Intelligent CIO Kuwait Issue 5 | Page 46

FINAL WORD “ THE GEOPOLITICAL SITUATION HERE LEADS TO INCREASED THREAT AND WE SEE A CORRESPONDINGLY HIGH VOLUME OF NATION STATE ATTRIBUTED ATTACKS. Can you give an overview of the threat landscape within this region? over one billion dollars so we’re talking huge business impact. I think in this region, more than any other, we see nation state actors as the primary threat. The geopolitical situation here leads to increased threat and we see a correspondingly high volume of nation state attributed attacks. At the time it hit, executives might not have even been aware what ransomware is or how it works. So education is key, not just for end-users but for executives, who have to invest in and take responsibility for the security of an organisation. How are organisations and enterprises responding to these attacks? Can you offer insight into what it’s like to be working on the frontline of incident response? We’ve definitely seen an increase in maturity and investment. I think the biggest thing we’ve seen is an investment in technology aimed at defending against these attacks. In this region, maybe more than anywhere else, we see a lot of organisations, particularly bigger ones such as petrochemical, financial services and government, investing heavily in technology. But I think there’s definitely more work to be done around the kind of strategy and approach, and people and process behind the technology. What best practice advice would you offer those looking to improve their approach? I always say getting the basics right is key. And that might be multi factor authentication, particularly for remote services, password complexity and segmenting your network, making sure that your critical data is separated from your non- critical data. I think some organisations probably haven’t even gone through that process of saying, ‘what is our critical data?’ And if you look at our research, but also pretty much all research in this space, most attacks still start with a phishing email. If you get these basics right, you educate your users, you have multi 46 INTELLIGENTCIO We always have the issue that no one’s ever pleased to see us – we’re always there because they have a problem. Alister Shepherd – Director, Middle East and Africa, for Mandiant, the consulting arm of FireEye factor authentication, suddenly that initial hurdle to get into the environment through phishing becomes so much harder. How much of a role does education and on-going training have to play? I think it’s key for a couple of reasons. You can always debate whether end-users have responsibility, and we would say they do, but of course they’re not experts, so they can always be tricked and you can’t blame the end-user sometimes for falling for what’s quite a sophisticated attack. Educating end-users will increase the bar but I think educating executives is really important – they’re not technical specialists, but they are responsible for the business impact. If you look at public attacks like WannaCry or NotPetya, there were organisations caught up in that where the total bill was It tends to be that we’ll get a call, often on a Thursday or Friday night, from someone in a panic, who has a significant problem. So that’s the start point. I think we then always have our own education piece because often we’re dealing with, let’s say the technical team or a CISO, who understands what a cyberattack is but not how it’s going to play out. They’ve got one system that’s behaving oddly and they want us to focus on that system. Quite often when we see APT 34, for example, they will have either tens or sometimes hundreds of systems that they’ve compromised. I think the most difficult part of being on the front lines is you’re constantly giving more bad news to the victim, until they get this full realisation that it’s not likely to be just one system or a few systems, it’s likely to be network wide, multiple systems and multiple accounts. In the worst cases, we’ve seen attackers have been in an environment for up to five years. n