demands of cloud transformation, the state of the global threat landscape and what experience economy means to them.
Q1. Cloud is the future. However, it’s clear to see that across the region many have struggled with the demands of cloud transformation. Can you outline to us why you believe many enterprises have encountered issues transitioning their operations to the cloud – and what cloud model do you believe businesses should adopt?
Cloud adoption is on the rise, but its adoption comes with certain challenges. When you look at this from a cybersecurity point of view, there are several security-related challenges that organisations must overcome in the process, including compliance breaches and malware. Our recently cloud survey showed some of the concerns about cloud migration from IT leaders such as the lack of visibility, high cost, lack of control, and lack of security as the biggest unforeseen factors that slow or stop cloud adoption. To avoid struggling with cloud transformation, first organisations must understand and control data traffic across all the divergent environments, this includes visibility into and security over north-south and east-west traffic. Then, they should enforce strict Identity and Access Management (IAM) policies and finally reinforce end-user cyber awareness.
Businesses must adopt the cloud model that best suits their business and customer requirements.
Cloud strategies are only as successful if the networking and security connects and protects the cloud compute, whether private, public or hybrid. A security fabric uses open standards and protocols to integrate all security activities into a single platform. With all security routed to the same platform, organisations can more rapidly detect, investigate, and respond to threats. Additionally, if a security fabric approach leverages machine learning (ML), the system can become a self-healing security and networking system that protects devices, data, and applications across on-premises data centres and cloud services.
Q2. Over the last 12 months, we have seen more and more mega investments being made in the Metaverse. What are your feelings on the Metaverse – and what opportunities does it hold for stakeholders in the IT and tech industry?
The metaverse and its implementation is still in development, thus there are a lot of moving parts that we cannot yet address but as any new digital ecosystem, it presents an opportunity for cyber threat risk. We are likely to see a lot of social engineering attacks looking to take advantage of novice users. On the other hand, we can also have the opportunity to integrate security from the beginning. Security by design is going to be essential to build secure and safe virtual environments. Data security and privacy is also a concern that should be addressed as early as possible.
Q3. We have talked about digital transformation and cloud transformation, but how critical is it that enterprises get their security transformation right. Cyberattacks are on the increase, what do you think are the best practices businesses need to adopt when it comes to protecting their organisation?
According to the 1H 2022 FortiGuard Labs Threat Landscape Report, there was an almost 100% growth in ransomware variants in half a year. CISOs must ensure they are implementing the best prevention and protection solutions:
- Real-time visibility, protection, and remediation coupled with zero-trust network access (ZTNA) and advanced endpoint detection and response (EDR) are critical. Advanced endpoint technology can help mitigate and effectively remediate infected devices at an early stage of an attack.
- Segmentation is also foundational since it can help limit the spread of an attack and also limit lateral movement which is something we saw in our report as still being a key goal as WFA continues.
- Services such as a digital risk protection service (DRPS) can be used to do external surface threat assessments, find and remediate security issues, and help gain contextual insights on current and imminent threats.
- Network detection and response (NDR) with self-learning artificial intelligence (AI) is helpful to better detect intrusions.
- Integrated, AI and ML-driven cybersecurity platforms with advanced detection and response capabilities powered by actionable threat intelligence are important to protect across all edges of hybrid networks.
- Cybersecurity awareness and training are also important as the threat landscape changes to keep employees and security teams up-to-date.
Q4. We know that technology is advancing rapidly – and some analysts are predicting a decade of disruption. What is your vision for the future in terms of the tech trends that are really going to drive change and foster further innovation over the next 3-5 years?
The FortiGuard H1 2022 Threat Report findings show that the convergence of IT and OT networks, combined with today’s Work-From-Anywhere (WFA) environment, mean that bad actors are finding more opportunities to carry out both familiar and new cyberattacks while using more clever techniques to evade detection.
The 2022 Global Threat Landscape report identifies several cybersecurity trends:
Defence Evasion is the Most Prominent Attack Tactic
Attackers are often using system binary proxy execution, hiding malicious intentions is one of the most important things for adversaries, therefore they are attempting to evade defences by masking their exploits and attempting to hide commands using a legitimate certificate to execute a trusted process and carry out malicious intent.
Ransomware-as-a-Service Opens the Door to New Variants
Ransomware remains a top threat, and cyber adversaries continue to invest significant resources into new attack techniques. The explosive growth of ransomware is unsettling and can be attributed to the increasing popularity of Ransomware-as-a-Service (RaaS) operations, which offer cybercriminals an easy means to a quick payday.
IT and OT Endpoints are Still Prime Targets as Work-From-Anywhere Continues
IT and OT endpoints remain key attack vectors and many vulnerabilities at the endpoint involve unauthorised users gaining access to a system, likely with a goal of moving laterally across the corporate network.
Wiper Malware an Increasing OT Security Concern
In the first six months of 2022, FortiGuard Labs identified at least seven significant new wiper variants used by attackers in various targeted campaigns against government, military, and private organizations and this number is very crucial as it is nearly as many total wiper variants publicly detected in the previous 10 years and in many geographical locations.
Maximize AI and Machine Learning (ML)
When organisations gain a deeper understanding of the goals and tactics used by adversaries through actionable threat intelligence, they can better align defences to adapt and react to quickly changing attack techniques proactively. It is critical to maximize AI and ML-powered prevention, detection, and response strategies based on a cybersecurity mesh architecture to allow for much tighter integration, increased automation, as well as a more rapid and effective response to threats across the extended network.
Q5. We live in the ‘experience economy’ – and it is critical that businesses get their CX right, or they will lose customers and businesses. What do you believe are the key requirements to be successful in the new digital economy?
Across all industries, great customer experiences are now just as important as business outcomes. Organisations are accelerating their digital transformation initiatives, which is driven by the user experience versus speeds and feeds. At the same time, companies need to ensure security while maintaining high user experience.
Digital Experience Monitoring (DEM) solutions offer complete visibility of network performance and security posture, combined with automated remediation to ensure an application in any deployment is meeting user expectations. The Fortinet Security Fabric, for example, can apply predictive and proactive steps for better outcomes and experiences.