“In 2021 and beyond, the technological advances within 5G networks, cloud, edge computing, and touchless interfaces will give rise to new types of security vulnerabilities and threats. While digital transformation has many benefits, cybersecurity needs to be a top priority with enhanced readiness, resilience, and responsiveness. Otherwise, the benefits and capabilities of a digital environment can come crashing down,” says Haider Pasha, Chief Security Officer at Palo Alto Networks, Middle East and Africa (MEA), in an exclusive interview with Datatechvibe.
Cybersecurity is a hot topic, and organisations are only just beginning to understand the dangerous repercussions. While digitisation is the only way forward, organisations are forced to move cybersecurity to the top of their priority list. Despite it all, Pasha is confident that the Middle East IT heads are well-equipped to cover all the bases and overcome future challenges with the right cybersecurity strategies in place.
Palo Alto Networks is one of the world’s largest cybersecurity providers. The company makes software for protecting cloud environments, firewall appliances that run in on-premises data centres and a range of other breach prevention products. Recently, the company launched a wireless mesh router with built-in cybersecurity capabilities for enterprises that have embraced remote and hybrid working. In this interview, Pasha talks about the future of cybersecurity in the Middle East and the need for organisations to invest and lay a strong foundation for security with an effective strategy.
Excerpts from the interview
With the increasing AI-driven cyberattacks worldwide, what strategies would be the most powerful?
Artificial intelligence (AI) and machine learning (ML) are immensely helpful with many IT operations, especially security, changing the way we interact with technology and providing a more proactive, automated approach. However, while automation eliminates human errors, it doesn’t eliminate all mistakes if humans still make the final decisions. Human errors are one of the most common causes of AI-driven cyberattacks. Next-generation SD-WAN can help adapt to changes in your environment more quickly than human intervention can.
What cybersecurity trends do you foresee in the Middle East?
Huge investments are being made for the deployment of 5G, and with the changing working environment, we expect to see private 5G networks springing up to enable collaboration spots for staff in the redesigned office working spaces. In 2021 and beyond, the technological advances within 5G networks, cloud, edge computing, and touchless interfaces will give rise to new types of security vulnerabilities and threats.
Cybercriminals are targeting new touchless and contactless processes, such as QR codes, to intercept financial transactions or compromise systems to gain access to personal information.
In addition, with home offices, the weak point becomes the home network where many devices are connected to Wi-Fi hubs such as smart home devices – doorbells, TVs, digital assistants to family phones, tablets, wearables, and computers. As a result, the end devices and things around it become bigger risks to a business’s critical systems and information.
Nevertheless, Middle East IT heads are well-equipped to cover all the bases and overcome future challenges with the right cybersecurity strategies.
Also Read: WannaCry, Should You Still Worry?
What is the biggest challenge that Middle East companies must prepare themselves for?
Cybersecurity needs to be a top priority for the Middle East and global companies, especially as our workplaces and business processes are being digitised. Digital transformation comes with many benefits, but organisations can compromise confidential information and put their employees at risk without the right cybersecurity strategies in place.
To best prepare themselves, organisations should not just harden their defences but make it difficult for bad actors to breach their systems – making it expensive for them in terms of resources and time. It is also essential to be mindful of copycats who use successful attacks as blueprints to carry out new attacks.
I also recommend organisations ensure that they have not left themselves vulnerable by limiting access privileges with regular auditing, using multi-factor authentication, and educating their workforce. It is essential to have authentication solutions in place within the network, the cloud, and at the endpoint to prevent the installation and spread of any malware.
While digital transformation has many benefits, cybersecurity needs to be a top priority with enhanced readiness, resilience, and responsiveness. Otherwise, the benefits and capabilities of a digital environment can come crashing down.
Apart from AI, what other technology or a hybrid technology can shape the cybersecurity industry?
Digitisation plays an integral role across the majority of the sectors for organisations of all sizes and types. This became even more critical post the pandemic, where almost every organisation was forced to digitise using technologies such as AI, helping many business processes and reducing costs.
I foresee digitisation to continue growing with the implementation of several technologies, including networking, IoT, 5G, cloud, which has been beneficial to many enterprises. For instance, 5G is becoming quite essential for governments to implement smart city rollouts for better customer experience and for major upcoming events such as Expo 2020 Dubai, scheduled for next month.
The rollout of new technologies brings several benefits, but it also broadens the potential attack surface, and it is important to lay a strong foundation for security. Recent research from Unit 42, the threat intelligence team at Palo Alto Networks, indicates that 98 per cent of all IoT traffic is unencrypted, exposing personal and confidential data on the network, while 57 per cent of IoT devices are vulnerable to medium- or high-severity attacks, making IoT the low-hanging fruit for attackers. It is important that IT teams proactively prioritise security plans and strategies to protect confidential data.
Also Read: An Open Narrative on B2B Data Privacy
Privacy and cyber protection laws are becoming important across industries, how should organisations prepare?
Cybersecurity is a critical aspect within the technology infrastructure of organisations and business leaders, and the board must view cybersecurity as an everyday priority, not only when an intrusion occurs. Organisations must ensure there is a strong, quantifiable risk view of the business along with a commonly shared risk dashboard. In addition, enterprises need to quantify the gaps before implementing a new cybersecurity project and analyse how reducing risks will benefit the overall business.
Ransomware attacks from the dark web are increasing. What monitoring strategies would you recommend?
Our threat intelligence team, Unit 42, has discovered that the average ransomware payment increased to 82 per cent since 2020 to a record $570,000 in the first half of 2021.
The dark web is a part of the internet that cannot be found through search engines and is largely used for illegal practices. The dark web allows cybercriminals to purchase tools, which are then used in specific stages of the kill chain, helping them to make a monetary profit by selling stolen data from victims.
Organisations need to lay a strong foundation for security and manage risks proactively in the long run. It is helpful to identify the potential risks, have complete visibility of networks and ensure continuous monitoring of connected devices — the quicker the detection, the greater the ability to reduce the impact. Setting solid passwords alongside robust authentication methods and verification questions can go a long way in terms of passwords.