Download to read offline
Uploaded byGrafic.guru
Security Digital Connect
The document discusses emerging cyber threats in the Gulf region. It notes that cyber attacks in the first half of 2013 had already surpassed all of 2012 according to reports from the DHS and IBM. Several Gulf banks and infrastructure and energy companies in the region experienced cyber attacks and data breaches. The top cyber threats prevalent in the Gulf in 2014 are expected to be state-sponsored attacks, advanced persistent threats, and internal data leaks. The document advocates for Gulf organizations to outsource security functions to managed security service providers to gain access to specialized expertise, ease compliance burdens, and allow internal teams to focus on other priorities.
More Related Content
Similar to Security Digital Connect
More from Grafic.guru
![Where to Buy LinkedIn Accounts_ [12 Best Sites] (3).pdf](https://cdn.slidesharecdn.com/ss_thumbnails/wheretobuylinkedinaccounts12bestsites3-251124162550-95b6ddfa-thumbnail.jpg?width=640&height=640&fit=bounds)
Security Digital Connect
- 1.
- 2. Emerging Threat Landscape Motivation VSSophistication
- 3. Widening Attack Surface Attackrates can differ great between industries How does yours compares? Source: 2013 IBM Source: Cyber Security Intelligence Index According to a recent report by the DHS of USA and IBM, Security Incidents in the FIRST HALF OF 2013 HAD ALREADY SURPASSED 2012!
- 4. And closer tohome.. Cyber attacks rob $45m from Gulf Banks Cyber attacks on Gulf Infrastructure seen rising UAE Central Bank thwarts hacking bid Qatari Gas company hit with Virus in wave of attacks on Energy Companies Hack on Saudi Aramco hit 30,000 workstations, oil firm admits Dubai Police social media accounts hacked Multi-Source fragmentation attack on Qatar Attackers Leverage new IE zero-day in ‘Clandestine Fox’ op UAE online stores increase security after Heartbleed bug
- 5. •Growth oriented Vision •BurgeoningEconomy •High Disposable Incomes •Adoption of disparate technologies •Business Hub & Centre of World Events •Unique Geo-Politics & Socio-Economics •Paucity of Skilled Resources •Inadequate Cyber Laws •Evolving Compliance Frameworks HeadwindsTailwinds Implications •Hotbed for Security activity •Technology investments have become white elephants •Attacks targeting HNIs •Influx of people with criminal intent •Fraudsters getting off the hook UAE’s Unique Mix
- 6. Industry Speak 2013– Top 3 Threats Malware Information / Data Leakage Targeted Attacks 2014 – Top Security Initiatives Review Posture Incident Response Capabilities Specialist Service Provider 2014 – Top Threats Prevalent State Sponsored APT Internal Leaks Effect of Disruptive Technologies Increases Risk exposure Blurring of boundaries Date Deluge Skills Availability Paucity of right skills High Attrition Continuous up gradation challenging • Readiness for MSSP services • Has to coexist • Specialized expertise • Ease of compliance
- 7. Security Strategies 7 Staffing –Lack of IT Security resources Maintaining Security Increased Sophistication of Attacks Lack of Budget / ROI justification Integration of multiple systems from multiple vendors Concerns related to IT vendors / suppliers and partners
- 8. Risk Transfer toService Provider • Delivers flexible managed security services that align with client goals • Reduce the information security and compliance burden • Enhances organizations’ existing security program, infrastructure and personnel Simplify • Management & Compliance Complexity Manage • Paucity and retraining skills • Ever changing threat & technology landscape • The service provider offers a Full OpEX model giving better ROI • Re-use of customer CapEX, no new CapEX Control • CapEX on technology acquisition • OpEX on Operate Monitor • Continuous Monitoring • Predictable service levels • The service provider maintains a competent team abreast with latest products and technical knowhow which can become an extension of internal teams • Enables organization to better utilize and focus internal teams • Full maintenance, updates, rule changes, and tuning • 24/7 monitoring by security experts
- 9. Etisalat – MSSPclass Services • Clean Pipes • DDoS Mitigation • Cloud UTM • Cloud Web & Email Security • Threat Intelligence Services • Brand Protection & Anti- Fraud Services • Virtual SOC Services • Managed Endpoint & Mobile Security • Vulnerability Management • Security Testing & Assessments • Security & Governance Program Development • Compliance & Certification Services • Residency Services • Security Awareness Training Solutions • Security Operations Center Services • Security Device Management • Managed PKI
Editor's Notes
- #3 Add subtitle as Motivation VS Sophistication
- #8 Let us now break down the problems are look for viable, sustainable strategies I will not spend too much time defining the challenges as I am sure most of us actually live through them on a daily basis. Instead let us look at the possible solutions I cannot stress enough on this point that there is really no silver bullet in information security. We have had a culture in this region of throwing boxes at problems, in essence buy new technology for every new security problem. Case in point – SIEM technologies were adopted by this region faster than the world, but the end result was often poorly architected solutions where the business could never derive full benefits of the technology because of poor understanding and a lack of specialist skills. We need to first go back to the basics – accept that our business is at risk, make this a board room discussion, this will not only make securing funds easy but also make key stakeholders aware of the risks to the business and the importance of information security in the enterprise. Finally without being too prescriptive, what we really need to be investing in rather than boxes is services. Information Security is a battle that can be won only with the combination of best People, best Processes and best Technology.