Brand View: Gulf enterprises of all scales and industry are under siege from cyber-imps; but what steps can they take to mitigate the harm and avoid becoming the next Equifax?
Around the world right now – in boardrooms and coffee shops, summits and conferences, kitchens and living-rooms – individuals and organisations are discussing cybersecurity.
They are asking how things could get so bad. How is it possible that someone living thousands of miles from my home or workplace could incapacitate my laptop or my corporate network? How could we have become so vulnerable?
The infamous WannaCry ransomware is estimated by Trend Micro to have infected some 300,000 machines worldwide and siphoned off about $4 billion from the global economy.
In February this year the UAE's, telecoms regulator TRA reported some 170 attacks against UAE government websites alone, in the opening weeks of 2018. And in 2017, according to Norton Security Insights, cyber criminals pilfered nearly AED 4 billion ($1.1 billion) from UAE-based victims.
Other data hints strongly at an answer to the question of how we have become so vulnerable. The top-line summary is: a lack of preparation and strategy. Some 73% of organisations failed a cyber-readiness test designed by UK insurance company Hiscox. And research conducted by Microsoft in the Arab Gulf region tells a similar story.
At last year’s GITEX Technology Week, in October 2017, Microsoft surveyed 1,000 Gulf-based enterprises and uncovered some worrying trends on cybersecurity preparedness. The company found that more than 80% of large GCC businesses still use usernames and passwords as the exclusive means of authentication. Only 11% said they used even rudimentary forms of multifactor credentials. Some 7% reported using fingerprint-scanning and less than 1% had adopted facial recognition.
“Such practices, lead to digital assets being extraordinarily vulnerable to malicious actors,” said Mohammed Arif, Regional Director, Modern Workplace & Security, Microsoft Gulf, commenting on the results of the survey.
“We also found that more than half of those surveyed complained of a 10%-or-higher proportion of unwanted emails in corporate inboxes, suggesting a shortfall in the efficiency – or perhaps a complete absence of – email filtering solutions. And some 41% admitted to having clicked on links within these unsolicited emails that led to unwanted websites, suggesting a lack of sufficient cybersecurity policy and training.”
Microsoft periodically hosts its CISO Executive series in locations across the Gulf. When Chief Information Security Officers were quizzed on similar security issues to those covered in the GITEX survey, similar results emerged. Some 60% of CISOs still use username and password only to log on to corporate networks, 30% use multifactor authentication, and around 5% use facial recognition. Among these seasoned security professionals, 15% had received a proportion of unwanted emails of up to 50%, and 24% had clicked on links within emails that led to nefarious sites.
“But things can get better,” said Arif. “Many organisations have found that moving to a trusted cloud environment is one of the best ways to build a sanctuary – to fortify your digital estate against outside threats.”
For UAE health insurance leader Daman, cyber security was a paramount concern. The company migrated to Windows 10 Enterprise and Office 365, and leveraged Azure AD Premium and Advanced Threat Analytics to build a solution designed to protect user identities and sensitive corporate data. To ensure that its employees were connected wherever or however they worked, Daman adopted Secure Productive Enterprise (SPE), Microsoft’s trusted, secure communication and collaboration platform, which integrates Office 365 with Enterprise Mobility and Security.
On implementation, Daman immediately found it was operating in a world of increased security and productivity, with global, regional and local offices better able to collaborate, and employee, customer and corporate data more secure.
“Enabling employees to better serve customers is an ongoing mission for Daman,” said Peter Bauer, Chief Information Officer, Daman. “In a competitive market, we needed a strong technology partner to help consolidate our position. Microsoft’s Azure cloud has fulfilled all of our priorities and even offered an affordable, risk-free environment to test future innovations.”
Dubai-based international aviation holding company Emirates Group, was eager to embrace a “cloud-first, mobile-first” approach as part of its digital-transformation journey. In 2016, the group re-evaluated its cybersecurity strategy to reduce operational complexity and secure its digital estate, while elevating the customer experience. The company partnered with Microsoft to protect users, data, applications and infrastructure from the threat landscape, while providing digital services accessible on any device from any location. It adopted Windows end-point protection, information protection, identity and threat protection and cloud security.
Two years on, Microsoft’s security and management solutions have become a core element of the group’s cybersecurity strategy, empowering the delivery of seamless and secure user experiences. Windows Defender ATP has allowed Emirates to simplify operations and defend its estate more efficiently.
“Microsoft 365-powered devices have provided Emirates with a modern workplace that will better address current and future business scenarios operating under strict security and change-management requirement,” Added Arif.
In pursuit of more secure environments for its regional customers, Microsoft will establish two dedicated cloud data centres, one in Dubai and one in Abu Dhabi, catering specifically to enterprises in the Middle East and Africa.
“Microsoft’s vision for cyber security is to innovate for the common defence; to ensure that all our customers can stop worrying about that threat landscape because they are in the safest possible hands. That’s why we spend $1 billion annually on cybersecurity R&D. To prevent the NotPetyas and the WannaCrys; to mitigate breaches such as that experienced by Equifax.
So we patrol our customers’ digital perimeters with constant vigilance, encrypting data at rest and in transit, instituting some of the industry’s most trusted practices. That way our customers can get on with the business of digital transformation – engaging consumers, empowering employees, optimising operations and reinventing products and services,” concluded Arif.
Brand View allows our business partners to share content with Arabian Business readers.
The content is supplied by Arabian Business Brand View Partners.