Managing the IT security landscape

Organisations in the Middle East are realising the need for more advanced security solutions, and for better control and integration of security technologies in order to address the ever-evolving threat landscape

Tags: CA Technologies ( Systems IncorporatedIBM ( LabTrend Micro Incorporated
  • E-Mail
Managing the IT security landscape Black: Every organisation needs to have specialist security teams to keep up with emerging threats.
By  Keri Allan Published  March 10, 2013

As 2012 saw an increase in successful cyber attacks across the Middle East, the importance of IT security has been at the forefront of professionals’ minds.

Information security leaders are charged with protecting some of a company’s most valuable assets: money, data, IP and of course, brand. But the security issues they face continue to evolve, especially as new technologies come in.

“There are four forces of industry transformation that are going on right now: cloud, mobility, big data and social business, and these transformations have their own challenges,” Tarek Kuzbari, managing director of Kaspersky Lab Middle East and Turkey notes.

Professionals have learnt that the key is to be proactive and prepared. Many are currently focusing on security administration, which as Lorna Trayan, senior security architect and offering leader, IBM Security Services EMEA highlights, is seen as the cornerstone of IT security control.

“[It] is an extremely important area for all companies in the Middle East. Security administration can range from administering a single firewall to administrating the whole security of the enterprise environment including identity and access management, data leakage prevention, infrastructure security, endpoint security, security log management and analytics, application security and several others.”

Security threats come from many different sources, so there are a lot of bases to cover. Of course one of the biggest issues is cybercrime and targeted attacks.

“2013 will see an increase in targeted attacks, if you combine this threat with the multitude of attractive targets in the Middle East then we can expect a tough year ahead,” says Nick Black, technical manager, Trend Micro.

“Android devices will see malicious applications reach one million in 2013 and with the market dominance that Android has in the mobile phone space this will add to concerns for any organisations that allow these devices on their corporate networks,” he adds.

But aside from ‘hacktivists’ and botnets etc, there is also a threat from the employees themselves.

“The Internet generation entering today’s workplace is ignoring the security threats. Seven out of ten young employees frequently ignore IT policies according to findings from the Cisco Connected World Technology report,” says Rabih Dabboussi, managing director, Cisco UAE.

“Employees with high levels of access within the companies are its biggest threats,” adds Tarun Kumar, CISSP, security consultant, CA MENA. “These employees know where the important data is and how to access it. Insiders/disgruntled employees may unintentionally or maliciously help these attacks to happen.”

Then there is also the threat that comes from a shortage of skills. “Security skills are at the crux of the issue in the Middle East and even globally. Security professionals must strengthen their communication, education and business leadership skills to cultivate a more risk-aware culture. Unfortunately, security skills to help manage heightened security risks are hard to find,” says Trayan.

Finally a lack of visibility into what’s happening within a company’s own environment also plays a part in the security issues the region faces. Many experts have found that companies tend to concentrate on only one aspect of security, and overlook the fact that security needs to be an umbrella, protecting all.

Clearly the changes in the security landscape have shown that security today must be more than end point protection and perimeter controls. Recent successful attacks in the region have shown that companies with these in place are still at risk.

“The reason for this is that perimeter and endpoint systems don’t talk to each other and share information about the recent network scan attempt and sensitive file access attempt,” explains Lakshman Nalvade, divisional manager, Westcon Security. “They don’t do correlation and behavior analysis to understand the depth of the attack. One needs to have the bigger picture of the whole network instead of relying on multiple point solutions.”

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code