Intelligent security is increasingly becoming vital as GCC CISOs continue to battle against increasingly sophisticated threats, according to experts.
Erdal Ozkaya, Cybersecurity Architect at Microsoft, said, “An alarming number of regional organisations are still using outdated strategies and authentication models, even as international headlines continue to illustrate the intensity of the ongoing battles against bad actors.”
Ozkaya made these remarks during Microsoft’s most recent CISO Executive Series, where industry experts and Chief Information Security Officers gathered to share and discuss current trends in cybersecurity.
As part of the discussion, Microsoft highlighted the results of its latest Security Intelligence Report, which analysed threat intelligence gathered from a global customer base across 100+ countries and millions of computers revealed three important trends in 2017.
The survey delved on the impact of Botnets, and how they continue to affect millions of computers globally, infecting them with old and new forms of malware. The second most notable trend was low-cost attack methods being used by Hackers for potentially higher returns. Third and still trending were Ransomware, which is still does not seem to be slowing down.
The study revealed that 10.2 percent of computers experienced malware of some kind, compared with a worldwide average of about 7.8 percent. Another research conducted by among chief information security officers in the gulf region in 2017, which revealed that 60 percent of regional organisations still use usernames and passwords to authenticate users to corporate networks.
It also showed that only 30 percent use two-factor authentication (2FA) – the combination of username-password with SMS or some other form of mobile notification. About 5 percent said they used facial recognition.
Ozkaya highlighted that intelligent cloud is armed with weapons that help thwart the ever-growing number attacks. “Microsoft will continue to strengthen those capabilities on behalf of our customers, as we progress with forums like The CISO Executive Series, where security professionals can hear from seasoned White Hat experts and likeminded CISOs.”
Along with Microsoft’s security experts, other industry leaders also addressed attendees at the event. Megha Kumar, Research Director at IDC, presented “The Evolving Security Landscape”, and Sheikh Shadab, Associate Director, Head of Cyber Security, KPMG, gave a talk on “Boardroom Engagement and Oversight in Cyber Security”.
“There are malicious parties out there that seemingly never sleeps; so CISOs need to take a 24-7, 360-degree view of cybersecurity,” said Megha. “The challenge has always been to find a workable middle ground between the rigidity of IT policy and the flexibility needed to be an agile, digital business.”
Meanwhile, Mohammed Arif, Regional Director, Modern Workplace and Security, Microsoft Gulf, urged CISOs to create more holistic cyber strategies.
“You need to consider that you will be breached. And then you need to consider what happens next. What do you do? Who do you call? How do you get back on your feet? Never forget that business continuity is as important as the protection of intellectual property.”
The Microsoft Gulf CISO survey also revealed that 24 percent of CISOs said their users had clicked on links within emails and discovered they led to websites of unknown origin.
Only 21 percent reported having a data-classification solution in place, with almost half (47 percent) saying they were still in the process of acquisition and 32 percent saying they had yet to make progress.
“From the boardroom to employees – everyone needs to be vigilant and trained in best practices,” said Sheikh Shadab. “Appropriate technology tools must be complemented by policies that are sensibly and consistently enforced. Only then can organisations hope to adequately protect customers.”