Ashraf Koheil, Regional Sales Director, MEA HQ at GROUP-IB, tells Anita Joseph that education and awareness of the end user is key to security, as one wrong click can destroy a business completely.
Tell us about Group-IB’s participation at GITEX 2022
GITEX is an invaluable platform for meeting with leading technology experts, cybersecurity leaders, customers and partners. This year, the response was phenomenal and we were glad be a part of this industry-defining event. Our attendance underscored Group-IB’s established and ever-growing presence in the region, and followed on the back of a significant strengthening of our capabilities and skill sets in the Middle East and Africa. During the entire duration of the event, visitors had the opportunity to learn more about Group-IB’s full stack of threat hunting and intelligence solutions.
In the rapidly changing cybersecurity ecosystem, how does Group-IB position itself?
At Group-IB, we believe that cybersecurity is all about having a full ecosystem. This ecosystem needs to be complementary and agile. Complementary means not replacing anything that the clients currently have in terms of technology-it’s all about moving your environment from good to great or great to excellent.
The second key factor is knowledge transfer. What’s unique about Group-IB is that culturally, inside the organisation, we focus on training and knowledge transfer, because the world today is not about technology alone, it’s also about skillsets and people working with technology to make sure they get the best out of it. So we have powerful, hands-on, instructor-led training. Even in our services, we make sure we spend enough time to train and educate the client on how the incident happened and how to avoid similar incidents in future.
We also believe in a partner ecosystem-at the end of the day, it’s people working with people. So, we have our teams working with partner organisations and the clients, to fill in the gaps.
What are some of the findings from Group-IB’s regional threat reports?
Ransomware attacks are on the rise. The attack on infrastructure, Intellectual Property thefts, data exfiltration and so on are becoming major issues for key clients. The key observation is that ransomware attacks are becoming a lot more organised and sophisticated, while phishing scams are becoming persistent. What this means is that top brands-whether its banking, airlines, telecom-attackers actually follow marketing campaigns and design their own similar look-alike campaigns. The major brands are being closely and constantly monitored by the attackers. This is disturbing.
However, this is not about scaring people, it’s about remaining alert and vigilant. In this context, education and awareness of the end user is key, because a company can invest millions in to the latest technology, but all it takes is one wrong click to lose it all.
Group-IB launched its Threat Intelligence Centre last year. Tell us more.
Group-IB has a very mature technology in place for threat intelligence and we licence it to a number of key clients especially in the banking sector, law enforcement and the government and so on, because threat intelligence is basically the window into the threat landscape-who’s targeting your company, who’s targeting your partner infrastructure or equipment manufacturer and so on.
The threat intelligence centre we launched last year was a strategic move to provide more rich, local content to the region. It’s great to know what’s happening in the international markets between attack groups, and focus on who and what is attacking us. So, we built our own threat intelligence centre. We have Arabic-speaking analysts to develop content in conjunction with our clients so we can come up with local content, so that we can see the threat landscape in the Middle East, in particular.
Also, ever since the launch of the company’s regional HQ in Dubai, Group-IB analysts have gone to great lengths to protect the region’s organisations and Internet users through the discovery of a range of threats at the hands of malicious actors.
Please tell us more about cyber resilience and how and why it’s becoming a key focus area.
Cyber Resilience is the ability of an organisation to handle its own threat profile. If you’re a major company, a CNI-Critical National Infrastructure-like a Telco or an Oil and Gas firm, we test your resilience against those who attack you. Attackers are ruthless-they will look closely at vulnerabilities and even attack your people-right from the VIP level. They will be impersonating your brand, spreading fake news, targeting customers with phishing scams and malicious links, and so on.
We have a methodology to assess cyber resilience in the organisation. So we are able to tell organisations, for instance, that they are very good with their technology but are lacking in a proper team or security awareness. Security is everyone’s responsibility. At one time, it used to be the sole responsibility of IT teams, but it is no longer. The consequences are also much more devastating today. So cyber resilience for us is all about testing an organisation against its attackers and seeing how resilient it is against attacks.