Threats on the horizon
Mirza Asrar Baig, founder and CEO of CTM360 and IT Matrix, discusses the current state of the GCC’s cyber security landscape
Since its founding back in 2014, CTM360, a GCC-based cyber threat management specialist, has built a name for itself within the region's information security market. A spin-off of IT Matrix, CTM360 today maintains offices in Riyadh and Bahrain, and an extensive portfolio of subscription members, which comprise of banking and financial institutions, oil & gas companies, regional airlines, and a number of high-profile enterprises.
In addition to tackling security threats head on and fortifying the IT infrastructure of their respective clientele, the cyber threat management firm also conducts regular internal research and advisory projects. Its contributions to the cyber security discipline include releasing a global report on binary options trading fraud, aptly coined TRP10, as well as contributing greatly towards the identification of the Evil Twin Site scam.
"Most of our technologies and tools are developed in-house, with services offered via a front-end member portal. We monitor the internet and process threat intelligence feeds to detect any suspicious incident that may impact our members," comments Mirza Asrar Baig, founder and CEO of CTM360 and IT Matrix.
Over the last year, CTM360 has shifted its focus away from developing detection engines for threat and analysis of attack patterns, and has instead focused on developing tools for identifying and securing an organisation's ‘cyber footprint'.
The company recently developed its own Cyber Incident Response system in-house, and is currently working towards offering DMARC/DKIM in an effort to improve email security. It is also developing a tool to manage Injection vulnerabilities, a critical threat as rated by SANS, which has been active for over a decade.
Commenting on the state of cyber security in the region, Baig shares like most places across the globe, the GCC adopted a reactive approach to information security. Safety measures are often not a top priority for organisations, save for those institutions active within the banking and finance industry.
"The good thing is that over the years almost all organisations have some end point security that does have effective prevention measures in responding to malware. The current threat scenarios require much more on the preventive side and that is where the industry struggles," explains the founder and CEO.
In terms of the threat landscape, while CTM360's founder and CEO singled out ransomware as a constant danger for many organisations, a more troubling issues lies with detection of breeches. He asserts that some APAC-based enterprises can take up to as many as 500 days to detect an intrusion in their network.
Of course it comes as no surprise that one of the biggest threat to the enterprise lies with the individual. An extensive IT security platform can't always account for human error, but neither should the blame be placed on the individual alone. Even with an extensive strategy coupled with numerous threat scenarios, it is a challenge even for expert users to stay ahead of the curve, let alone the end-users.
Even from his position as cyber security specialist, Baig and his firm have learned some hard lessons.
"I have personally participated in the information security maturity process of the region and have been making mistakes along with the customers. It may come as a surprise to some but I think the biggest mistake is that there is too much focus on developing policy and procedures, and not on how much and what is implementable," Baig admits.
"With all due respect, experts on this subject are contracted to develop and produce excellent theoretical documents that lack the practical side of implementation. It just gives the management a feeling of false security and becomes a bone of contention between the IT department and audit & risk department."
With 2017 on the horizon, Baig expects that the year ahead will prove to be a waking call for many with new threats exposing critical and personal data to the dark web.
Pointing to the most recent case of Yahoo, which recently announced that 500 million accounts were leaked in a mass breach back in 2014, Baig predicts new breach detection technologies will "surface that would detect backdoors but it would be after the fact."
"Also, I expect a new wave of Android malware that would be impacting smartphones in a destructive manner, most probably wiping the phone after the data being taken by the attackers for ransom," comments Baig.
"Currently, in our incidents the majority (34%) of incidents are malicious and unauthorised publication of genuine applications on unauthorised app stores. Another problem that will see aggressive growth will be of CXOs and Board-level executives being impersonated for financial fraud - we have recently developed effective methodologies to counter this problem."