In an exclusive interview with Anita Joseph, Editor, Security Advisor Middle East, Mika Lauhde, Vice President of Cybersecurity & Privacy – Global PACD, Huawei, discusses how Huawei works together with customers, partners, standards organizations and all other industry players in the Middle East region to elevate its ICT industry to the next level.
What are some of the key cybersecurity threats facing the region today?
The global challenges we faced as a society last year led to fundamental changes in our physical and digital environments. This caused countries to prioritize resolving internal matters first, and global collaboration against cyberthreats wasn’t given its due attention. This lack of global collaboration has impacted our cybersecurity landscape. Cybercriminals, on the other hand, have become very sophisticated and organized, leveraging cross-border networks to exploit vulnerabilities across the globe.
During this time, we also witnessed a rise in remote working, and this presented unique challenges from a cybersecurity perspective. Work devices no longer operated on an organization’s secured perimeter. Devices that connected to corporate networks through unsecured connections led to vulnerabilities that could be easily exploited by nefarious threat actors. Furthermore, IoT and webcams were exploited, with instances of virtual conference hacking (called Zoom bombing) leading news agendas. Cybersecurity teams had to spring into action to serve a dual purpose of ensuring business continuity, and protecting its enterprise network.
Despite this sensitive global situation, some state actors used this opportunity to interfere with national security and stability. Some of the common threats we faced were disinformation and phishing. Disinformation was prevalent throughout 2020 because of the pandemic where people obtained news from unofficial sources and, therefore, causing chaos and confusion. In addition, hackers made use of the situation and sent phishing emails masquerading as official authorities on national initiatives, such as financial aid, where the targets were directed to the hacker’s site to collect their personal data. This led to a third threat which was online identity theft and stealing individuals’ money.
Can you share with us some of the best practices that organizations must follow, in order to address these challenges?
Humans can be the weakest and strongest link in a cybersecurity landscape. Besides technical adaptations for this new normal, it is now more important than ever that companies build holistic safety and security knowledge among employees to protect both corporate and personal data. This is the key organization’s cyber assurance.
Organizations also need to provide new technical tools that allow secured connections while working from homes. This needs to be backed up with an upgraded cybersecurity strategy and policies. For multinational organizations, it is imperative that they quickly agree on global policies, keeping in mind the national regulations and differences.
We suggest the adoption of a common, baseline cyber hygiene, which goes back to the fundamentals as guidance for WFH. This is applicable for Small and Medium Sized Enterprises (SMEs) as well.
1) Adopting a strong password policy
a.Eight or more characters
b.Alpha numeric characters
c.Mixture of upper- and lower-case characters
d. Special characters
2) Making use of multi-factor authentication for identity management
a. For key services, make use of non-SMS 2nd factor authentication
3) Must have a computer usage policy, no matter how simple it is
4) Keeping your OS and software updated
a. Enable auto-update where possible
5) Make use of SaaS services whenever possible (a cloud-first strategy is recommended)
a. While it is a shared responsibility model for cloud, in a SaaS environment, the provider is responsible for most of them.
Biometrics and contactless technologies are beginning to play a major role in the market today. What are some of the trends and emerging opportunities in this area?
Biometrics and contactless technologies are spreading globally, especially that the COVID-19 pandemic has brought these technologies into greater focus as a sustainable approach for contactless authentication.
In the UAE, for example, the country has been accelerating the usage of biometrics and contactless technologies due to COVID-19. Contactless menus and payment systems in restaurants and shops is now a commonality that most will consider that as a basic service. Biometrics are also used in border controls at airports. The UAE has launched facial recognition and Iris recognition, replacing traditional fingerprint authentication.
I would expect the proliferation of non-invasive technologies in the area of biometrics and contactless to continue, building on the momentum brought about due to the pandemic. Tighter integration with AI at the backend would be required to deliver more innovative solutions to the customers
That said, there might still be security concerns from privacy systems and issues surrounding personal data rights. We at Huawei believe these should not be overlooked, and are committed to creating safe, transparent, and cooperative cyber cybersecurity mitigation programs to ensure we protect any sensitive information.
How would you assess the progress made by the Middle East region, particularly the UAE, with regard to cybersecurity regulations and technology adoption?
The UAE is well poised to become one of the globally trusted hubs, with strong foundations in place like the UAE Cybersecurity Strategy since 2019. Furthermore, the establishment of the UAE Cybersecurity Council, and the appointment of H.E. Dr. Mohamed Al Kuwaiti as its chair and the CSO of the UAE government, provided the right foundation for the UAE to build up its cybersecurity credentials.
The UAE government correctly made the decision that all technology advancement brought about by Industry 4.0 and deep tech should be deployed with the right strategy, taking the security and privacy-by-design approach, baking these rights into their solutions from day one.
Please tell us about Huawei’s work in the region, as far as cybersecurity and technology are concerned?
Huawei is a global leader in the ICT field. With that, we recognize that we need to adopt an open, transparent, and collaborative approach in working with all the stakeholders in the ICT ecosystem.
Through inclusive industry development where we work together with our customers, partners, standards organizations, and all other industry players in the Middle East region, we are able to elevate the entire Middle East ICT industry to the next level. This sharing and collaboration will enable all of us within the ICT community to develop new innovative products, services and capabilities.
Across the Middle East, Huawei is working conscientiously to promote security by offering products that are developed using security-by-design principles, and delivering solutions based on a zero-trust approach. We work closely with local leaders and stakeholders, including institutes of higher learning, in an effort to support capacity building in cybersecurity across all our markets in this region. As a part of our contribution to local talent development, Huawei has committed to training around 10,000 professionals in the UAE in the next three years, helping them to be future-ready.
Huawei solutions for enterprises, such as Huawei Cloud, are designed with security in mind. It has all the necessary cybersecurity and privacy protection international certifications such as ISO 27001, ISO 27017, ISO 27018, CSA STAR Gold, AICPA SOC and PCI DSS globally. Our UAE cloud infrastructure, which we built and hosted locally, is also constructed using these industry-leading solutions.
By combining cybersecurity, privacy and data protection, risk, governance and compliance, resiliency, and business continuity together, we wish to be a catalyst for the local ICT ecosystem’s success.