GEC NEWS WIRECybercrime remains a pervasive threat to organizations. Azeem Aleem, Director – Advanced Cyber Defence Practice at RSA shares his vision of the evolution of threats and solutions that can help customers respond effectively and protect what matters the most.
How have the security measures evolved in the past year?
Now a days, the attacks have become more sophisticated. Dubai is one of the smart city concept and around 50 different services are shared across 26 different government agencies in this region. They are advancing to other smart cities which again creates wider problem of cyber security. For example, when the data is shared among the agencies and as a result, if any breach takes place during that chain of communication, it can create a big issue.
Security is a process and not a product. I can divide it into three areas – Readiness, Response and Resilience. Any organization needs to have a readiness capability which means detecting advance attack. Although, no organization is 100% secure, but we can work towards minimizing the breach exposure time. Secondly, Response could be proactive and reactive. For instance, the attacks that impact the oil & gas industry would be different to banking sector or smart cities concept. The last one is Resilience Capability which means how an organization evaluates the success of its capability.
How should the Middle East region respond to the attacks?
The attack domain is the same in the Middle East as in Europe or United States. In fact, it is getting advanced in the Middle East as you have nation state actors and I would called it the hub of advanced attacks. There are specialized attacks that take place and the organizations are aware of it. The core to detect attacks is developing actionable intelligence. The problem in the Middle East is, it does not have a lot of measures to develop this concept. They are building their defense capability on the intelligence which is on a broader perspective. For instance, hackers have a specific pattern for banking sectors here. So, the path towards the development of actionable intelligence would be the key to detect attacks in the region.
Which sectors in the Middle East are more vulnerable?
In the oil and gas sector, threat levels have increased dramatically as it takes long to update those systems. There are financial gangs who try to hack the IP of the oil and gas sectors and sell it to their competitors. E-health is also one of the key issues in the Middle East and these electronic devices are vulnerable as the data in the healthcare sectors are critical.
How are sectors like Oil & Gas and Healthcare getting digitalized?
There is a revolution right now in terms of digitization in the oil & gas sector. The vision is quite aggressive but the implementation is slow as they are built on old control systems. A normal patching of the industrial control systems in the oil and gas environment takes about eight to nineteen months. In the e-health, the implementation is rapidly evolving. But again, there are loopholes as well. By 2020, when we have 50GB of connected devices, issues will rise.
How has the RSA Conference been this year?
The conference was amazing and was the best place to exchange knowledge on cyber security. As a region, it has matured. The first RSA shared views on implementing policies, implementing whole framework of cyber-security, but now we talk about actionable intelligence, proactive incident response, etc. It has always been a great experience to be a part of this platform.
