Raise The Bar On Security By Anticipating Threats

The millions of connections between devices, networks as employees work from home and the increasing use of cloud technology have made the concept of securing a perimeter around any organisation almost obsolete. A new approach to security is imperative.

Talking about the technology trends that can have a big impact on the security industry in 2022 and beyond, Quentin Gaumer, Director of information security engineering and cyber resilience at Careem, says, “Time is critical when we have a security-critical incident, so having AI capabilities to automate responses helps. Another trend for security is anticipating a threat; having a risk management process, mainly controls to mitigate the risk at strike, is the priority.” 

Gaumer shares insights on establishing a strong security culture in an organisation and the mass shift to working from home precipitated by the pandemic-created security challenge.

Excerpts from the interview:

The pandemic forced organisations to relook at their IT operations. Tell us about two common challenges and how enterprises can deal with them.

In the last two years, the impact of the pandemic on organisations is around employees working from home. That’s something new for some companies. I’m French, and so in Europe, working from home is not part of the culture. It’s crucial to think about security when working from home. Companies had to figure out how to mitigate risks and have the infrastructure to address them. Big banks and companies always had a VPN endpoint that allowed their employees to access their internal IT environment. How many people will access it at the same time? In the last two years, companies have had to rethink how their IT environment is accessed by their employees working from home while still providing a good employee experience. 

The second challenge is around access control for more or less the same reason, since employees are no longer working in the office. The kind of control we can put in place has changed, and IT engineers had to review the access control to address it.

There have been several data security breaches worldwide, including in the Middle East, in the last two years. How can businesses train their workforce to be safe? 

Security awareness and security training are the main challenges for organisations. We need just one employee to click on a link and open a malicious attachment for the company’s entire network to be compromised. It’s a balance between awareness and, of course, technical controls.

Security culture is not about having awareness training, let’s say every month or for every new joiner, but security should be part of the companies’ core values. It means when I suspect something, I share it and report it. That should become part of the culture, which is still a challenge for organisations to build. 

Being transparent is essential. For example, if I ask a developer or an infrastructure engineer to do something, they need to understand why they’re doing it from a security perspective and be transparent. Sharing a couple of sensitive access control scenarios with them is very important; why we need to implement those controls will raise the awareness of those kinds of profiles in companies. 

What technology trends can we expect to have a big impact on enterprises in 2022?

My area of expertise is security, so one of the big trends is artificial intelligence and automation. For example, incident management, incident detection, and DDoS protection have become a little more mature in terms of controls and detection capabilities, but what we need now is to think about patterns that we could not anticipate. Let’s say, threat modelling or risk. This is where AI will help us. When we have an application, a software that is supposed to work in a specific way from a business perspective, not from a technological perspective, having AI capabilities to alert us to strange and suspicious behaviour will help us in the decision-making process. 

Time is critical when we have a security-critical incident, so having AI capabilities to automate responses helps. Another trend for security is anticipating a threat; having a risk management process, mainly controls to mitigate the risk at strike, is the priority. If we want to raise the bar on security, we should anticipate threats. Threat intelligence capabilities are important for organisations. 

How do you stay current?

In the security industry, we never stop learning. Training and being aware of what’s going on, and staying current on the new trends, new technologies that are being used are critical. Cloud usage has increased, and we need to understand this technology and leverage it from a security perspective. I’m surprised to see IT engineers only using services from cloud providers dedicated to security. If we know services and understand how cloud technology works, we can improve the security within the organisation by training and learning from technology trends.

If you liked reading this, you might like our other stories

Datatechvibe Explains: Matter
Five IoT Trends Shaping The Year