FINAL WORD
“
THE GEOPOLITICAL
SITUATION HERE LEADS TO
INCREASED THREAT AND WE SEE A
CORRESPONDINGLY HIGH VOLUME OF
NATION STATE ATTRIBUTED ATTACKS.
Can you give an overview of the
threat landscape within this region? over one billion dollars so we’re talking
huge business impact.
I think in this region, more than any other,
we see nation state actors as the primary
threat. The geopolitical situation here
leads to increased threat and we see a
correspondingly high volume of nation state
attributed attacks. At the time it hit, executives might not have
even been aware what ransomware is or how
it works.
So education is key, not just for end-users
but for executives, who have to invest in
and take responsibility for the security of
an organisation.
How are organisations and enterprises
responding to these attacks?
Can you offer insight into what it’s
like to be working on the frontline of
incident response?
We’ve definitely seen an increase in maturity
and investment. I think the biggest thing
we’ve seen is an investment in technology
aimed at defending against these attacks.
In this region, maybe more than anywhere
else, we see a lot of organisations,
particularly bigger ones such as
petrochemical, financial services and
government, investing heavily in technology.
But I think there’s definitely more work to
be done around the kind of strategy and
approach, and people and process behind
the technology.
What best practice advice would
you offer those looking to improve
their approach?
I always say getting the basics right
is key. And that might be multi factor
authentication, particularly for remote
services, password complexity and
segmenting your network, making sure that
your critical data is separated from your non-
critical data.
I think some organisations probably haven’t
even gone through that process of saying,
‘what is our critical data?’ And if you look
at our research, but also pretty much all
research in this space, most attacks still start
with a phishing email. If you get these basics
right, you educate your users, you have multi
46
INTELLIGENTCIO
We always have the issue that no one’s
ever pleased to see us – we’re always there
because they have a problem.
Alister Shepherd – Director, Middle East
and Africa, for Mandiant, the consulting
arm of FireEye
factor authentication, suddenly that initial
hurdle to get into the environment through
phishing becomes so much harder.
How much of a role does education
and on-going training have to play?
I think it’s key for a couple of reasons. You
can always debate whether end-users have
responsibility, and we would say they do, but
of course they’re not experts, so they can
always be tricked and you can’t blame the
end-user sometimes for falling for what’s
quite a sophisticated attack.
Educating end-users will increase the
bar but I think educating executives is
really important – they’re not technical
specialists, but they are responsible for the
business impact.
If you look at public attacks like WannaCry
or NotPetya, there were organisations
caught up in that where the total bill was
It tends to be that we’ll get a call, often on
a Thursday or Friday night, from someone in
a panic, who has a significant problem. So
that’s the start point.
I think we then always have our own
education piece because often we’re dealing
with, let’s say the technical team or a CISO,
who understands what a cyberattack is but
not how it’s going to play out.
They’ve got one system that’s behaving
oddly and they want us to focus on that
system. Quite often when we see APT 34,
for example, they will have either tens
or sometimes hundreds of systems that
they’ve compromised.
I think the most difficult part of being on the
front lines is you’re constantly giving more
bad news to the victim, until they get this
full realisation that it’s not likely to be just
one system or a few systems, it’s likely to be
network wide, multiple systems and multiple
accounts. In the worst cases, we’ve seen
attackers have been in an environment for
up to five years. n
www.intelligentcio.com