Connect with us

GISEC

Organizations Are Looking at MSSPs and GSIs to Fill the Skills Gap

Published

on

Roland Daccache, Systems Engineering Manager for META at CrowdStrike, says there’s a global cybersecurity workforce gap of 3.4 million people

Tell us about the cybersecurity trends for 2023.
In 2023, adversaries will leverage identity-based attacks for initial access and lateral movement, driving down breakout time. Throughout 2022, we have seen an increase in identity-based attacks and the development of sophisticated file-less techniques bypassing traditional multi-factor authentication defenses. While our latest Global Threat Report shows that malware-free attacks increased to 71% in 2022, up from 62% in 2021.

And it’s not just stolen credentials, as pass-the-cookie, golden-SAML, and even social engineering with MFA fatigue add to the ever-growing ways to compromise an identity. In 2023, we predict adversaries will break out more quickly by compromising identities to move laterally between endpoints to deploy ransomware, achieve business email compromise (BEC) by accessing email infrastructure or exfiltrate critical data from Azure, GCP, or AWS public cloud infrastructure.

What is the theme of your participation at GISEC 2023?
This year, Fabio Fratucello, International Field Chief Technology Officer at CrowdStrike will be speaking on the main stage at GISEC on March 15, 2023, at 12:35 PM. Fratucello’s talk is titled “Detection and Response in 2023: What we have learned from the past and what the future looks like”.

The session will review the strengths and weaknesses of the modern security operation practice and will highlight how designing cyber fundamentals right is more than ever critical to implement a cost-effective, long-term cyber detection and response strategy. Furthermore, Philippe Farhat, Sales Engineer at CrowdStrike, will host a session live hack titled “Corporate Espionage via a Malware Free Attack” at GISEC on March 14, 2023, at 3:00 PM in the Dark Stage. GISEC visitors can visit the CrowdStrike booth in Hall 8 / Stand A5.

Which products and solutions will you be showcasing at GISEC 2023?
We will be announcing a global partnership with Dell during GISEC. This year, our theme at GISEC is all about proactive security. Our customers have been asking us how they can leverage the CrowdStrike platform to reduce the number of tools they need to protect their environment. We are very happy to introduce our latest modules, which include Falcon Surface, our external attack surface management solution, coupled with the enhanced Falcon Spotlight, our vulnerability management module, to provide organizations with a 360 degrees view of their exposure, from inside out and outside in. We are also looking forward to connecting with prospective customers, learning about new developments in the industry, building partnerships and meeting distributors, and optimizing our sales and lead generation strategy.

How are you equipped to help companies overcome digital security and privacy challenges?
CrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people, processes, and technologies that drive modern enterprise. CrowdStrike secures the most critical areas of enterprise risk – endpoints and cloud workloads, identity, and data – to keep customers ahead of today’s adversaries and stop breaches.

Powered by the CrowdStrike Security Cloud, the CrowdStrike Falcon platform leverages real-time indicators of attack, threat intelligence on evolving adversary tradecraft, and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting, and prioritised observability of vulnerabilities – all through a single, lightweight agent. With CrowdStrike, customers benefit from superior protection, better performance, reduced complexity, and immediate time-to-value.

Is there a skills gap in the cybersecurity industry? What needs to be done in order to bridge that gap?
According to the (ISC)² 2022 Cybersecurity Workforce Study, there’s a global cybersecurity workforce gap of 3.4 million people. As a result, organizations will look to MSSPs and GSIs to fill this gap. The benefit for organizations leveraging MSSPs is that they provide 24/7/365 expert monitoring without the need for additional staffing. As for GSIs, they can help organizations manage the complexity inherent in cybersecurity and solve business challenges through implementation services.

Furthermore, organizations can address the skills gap through a consolidated, platform approach that reduces operational and technical expertise. This can be further supplemented through managed services. For example, a managed security service for the cloud can deliver 24/7 expert security management, continuous human threat hunting, monitoring, and response for cloud workloads, which can be thought of as an extension of a company’s SOC team.

Cyber Security

Positive Technologies Reports 80% of Middle East Cyberattacks Compromise Confidential Data

Published

on

A new study by cybersecurity firm Positive Technologies has shed light on the evolving cyber threat landscape in the Middle East, revealing that a staggering 80% of successful cyberattacks in the region lead to the breach of confidential information. The research, examining the impact of digital transformation, organized cybercrime, and the underground market, highlights the increasing exposure of Middle Eastern nations to sophisticated cyber threats.

The study found that one in three successful cyberattacks were attributed to Advanced Persistent Threat (APT) groups, which predominantly target government institutions and critical infrastructure. While the rapid adoption of new IT solutions is driving efficiency, it simultaneously expands the attack surface for malicious actors.

Cybercriminals in the region heavily utilize social engineering tactics (61% of cases) and malware (51%), often employing a combination of both. Remote Access Trojans (RATs) emerged as a primary weapon in 27% of malware-based attacks, indicating a common objective of gaining long-term access to compromised systems.

The analysis revealed that credentials and trade secrets (29% each) were the most sought-after data, followed by personal information (20%). This stolen data is frequently leveraged for blackmail or sold on the dark web. Beyond data theft, 38% of attacks resulted in the disruption of core business operations, posing significant risks to critical sectors like healthcare, transportation, and government services.

APT groups are identified as the most formidable threat actors due to their substantial resources and advanced technical capabilities. In 2024, they accounted for 32% of recorded attacks, with a clear focus on government and critical infrastructure. Their activities often extend beyond traditional cybercrime, encompassing cyberespionage and even cyberwarfare aimed at undermining trust and demonstrating digital dominance.

Dark web analysis further revealed that government organizations were the most frequently mentioned targets (34%), followed by the industrial sector (20%). Hacktivist activity was also prominent, with ideologically motivated actors often sharing stolen databases freely, exacerbating the cybercrime landscape.

The United Arab Emirates, Saudi Arabia, Israel, and Qatar, all leaders in digital transformation, were the most frequently cited countries on the dark web in connection with stolen data. Experts suggest that the prevalence of advertisements for selling data from these nations underscores the challenges of securing rapidly expanding digital environments, which cybercriminals are quick to exploit.

Positive Technologies analyst Alexey Lukash said, “In the near future, we expect cyberthreats in the Middle East to grow both in scale and sophistication. As digital transformation efforts expand, so does the attack surface, creating more opportunities for hackers of all skill levels. Governments in the region need to focus on protecting critical infrastructure, financial institutions, and government systems. The consequences of successful attacks in these areas could have far-reaching implications for national security and sovereignty.”

To help organizations build stronger defenses against cyberthreats, Positive Technologies recommends implementing modern security measures. These include vulnerability management systems to automate asset management, as well as identify, prioritize, and remediate vulnerabilities. Positive Technologies also suggests using network traffic analysis tools to monitor network activity and detect cyberattacks. Another critical layer of protection involves securing applications. Such solutions are designed to identify vulnerabilities in applications, detect suspicious activity, and take immediate action to prevent attacks.

Positive Technologies emphasizes the need for a comprehensive, result-driven approach to cybersecurity. This strategy is designed to prevent attackers from disrupting critical business processes. Scalable and flexible, it can be tailored to individual organizations, entire industries, or even large-scale digital ecosystems like nations or international alliances. The goal is to deliver clear, measurable results in cybersecurity—not just to meet compliance standards or rely on isolated technical fixes.

Continue Reading

GISEC

ManageEngine @ GISEC Global 2025: AI, Quantum Computing, and Ransomware Form Part of Cybersecurity Outlook for 2025

Published

on

As AI-powered attacks and quantum computing reshape the cyber threat landscape, organizations must rethink traditional defense strategies. In an exclusive interview, Sujoy Banerjee, Associate Director at ManageEngine, reveals how businesses can prepare for 2025’s most critical threats—from AI-generated phishing scams to quantum-decrypted ransomware (more…)

Continue Reading

GISEC

Positive Technologies @ GISEC Global 2025: Demonstrating Cutting-Edge Cyber Threats and AI Defense Strategies

Published

on

At GISEC Global 2025, Positive Technologies showcased live demonstrations of sophisticated hacking techniques while emphasising the growing role of AI in both cyber attacks and defense. In an exclusive interview with Security Review, Ilya Leonov, the Regional Director at Positive Technologies revealed insights about the Middle East’s evolving threat landscape, their work with regional governments, and why investing in human expertise remains critical despite advancing technologies (more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.