By Mohammed Al Mohtadi, Cyber Information Security Officer, Injazat
There is a battle underway globally that requires every business to identify their risks of attack, fortify their defences, and continually evolve their capabilities. Every company will need to be on the front foot in terms of being equipped with the latest skills to deal with it and innovating their armoury to counter it. The battle for data increasingly sees sophisticated attacks by organised hackers rising rapidly.
A study by Cybersecurity Ventures indicated that cybercrimes will be the reason for the greatest transfer of economic wealth in history, costing the world $10.5 trillion by 2025. To place that in the context of a country wealth equivalent, it would be the world’s third-largest economy after the U.S. and China.
Reframing the Digital Battleground
With the level of technology integration in nearly every business, it could be argued that every company, to some degree, is a technology business. As a result, each could face extremely damaging risks to the business by losing productivity, operations, reputation and incurring a substantial financial loss.
This digital battleground is constantly evolving. With it is the need for the business world to change its approach from simple prevention steps to a more proactive approach rooted in a dynamic business-wide state of readiness. Given the current landscape, the focus should shift towards better detection and readiness for the inevitable to survive the digital battlefield today.
It is no longer the case that the “it will never happen to us” attitude is accurate. In fact, to the contrary, as every 39 seconds, there is a new attack somewhere on the web, and the rapidly rising cost of global cyber hacks rising every year around 15 per cent.
Testing your resilience: Attack yourself.
It is now more vitally important than ever before to test the company’s resilience to ensure that critical data is secure and vulnerabilities are identified. These vulnerabilities can also include programming errors, or improper computer or security configurations which can be then be exploited by hackers who discover these unintentional flaws and use these an opportunity for cyberattacks which are known as zero day attacks. To address this, the software developers have to release updated software patches. However, since they have just learned of the flaws, they have “zero days” to fix the problem and protect the users.
A secure way to achieve the testing of resilience is by evaluating your company’s vulnerabilities through being breached voluntarily. Therefore, attack yourself before hackers do, and assess what weaknesses in your IT infrastructure would make them successful and proactively fix them. You stand a significant chance to reduce the impact of an attack, provided you have a robust response plan and that it is consistently tested.
Most security leaders do not know how their team would react to a cyber breach. These exercises are critical to help provide an understanding of the capabilities of your team and your existing technology and are great for building muscle memory and assessing where to invest budgets.
Fortunately, there are several ways and methods to do this today, from tabletop exercises to penetration testing and simulation exercises such as red teaming.
Why choose proactive simulation
Penetration testing identifies possible vulnerabilities and security holes but is highly dependent on the skill of the pentester. This is where immersive solutions such as red teaming have a massive advantage. It presents you with a heart-pounding, first-hand experience that reproduces the real impact of an attack. It helps prepare your teams to respond and enables you to understand how competent your response is and how fluent you are in your response incident response plan.
It is also crucial for the business to view cyber security as a shared responsibility, not simply the IT head’s sole responsibility. Instead, everyone has a role in ensuring the organisation remains cyber secure. Response plans will have assigned responsibilities for the key decision makers such as the CEO, CIO, CHRO etc and simulation exercises guarantee that all protocols are fully understood by all parties and strengthen the cybersecurity bench providing critical in a low-risk, low-cost way to learn from your failures.
UAE can be a cyber security powerhouse
The UAE is the third most attractive target for cybercriminals, according to the Cyber Risk Index released by NordVPN, costing the businesses in this country a whopping $1.4 billion per year.
Therefore, it should not come as a surprise that the UAE have announced a national bug bounty program to enlist the services of qualified global security researchers in an incentive-based programme for cybersecurity penetration testing and vulnerability identification, towards better prevention against cyber-attacks.
As a nation that has always been at the forefront of embracing innovative ways to enhance cybersecurity across the critical infrastructure in the country, the UAE knows not to stop at just penetration testing. To align and direct these national cyber security efforts, the UAE Government has a vast array of initiatives that are designed to improve the national cyber security, and protect the country’s national information and communications infrastructure. The UAE Information Assurance (IA) Regulation provides the requirements for raising the minimum level of IA across all relevant entities in the UAE. This is further supported through the information security standards such as ISO 27001 which is focused on keeping information assets secure.
With a 250% increase in cyberattacks since last year, the UAE Cybersecurity Council, in cooperation with National Crisis and Emergency Management Authority (NCEMA), announced a “Protective Shield Cyber Drill”, demonstrating how these exercises and practices can be encouraged from a government level.
As the national technology champion, Injazat is also a leader in cyber security through the provision of its ‘Cyber Fusion Centre’. This capability stands out ahead compared to other less able solutions in the market. Integrating behavior analytics and machine learning, the Cyber Fusion Center is distinctive. It leads the MENA region as it provides a proactive and unified approach to neutralize potential threats before they occur. The platform leverages an Artificial Intelligence-based recommendation engine, suggesting remediation actions based on previous behavior patterns and reducing response times.
As we approach 2022 next month, now is the time to double up on the action to ensure that every business is cyber aware and has the proper proactive defences to ensure that they win in the digital battleground. Every company must act now to put the winning strategy in place and not wait until it’s too late. The cost of not doing so could be high.
About the Author
Mohammed Al Muhtadi is a highly accomplished cybersecurity and information governance professional with over 12 years of experience in leading and implementing security solutions and mitigation plans.
As the Chief Information Security Officer of Injazat, Mohamed is responsible for spearheading and improving the security programs, assessment of the organization’s digital landscape, managing disaster recovery and providing cybersecurity awareness training.
In the span of his career, Mohammed has helped corporate giants in the region such as Du, Dubai World, Masdar, General Electric and ENOC to design, implement, operate, grow, and manage their digital infrastructure. Highly qualified, Mohammed holds an MBA and a Bachelors degree in Information Technology with over 13 certifications ranging from ethical hacking to data privacy solutions. The rich and extensive experience he has gained in his previous roles has fully equipped him with the tools needed to support any company’s security and information strategies and ensure a smooth flow of operations within the team. Mohammed can be reached online at https://www.linkedin.com/in/mohammed-al-muhtadi/