Ashraf Koheil, Regional Sales Director MEA at Group-IB, on the company’s threat research findings and its approach to cyber resilience.
Tell us about Group-IB’s participation at GISEC. What are some of the key products and solutions you are highlighting here?
This is Group-IB’s second year at GISEC. As compared to last year, this year the participation is phenomenal, due to a few main reasons. One is the easing of restrictions, the increased focus and priority on cloud migration and the resounding success of the Expo. We’re seeing a of engagement and traction this year, newer technologies and lots of new companies in the region.
At Group-IB, we believe that cybersecurity is all about having a full ecosystem. This ecosystem needs to be complementary and agile. Complementary means not replacing anything that the clients currently have in terms of technology-it’s all about moving your environment from good to great or great to excellent.
The second key factor is knowledge transfer. What’s unique about Group-IB is that culturally, inside the organisation, we focus on training and knowledge transfer, because the world today is not about technology alone, it’s also about skillsets and people working with technology to make sure they get the best out of it. So we have powerful, hands-on, instructor-led training. Even in our services, we make sure we spend enough time to train and educate the client on how the incident happened and how to avoid similar incidents in future.
We also believe in a partner ecosystem-at the end of the day, it’s people working with people. So, we have our teams working with partner organisations and the clients, to fill in the gaps.
What are some of the findings from Group-IB’s regional threat reports?
Ransomware attacks are on the rise. The attack on infrastructure, Intellectual Property thefts, data exfiltration and so on are becoming major issues for key clients. The key observation is that ransomware attacks are becoming a lot more organised and sophisticated, while phishing scams are becoming persistent. What this means is that top brands-whether its banking, airlines, telecom-attackers actually follow marketing campaigns and design their own similar look-alike campaigns. The major brands are being closely and constantly monitored by the attackers. This is disturbing.
However, this is not about scaring people, it’s about remaining alert and vigilant. In this context, education and awareness of the end user is key, because a company can invest millions in to the latest technology, but all it takes is one wrong click to lose it all.
Tell us about the launch of Group-IB’s Threat Intelligence Centre last year.
Group-IB has a very mature technology in place for threat intelligence and we licence it to a number of key clients especially in the banking sector, law enforcement and the government and so on, because threat intelligence is basically the window into the threat landscape-who’s targeting your company, who’s targeting your partner infrastructure or equipment manufacturer and so on.
The threat intelligence centre we launched last year was a strategic move to provide more rich, local content to the region. It’s great to know what’s happening in the international markets between attack groups, and focus on who and what is attacking us. So, we built our own threat intelligence centre. We have Arabic-speaking analysts to develop content in conjunction with our clients so we can come up with local content, so that we can see the threat landscape in the Middle East, in particular.
Please tell us more about cyber resilience and how and why it’s becoming a key focus area.
Cyber Resilience is the ability of an organisation to handle its own threat profile. If you’re a major company, a CNI-Critical National Infrastructure-like a Telco or an Oil and Gas firm, we test your resilience against those who attack you. Attackers are ruthless-they will look closely at vulnerabilities and even attack your people-right from the VIP level. They will be impersonating your brand, spreading fake news, targeting customers with phishing scams and malicious links, and so on.
We have a methodology to assess cyber resilience in the organisation. So we are able to tell organisations, for instance, that they are very good with their technology but are lacking in a proper team or security awareness. Security is everyone’s responsibility. At one time, it used to be the sole responsibility of IT teams, but it is no longer. The consequences are also much more devastating today. So cyber resilience for us is all about testing an organisation against its attackers and seeing how resilient it is against attacks.