Farid Faraidooni, the Chief of New Business and Innovation Officer at du, says that organisations need to consider the right governance model in their security operations, so they can better detect threats and respond
How has the security threat landscape evolved over the past few months?
Many people working from home have done so using unprotected network environments, personal devices and newly created tools and applications. They have also carried out their tasks with limited network security while adapting to the new normal, and these elements have collectively resulted in virtual settings becoming an easy target for hackers. This situation, together with a lack of security awareness and education in general, has left people vulnerable to phishing attacks, and social engineering campaigns.
What sort of security challenges are people facing when working from home and how is your company equipped to handle those challenges?
The pandemic meant that entire workforces immediately had to find new ways to work from home and this challenged businesses across the globe. Unprotected home network environments were previously mentioned and, from a cyber-security perspective, organisations have been required to scale up their security response to enable and protect personnel working virtually who were at risk from hackers without impacting productivity.
Organisations have had to rethink their security practices, implementing new levels of security controls outside their respective workplaces. One of the weakest security links in the IT chain are people themselves, as many have not participated in any type of security awareness or education and are subsequently victims of phishing attacks, and social engineering campaigns.
At du, we offer two solutions – Secure Remote Access and Digital Workplace. Both of these enable employees to securely access corporate resources including email, content and applications, using any device, without hindering productivity nor employee experience.
How has ransomware evolved during the pandemic period and what are you doing to tackle the problem? How can companies overcome digital security and privacy challenges?
It is clear the pandemic has left people more vulnerable to ransomware attacks. It’s not so much about new levels of sophistication, but rather around having greater access to people’s environments with less security protecting the endpoints in question. If we include ransomware and look more broadly across the entire security landscape, there are numerous security best practices that should be considered to build cyber resiliency.
The first is for an organisation to have the right security controls in place, particularly for endpoint devices. Companies need to ensure they have adequate security processes in place and that the right security controls are followed throughout company procedures, such as improved security set up when onboarding or offboarding new employees. Secondly, organisations need to consider the right governance model in their security operations, so they can better detect threats and respond. Ultimately, outsourcing organisational security management to a Security Operations Centre represents the best opportunity to detect threats early, protecting environments both internally and at the edge 24 hours per day, seven days per week.
Thirdly, organisations should adequately educate their employees, which will enable them to identify security threats and reduce exposure. At du, we support organisations with various security consulting services that help them understand their security posture, identify gaps, and provide solutions to strengthen their overall cyber resiliency. These revolve around strengthening security controls, better protecting endpoints, and offering a complete security operations management service in our Security Operations Centre. This is operational 24 hours per day, seven days per week, and enables fast detection and response to breaches and minimises impacts on organisations.
Do you believe companies today have accelerated their digital transformation initiatives?
In the latest IDC CIO Study, it is clear that 78 per cent of CIO’s have accelerated their digital transformation initiatives by at least one year or more, with digital resiliency, business continuity, and automation the key themes driving faster digital transformation. In the UAE, migration to the cloud is a critical leap for many organisations. This is the foundational platform for many digital transformation initiatives, with cloud security also becoming a major focus.
What are the cybersecurity trends for 2021?
In the digital era, the amount of data is exponentially increasing, so are the attacks surfaces and the number of sophisticated attacks. Thus, advanced security technologies such as Security orchestration and automation are key for the future, as is leveraging artificial intelligence and machine learning capabilities to reduce reliance on people and eliminate human error. These emerging trends enable organization to better analyze data to better predict attacks and ultimately prevent them.
What are the key factors to consider to make sure digital economies of today are secured?
One of the biggest recommendations for any organisation securing their digital environment is to rethink the way they approach security. Today, the traditional perimeter, restricted to the office or enterprise data center, is quickly disappearing. Workloads and data are being distributed across multicloud environments. Employees expect to be able to work from home using any device. Today, more than ever, Cybersecurity is no longer confined to IT.
In fact, cybersecurity has been elevated to a boardroom topic due to its direct correlation to Trust. According to a Global survey by IDC, 60% of CEOs globally listed Digital Trust among their top 5 priorities. To stay ahead and effectively managed risk, organizations need to initiate a digital trust framework within their organization that focuses on delivering key cybersecurity outcomes including Vulnerability, Identity Management, Trust Management and Threat Management.
Those outcomes can only be achieved if key capabilities covering prediction, protection, detection and response are put in place. Coupled with educating employees well so they are cyber aware, this will make a real difference as the source of most breaches comes from human error due to lack of understanding and awareness.