Monday, 9 October 2017
Cyber Security in EMEA
The threat landscape in the Middle East is rapidly evolving in sync with the increasing sophistication of cybercrime across the globe. In fact, cybercrime has become a heavily globalized industry, with many attacks happening across borders via the internet. Hacker operations globally have become very organised and sophisticated and malicious actors seek to access the most valuable and sensitive information of organisations mainly in the financial services, energy and healthcare sectors.
Enterprises in high-risk industries like financial services and energy are beginning to transition away from in-house security solutions and towards Managed Security Services as they realize both the difficulties of building and maintaining internal solutions and the inadequacy of these solutions for keeping up with the rapidly evolving threat landscape.
With a severe shortage of cybersecurity talent in the region and the rapid evolution of the threat landscape, many organizations are seeking solutions that provide necessary expertise, are scalable, and serve as predictable operating expenses, rather than variable capital expenses. Hence, the increasing interest in Managed Security Services.
A key concern in the GCC region is the lack of security compliance in cloud solutions and the lack of competency in implementing this effectively especially in public cloud usage. Another growing concern is the increasing proliferation and complexity of IT security solutions, the lack of interoperability especially across threat intelligence, and the reducing return on investment from continuous investment into IT security solutions.
According to a PwC survey released in March 2016, companies in the Middle East have suffered larger losses than other regions last year, as a result of cyber incidents. 56% lost more than $500,000 compared to 33% globally, and 13% lost at least three working days, compared to 9%. Businesses in the Middle East are also more likely to have suffered an incident like this, compared to the rest of the world. 85% of respondents compared to a global average of 79%. The difference is particularly striking at the top end: 18% of respondents in the region experienced more than 5,000 attacks, which is higher than any other region, and compares to a global average of only 9%. The attacks in question range from the actual theft of data, to co-ordinated spam emails or phishing attempts. One of the explanations for the high rate of such incidents in the Middle East may be the greater prevalence of malware in the region, and there are also more fax based scams than is typical elsewhere, which can be hard for businesses to track centrally.
Cyber security threats
A recent Palo Alto Networks survey found that more than two-thirds of respondents in the UAE indicated they have 1 to 10 cloud-based applications, with 15% and 9% stating that they had 11 to 20 and more than 21 applications, respectively. Private cloud is the most popular cloud computing solution amongst enterprises in the UAE, with 26% of respondents stating their company has adopted this. 15% of respondents preferred the public cloud. With 46% of respondents admitting to having experienced a security incident, or being unsure if an incident has taken place, security vigilance needs be a top priority when it comes to the cloud. Of those surveyed, more than 50% stipulated that firewall and password protection were among the top security systems that their companies deploy to protect themselves against security breaches, indicating that there is a lack of understanding when it comes to securing applications and data in the cloud. Regardless of the size of the organization, a prevention-focused, natively engineered security platform that is simple to deploy and scalable to meet future growth demands is ideal.
Latest cyber security solutions
Integrated security dashboards, compatible analytical feeds and threat intelligence, common platforms for multivendor security solutions, and managed security services are some of the latest trends the region has on offer.
As an example, eHDF offers a comprehensive suite of Managed Security Services which include Real Time Threat Monitoring, DDoS services, SIEM services, Advanced Threat Protection, Data Loss Prevention, etc. Very recently, we launched a Cyber Defence Centre in the UAE. The CDC offers a portfolio of Managed Security Services along with Remote Managed Security Information and Event Management Services, delivered either within eHDF’s Data Centre, on customer premise or in the Cloud.
Securing your organization
It is necessary to have a hybrid security solution providing a comprehensive and consistent policy across an organization’s architecture, including its cloud footprint. Deployment and policy updates need to be automated and integrated with cloud services, which will lead to a scalable, secure and resilient cloud architecture. Data is becoming more and more distributed across a diversified mix of physical data centers, private and public clouds etc. It is essential to have unified visibility and consistent security measures to protect data no matter wherever it resides. Organizations need to have consistent security policies across physical and virtualized environments. It’s essential to fully maximize the use of computing resources to control traffic between workloads, while preventing the lateral movement of threats, and centrally manage security deployments and streamline policy updates.
Today, MSSPs are developing more innovative solutions to incorporate advanced analytics and more powerful tools for detecting, investigating, and managing increasingly dynamic threats across an expanding range of attack vectors. MSSPs have better insights into security threats based on their extensive experience of dealing with hundreds of potentially threatening situations every day. They are trusted by their customers to protect mission-critical data and systems. MSSPs ensure that they take their customers’ security very seriously and maintain internal policies and processes with the highest security standards.
Meanwhile, the economy is forcing organizations to drive down their operational costs while still maintaining a proactive security setup. Hence more organizations are looking at Managed IT Security as an option, which simply means outsourcing some or all of the organization’s security operations to a services provider, where they handle the company’s servers and data security at an off-site data center.