How do you see the threat landscape evolving in the region?
Today’s threat landscape is becoming increasingly volatile as actors use ever-more sophisticated techniques to attack organisations, not just in the Middle East but around the world. The reality is that any organisation operating online holds data valuable to cybercriminals, from financial transaction records to customer PII, confidential company assets to industrial IP. A hit on any of these can lead to catastrophic business impact, reputational damage and compliance penalties.
While cybercriminals are deploying similar TTPs against enterprises in the region as elsewhere in Europe, from an APT perspective in recent years the Middle East and North Africa has seen regional tensions make the jump from the realm of battlefields and closed-door meetings into cyberspace. The biggest players in the region – from Iran to Saudi Arabia to Israel – have invested in cultivating their own array of state-sponsored hacking collectives to be used in backing their agendas and advancing their national interests. Unsurprisingly, investment and interest in developing cyber assets continues to the present.
Is security a boardroom level discussion now?
Once the preserve of the CIO or CISO, defending against an ever-more sophisticated threat landscape has finally started to resonate with business leaders in recent years. The implementation of GDPR and similar legislation around the world has repositioned cyber risk generally, along with an increasing awareness of the significance of a breach. To put it simply, for a CEO cyber risk is business risk.
Cybersecurity is everybody’s job – and the C-suite is responsible for establishing and promoting an appetite for cyber risk management across the business. They should ask questions relating closely to their priorities as a business. How integral is cybersecurity to overall business strategy – is enough budget being allocated? In the boardroom, members should try to understand why they would be being targeted by cybercriminals – what do they have in their systems that adversaries would find valuable?
Cyber risk management, therefore, must be comprehensive and cover cyberthreats which are deliberate and planned, as well as those unintentional blunders which can cause damage to the enterprise. Under no circumstances should an opsec team still be the only group within a company that knows how to identify potentially malicious activity – as the business at large could suffer financial, operational and reputational damage.
What are your tips for CISOs to looking to bolster the security posture of their organisations?
Overall, cybersecurity must be a well-balanced model between people, process and technology. A blend between the three makes for the strongest posture possible. That said, as with many aspects of cybersecurity, education is key to mitigating attacks – and this is very much an ongoing process. Do all employees know how to recognise a phishing email, for example? Under no circumstances should an opsec team be the only group within a company that knows how to identify potentially malicious activity.
It is critical to create a strong culture of cybersecurity within the organisation. This should extend from the management team all the way down to the newest hires, with encouragement to fully understand the risks of using certain technologies. Frequent company-wide training is encouraged, and though cybersecurity education is important in any enterprise regardless of size, a robust risk culture in larger companies is particularly important simply because of the scale of both technology and staff.
CISOs and other members of the IT team should ask the following:
- Do the rest of the management understand the importance of a robust security posture? Do they budget enough for it and recognise the ROI?
- Have we rationalised the way we budget for our external products? Are we spending too much in the wrong areas relating to our business?
- Are we doing enough to educate the entire organisation about the importance of cybersecurity?
- Are we auditing our security protocols often enough with sufficient patching, pen-testing and red-teaming, and are we sufficiently validating each and every new digital product we produce?
- Are we leveraging actionable intelligence and analytics?
What kind of security expertise do you offer?
To manage cyber risk, organisations need to understand and act on threats relevant to their business. Blueliv’s Threat Compass provides a central point of control for automated operational, tactical and strategic threat intelligence and digital risk protection. We offer a streamlined, cost-effective and scalable solution where users can ‘build-your-own’ threat intelligence from individual modules, and only gather and act on the threats which matter most to them. All of this is backed up by our experienced international team of threat intelligence analysts and malware reversers.
We leverage the broadest external datasets on the market, meaning that we cover a broader range of cyberthreats than any other service. This enables teams to process a higher volume of threat data, whilst maximizing limited resource and enabling smarter remediation. Our proactive, automated detection and monitoring not only help defend your assets, but also brand and reputation. Threat intelligence strengthens cyberdefense, and protects your balance sheet from financial losses and compliance penalties associated with cyberattacks. Crucially, Blueliv’s solutions are easy to deploy, easy to set up and very easy to operate. Users see results instantly without the need for costly analysts or huge supporting security teams.
Do you think AI and machine learning will drive the future of cyber security?
Simply put, automation and machine learning capabilities in threat intelligence helps to deliver the highest quality actionable data, helping organisations stay in command of their threat landscape.
The sheer volume of samples that are detected, analysed and reported – hundreds of thousands per month at Blueliv, for example – requires advanced capabilities to structure the information at scale for presentation with humans and their security systems. Using patented software, we are able to connect the dots in the data, adding context to vulnerabilities, attack vectors and targets. Indeed, this is why simply using an open source or commercial data feed is usually not good enough – organisations need to contextualise data for timely and actionable diagnosis.
Looking ahead, predictive analytics derived from machine learning will become better at forecasting events and attacks, further strengthening an organisation’s security posture. At the moment, defenders are usually a step behind attackers, patching and reconfiguring where there has been an attack. Threat intelligence from machine learning can increase the proactivity of security teams, generating models based on historical observations of similar data at scale unachievable by human analysts. As technology improves, these predictions will become more and more accurate and provide organisations with the best tools possible to safeguard their perimeter.
Discussion about this post