Cyber Security
AI and Automation Tech Are Critical to Modern Security Operations
Steve Benton, the Vice President of Anomali Threat Research, says cyber threat has become a full-on business interruption risk
Tell us about the security threat landscape in the MEA region.
Disruption from ransomware and data breaches remain among the top impacts on organizations in the MEA region. Priority investment in Resilience and Preparedness is paramount, and this must use Threat Intelligence to inform it. The region has evolved into a neighbourhood of rapidly growing digital economies. The investment, innovation, and accelerated business growth that defines the region have made it a lucrative target for threat actors.
Actors are working hard to discover entry points and achieve persistence, especially with the objective of stealing sensitive data. Knowing an organization’s attack surface, backed by relevant threat intelligence, is key to prioritizing its reduction and wider preparedness for attack. All of this is in addition to the obvious – energy, oil and gas. Historically this has been the focus in the region and hence the leverage in and beyond the region. Risks to the reliable production of energy remain and are accentuated during times of geopolitical tension.
Geopolitics in the region cannot be ignored. Regional tensions have the potential to destabilize the region and drag countries and global powers into a wider conflict. At a time like this, it is wise for all organizations to adopt threat-led security operations that utilize multiple and overlapping threat defences. Not only will this assure organizations and wider nations during times of uncertainty, but in the long term, this approach is vital to ensure continued growth and success for the MEA region.
Do you believe AI and automation tech are critical to addressing the complexities of modern security operations?
Without a doubt, both are critical to modern security operations. In fact, security operations are now at the very core of assuring both business operations and growth and the safety and security of wider society. Organizations are digitally hugely complex in their own right, and cyber threats have become equally complex. The span of data from security monitoring against the rules and the latest indicators of compromise and attack has grown significantly.
Security is rapidly hitting two major challenges – cost and speed. Better ways need to be found to afford the visibility into the security of an organization that is so desperately needed. This visibility must be bonded to the latest threat intelligence, applied at pace with insights derived, understood, and acted on as a continuous and dynamic security posture and response.
Nothing less will serve the needs of a modern security operation. However, this challenge has gone beyond the capability of any traditional security team. I know I’ve led significant security teams for much of my career, but today, teams need the ability to fully automate their protection and detection and use intelligence writ large.
What I mean by this is the latest threat intelligence relevant to the organization allied with artificial intelligence that partners with the analysts, saving them huge amounts of time and making decisions faster with more precision and impact. It is time for analysts to be able to do things differently, achieve the level of performance they deserve, and fulfil their security missions. We owe it to them! AI, automation, and visibility unlock the door.
According to you, what are the opportunities and challenges for IT security in 2024?
Cyber threat has become a full-on business interruption risk, and for many fully digitized organizations, this is an existential threat – the business literally stops and may never recover. Security has become limited by the capacities and affordability of the visibility and control needed to properly protect the business.
IT security is at a crossroads – compromise with traditional approaches and technology or optimize with an all-encompassing approach that addresses the constraints of visibility, automation, and smart use of AI to achieve the security needed. The traditional beating heart of SIEM and SOAR needs addressing – that’s the opportunity and the challenge.
The answer is threat-led security operations. For that, a different type of SIEM/SOAR is needed. It needs to have been designed around the analysts and what they need to be successful. They need visibility, insight, and pace. Visibility is across their enterprise and the security controls ecosystem. Insight is the bonding of threat intelligence to both the security posture and detecting malicious or suspicious activity.
Pace is the ability to reach a decision and act on this visibility and insight to disrupt attacks and minimize harm. For that, the analyst needs AI with them every step of the way – their own Copilot that understands their enterprise and the threat landscape – sifting through the data and guiding preparation and response.
Is there a skills gap in the cybersecurity industry, especially in the Middle East? How can that gap be bridged?
Absolutely, there is a skills gap – driven by scarcity of supply, the pace of complexity in defending the modern digital enterprise in an ever more dynamic threat landscape, and burnout. Analysts have literally run out of time in their day. Analysts don’t fail, they simply get outstripped by the defensive workload or incident response pace. All they need is the time to understand the threats properly formulate and execute optimal responses at the pace that protects the business and prepares its resilience going forward.
They are trapped on a stress-inducing merry-go-round – dealing with alert after alert – but never feeling they are getting ahead. Anomali has always had the needs of the Analysts at its heart. Our latest platform combines blistering pace, comprehensive visibility, and Anomali Copilot, which empowers all analysts to play at an elite level in protecting their organizations using intelligence (combining threat intelligence and AI) with security operations in a completely different way.
How important are channel partners for Anomali’s regional presence?
Channel partners are critically important for Anoamli’s regional presence. They bring a nuanced understanding of the regional market and customer intimacy. Often, they are able to knit the Anomali solution with the wider needs of the organization or spot where Anoamli’s game-changing capabilities and cost-effectiveness can be pivotal.
Cyber Security
SANS Institute to Boost Cyber Resilience in Bahrain and Qatar
SANS Institute is set to bring world-class cybersecurity education to professionals across the Middle East with SANS Manama (7-12 September) at InterContinental Bahrain, followed by SANS Doha (14-19 September) at InterContinental Doha. The courses are designed to educate professionals on current and emerging cyber threats, ensuring that participants are confident in the latest industry trends, tools, and techniques.
SANS Manama September 2024 (7-12 September) offers the following courses:
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
- LDR414: SANS Training Program for CISSP Certification
FOR508 is an in-depth course that equips incident responders and threat-hunting teams with advanced skills to detect, identify, counter, and recover from a wide range of threats within enterprise networks, including those posed by nation-state adversaries, organized crime syndicates, and ransomware operators. LDR414 is an accelerated review course specifically designed to prepare students for the CISSP exam. It focuses exclusively on the eight domains of knowledge defined by (ISC)², which are critical to passing the exam.
A highlight of SANS Manama will be the Community Night session on 9 September, titled “Justice Denied: How Bad Digital Forensics Threatens and Undermines Justice.” This session will delve into three real-world cases—one criminal and two civil—to demonstrate how digital forensic evidence, when presented by unqualified or biased practitioners, nearly destroyed lives in court. The session will also illustrate how a proper scientific approach to digital forensics can help achieve justice.
SANS Doha September 2024 (14-19 September) will feature:
- SEC504: Hacker Tools, Techniques, and Incident Handling
- SEC560: Enterprise Penetration Testing
SEC504 will teach students how to effectively respond to breaches across Windows, Linux, and cloud platforms, providing insight into the tools and techniques attackers use, the artefacts they leave behind, and how to build better defences based on this knowledge.
SEC560 is designed to strengthen the skillset of penetration testers while also training system administrators, defenders, and other security professionals to understand the mindset and methodologies of modern attackers.
Ned Baltagi, Managing Director for the Middle East, Africa, and Turkey at SANS Institute, emphasized the importance of these events, by saying, “As cybersecurity threats continue to evolve, professionals in the Middle East must stay ahead of the curve. These training sessions are not just about learning new skills—they are about building a stronger, more resilient cybersecurity community. We are committed to empowering individuals with the knowledge and tools they need to protect their organizations and, by extension, the region as a whole.”
Cyber Security
MENA Region Sees Surge in Managed Security Services Adoption, Says SearchInform
SearchInform, the leading information security and risk management solutions vendor, has conducted an extensive survey among organizations in the Middle East and North Africa (MENA) region to assess their approach to information security. The results show a significant shift towards outsourcing security functions, with nearly 70% of organizations either already using Managed Security Services (MSS) or planning to do so shortly.
This survey involved business executives, information technology and security (IT, IS) professionals, and Chief Information Security Officers (CISOs) from both public and private sectors. The research aimed to evaluate the current state of corporate protection and identify priorities in ensuring information security amid the region’s unique challenges. Notably, 80% of respondents reported an increase in their information security budgets over the past year, reflecting a growing recognition of the need for robust security measures. Only 22% of respondents reported budgets haven’t changed, no one reported a decrease in budgets.
SearchInform’s findings indicate that while many organizations have implemented basic cybersecurity measures such as Antivirus, Next-Generation Firewalls (NGFW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) and Endpoint Protection Systems (EPS); there is still a significant gap in the deployment of more advanced systems like Data Loss Prevention (DLP) and Security Information and Event Management (SIEM). These tools are critical for real-time monitoring and internal threat protection, yet only 29% of companies have implemented DLP, and a mere 5% have adopted SIEM systems.
Lev Matveev, Chairman of the Board of Directors at SearchInform, commented on the survey results, stating, “The increasing reliance on MSS highlights the ongoing shift in how organizations are approaching their cybersecurity needs. Outsourcing provides access to specialized expertise and technology, which is particularly vital in regions facing a shortage of skilled information security professionals.”
The research also revealed that internal threats are coming to the fore. More than half of respondents admitted experiencing one or more information security incidents, caused by insider actions. “To effectively combat internal threats, increasing the cybersecurity literacy of employees will reduce the risk of undesirable incidents. The second measure is the implementation of protective solutions that help prevent both accidental and deliberate incidents, such as data leaks, corporate fraud cases, theft, kickbacks and bribery, illicit access to confidential data, etc. In this regard, the integration of DLP and DCAP systems is necessary. DCAP-class systems that perform corporate file system analysis, classify data stored in the organization, handle the task of distributing access rights, and prevent the risk of data leakage and misuse at the initial stage. These are important components of the protective system, and the concept of DCAP systems is highly recommended by Gartner experts,” Matveev commented.
As the demand for MSS continues to grow, SearchInform’s local subsidiary in the UAE has seen strong interest from both businesses and governmental organizations, underscoring the importance of managed services in addressing the region’s complex security challenges. The global MSS market size is expected to grow from USD 30.6 billion in 2023 to USD 52.9 billion by 2028, with a Compound Annual Growth Rate (CAGR) of 11.5%.
Cyber Security
Positive Technologies: 16% of Darkweb Listings Involve Middle Eastern Organisations
In 2024, cyber criminals have shifted focus from personal data to stealing company credentials and trade secrets. One in six listings (16%) on the dark web featuring stolen government data involves organizations in the Middle East. This insight comes from Positive Technologies’ first study on data breaches in Russia, the Middle East, and globally. Their experts reviewed over 1,000 dark web listings and 700 public incident reports from the first half of 2024 worldwide.
Credential leaks from organisations hit a record high of 21% in the first half of 2024, up 9 percentage points from last year. The theft of commercial secrets and restricted information rose to 24% in the first half of 2024, an increase of 10 percentage points compared to the same period in 2023. Meanwhile, personal data theft incidents returned to pre-peak levels: dropping to 2022 levels in Q1 2024 to 37%, and then falling to 25% in Q2 2024.
In the first half of 2024, the industrial sector (39%), government agencies (36%), and transportation companies (29%) continued to lead in the share of leaks of commercial secrets and other restricted information. Notable victims include Hyundai Motor Europe and Volkswagen, with the latter losing documents on electric vehicle technology. IT companies are also at risk, with breaches involving internal processes and products accounting for 29% of incidents. In 2024, hackers allegedly accessed the source code of some Apple and AMD software.
Stolen credentials are often used for further attacks on these companies’ clients, primarily government organizations. Credential compromise is typically a step before more severe actions, such as theft of funds or system disruption. Ransomware was used in nearly a third of successful breaches involving data leaks. Dark web listings for government data heavily feature Middle Eastern countries (16%), with Asia (33%) in the lead, followed by Latin America and the Caribbean (18%). These regions are targeted by APT groups, mainly focusing on the public sector. Positive Technologies’ research on APT groups in the Middle East and Southeast Asia provides more details.
“Credentials are frequently sold on dark web forums, a key revenue source for cybercriminals. In March, access to a prominent UAE Bank’s website was listed for $10,000. The rise in these leaks is evident on the dark market—forums now offer access to dozens or hundreds of companies per post. In April, a listing was posted offering access to the infrastructure of 16 companies from various industries across Latin America, the Middle East, Europe, and Asia, with prices ranging from $250 to $5,000. According to the listing’s authors, these firms’ revenues range from $4 million to $2.8 billion. For instance, a UAE-based consumer electronics company with $6.5 million in revenue had its data valued at $400. In June, another listing offered credentials for over 400 companies, including access via Jira, GitHub, and GitLab,” notes Anna Golushko, Senior Analyst at Positive Technologies.
The number of dark web ads offering free information is nearly double those selling it (64% vs. 33%). This is because not all attackers aim to sell data; many demand ransom not to disclose it, though not all victims pay. In the first half of 2024, government organizations were often targeted specifically to steal personal data. More than half of ads on the dark web are priced under $1,000. Every tenth ad belongs to the most expensive category at $10,000 or more.
The most expensive offers (over $50,000) involve major financial institutions, retail giants, and IT companies. In Q2 2024, EDR developer Cylance suffered a cyberattack, resulting in 34 million emails and an unspecified volume of customer and employee data being sold for $750,000. Positive Technologies analysts highlight that every second successful attack on organizations in H1 2024 resulted in the leakage of confidential data. The largest number of incidents occurred in government agencies (13%), IT companies (12%), and industrial companies (11%).
Preventing data leaks requires a comprehensive approach, including tools to protect user devices, corporate networks, and the data itself. As corporate data infrastructures evolve into complex systems that are constantly changing rapidly, a unified solution is essential to safeguard information, regardless of its complexity or location.
-
Cyber Security1 week ago
New Pig Butchering Scam Targets Victims, Warns Chainalysis
-
Cyber Security6 days ago
Positive Technologies: 16% of Darkweb Listings Involve Middle Eastern Organisations
-
Cyber Security5 days ago
MENA Region Sees Surge in Managed Security Services Adoption, Says SearchInform
-
Cyber Security6 days ago
Gartner Forecasts Global Information Security Spending to Grow 15% in 2025
-
Expert Speak1 week ago
Telegram’s Privacy Paradox: The Challenges of Balancing Security and Responsibility
-
Cyber Security6 days ago
Skills Gap Exposes Organisations to Risks
-
Cyber Security4 days ago
SANS Institute to Boost Cyber Resilience in Bahrain and Qatar
-
Channel Talk3 days ago
Check Point Software Launches New MSSP Portal for Partners