HIGHLIGHTS

Time for the defenders to outwit the attackers

CREATING A SYNERGY

VIEWS ON MOBILITY

Over the last few years, we have witnessed an increase in the number, types and intensity of threats,

and so security solutions have developed to be more intelligent as threats have become more complex. As the security landscape changes, increased invest-ments in security solutions are being witnessed across all industry sectors.

SECURITY MARKET IN THE MEA REGION IN 2015ICT sector in Africa has started register-ing double digit growth and is expected to remain stable in the medium turn. With ICT growing stronger as a socio-

economic intervention, reaching more organizations and users, there’s certainly greater need for enterprise security. On the other hand, ICT priorities in the Middle East are also evolving with the growing impact of cloud, virtualization, BYOD and other trends on business models. The collective outcome of these forces and growing complexity and frequency of cyber threats and network attacks have forced businesses to revisit their enterprise security posture, forcing them to shun traditional defences that can’t keep up for changing times. As a result, a growing number of IT managers and CXOs see the need for comprehen-sive overhaul with a proactive and inte-grated approach on enterprise security

and risk management. Key security priorities include secu-

rity for virtual and cloud environments, application-aware security, identity based access, protection and reporting, support for compliance needs, BYOD awareness and more. In addition, several mid-market and large scale organizations that preferred clinging onto in-house security expertise now also see the need for managed security services. Although the frequency of a cybersecu-rity attack on a large scale is low, by 2018, 40 percent of large enterprises will have formal plans to address aggressive cyber-security business disruption attacks, up

PREVIEWBY INSIGHT PARTNER

GISEC & GEMEC to Showcase Enterprise Mobility & Security landscape of the Region

Enterprise Mobility is the most visible term with very high impact

Need for enterprise security emanates from maturing ICT scenario. According to independent reports by leading analysts and consultants, the security market in the region is likely to cross $1 billion in 2015.

12

14

SPEAKERS’ PROFILES

Know about the speakers06

SECURITY TRENDS 2015

Paladion Predicts the Top Ten Cyber Security Trends for 2015

17

CYBER SENTINELSYOUR PREVIEW TO THE GULF INFORMATION SECURITY EXPO & CONFERENCE AND THE FIRST EVER GULF ENTERPRISE MOBILITY EXHIBITION & CONFERENCE

...Continued on page number 08

SUBSCRIBER’S OFFER!

SAVE

%10on GISEC and

GEMEC conferences

Send an email to

gisec@dwtc.com

with your promo

code: 1PRV5

S e c u r i n g Y o u

Advts.indd 11 18/05/13 7:54 AM

PREVIEW 03CYBER SENTINELS

With an estimated annual cost of US$100 billion from cybercrime, the global cyber security industry is projected to be worth US$120.1 billion by 2017, growing at an 11.3% CAGR.1 The MENA region is far from immune to these global threats, with government, commercial and security services all investing heavily to detect, protect and react to the ever-changing cyber landscape. GISEC is the region’s only large-scale information security platform, assembling industry, government and thought leaders to tackle threats, issues and countermeasures. GISEC 2015 is highly focused on addressing security concerns for I.T., Oil & Gas, Banking & Finance, Government, Legal, Healthcare and Telecoms industries. Key industry decision makers have the chance to meet companies providing world-leading solutions across dedicated industry verticals.

KEY MARKET FACTSWith some of the highest GDP levels in the world, investment in protecting national, commercial and infrastructure assets is high and growing.l In the UAE, the banking sector is the biggest target of attacks, suffering of all attacks. The remaining of attacks are aimed at government e-services, telecommunications, and educational institutions.l Middle East Cyber Security Market to grow at a CAGR of 13.07%l Critical National Infrastructure is a highly valuable target. The region is home to the world’s fastest growing airlines and of OPEC’s oil reserves. Investment continues to be made to protect these assets.

ABOUT

Security Innovation for a

Connected Future

Safe Cities Briefing DaySUNDAY 26 APRIL

ARE YOU READY TO TRANSITION FROM A SMART TO A SECURE CITY?Safe Cities brings international security experts to ensure that security ser-vices such as Counter Terrorism, Cyber Security and Emergency Services are aligned with strategy, technologies and data sharing.

WHO ATTENDS?Chiefs, Commissioners, Director Generals, CIOs, Senior Officials from Government, Citical Infrastructure Owners, and Emergency Services.

PREVIEW04CYBER SENTINELS

GEMEC is a three day confex for senior executives from across a range of industries, to identify, evaluate and source technology and mobility solutions to meet their current and future mobile requirements.

GEMEC’s world-leading conference programme caters to the region’s enterprise and government decision makers who are envisioning new and creative ways to extend their competitive advantage.

It comprises a range of targeted breakout sessions led by expert technology solution providers. These interactive sessions are aimed at giving attendees an opportunity to interact with some of the world’s leading enterprise mobility experts to discuss specific operational challenges and share unparalleled industry knowledge.

TOPICS INCLUDE:l Smarter working – the business impact of enterprise mobilityl Adopting mobility market trends: from BYOD to CYOD to COPEl Discovering the new technology pillars for any mobility strategyl Understanding the complexity of mobile security and managing the riskl Strategies for dealing with platform diversitiesl Investing in collaboration and content solutionsl Unified strategy to address apps and service requirementsFurther, these technical sessions are free to attend for GEMEC visitors.

ABOUT

Mobility Innovation for a

Connected Future

PUBLISHER: SANJIB MOHAPATRA

COO: TUSHAR SAH00

EDITOR: SANJAY MOHAPATRA

sanjay@accentinfomedia.com

M: +971 555 119 432

ASSISTANT EDITOR: KARMA NEGI

karma@enterprisechannels.com

SUB EDITOR: SOUMYA SMITA PRAJNA

soumya@accentinfomedia.com

VISUALIZER: MANAS RANJAN

LEAD VISUALIZER: DPR CHOUDHARY

DESIGNER: AJAY ARYA

SUBSCRIPTIONS

INFO@ACCENTINFOMEDIA.COM

SALES AND ADVERTISING

RONAK SAMANTARAY

ronak@accentinfomedia.com

M: + 971 555 120 490

SOCIAL MARKETING & DIGITAL COMMUNICATION

YASOBANT MISHRA

yasobant@accentinfomedia.com

PRODUCTION & CIRCULATION

RICHA SAMANTARAY

+ 971 529 943 982

BY INSIGHT PARTNER

Enterprise Channels MEA is the only magazine, which can be trusted and looked upon by the partners as the true influencer. We are the only magazine which talks about the futuristic business dynamics. The magazine focusses on enhancing skillsets of the channel partners to offer solutions and services to the customers rather than dumping products with them. The magazine brings vertical-specific market opportunities and trends from ICT perspective and prepares the partners and the vendors to address the market.

I N F O M E D I A

EDITORIAL: +971 4368 8523 or <sanjay@accentinfomedia.com>;+91-11-41657670 or <soumya@accentinfomedia.com>

MARKETING: +971 555 120 490 or <ronak@accentinfomedia.com>

FOLLOW US: www.enterprisechannelsmea.comEnterprise Channels MEA EC_MEA Enterprise Channels MEA

3,891industryprofessionals

1.15 MnOrganic digital

readers globally

12,000ECMEA

subscribers

REACH OUT TO 1.2 MILLION

PROFESSIONALS

I N S I G H T PA R T N E R

SPECIAL SECURITY PACK OF

BOOK YOUR PARTICIPATION

7

P R E - S H O W

CYBER SENTINELSA run up to GISEC and GEMEC events:A 32 coverage on predictions, news and cover story on the enterprise security and mobility

PREVIEW

SUVEY REPORT24 pages (Digital & Print); survey results

done at the GISEC and GEMEC

P O S T S H O W

MAGAZINE84 pages (Digital

& Print); Lead story Enterprise Security, Opportunity in BFSI market plus more

SUPPLEMENT52 pages (Digital & Print); packed with

News, Message from the senior persons at GISEC

and GEMEC 2015

DAILY SHOW BULLETINSA 8 page coverage of daily programmes,

news from the participants, visitor’s reaction

AT T H E S H O W

DAY DAY DAY1 2 3

CYBER SENTINELS

CYBER SENTINELS CYBER SENTINELS CYBER SENTINELS CYBER SENTINELS

I N S I G H T PA R T N E R

S P E C I A L SUPPLEMENT

PREVIEW06CYBER SENTINELS

SPEAKERS’ PROFILES

Steve is a business focused IT leader and Information

Security specialist. His IT career spans twenty six years

and has progressed from software engineering to project

management to his current position as IT Risk Management

Director for GlaxoSmithKline. For the last twelve years, Steve

has worked in Risk and Compliance within the Pharma-

ceutical industry and has led a number of global Security

programmes. In particular, he has attained depth of expertise

in Application Security, Vulnerability Management, Security

of Cloud services, Business Continuity Management and

Information Risk Management.

Steve is actively involved with the Information Security Forum

(ISF) and the British Computer Society (BCS) and recently

presented at ISF Congress and The Enterprise Security and

Risk Management Conference.

He was in Charge Of Information Technology Sector at General Directorate of Residency and For-

eigners Affairs – Dubai from 2007 until 2014. He has received Bachelor of Science from Maryville

University in Computer Science in the year 1997 from St. Louis Missouri – U.S.A and completed his

Masters in Computer Resources and Information Management from USA in the year 1999.

Alrazooqi has been working in many fields related to Information Technology Department. From

System Administration, PC Support, Network, Information Security, Development Department. He

started his career as System Administrator in 1999 at Dubai Police. In January 2007 been honored

and has been asked to join DNRD to be General Director in charge of Information Technology.

He implemented strategic projects in Dubai and UAE: UAE E-Passports, UAE, Smart E-Gates,

Kiosk Machines, Mobile Visa, Online Services, Integration services with partners, Facial and IRIS

recognition systems, API, PNR. He has received a Distinguished Government Employee - Dubai

Government Excellence Program 2011 and Award-Winner Minister of Interior’s Excellence Award as

the best Technical Officer at the Ministry of the Interior 2011

Internationally renowned security technologist, The Economist calls

him “Security Guru”. He is the author of 12 books – including Liars

and Outliers: Enabling the Trust Society Needs to Thrive -- as well

as hundreds of articles, essays, and academic papers. His influen-

tial newsletter “Crypto-Gram” and his blog “Schneier on Security”

are read by over 250,000 people.

REACTIONS AND LEARNINGS FROM THE SONY HACKFirst we thought North Korea was behind the Sony cyberattacks.

Then we thought it was a couple of hacker guys with an axe to

grind. Now we think North Korea is behind it again, but the connec-

tion is still tenuous.

In a world where everything happens online, including what we

think of as ephemeral conversation, everything is potentially

subject to public scrutiny. Companies need to make sure their

computer and network security is up to snuff, and their incident

response and crisis management plans can handle this sort of

thing. In this session Bruce will highlight how to secure your

company against this sort of attack.

BRUCE SCHNEIERFELLOW, BERKMAN CENTER FOR INTERNET AND SOCIETY AT HARVARD LAW SCHOOL

STEVE WILLIAMSONDIRECTOR IT RISK MANAGEMENT, GLAXOSMITHKLINE, UK

COLONEL KHALID NASSER ALRAZOOQIGENERAL DIRECTOR OF SMART SERVICES DEPARTMENT, DUBAI POLICE GHQ

PREVIEW 07CYBER SENTINELS

As Michigan’s Chief Security Officer (CSO) &

Deputy Director for Cybersecurity & Infra-

structure Protection, Daniel J. Lohrmann led

all aspects of cybersecurity, physical security,

department emergency management and

critical infrastructure protection within state

government until he rejoined the private

sector in August 2014. What he learned about

security management during his seventeen

years serving as a government CSO, CTO,

CISO and CIO will likely surprise you. Known

for his refreshingly practical commentary on

technology and advice on computer security

and ethics for home and work, Mr. Lohrmann

will open some eyes with his cybersecurity

stories and lead an engaging session regard-

ing what keeps you up at night as well.

George is a healthcare and business executive with focus on Information Technology, work flow enhancement, opera-

tions and large-scale program management.

George joined SEHA (Abu Dhabi Health Services Company) in February, 2010 in Abu Dhabi, UAE as the Chief Infor-

mation Officer of Corniche Hospital. In 2013, George moved to SEHA’s HQ to take the role of Corporate IT Advisor

in charge of developing corporate IT strategies, governance and operations, program management, budget planning

and execution, monitoring and managing the performance of IT departments at all of SEHA’s 11 hospitals and over 65

outpatient clinics.

In November of 2013 George was asked to oversee the Information Technology Division of SEHA. George is now the

Acting Group Chief Information Officer for the organization and is responsible for IT strategies, business plans and

operations at all of SEHA’s 12 hospitals and 65 outpatient clinics.

In January of 2014 George consolidated all IT services and operations from all of SEHA’s hospitals and clinics into

one single enterprise service delivery organization of all Information Technology services.

George brings over 30 years of professional experience in the US with information technology business with focus on

academic healthcare, cancer and medical research; with over 18 years of experience in healthcare.

In May, 2012, George Yacoub was recognized for his efforts to bring SEHA/Corniche Hospital to Level-6 on the HIMSS

Analytics EMR Adoption Model and received the HIMSS-Analytics award for that achievement.

After the successfully implementation of the most advanced technologies in electronic medical systems, patient

safety and medication management, SEHA/Corniche Hospital joined an elite group of 350 hospitals worldwide.

In January of 2014 and again 2015, George was recognized by CNMA as one of the top 50 CIOs in the GCC area.

In December of 2014, George was also recognized, during the HIMSS Middle-East conference in Dubai, for achieving

HIMSS Level-6 at all of SEHA’s 11 hospitals and received the HIMSS-Analytics award for that achievement, along with

the individual hospitals.

Dr. Amirudin Abdul Wahab is currently the Chief

Executive Officer of CyberSecurity Malaysia, a

strategic agency under the Ministry of Science,

Technology and Innovation (MOSTI), Malaysia

and the agency that monitor e-sovereignty of the

country. He has more than 20 years of ICT working

experiences in the telecom and IT sector in the

Government as well as in the semi-government and

private sectors. As the Under Secretary of the ICT

Policy Division, MOSTI Malaysia, Dr. Amir led and

coordinated various ICT development programmes

and activities, including as the Head of the

Secretariat to the National Information Technology

Council (NITC) Malaysia. The NITC, which is chaired

by Honorable Prime Minister of Malaysia, is the

council that plan, implement, coordinate and moni-

tor the development of ICT in Malaysia.

Dr Amir is currently the Chairman of World

Trustmark Alliance (WTA) and also served as a

member in the National Committee Member of

e-Sovereignty Committee chaired by Honourable

Deputy Prime Minister of Malaysia, the National

Chairman of the Industry Standards Committee on

Information Technology, Communications and Multimedia, Chairman of Impartial Committee for Malaysian Software

Testing Board (MTSB), Board member of the National ICT Association of Malaysia (PIKOM), Chairman of PIKOM

Information Security Committee and also a Board member of Cloud Security Alliance, Malaysia Chapter. He is also

an OIC Task Force Member on ICT and Cyber Security.

Dr Amir also holds two Masters degrees, a Masters in Business Administration (MBA) from the University of

Duqubue, Iowa, USA, a Masters in Information Technology from National University of Malaysia (UKM) and a Bach-

elor of Science Engineering in Electrical Engineering from the University of Michigan, Ann Arbor, USA. Academically,

Dr Amir was an Adjunct Professor at the International Islamic University of Malaysia (UIAM) and Universiti Tenaga

Nasional (UNITEN) Malaysia and currently also served as an Industry Advisory Panel (IAP) Member of the Universiti

Teknologi Petronas (UTP).

DR. AMIRUDIN ABDUL WAHABCHIEF EXECUTIVE OFFICER, CYBERSECURITY MALAYSIA, MINISTRY OF SCIENCE, TECHNOLOGY AND INNOVATION

DAN LOHRMANNEX CHIEF SECURITY OFFICER, STATE OF MICHIGAN, US

GEORGE YACOUBACTING GROUP CIO, SEHA, UAE

PREVIEW08CYBER SENTINELS

They’ve recognized the business necessity of a strong security posture—and express confidence that their security processes are optimized. Technology vendors are also more attentive toward finding and fixing vulnerabilities in their products, giving criminals fewer opportunities to launch exploits.

ARE THE ORGANIZA-TIONS READY TO DEFEND THEMSELVES?In order to gauge the perception of secu-rity professionals on the state of security in their organizations, Cisco asked their CISOs and SecOps in several countries and in organizations of several sizes about their security resources and procedures.

PARTNERS IN SECURITYAccording to Hani Nofal, Executive Direc-tor, Intelligent Network Solutions, GBM, “The GBM Management realizes the chal-lenges faced by CXO and have prepared well to meet the current region needs. Our offerings are holistic and integrated, coupled with the best of skills to adapt to the changing threat landscape and meet / exceed customer demands”. This is GBM’s 3rd year as a Diamond sponsor at GISEC. For this year, the topic of their breakout session is “Building Security in Applica-tions using Application Security Manage-ment Solution”. Moreover, GBM will be announcing the results of its 3rd mass survey across the region around “Privacy”.

SOLUTIONS GALOREThe role of Network security as business enabler has evolved over the years; it is now entrusted to do a lot more than just secure. Security - now at core of strategic decisions - is a topic which is frequently discussed by the top echelon during board meetings. To this end, there is a requirement to make it simple and easily discussable, which is where our logging and reporting solu-tions come into picture. These solutions are designed to provide a simple hawk eye view of the state of security, something which works very well for executive sum-maries. “Cyberoam has created a portfolio of network security products and solutions that meet all strategic needs for our cus-tomers” says RavinderJanotra, Regional Sales Manager, Cyberoam Middle East. “Our solutions also provide answer for a tricky conundrum of finding the common strategy for balancing security with con-nectivity and productivity; something which becomes a point of contention between CIOs and CSOs.”

CHANGING ROLE OF Source: Cisco Security Research

Vertical Risk of web malware encounters worldwide (Jan 1- Nov 15, 2014)

“More and more security vendors are working together in solving problems instead of just competing against each other. The Cyber Threat Alliance is a great example of this.”KALLE BJORNDIRECTOR, SYSTEMS ENGINEERING - MIDDLE EAST, FORTINET Source: Cisco Security Research

Signs of Security SophisticationThe Security Capabilities Benchmark Study highlights the hallmarks of organizations that are more sophisticated in their security posture than others. These hallmarks include:

► Executive leadership that prioritizes security

► Clear, well-documented policies and procedures

► Integrated tools that work together

Organization Security SophisticationIn comparing the security sophistication level of organizations by country, there’s more good news: Highly sophisticated organizations are the majority in every segment. However, respondents in some countries appear to have a more positive view of their own security stance than the outside world does. Overly confident perceptions from respondents in some countries may be due in part to core social values of a culture, such as the need to present one’s self—and thus, one’s organization—in a positive light.

Figure 4. Most companies fit more sophisticated security profiles—this is true in all countries and industries

Cisco 2015 Annual Security Report | Regional Data Sheet | EMEA

Figure 3. Highest-Risk Verticals for Malware Exposure

Figure 2. Spam Volumes by Country

Segment distribution varies by country, but more mature segments dominate in all

Segment Sizing

Germany Italy United Kingdom

41%

18%

25%

8%8%

38%

25%

13%

23%1%

43%

25%

57%

7%1%

High Upper-Mid Middle Low-Mid Low

Source: Cisco Security Capabilities Benchmark Study

magnitude magnitude magnitude

2.8Media and Publishing

2.4Accounting

1.1

1.1

TelecommunicationsIT and

Utilities

AMER

2.0Food and Beverage

2.0Insurance

1.6

1.6

Manufacturing

Media and Publishing

EMEA

3.5Real Estate and Land Management

3.4Automotive

3.2

2.4

and ShippingTransportation

Manufacturing

APJC

Aviation 5.0 Agriculture and Mining 2.8 Insurance 6.0

Source: Cisco Security Research

Americas Headquarters Cisco Systems Inc. San Jose, CA

Asia Pacific HeadquartersCisco Systems (USA) Pte. Ltd. Singapore

Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners, The use of the word partner does not imply a partnership between Cisco and any other company. (1110R)

Download Cisco 2015 Annual Security Report www.cisco.com/go/asr2015

Source: Cisco Security Research

United States

Brazil

Taiwan0.00% (1% 11/14)

India

China25.00% (29% 11/14)

Russia3.00% (3% 11/14)

Vietnam

Korea, Republic of1.00% (1% 11/14)

2.00% (3% 11/14)

DecreaseIncrease

0.00%

Change in % from Jan. to Nov. 2014 (November %)

(2% 11/14) 1.00% (2% 11/14)

6.00% (20% 11/14)

...Continue from page 01

from zero percent in 2015, according to Gartner. Business disruption attacks require new priority from chief informa-tion security officers (CISOs) and business

continuity management (BCM) leaders, since aggressive attacks can cause pro-longed disruption to internal and external business operations.

According to Cisco’s 2015 Annual Secu-rity Report, attackers have become more

proficient at taking advantage of gaps in security to hide and conceal malicious activity. On the security side, organiza-tions appear to have upped their game by adopting more sophisticated tools for pre-venting attacks and reducing their impact.

Highest risk

verticals for

malware exposure

across EMEA

PREVIEW 09CYBER SENTINELS

Number of security professionals within organizations

“Our solutions also provide answer for a tricky conundrum of finding the common strategy for balancing security with connectivity and productivity; something which becomes a point of contention between CIOs and CSOs.”RAVINDERJANOTRAREGIONAL SALES MANAGER, CYBEROAM MIDDLE EAST.

Respondent Profiles and Security Breach ReadinessN (NUMBER OF RESPONDENTS) = 1738

Source: Cisco Security Capabilities Benchmark Study

Source: Cisco Security Capabilities Benchmark Study

CISOS“Gartner defines aggressive business dis-ruption attacks as targeted attacks that reach deeply into internal digital business operations with the express purpose of

widespread business damage,” said Paul Proctor, VP and distinguished analyst at Gartner. To combat these types of attacks, CISOs must pivot approaches from block-ing and detecting attacks, to detecting and

responding to attacks. “Entirely avoiding a compromise in a

large complex enterprise is just not pos-sible, so a new emphasis toward detect and respond approaches has been build-

PREVIEW10CYBER SENTINELS

CISCO SECURITY MANIFESTO: BASIC PRINCIPLES FOR ACHIEVING REAL-WORLD SECURITYToday’s CISOs need to answer hard questions: How do I make my security team the first point of contact for the busi-

ness when potential security issues arise? How can I ensure my team has the tools and visibility to determine what

security issues are most relevant, and require action? And how do I keep users—the key to business success—safe,

and not just when they are working on-site? Cisco security experts suggest that CISOs can address these questions

by implementing and following a set of security principles known as the Cisco Security Manifesto.

SECURITY MUST BE CONSIDERED A GROWTH ENGINE FOR THE BUSINESS. Security professionals must take proactive steps to ensure they are involved in technology conversations, and

understand how security processes can enable the organization’s agility and success, while also protecting its data,

assets, and image.

SECURITY MUST WORK WITH EXISTING ARCHITECTURE, AND BE USABLE. The end result of “architecture overload” is that users will circumvent security architecture, leaving the organization

less secure.

SECURITY MUST BE TRANSPARENT AND INFORMATIVE. Users should be presented with information that helps them understand why security is stopping them from taking a

particular action. They also need to know how they can do what they want to do safely, instead of bypassing security

in the name of doing their jobs.

SECURITY MUST ENABLE VISIBILITY AND APPROPRIATE ACTION.By understanding how security technologies operate, security teams can reduce their administrative workload while

becoming more dynamic and accurate in identifying and responding to threats and adapting defenses.

SECURITY MUST BE VIEWED AS A “PEOPLE PROBLEM.” Improved dialogue between security professionals and users will also help users see that technology alone cannot

assure security. People, processes, and technology together, must form the defense against today’s threats.

“It’s important to note that technology alone cannot keep your business safe and there are various examples to prove that. The approach has to be risk-based and holistic encompassing technology, people, processes and business teams.”HANI NOFALEXECUTIVE DIRECTOR, INS, GBM

ing for several years, as attack patterns and overwhelming evidence support that a compromise will occur,” said Mr. Proc-tor. “Preventive controls, such as firewalls, antivirus and vulnerability management, should not be the only focus of a mature security program. Balancing investment in detection and response capabilities acknowledges this new reality.”

The rise of ubiquitously connected devices and the Internet of Things (IoT) has expanded the attack surface, and com-mands increased attention, larger budgets and deeper scrutiny by management. Digital business should not be restricted by these revelations, but emphasis must be placed on addressing technology depen-dencies and the impact of technology failure on business process and outcomes. Information owners should be made explicitly accountable for protecting their information resources, ensuring they will give due consideration to risks when they commission or develop new digital busi-ness solutions.

“CISOs and chief risk officers (CROs) can and should persuade executives to shift their thinking from traditional approaches

toward risk, security and business continu-ity management. Security is not a technical problem, handled by technical people, buried somewhere in the IT department,” said Mr. Proctor. “Organizations need to start solving tomorrow’s problems now.”

CISCO security experts suggest that it’s time that enterprises start looking differ-ently at how they approach cyber-security in order to ensure higher security for their organizations. As Hani Nofal, Executive Director, INS, GBM says, “It’s important to note that technology alone cannot keep your business safe and there are various examples to prove that. The approach has to be risk-based and holistic encompassing technology, people, processes and business teams”.

TACKLING THE SITUATIONEvery organization that generates and stores valuable data makes for attractive targets, and should take an active role in protecting themselves and their data. Phishing campaigns, malware spreading via external storages and mobile devices will continue to pose the largest threats. Large enterprises might specifically be

targeted (APT). It is critical that enter-prises continuously revamp their security infrastructure, and stay up-to-date with enhancements that are equipped to prevent attacks.

“There is no doubt that cyber attacks will become more numerous but the security industry will respond to them as always” says KalleBjörn, Director, Systems Engineering - Middle East, Fortinet. “More and more security vendors are working together in solving problems instead of just competing against each other. The Cyber Threat Alliance is a great example of this.”

It is absolutely imperative that members of the channel are kept as up to date as pos-sible on a product’s new features and func-tionality. Channel sales engineers must, in essence, become product experts, and demand regular training from their vendor counterparts. Sales staff, for their part, must likewise keep up with the latest messaging, feature sets and solution updates. Both the partner and vendor must speak the same language and have the same level of knowledge.

FINALLYThe Middle East has been prone to a number of security threats over the last couple of years, and today IT security occupies the prime spot in today’s IT networking scenarios. Over the years, companies have been investing more in security products that offer reliable and scalable solutions. Increase in adoption of mobile, cloud, social and information will continue to drive demand and use of security technology and services. The Internet of Things will also play a crucial role in determining the security invest-ment and would give rise to a new breed of threats.

Any technology that is implemented in an enterprise can fail if not configured or administered appropriately. This can only be ensured once we have processes in place for governance over operations. Technology must be customized to the needs of the organization’s needs and should be deployed to react to the risk exposures an organization faces. Rede-fined security strategies should consider new approaches to help align people, processes and technology.

PREVIEW12CYBER SENTINELS

GISEC & GEMEC to Showcase Enterprise Mobility & Security landscape of the RegionGlobal I.T. gurus to unravel dangers of cybercrimes at the 3rd Gulf Information Security Expo & Conference 2015 and Middle East cybersecurity market to be worth USD9.56 billion by 2019. At the same time, first Gulf Enterprise Mobility Exhibition and Conference (GEMEC) to discuss Mobility & Security for Middle East Government & Enterprise.

As news reports are abuzz with cyber criminals having reportedly suc-ceeded in stealing USD1 billion from over 100

banks globally within a span of two years, the Market Forecasts and Analysis Report (2014-2019) by MarketsandMarkets pre-dicts that the global cybersecurity industry will be worth USD155.74 billion in 2019. Also, with the 2014 Global Economic Crime Survey by PricewaterhouseCoopers (PwC) having identified cybercrime as the

second most common form of economic crime reported in the Middle East, the same MarketsandMarkets report has indi-cated that the region’s cybersecurity market will grow by 84 per cent from USD5.17 billion in 2014 to USD9.56 billion in 2019.

The growing sophistication and profi-ciency of cyberattacks is prompting gov-ernments and organisations in the region to invest in more secure I.T. infrastructure to protect against cybercrimes.

In the 2013-2014 annual report by the U.S. Commerce Department’s Interna-tional Trade Administration, it indicated

that the United Arab Emirates will double its spending on homeland security from USD5 billion to USD10 billion in the next 10 years, with majority of the budget focus-ing on cyberdefence and cybersecurity.

Highlighting the increasing concern of securing information and minimising the impact of security breaches, the 3rd Gulf Information Security Expo & Conference (GISEC), the region’s leading I.T. security platform, will address key issues surround-ing cybersecurity management, identity management and disaster recovery across susceptible industry sectors such as finan-

cial services, governments, oil & gas, I.T. and pharmaceuticals as well as in indi-vidual accounts.

As the region’s largest and only I.T. security knowledge event, GISEC will be taking place at the Dubai World Trade Centre (DWTC) from 26-28 April 2015. Showcasing over 150 exhibitors, GISEC is set to attract over 5,000 trade visitors from 50 countries, including Chief Information Security Officers (CISOs) and Chief Infor-mation Officers (CIOs), who will learn how to develop cybersecurity strategies.

During GISEC, a two-day conference

PREVIEW 13CYBER SENTINELS

“In this era of a virtual world, the underlying impact of cyberwarfare is only the tip of the iceberg of internet catastrophe. The 3rd edition of GISEC will highlight how organisations and individuals can grow the resilience of their networks to combat cyberthreats and attacks from sophisticated hackers.” TRIXIE LOHMIRMANDSENIOR VICE PRESIDENT AT THE DUBAI WORLD TRADE CENTRE

will take place between 27-28 April 2015, where global visionaries will be offer-ing I.T. solutions to help counteract an increasing incidence of cyberattacks in the region using world-leading practices. Among those who will be sharing key insights at the conference is ‘Security Guru’ Bruce Schneier, a Fellow at the Berkman Center for Internet and Society at Harvard Law School in the U.S.A. Schneier will be delivering a session on reactions and learnings from the recent Sony hack. Dan Lohrmann, ex-Chief Security Officer for the State of Michigan in the U.S.A., will be talking about cyberdefence strategies in fighting cyberattacks and threats.

Trixie LohMirmand, Senior Vice Presi-dent at the Dubai World Trade Centre said: “In this era of a virtual world, the underly-ing impact of cyberwarfare is only the tip of the iceberg of internet catastrophe. The 3rd edition of GISEC will highlight how organisations and individuals can grow the resilience of their networks to combat cyberthreats and attacks from sophisti-cated hackers.

“Due to the increasing cyberattacks such as phishing, hacking, fraud and cyberter-rorism that GISEC serves as a critical information security knowledge event in the region. GISEC provides an interactive

venue for sharing insights in combat-ing progressive cyberthreats and to help improve businesses and individuals’ capa-bility to deal with internet-based crimes,” LohMirmand added.

GISEC 2015 will also feature the all new ‘Safe Cities Briefing Day’, a platform designed for the Middle East’s senior public sector officials to discuss ways of securing smart and connected cities using innova-tive technologies. Scheduled to speak at the briefing are Colonel Khalid Nasser Alra-zooqi, General Director of Smart Services at Dubai Police and Bassam AlMaharmeh, Chief Information Security Officer, Minis-try of Defence, Jordan among others.

Co-located with GISEC this year is the First Gulf Enterprise Mobility Exhibition and Conference (GEMEC), which will address the need of enterprises to embrace mobility. At the event, senior executives will discuss ways to identify, evaluate and source technology and mobility solutions to meet their current and future mobile require-ments. GEMEC’s world-leading conference programme caters to the region’s enterprise and government decision makers who are envisioning new and creative ways to extend their competitive advantage.

“As mobile devices continue to over-take PCs as the preferred access point to

information and data, machine to machine (M2M) connectivity continues to rise globally. Mobility is the way forward for organisations and GEMEC allows visitors the opportunity to tackle not only app development for businesses but also security and compliance in the adoption of enterprise mobility strategies,” said LohMirmand.

In addition, free-to-attend training ses-sions for I.T. professionals are available and will include vendor-run educational presentations, product demonstrations and case studies to help secure their I.T. infrastructure.

On 27 April 2015, GISEC will host the second I.T. Security Awards recognising excellence in implementation of projects and applications by private enterprises and public-sector organisations. The award categories include Best Endpoint & Mobile Device Security Implementation, Best Security Information and Event Manage-ment (SIEM), Best Information Security Program Implementation, Best Data Loss Prevention and Best Cloud Security Imple-mentation. Nominations will be accepted through the application form available on the website until 26 March 2015.

Key sponsors of GISEC include BT Global as the Leader Sponsor; GBM and

Spire Solutions as the Diamond Spon-sor; CISCO as the Platinum Sponsors; and Etisalat and Paladion Networks, Palo Alto Networks and Fortinet as the Gold Sponsors; and Guidance Software and Paramount and Qualys as the Silver Spon-sors. Key exhibitors include Airwatch, Airbus Defence & Space, Al Falak, CISCO, Etisalat, GBM, Newstar and Paladion Networks.

Powered by GITEX TECHNOLOGY WEEK, the region’s leading technology event, GISEC and GEMEC are strictly trade-only events and are open to busi-ness and trade visitors from within the industry only. GISEC and GEMEC are open 10am-6pm from 26-28 April 2015 at Sheikh Rashid Hall at Dubai World Trade Centre. Visitor attendance is free of charge. For more information, please visit www.gisec.ae.

PREVIEW14CYBER SENTINELS

Enterprise Mobility is the most visible term with very high impact

Mobility is a byproduct of human behavior which has been con-tinuously changing over centuries and

decades. The present generation is mix of multiple generation demands offsite work-ing as well as work on move. In the corpo-rate sector, a large number of workers are carrying out their work from offices out-side their native workplace. Offsite work-ing is also very prominent in Millennia and generation Z who really do not want to stick to fixed work timing and fixed work place. They want to work from anywhere. All factors require robust connectivity and smart mobile devices. And probably that is why the term like Enterprise Mobility is being used so prominently in current business. Enterprise Mobility is primarily a set of devices, workforce and working habits. No organization can be thought of without employees carrying and using mobile devices and therefore it has become an ingrained factor of businesses today. Although mobility and mobile best busi-ness function have brought in increased efficiency and prepared organization to sustain competitive pressure; these have also brought in severe challenges mainly in the domain of data loss and corporate net-work compromise. Related side effects are terms like BYOD which have become very

In the Gulf region and I think globally, many business processes have been automated using mobility as core technology and medium for conducting business.

I’ll begin with a project which we carried out successfully in our organization for all our heavy duty vehicles operating in air-side for the supply of Food and Beverages to aircrafts. These heavy duty vehicles as called Hi-loaders and our organization has a large fleet of such vehicles. With the help of mobility technology, we are able to see and monitor the Hi-Loader movements across the entire airport in real-time mode; either from a control room or on a mobile device. It is not a safe practice for drivers to make and receive calls in airside while driving mainly for safety consideration. Therefore, we have installed rugged tablets in all our Hi-loaders through which the job assignment to drivers, all communi-cation and alert transactions are carried out, thereby eliminating any voice calls. These have made the entire operation very smooth and agile.

I also came across few deployments in Retail sector where distributions logistics have been very efficiently managed using Enterprise Mobility. Another very impres-sive project I learned is in the gas sector where the vehicles coming to a petrol pump for refueling are serviced in a fully automated manner without any human intervention other than of course the pro-cess of placing the nozzle in the fuel tank for petrol refueling. This process is under POC in few petrol pumps in the region.

These are few of the numerous examples in the area of mobility in the region and this is a wave which is moving ahead full force which is adding productivity and efficiency in business organizations.

ENTERPRISE MOBILITY

common these days. Enterprise Mobility is the most visible term with very high impact and potential to last a very long duration in future. Its relevance is global and cannot be seen in the context of a region.

In the Gulf region and I think globally, many business processes have been auto-mated using mobility as core technology and medium for conducting business. Over last few years, I have seen many such projects being successfully deployed and used which are based on mobility. This

“No organization can be thought of without employees carrying and using mobile devices.”ARUN TEWARY VP (IT) & CIO, EMIRATES FLIGHT CATERING

trend is prevalent across different industry verticals but it appears very prominent in the domain of Distribution, Logistics, Retail and Oil & Gas. Banks are able to differentiate themselves based on how effective their Enterprise Mobility solution is. In fact, for banking, it has become a key to survival.

I would like to touch upon few deploy-ments which I’ve seen very closely and how the result largely benefited the organizations.

PREVIEW 15CYBER SENTINELS

Enterprise Mobility strategy

Enterprise Mobility strategy is eminent keeping in view how the business transfor-mation has taken place in last couple of years or so.

CIOs needs to step in and play major role in building up an Enterprise mobility strategy which must be in line with over-all business strategy of the organization. In last few years customer behaviour has widely changed esp. on the mobility front wherein they are glued to smart mobiles, tablets. I believe this brings a huge oppor-tunity for all the businesses to encash by building up smart & secure mobility Apps, which ensure customers to have delight-ful experience while using them. On the employees’ front it helps in boosting their Productivity too.

In Middle East where in people are so habituated to mobile devices & gadgets, I believe this is an great opportunity for all the business lines to come up with effective Enterprise mobility strategy. Overall it’s good for both the customer and the busi-ness entities to boost their bottom line.

For an effective and successful Enter-prise Mobility strategy CIOs need to ensure it address the organization’s key business requirement and stand on wide range of mobility issues. Further inputs from different business and support units should also be taken while building up an effective enterprise mobility strategy.

Few key factors which will play an important role in building Enter-prise Mobility strategy are:l Understand Business goals &strat-egy: CIO should understand whether mobility will create new opportunities for business, and if so, how can these opportu-nities be capitalized. Further it needs to be understood what all processes need to be re-engineered & managed to ensure right experience to employees and customers. l Security: One of the key challenges

for CIOs today is to ensure the corporate data is secured on mobile platforms. Any data leakage or compromise of corporate data may leads to huge repercussions not only on the financial & legal aspect but reputation too. Corporate mobile policy

In Middle East where in people are so habituated to mobile devices & gadgets, I believe this is a great opportunity for all the business lines to come up with effective Enterprise mobility strategy.

ENTERPRISE MOBILITY

people can access these apps and data on any device they use. It should further empower people with self service provi-sioning & further allow secure automated controls on data sharing and management for the customer perspective.l Mobile Application manage-

ment: Mobile application management lets centralize management, security & control for any mobile apps as well its data and settings as part of container. While building a strategy, it should be well thought that organization actually requires any corporate application catalogue for enterprise users and further how these apps are distributed, managed & secured.

must mandate to use password, encrypt data and further remote wipe provision to ensure risk of Data leakage is duly miti-gated. Data leakage tool should ensure any leakage of data intentionally or unin-tentionallyis noticed and due mitigation Controls are put in place. Sandboxing or containerization esp. on BYOD (Bring your own device) devices ensure corpo-rate data is secured and isolated from user’s personal data. Secure authentica-tion measures further add another layer of security l Multiple mobile platforms Pro-

visioning & Management: Corporates either have Corporate- owned, BYOD

or COPE (Corporate owned, personally enabled devices), hence the solution must be in place to manage all these flavours effectively and efficiently. Solution should have the capability to understand and develop the process for Life cycle mgmt. of these devices. Single unified console will ensure ease of managing different mobile platforms & further help in user accessing provision for the mobile work force hence leads to better control.l Delightful customer experience:

Mobile devices have played a key role in consumerization in the enterprise, giving people new ways to work with application. Effective mobility strategy should ensure

“CIO should understand whether mobility will create new opportunities for business, and if so, how can these opportunities be capitalized..”AMIT BHATIA HEAD OF INFORMATION SECURITY GOVERNANCE, OMAN INSURANCE COMPANY

PREVIEW16CYBER SENTINELS

Gulf Air’s Enterprise Information Security StrategyGulf Air has implemented security measures/controls and solutions on its private cloud to ensure adequacy and coverage of its information security architecture. Web applications and internet infrastructure is covered against the DDoS attacks while the email infrastructure is secured against virus and spam attacks using email and antivirus protection solutions.

CASE STUDY

“Personnel information security practices are also one of the critical aspect of the GF’s information security architecture.”DR. JASSIM HAJIDIRECTOR-IT, GULF AIR

Gulf Air’s (GF) informa-tion security architecture is designed around the core concept of informa-tion safeguard, business

optimization, performance management and compliance. Its basic goal is to align the information security requirements with the Gulf Air’s core goals and strate-gic direction. The architecture comprises information security management system, set of security systems, personnel and sub-organizational components monitored by the concepts of management oversight.

Information security implementation at GF is approved and monitored by the Information Security Committee (ISC). The ISC is chaired by GF’s Chief Execu-tive Officer and its members include the Divisional Directors and Information Security Management System (ISMS) team.

The Committee meets quarterly to over-see the management of information secu-rity architecture goals, review information security policies and issues, and identify action plans to achieve continual improve-ment. ISC also recommends, reviews and prioritizes information security policies, projects and initiatives.

The purpose of Information Security Management System (ISMS) is to protect the informational assets and resources of Gulf Air. Through the selection and application of appropriate safeguards, ISMS supports GF’s mission by protect-

ing its physical and financial resources, reputation, legal position, employees, and other assets. The ISMS consists of a set of documented administrative, preventive, detective and corrective controls. ISMS is certified against the world renowned ISO 27001:2005 certification. It also works along the IT Service Management System (ISO 20000-1:2011certified) and Qual-ity Management System (ISO 9001:2008 certified).

GF has implemented security measures/controls and solutions on its private cloud to ensure adequacy and coverage of its information security architecture. Web applications and internet infrastructure is covered against the DDoS attacks while the email infrastructure is secured against virus and spam attacks usingemail and antivirus protection solutions. Applica-tions published over the internet are secured through state-of-the-art SSL VPN protections. Secured De-Militarized Zone is created to separate internet and public cloud from GF private LAN cloud. Secured file transfer systems are also implemented to secure the transfer of data between GF and its business partners. Furthermore, intrusion prevention systems are imple-mented in the internal and external net-work nodes.

GF also manages an IT Risk Manage-ment solution for the identification, cal-culation and treatment of vulnerabilities related to Information assets. Threats related to authorized/unauthorized access

from the IT administrators (also referred to as the insider threat) are managed using centralized access management, real time monitoring and detailed audit logging. Security patches for the devices are performed using centralized processes to keep them up-to-date. Controls are also implemented compliant solution. Furthermore, physical and environmental controls are implemented as per the good

industry practices to ensure data security on all different layers. GF also has a staging environment to test the changes prior to implementation into production environ-ment. GF private cloud is equipped with redundancies on memory, processing and storage to ensure availability in case of component failure and also has a disaster recovery process to ensure continuity. Access to all these assets is logged and maintained centrally.

Personnel information security prac-tices are also one of the critical aspect of the GF’s information security archi-tecture. This includes physical security of the users, workplace safety, periodic information security awareness programs, and improvements on the user experi-ence and business continuity operations.Pre-employment background checks are performed on all potential candidates for employment and security clearance is obtained from local law enforcing agencies. Periodic audits and security assessments are performed to monitorGF information security architecture.

PREVIEW 17CYBER SENTINELS

Paladion Predicts the Top Ten Cyber Security Trends for 2015

Paladion Networks has high-lighted the top 10 cyber security trends that will impact global digital secu-rity in 2015 and beyond.

These trends can have long-term impact on the enterprises in Middle East.

“After rigorous analysing the ever-increasing data flow regionally and glob-ally, we have identified the top 10 cyber security trends that the enterprises in the Middle East needs to be cautious and should not ignore them in their strategic planning processes. “ said, Amit Roy, VP & Regional Sales Head-ME & Africa at Paladion Networks. “Organisations in the region need to follow these trends closely to ensure protection against the rising tide of cyber threats, which has high potential for disrupt their business.

01 Focus on Regulatory and Com-pliance Requirements – Regions will see a surge of compliance and regulatory requirements to maintain a solid founda-tion of security controls toward people, process and technology levels for National Banking/Government/Oil & Gas, Retail and Critical infrastructure sectors. Each country will be introducing compli-ance standards in line with best practices like ISO 27001. Some standards already making a huge impact are ISR, NESA, ADSIC in UAE, ICT-Qatar standard, etc.

02 Automation of Security GRC Will Surge – As organizations are com-pelled to follow various compliance and regulatory standards and frameworks, CISOs face increasing challenges to maintain and manage the GRC Security framework that is both sustainable and flexible enough to meet compliance audits. This will increase demand for automated solutions to manage compliance and audit requirements to meet or exceed Security Governance, Risk and Compliance.

03 Focus on an Holistic Program-

As security breaches become a commonplace in the news, Industry leaders like Paladion offer support and guidance to stakeholders.

SECURITY

“Regions will see a surge of compliance and regulatory requirements to maintain a solid foundation of security controls toward people, process and technology levels”AMIT ROYVP & REGIONAL SALES HEAD-ME & AFRICA AT PALADION NETWORKS

Based Foundation for Greater Security – The threat landscape is chang-ing rapidly, in particular, security attacks, which grow more sophisticated with each passing day. CISOs will be hard-pressed to remain vigilant. They will need to develop flexible strategies that identify and mitigate vulnerabilities in their IT Infrastructure. Paladion sees the need to have a program-based, holistic and continuous approach towards vulnerability management at both network and applications layers that work in tandem with automated alerting and incident management programs.

04 Promoting Risk-Based Secu-rity Behavior in Organizations, Not Just Awareness – Instead of only con-ducting employee awareness workshops, organizations must focus their employee workshops on the dos and don’ts of Informa-tion Security. This is necessary to instill their employees with positive, risk-based security behavior so they evaluate the risks of their actions, changing them from the weakest link to the strongest link in the chain.

05 Automated Detection and Alerting – With cutting edge SIEM technologies and fully fledged Security Operations Centers, corporate networks will have complete 360 degree visibility to provide real time, meaningful and action-able alerts.

06 Automated Incident Response – Automated detection and alerting is no longer enough. Automated incident response against the highly sophisticated cyber breaches is now required with the objective to minimize the impact of an attack by reducing the time from detection to remediation.

07 Proactively Managing Security –‘Round the Clock’ - Paladion believes the trend towards automated detection, alerting, incident response and analytics is picking up speed. Predictive security, the

need for having a 24/7 Security Intelligence center, is surging in the region. Banks, Government, Retail and Critical Infra-structure companies are adopting a com-plete outsource, internal or hybrid model to achieve this objective – theses models differ from organization to organization based on risk factor, overall cost and level of measurement by using an SLA model particular to each organization. We will see an increase in Managed Security outsourc-ing based for a proactive and measurable security defense in the region.

08 No Single Silver Bullet for All – Integration is the key to get proper defense against the high profile cyberat-tacks. This will require different niche security technologies to work cohesively under a common security framework. This Integration of different technologies com-bined with deeper analytics is the need of the hour. In addition, this trend will impact the vendor eco-system with more M&A to be seen from vendors offering best in class integration technologies in a common out of the box approach.

09 Securing Embedded Plat-forms – The recent attacks on the Oil/Gas and Retail Sectors demonstrate clearly that embedded platforms or devices like SCADA systems/Telecom infrastructure/POS terminals/Hand held devices are no longer immune from Cyberattacks. CISOs will need to collaborate closely with their colleagues from Engineering and Telecom businesses to better develop a security strategy foundation and implement stron-ger security controls for the ‘crown jewels’ of these organizations.

10 Mobile Malware is on the Rise –No longer are attacks aimed solely at the traditional desktop. We see a surge in Mal-ware attacks on mobile devices, making these devices extremely vulnerable. It has become a huge concern for consumers and an even greater concern for enterprises that are moving rapidly to adopt widespread enterprise awareness BYOD security. Pala-dion sees an increase of attention toward BYOD Security as CISOs adopt baseline security controls for mobile devices.

PREVIEW18CYBER SENTINELS

How Can We Secure the Internet of Things (IoT)? Learn From History

Once again, as we started 2015, a hot trend that grabbed everyone’s attention was the grow-ing buzz around the

Internet of Things (IoT). The concept is that virtually every device will have an IP address, including refrigerators, cars, pace-makers and wearable tech.

Depending upon who you listen to, and/or which conferences you attend, IoT will either bring about amazing new oppor-tunities or be the end of all privacy and security as we know it.

For one example on the positive side, Google CEO Eric Schmidt predicted last month that the “Internet will disappear.”

The Washington Post explained that he meant that: “The Internet will be seam-lessly integrated into our lives, by way of a lot of connected devices and sensors.”

One IoT goal: Instant access to every aspect in our connected homes. For exam-ple, you can turn up the heat (or air condi-tioning) and start cooking the casserole in the oven — while driving home from work.

Looking a bit further out, your robot vacuum cleaner can tidy up the family room while you’re at work. Or imagine doctor’s visits from the comfort of home or clothes that report your blood pressure is too high.

For CIOs, how about systems that are smart enough to talk to customer’s sched-uling assistants (which are really the new personal computers or smartphones). My Memorial Day weekend campground res-ervation could be made on the first possi-ble day nine months in advance, while my kids are getting ready to go back to school.

Sound awesome? For many in society, the answer is probably yes. But it also raises the question: How can we possibly secure…, everything?

A DARK SIDE OF IOT?Shortly after the Google CEO made his Internet prediction, 60 minutes aired a new program which demonstrated how car

Dan Lohrmann is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards.

are too broad to make a real difference.It may surprise you that I am sympa-

thetic to this argument. Since the bad guys are already way out in front of the good guys today, why discuss the implications of future technologies? Pragmatists go further by saying that we will never fully secure the Internet of Things, because we can’t even secure the current Internet.

When I see the claims and counter-arguments being made about IoT, it reminds me of the early days of cloud com-puting, BYOD and even WiFi. People are still asking: Can we secure the cloud?

The simply answer is no – for the entire cloud. Still, you can secure your cloud. We can secure individual computer systems and applications connected to the Inter-net in your situation. You can secure your corner of cyberspace.

What does this look like? Research-ers who are building the smart grid are thinking through the supply chain and the manufacturing sources of components. Network providers build in access controls and enterprise security that is smarter and easier to use for families.

Another answer is for all consumer electronics companies to get specific with protections as they roll out new products and services.

And IT leaders must build security provisions and cyber protections into current and new contracts. From relation-ships with banks to the purchase of utility services, public-sector business leaders can make a difference. The best way to influ-ence the privacy of today’s citizen data and the future Internet of Things is by strength-ening the legal requirements in the current procurement process.

Are we going to learn from the past? CIOs and CISOs cannot “just say no” to IoT, they must prepare and enable secure solutions for their customers. We can learn from the brief history of cyberspace.

Final thought: Abraham Lincoln once said, “You cannot escape the responsibility of tomorrow by evading it today.”

we should have thought to build security into XYZ hot new device way back when.

Near the beginning of that article, we’ll see words similar to: “We never really thought about security when we first intro-duced the XYZ product.”

And I’ll say, “Really?”One silver lining: a vibrant cybersecurity

industry for decades to come.

SOLUTIONS, PLEASESome cybersecurity pragmatists prefer not to talk about the Internet of Things — yet. They’d rather focus on current cyberthreats — from ransomware to spear-phishing scams to denial-of-service attacks to what-ever else is hot. They point out that general discussions about cloud or mobile security

SECURITY

brakes and more can be hacked via WiFi –right now. This program was so alarming that my 91 year old mother called me from across the country to ask if it was really true.

Check this video clip out to see what I mean:

So which one is it? Is IoT an exciting innovation or a trend to be feared?

LEARNING FROM HISTORY: Can we possibly secure the IoT if we can’t even secure the current Internet?

Before we address that question, I’d to look back at security lessons from the past two decades. Let me start with a comment I left regarding a PC Magazine article on IoT back in December 2013:

I’m always amazed at how history keeps repeating itself in the world of computer security. Think back: operating systems, apps, smartphones, cloud com-puting and more — released with known vulnerabilities.

More than a decade ago, Microsoft (and other leading high-tech companies) declared that security will be job No. 1, and yet industry continues to release new products and “complete” services without adequate security protections.

Why? The rush to market. Because it pays off in the short term. And because consumers like to buy the latest “cool thing” without a second thought. No doubt, doing the right thing is harder and can slow things down — but no one ever uses that argument when considering good brakes in a car.

Here’s a prediction for you: Someone will write “an insightful article” for Wired magazine three years from now about how

“I’m always amazed at how history keeps repeating itself in the world of computer security.”DAN LOHRMANNCHIEF STRATEGIST AND CSO, SECURITY MENTOR, INC.

https://www.youtube.com/watch?v=7E1WsdODxu0

PREVIEW 19CYBER SENTINELS

The foundationsof good security are the layers of technological and procedural controls which make up an organisation’s Information

Security Management System (ISMS). This willinclude: malware defences, account management, vulnerability management, security awareness, etc. Thesecontrols are described in industry standards such as SANS, which form the basis of Audit and Certification.

There are two common limitations of such frameworks:

1. The focus is on protecting assets which are enclosedwithin the perimeter of the organisation.

2. Modern day cyber attacks are designedto evade established safeguards

THE CHALLENGE FOR INFORMATION SECURITY OFFICERS In days gone by, the information security officer may have had the privilege of creat-ing Policies to prohibit Bring Your Own Devices (BYOD) or cloud storage of busi-ness data. Nowadays, executives expect that they and their employees have access to business data from anywhere on any device. Furthermore, business partners need to be more closely integrated into information workflows. The job of the security officer is to make this happen, whilst ensuring the benefits of such inno-vations are not outweighed by increased security risk.

The result is our data is more widespread and is stored on devices that are not under our direct control. This trend represents an enlarged attack surface, i.e.the point of attack available to a threat agent.

A second challenge is the nature of a modern day cyber-attack. Many organi-sations fall victim to targeted exploits which make use of valid credentials and bespoke malware. This enables a threat actor to mimic the actions of legitimate users,harvest passwords and exfiltrate data.

THE STATE OF ENTERPRISE

SECURITY AND VARIOUS TRENDS IN THE

MARKETIncreasing dependency on ICT has made cyber threats as one of the major security

concerns. Vast operations of heavy industries in the Middle East such as oil and energy and

financial agencies are affected.

will circumvent established security safeguards, then more emphasis must be placed on detective and response controls. The security industry has responded with a large armoury of data centric and event monitoring technologies which help the good guys detect suspicious activity. Data Loss Prevention (DLP) is one such tech-nology. DLP can be configured to monitor the movement of data records which have been identified as sensitive. For example, if a user e-mails a strategic marketing plan outside of the organisation, this action will be captured and an event log generated (it can also be prevented).

Data-centric security focuses on pro-tecting the data rather than the network where the data lives. This strengthens our defences against APT’s and insider misuse, but still leaves us somewhat exposed at some areas of the data lifecycle. Attempt-ing to keep sensitive data inside a secure perimeter is unrealistic, and there will be some areas of the attack surface we cannot control. However, the range of safeguards at our disposal includes technology, process and people. The strength of the human factor as a security control is often underplayed. Who better to detect suspi-cious behaviour than the custodians of the data?Engaging the workforce as pro-active security monitors requires effort beyond security awareness training as it needs to become part of the organisational culture. A full discussion of this more holistic approach to information risk is beyond the scope of this article.

CONCLUSIONEffective information security requires an understanding of modern-day cyber-attacks and an awareness of the expand-ing attack surface. It is not possible to protect everything against all potential threats. Security Officers must take a risk based approach to ensure the most valu-able assets are protected against the most likely threats. An effective cyber-defence will cover the full data lifecycle and utilise technological, procedural and human safeguards.

Such attacks are more commonly referred to as Advanced Persistent Threats (APT’s); the perpetrators are skilful, work in teams and are willing to invest time and effort for

a strategic reward. The aim may be the theft of trade secrets, financial fraud or to inflict damage on the company’s reputation.Furthermore, APT’s are often difficult to detect. The Verizon Data Breach Investiga-tions Report (DBIR) of 2014 provides a rich analysis of breaches over the last ten years, andone finding of particularly concern,is the gap between the time-to-compromise and time-to-discover. According to this report, in most cases the bad guys need hours to compromise a system (more than 75% of the cases) whereas the good guys need weeks to detect a breach (only about 25% of the breaches are detected in days or less).

OUR RESPONSEIf we make the assumption that APT’s

Steve is Director of Information Risk Management for GlaxoSmithKline. His computing career spans twenty five years and has progressed from Software Engineer to Project Manager to Risk Management Director. He has worked in information security for the last fifteen years and leads a global team of risk management professionals.

STEVE WILLIAMSONMBA, CEng MBCS, CISA, CRISC

PREVIEW20CYBER SENTINELS

At the forefront of the modern mobile economy

The United Arab Emirates and Qatar are experiencing the highest levels of smartphone penetration in the world and are even ahead of the USA

and Canada.Over 70% of smartphone users are

below 34 years old. They tend to be techni-cally savvy and stay more connected and they expect to use their mobile devices to interact with Governments, banks, service providers and to make purchases online. They are also keen to bring their own devices at work.

Therefore it is clear that embracing mobility is a necessary step for any organi-zation wishing to reinvent its business and reach and increase employee productivity.

Having worked in software with IBM for over 16 years, John Banks brings along extensive industry expertise matured in over 40 countries. He possesses the in-depth understanding required to successfully drive software business development in the Gulf region.

ENTERPRISE MOBILITY

In this region we have seen Govern-ments leading the adoption of mobility with projects like Dubai mGovernment aiming to change the G2C relationship with the model switching from people reaching out to the government tothe Government reaching out to the people through their smartphones.

In the same way private banks are rede-fining the way they serve their customers through mobility: Universities are getting students and educators connected round-the-clock to access learning materials and other relevant information while improv-ing services and reducing costs.

However adopting mobility is more challenging than than it might seem and adding a new consumer channel is not just

a matter of developing an application.Mobile application development is

gradually becoming more “enterprise.” Smarter organizations now treat mobile application development on a par with enterprise application development; as a result, there has been a considerable impact on middleware approaches, cloud-based deployment, and development tools.

Given the significant opportunities posed by mobile technologies, what should companies consider when adopting mobility?l Business needs to have an integrated

enterprise-wide approach to mobility adoption and avoid the mistake of siloing operations to take best advantage of mobil-

ity at a corporate level. l Starting from the first application, IT

needs to put in place all the needed build-ing blocks to address the broad challenges of implementation. This is from develop-ment to management, from integration to security, from embedded sensors to analytics.l Due to limited mobile technology

skills and resources, organizations need a close partnership with vendor and system integrators that can offer an end to end solution.

As the region’s number one provider of IT solutions, GBM successfully works with many organizations across the region to help them provide services; anytime, any-where and in a secure way.

70%SMARTPHONE USERS

ARE BELOW 34 YEARS OLD AND THEY ARE KEEN TO

BRING THEIR OWN DEVICES AT WORK

Having worked in software with IBM for over 16 years, John Banks brings along extensive industry expertise matured in over 40 countries. He pos-sesses the in-depth understanding required to successfully drive software business development in the Gulf region.

John Banks has over 30 years of ICT industry and management experience. He has worked in the outsourcing and software divisions of IBM in Australia/New Zealand and Asia Pacific regions. During his time at IBM, he lead teams such as IBM’s Security, Industry, Portal Solutions and was responsible for closing very large deals and achiev-ing significant market development milestones.

Prior to joining GBM, John has served on industry bodies such as the Australian Computer Society and consulted to companies on tourism, marketing and business development. He holds a Bachelor of Business with Marketing, Computer Science and International Marketing as sub majors from the University of Technology in Sydney, Australia.

John is currently the GBM, Director of Software. In this role, John is responsible for all aspects of growth and development of the Software portfolio throughout the GBM territory.

JOHN BANKS, DIRECTOR OF SOFT-WARE, GULF BUSINESS MACHINES

PREVIEW 21CYBER SENTINELS

Enterprise Mobility will be in Great Demand

WHAT IS YOUR PER-CEPTION ABOUT THE CHANGING DYNAMICS OF ENTERPRISE MOBILITY? Just recently, we have seen tremendous proliferation of wireless networks into hitherto inaccessible areas paving the way for full-fledged remote connectivity. In tandem, Mobile devices have become more powerful. This means workers can now roam across multiple networks, use various connection types while they hook up to the enterprise. This brings in newer challenges as the networks that support such connectivity are outside ‘agents’ and each of them use different protocols, ver-sions, software, standards and connection speeds. An enterprise has to be prepared to offer seamless connectivity to its remote workers by ensuring timely upgrades, fault finding and resolution in order to provide for a certain quality of user experience that one sees in a wired network. Enterprise Mobility also has to deal with additional

Enterprise Mobility also has to deal with additional issues such as security, data leakage, enterprise espionage and impersonation apart from technical issues. Ashok Kumar, Chief of Business Development, EMEA & SAARC, Talariax makes some points about their solutions. Excerpts

ENTERPRISE MOBILITY

“sendQuick and sQoope together offer unmatched message delivery capabilities to aid Enterprise Mobility.”ASHOK KUMARCHIEF OF BUSINESS DEVELOPMENT, EMEA & SAARC, TALARIAX

issues such as security, data leakage, enter-prise espionage and impersonation apart from technical issues cited above. And yet, Enterprise Mobility is here to stay. Reduc-ing time to respond and flexibility to oper-ate from anywhere are key elements that will distinguish an enterprise from that of its competitor in a fast paced world. Prod-ucts that aid aspects of Enterprise Mobility will be in great demand as more and more companies facilitate remote access.

HOW DOES TALARIAX HELP TO THE WHOLE CONCEPT OF MOBILITY? Well, TalariaX has been supporting the cause of Enterprise Mobility from the very beginning. We have a range of self-sufficient appliances that are tar-geted at niche applications such as Alert Notifications, Enterprise Messaging, Third Party Application Integration, 2 Factor Authentication and Network Monitoring. When other solutions tend to become complex in its n-tier architec-ture, the sendQuick portfolio leverages SMS and email for message delivery. sendQuick also supports a wide variety of protocols and interoperability with industry veterans making for easy adop-tion in a heterogeneous mix of platforms. Since SMS is an out-of-band service, 2FA via SMS-OTP enhances security of remote access.

WHAT NEW SOLUTIONS ARE YOU SHOWCASING THIS YEAR’S EXPO?sQoope, a new messaging and collabora-tion platform. sQoope allows local and remote users to communicate over the internet to hand-held smart phones to share text, voice and video in a highly secure and close knit environment with the sQoope server located at the corporate office. It is the next generation in enterprise mobility offerings from TalariaX.

HOW ARE THEY SUPERIOR IN PERFORMANCE COM-PARED TO THE PREVIOUS VERSIONS?sQoope complements sendQuick in that messages emanating from sendQuick may be sent via sQoope. sQoope enhances message delivery capabilities of sendQuick from SMS and Email which we were offer-ing up until now - to an Internet based secure collaboration platform. It’s a quan-tum leap.

HOW DO THESE OFFER COMPETITIVE ADVAN-TAGE TO THE CUSTOMERS OVER THE COMPETITION PLATFORM?sendQuick and sQoope together offer unmatched message delivery capabilities to aid Enterprise Mobility. TalariaX contin-ues to innovate in the Enterprise Mobility space.

HOW ARE MAJOR CLIENTS USING TALARIAX SOLU-TION IN THE REGION?Clients use TalariaXsendQuick appliances to aid them in Alert Notifications, Enter-prise Messaging, Third Party Application Integration, 2 Factor Authentication and Network Monitoring.

WHAT KIND OF BENEFITS ARE THEY GETTING OUT OF IMPLEMENTING YOUR SOLUTION?In a nutshell our solutions helps save time, improve workforce effectiveness and effi-ciency. Other benefits include enhanced remote access security, ensure minimum downtime and facilitate enterprise mobility.

WHAT IS YOUR PLAN FOR 2015? Build a team of dedicated downstream partners across the region that can market, sell and support our products. We have already established a distribution base and need to recruit more players that will actively engage our target audience. Being a sector agnostic offering, we have identified 50+ sectors where our products may be deployed. We have to ensure that reach by recruiting players that have the experience of pitching solutions to them. In order to get to right partners, we are exploring sev-eral GTM initiatives and branding vehicles that will ensure brand visibility, portfolio exposure and channel adoption. 2015 will be a year of market consolidation.

PREVIEW22CYBER SENTINELS

Cyber Threat Evolution and Prospects of Cyber Security Industry

Digital revolution has provided unprecedented opportunities for nations to utilize Information and Communications

Technology (ICT) to spur innovation and wealth creation. The Middle East nations have invested in ICT infrastructure to improve their functions and delivery of critical services. ICT has transformed the region, in turn leading to wealth creation. The region has already known as a global hub for oil and gas services, and with ICT, it is attracting investments that will shift the region to both high value-added ICT and cyber security industries.

EVOLVING CYBER THREATS Today’s cyber threats are often in the forms of Advanced Persistent Threats (APT) car-ried out using a combination of technical sophistication, excellent coordination, and exploitation. Among the favorites targets include critical sectors or specific targets that will result in high impacts on security, prosperity and public safety. Industrial espionage is on the rise with the growth of critical infrastructure and the trend of Internet of Things. The world has witnessed the sophistication of malware such as Stuxnet, Duqu and Flame that pro-vides an insight into the future state of the ever-changing cyber threat landscape. The Middle East region cannot forget Sham-oon, spyware with a destructive module that caused huge impacts namely on its oil and gas companies.

CYBER SECURITY INDUSTRY Evolving cyber threats create good pros-pects for the growth of cyber security industry. The global cyber-security market has grown steadily to reflect the rapidly changing cyber threat environment.

Increasing dependency on ICT has made cyber threats as one of the major security concerns. Remote and geographically vast operations of heavy industries in the Middle East such as oil and energy, and financial sectors are highly dependent on ICT, which in turn magnify its vulnerabilities to cyber attacks.

SECURITY

“Cyber security is a great global concern due to nations’ increased dependency on cyberspace. In the case of Middle East, incapacity of any of critical infrastructure would cause a chain reaction that can lead to a devastating impact on the region”DR AMIRUDIN ABDUL WAHABCHIEF EXECUTIVE OFFICERCYBERSECURITY MALAYSIA, MINISTRY OF SCIENCE, TECHNOLOGY AND INNOVATION

Global Industry Analysts estimated that the cyber security industry is worth of $80 billion (£51.3 billion) by 2017. Visiongain had estimated around $60 billion (£38.5 billion) for the 2012 market, and the lim-ited cyber-warfare sector at $15.9 billion. The cyber security markets in Asia Pacific excluding Japan (APEJ) is expected to grow at an annual rate of 11.66 percent and to reach US$5.79 billion by 2017, according to IDC’s recent research. In 2011, cyber security spending of Middles East and Africa was 4% from the global market came after North America (38%), West-ern Europe (27%) and Asia Pacific (26%). However, the Texas-based global consult-ing firm MarketsandMarkets, recently estimated that that the Middle East cyber security market would grow from the cur-rent figure of around $ 5.2 billion to reach

$ 9.5 billion by 2019, with Saudi Arabia expected to be the largest market in terms of spending on products and services.

ENHANCING GLOBAL COL-LABORATIVE EFFORTSRecognizing cyber threats as trans-border issues, there are several organizations that Middle East nations can engage with to strengthen their domestic cyber security. Amongst them include the Organization of Islamic Cooperation - Computer Emer-gency Response Team (OIC CERT) and the Asia Pacific - Computer Emergency Response Team (APCERT). In this regard, Malaysia is the co-founder and currently, the Permanent Secretariat of the OIC-CERT. Malaysia is also the co-founder and the member of the APCERT steering committee since 2003. Current global

collaborative efforts taken by Malaysia are to promote the global common secu-rity interests that can be shared with the Middle East nations.

Cyber security is a great global concern due to nations’ increased dependency on cyberspace. In the case of Middle East, incapacity of any of critical infrastructure would cause a chain reaction that can lead to a devastating impact on the region. However, evolving cyber threats and vul-nerabilities that add a new element of risks to national security also give opportunities to the growth of cyber security industry. It is foreseen that the fast growing ICT infra-structure will potentially turn the Middle East region into the hubs of added-value services, high technology and cyber secu-rity industries in turn leading to wealth creation.

PREVIEW 23CYBER SENTINELS

The Holy Spirit University of Kaslik Secures its Campus Network with Fortinet8,000 students, 1,300 instructors and 400 employees now protected from web-based attacks

SECURITY

“We are glad that USEK entrusted Triple C for its security expertise and outstanding technical support and Fortinet security solutions to solving the problems they had with the existing solution.”JACQUES RAHMOUCH, VP OF BUSINESS DEVELOPMENT AT TRIPLE C

With the prolifera-tion of the univer-sity’s students and faculty staff use of personal

mobile devices (BYOD), such as tablets, smartphones and laptops via the univer-sity’s wireless network, it became crucial to implement a solid security strategy to enforce both wired and wireless access and use policies to both internal and external resources to prevent possible security threats without compromising the user experience. USEK were seeking a UTM solution/ NGFW that contains rich features like IPS, Application control, Bandwidth management, Web-content filtering and VPN with the ability to create, deploy and manage security profiles in a very efficient and simple way.In May 2014, the university decided to replace its exist-ing Cisco, Tipping Point and Blue Coat security solutions with a single provider in order to standardize our network security and simplify the management of its secu-rity appliances.

“We previously relied on solutions from different vendors to protect our network and applications, moreover with Fortinet’sFortiGate™ platform, we have broad security features within a single appliance. Only FortiGate had all the security and authentication features that match our specific requirements without compromising security and performance. During our various tests, Fortinet’s solu-tions proved to be technically superior to competing solutions both in terms of performance and reliability,” said Ziad Eid, IT Director and CIO at the Holy Spirit University of Kaslik.

TECHNOLOGY AND SOLUTIONS:USEK conducted an analysis of IT security

querying access permissions from third party systems and communicating this information to the FortiGate devices for identity-based policies enforcement. Now a user will benefit from the same security profile applied whether using a desktop or using any mobile device.

Finally, the Forti Analyzer-1000C, Fortinet’s logging and reporting appli-ance, securely collects and centralizes daily logs of FortiGate devices and allows the creation of reports and statistics for complete visibility of the network secu-rity posture and network traffic analysis. Thanks to FortiAnalyzer, the reports generated help USEK in improving its services and optimizing our security profiles.

BENEFITS:l All applications have been identified and their usage is being controlled efficientlyl UTM policies are being applied to

both wired and wireless users.l Maximum productivity with fair‐use

enforcement.l Identity‐driven policies without com-

plexity of deployment.l Improving ROI and significantly low-

ering TCO (Total cost of Ownership). “Very soon we will implement Forti-

Gate-300C at our biggest branch in the Zahle area. We have acquired a good level of technical know-how and are capable of deploying and managing our Fortinet appliances. This success has motivated the IT team to have more Fortinet implemen-tations at branches and remote faculties as well,” explains Abdo Karaki, Head of Network and Security Division at the Holy Spirit University of Kaslik.

PARTNER IN THE PROJECT:Fortinet’s Gold partner Triple C carried out the implemention.

solutions and Fortinet was identified as the only vendor offering the best security solution in terms of features, performance, simplicity and reliability. The institution then implemented Fortinet’sFortiGate Next-Generation Firewall (NGFW), FortiAuthenticator™ user identity manage-ment, and FortiAnalyzer™ for network security logging, analysis and reporting. Fortinet’s appliances were chosen for their high-level of performance, broad range of security features and ease of deployment and management.

The implementation of two FortiGate-800C next generation firewall appliances, two FortiAuthenticator-1000D and one FortiAnalyzer-1000C was completed in May 2014 by Fortinet’s partner, Triple C, to deliver the following integrated features : IPS, application control, web-content fil-tering, SSL and IPSec VPNs, with the abil-ity to create, deploy and manage security profiles in a simple and efficient way. The migration from the previous Cisco fire-walls to Fortinet was smooth and seamless, while a unique approach integrating with the existing wireless controllers, USEK were able to receive accounting messages related to 802.1x wireless authenticated users through the Forti-Authenticator device.

User identity and access security was strengthened using the FortiAuthenti-cator-1000D Single Sign On (SSO), to manage and enforce the unique user’s security profile for both wired and wire-less access. The big advantage of Fortinet over all the competition is the ability to do seamless authentication with Active Directory. It enables user identity based security without impeding the user or generating work for network administra-tors. Built on the foundations of Fortinet Single Sign-On, the FortiAuthenticator is the network’s gatekeeper, identifying users,

PREVIEW24CYBER SENTINELS

Automate the Resetting of Windows Passwords

Managing and protect-ing passwords has become a high profile concern due to many recent password

attacks on the Internet and within corpo-rations. We were all affected by one of the recent account and password compromises with Heartbleed, ICloud, Yahoo, Google, Twitter, Sony, and US Postal Service. When accounts are compromised, it is essential for users to change their passwords to pro-tect the continued access to the account.

Compromised accounts are however, just one of the issues that computer users are concerned about. User account pass-words within corporations can also be a burden due to the requirements on pass-word length, complexity, and reset interval. When these requirements are too strin-gent, users are left with limited options. Users feel they either need to write their passwords down or try to remember them, knowing they will forget them most of the time. Given these common and consistent password issues, it is time to consider more secure, more efficient, and more cost-effec-tive solutions for resetting Windows-based passwords.

PASSWORDS PROVIDE ACCESSAll corporate employees who use a com-puter are familiar with the requirement of inputting a username and password in order to access their computers. Whether the computer is a desktop or laptop, input-ting a correct username and password is the only means by which the employee can access the computer.

Within a corporate, Windows-based network, the username and password pro-vide access beyond just the computer itself. The user account credentials are required to gain access to network resources such as data, applications, email, the intranet, and even an avenue to the Internet.

The password is the most important aspect of the user account credentials, as

All corporate employees who use a computer are familiar with the requirement of inputting a username and password in order to access their computers.......

SECURITY

too frequently, forcing them to come up with a method to remember all of them. As a result, employees will come up with resourceful approaches to remember their passwords, including:n Using the same password for the

various computing systems and environ-ments. This might include Windows, Unix, SQL, email, social media, and online banking. n Writing their passwords down in

a secure, or sometimes far less secure, location.n Sharing their passwords with a col-

league for access to resources while on vacation, at a conference or training semi-nar, or at lunch.

Since passwords provide a security bar-rier, those approaches pose a threat to the underlying control that the password pro-vides to the Windows environment. Many of the attacks and hacks on Windows net-works today rely on the fact that users will incorrectly manage and construct their passwords, making the attacks easy and highly likely.

EVERYONE FORGETS PASSWORDSEven when employees implement

Most organizations put a variety of password requirements in place for all user accounts. These requirements typically include the following parameters:n Password history – This forces users

to use unique, successive passwords. A typical corporation will require 24 unique passwords before a password can be recycled. n Maximum password age – This

forces users to change their passwords after the maximum age is reached. A typical age for a password is between 60 and 90 days. n Minimum password length – This

forces users to have at least “X” characters in their passwords. A typical minimum number of characters for a password is 7. n Password complexity – This forces

users to include different character types in their passwords. Four different types of characters can be in a password: uppercase letters (A), lowercase letters (a), numbers (1), and special characters (!). Password complexity typically requires users to include at least 3 of the 4 character types.

When looking at the typical password requirements for a corporation, it is no wonder employees complain about the password restrictions. Employees often complain they have to change passwords

the username for nearly every employee is known due to the obvious naming convention. When all user accounts use a username with the format firstname.lastname, it is simple for someone to know every username for every employee. This leaves the password as the security bar-rier between a computer hacker and the resource.

If the password is forgotten, the access to the network resources is denied because the employee is unable to log on to the computer. On the flip side, if the password is long, strong, and hard for a computer hacker to obtain, the network resources are better protected.

THE NEED FOR PASSWORDS The password is clearly a critical aspect of the Windows security model and infra-structure. Without a password, a computer hacker would only need to know the user-name to access the Windows environment. As a result, corporations are effectively forced to put restrictions on the password to make them hard to hack because pass-words are the key to securing the Win-dows environment and related network resources, .

PREVIEW 25CYBER SENTINELS

“Every organization must implement solid password requirements to protect network resources. As a result, every organization must deal with users forgetting passwords. The consequences for users forgetting passwords are significant.” DEREK MELBERTECHNICAL EVANGELIST - AD SOLUTIONS, MANAGEENGINE

A direct consequence of the stress put on the helpdesk is additional time lost and increased cost for IT. When there is stress on the help desk due to resetting passwords, more pressing and important tasks are not addressed as quickly. Even for a small organization with a few hundred employees and a handful of admins, the cost of a single password reset could cost up to $70 per call, according to widely-cited Forrester Research.

REDUCING COST OF FOR-GOTTEN PASSWORDSA simple way to reduce the cost associated with users forgetting their passwords is to implement an automated, self-service solution to allow users to reset their own passwords. This will enable users to reset their own passwords, relieving the help desk. Implementing this small solution will improve the productivity of your users, as well as the helpdesk team.

Moving this password reset process into your corporation for Windows Active Directory will be a seamless transition for your employees. Nearly every employee has at least one account on the Internet, so the overwhelming majority of your users will be comfortable with using answers to

personal questions as method of resetting their passwords.

Another benefit of using a self-service password reset solution is increased security. If the help desk can reset user passwords, a help desk admin could reset a user account to gain access to network resources that would otherwise be unavail-able to that admin.

When considering the overall cost for someone on the help desk to reset pass-words, the cost per call goes up as the number of overall calls increases. After all, the help desk can only handle so many calls. If the call volume increases, the time to handle each call increases, forcing the user to lose more productivity time. As noted above, if the helpdesk call volume increases due to password resets, it also means that other key issues are not being handled as quickly either, causing delays for these issues as well. So, as the number of password reset calls increases, all costs increase. However, if you implement an automated solution so that users can reset their own passwords, the number of password reset incidences will reduce the total cost of ownership of implementing the solution. This is due to the fact that an automated solution can handle any

number of password reset requests at one time. There is no limitation on how many users can reset their passwords at one time, or over time.

SUMMARYEvery organization must implement solid password requirements to protect network resources. As a result, every organization must deal with users forgetting passwords. The consequences for users forgetting passwords are significant. These conse-quences include lost productivity, slower response times for key issues to the help desk, and increased cost for help desk sup-port. Increased support call times due to high percentages of password reset calls to the help desk can cause significant issues for your entire organization. Also, with the cost of a single password reset call close to $70, there needs to be an investigation into how to reduce this number, if not eliminate it all together.

A simple and easy-to-implement solu-tion is to allow users to reset their own passwords. Nearly all employees are already familiar with this solution on the Internet, so there will be very little, if any, need for training users on how to perform this task on their own. The help desk will be more productive, total cost of resetting passwords will drop dramatically, and users will be more productive and receive better response time for other issues that arise. It makes so much sense to allow users to reset their own passwords on the Internet, why haven’t we done it in Active Directory?

methods to remember their password, passwords are forgotten. It is hard to believe, but even when employees write passwords down they seem to forget them periodically.

Passwords are forgotten for a wide variety of reasons. First off, our brain can only remember so much information. In some cases our brain is a first in, first out machine. So, if we are to remember something new, we must forget something we already know. Or at least this is what it seems like with many employees and their password. Second, many employees are forced to have a multitude of passwords. Ideally each password needs to be unique, so that a hacker can’t access all systems with just one password being compromised. With so many passwords, it can be diffi-cult to keep track of them all or keep each password in line with each system. Finally, employees go on vacation or holiday and seem to always forget their password upon return.

CONSEQUENCES FOR FORGOTTEN PASSWORDSOften times, efforts to making passwords more secure can backfire. Although pass-words in your organization might be more secure today than yesterday, users forget their password more often due to a more secure password. When employees forget passwords, there are distinct consequences for the organization.

One consequence is loss of productiv-ity by the user. When a user forgets the password, the initial instinct is to try and remember the password from the myriad of passwords for the different systems. These attempts would also include sifting through the long list of previous passwords in an attempt to remember the current password. During this time, the employee is not able to get into their computer, and thus no work is being accomplished.

Another consequence of forgotten pass-words is the stress it puts on the help desk. If the user is unable to remember his or her password, or too many incorrect pass-words are input causing the user account to be locked out, the user must call the help desk for assistance. The help desk is designed to handle user-related computer issues, so productivity can be kept at a high level.

In 2013 survey for RSA, SANS Insti-tute found that password reset requests were the second-most common call made to help desks. On a related note, SANS researchers found that 65 percent of their survey respondents were addressing those calls manually, with live agents, rather with an automated, self-service solution.

PREVIEW26CYBER SENTINELS

Conference AgendaSUNDAY 26 APRIL 2015

9.00 Registration and welcome coffee

9.30 Chairman’s Welcome address

DISRUPTIVE INNOVATION IN ENTERPRISE MOBILITY

10.00 - 10.30 TRAILBLAZER

Why ideation is critical to your enterprise mobility strategy?

Annosh Thakkar, Vice President, Business, & IT Transformation, Philips Netherlands

10.30 - 11.00 TRAILBLAZER

Opportunity, efficiency and engagement: developing a futuristic enterprise mobility strategy

Bill Douglas, Head of Mobility, Royal Bank of Scotland, UK

11.00 - 11.10 EXHIBITION OPENING CEREMONY

11.10 - 11.40 MORNING TEA AND COFFEE

11.40 - 12.10 KEYNOTE ADDRESS

Enterprise mobility at the forefront of the modern mobile economy

John Banks, Director of Software, Gulf Business Machines

TRANSFORMING YOUR MOBILITY STRATEGY

12.10 - 12.40 KEYNOTE ADDRESS

Taking control with a holistic security strategy

Senior Executive, Citrix

SECURITY

12.40 - 13.10 INTERVIEW

Application economy and the impact of IoT on your mobility strategy

Sameer S Poonja, Head of Digital Technologies, Emirates Group IT

13.10 - 13.40 KEYNOTE ADDRESS

Stay Focused! The device is one thing, but managing information is everything

Eng. Muhammad Said, Managing Director, Asyad Capital for Technology Services

13.40 - 14.50 Networking Lunch

14.50 - 15.30 IDEA SWAP

Core tenets of successful enterprise mobility

Jean-Pierre Mondalek, General Manager UAE, UBERSamir Khan, Regional Information Technology Head, African + EasternAdrian Davis, Managing Director EMEA, ISC2Jonas Zelba, Senior Research Analyst, ICT, Middle East and North Africa, Frost & Sullivan

RISK VS. RETURN

15.30 - 16.00 How eliminating mobility silos will reduce risk and optimize service deliveryWalter Wehner, Director of IT Network and Infrastructure, Atlantis, The Palm

16.00 - 16.30 AFTERNOON TEA

16.30 - 17.00 Why building an enterprise application suite is worth the workArun Tewary, Vice President (IT) & CIO, Emirates Flight Catering

17.00 CLOSING REMARKS from the chair

PREVIEW 27CYBER SENTINELS

Conference AgendaSUNDAY 26 APRIL 2015

10.00 - 10.10 Chairman’s Welcome address

INTEGRATING SAFE CITY INTO SMART CITY STRATEGY

10.10 - 10.40 TRAILBLAZER

The journey from a smart city to safe city: strategic plan, projects, and technologies

Bassam AlMaharmeh, MSEE, Chief Information Security Officer, Ministry of Defence, Jordan

10.40 - 11.10 TRAILBLAZER

Staying ahead of emerging information security threats

Dr. Amirudin Abdul Wahab, Chief Executive Officer, Cybersecurity Malaysia, Ministry of Science, Technology and Innovation

11.10 - 11.40 MORNING TEA AND COFFEE

CYBER SECURITY AND RESILIENCE

11.40 - 12.10 Providing a safe and secure environment for future cities through smart technologies

Colonel Khalid Nasser Alrazooqi, General Director of Smart Services Department, Dubai Police GHQ

12.10 - 12.40 KEYNOTE ADDRESS

Addressing cyber security and network challenges in creating a safe city

Reserved for sponsor

SECURE INFRASTRUCTURE

12.40 - 13.10 Developing a framework for improving critical infrastructure cybersecurity

Donna Dodson, Chief CybersecurityAdvisor, National Institute ofStandards and Training, USDepartment of Commerce

13.10 - 14.10 Networking Lunch

14.10 - 14.40 Addressing cyber security and network challenges in creating a safe city

Joan Manel Gómez, Head of IT Security,Barcelona City Council

NEXT GEN SECURITY

14.40 - 15.10 IDEA SWAP

What new technologies and innovative tools can be embraced for ensuring city security?

Shadi Khoja, Director of Strategy, Dubai Smart City.Dr. Amirudin Abdul Wahab, Chief ExecutiveOfficer, Cybersecurity Malaysia, Ministry ofScience, Technology and Innovation

15.10 CLOSING REMARKS from the chair and close of briefing day

PREVIEW28CYBER SENTINELS

Conference AgendaDAY ONE, MONDAY 27 APRIL 2015

10.00 Chairman’s welcome address

CYBER SECURITY MEGATRENDS CISOs CAN’T IGNORE

10.10 - 10.20 WELCOME ADDRESSFarid Farouq, Vice President IT, Dubai World Trade Centre

10.20 - 10.40 TRAILBLAZER

CISO 2020: Are you ready to be the guardian of your state?

Dan Lohrmann, ex CSO, State of Michigan, US, Chief Strategist & CSO -Security Mentor

10.50 - 11.20 TRAILBLAZER

No place to hide: Unmasking the risks and threats lurking in our cyber streets

Steve Williamson, Director IT Risk Management, GlaxoSmithhKline, UK

11.20 - 11.50 MORNING COFFEE

NEXT GEN THREATS AND VULNERABILITIES

11.50 - 12.35 KEYNOTE ADDRESS

The threat landscape and future of hacking

Les Anderson, Vice Presidnet of Cyber BT, UAE

12.35 - 13.20 KEYNOTE ADDRESS

Privacy Dilemma

Hani Nofal, Executive Director INS, GBM, UAE

13.20 - 14.30 Networking Lunch

ART AND SCIENCE OF ENTERPRISE SECURITY

14.30 - 15.00 IDEA SWAP

Before the Breach – actions to protect your data from attacks!

Manal Masoud, Principal Consultant, Paramount Computer System, UAEAmit Bhatia, Head of Information Security Governance, Oman Insurance CompanyJonas Zelba, Senior Research Analyst, Information and Communication Technologies Practice, MENA, Frost & SullivanHadi Jaafarawi, Managing Director Middle East, Qualys Inc, UAENader Baghdadi, Regional Enterprise Director South Gulf & Pakistan, Fortinet

15.00 - 15.30 IDEA SWAP

Protection from within - learnings from the Snowden affair

Ahmed Baig, Senior Director – Corporate Strategy, Risk & Excellence, Smartworld - A Dubai Government Entity, UAENick Pollard, Senior Director Professional Services, EMEA & APAC, Guidnace Software Inc, UAE

15.30 - 16.00 AFTERNOON TEA

16.00 - 17.00 TRAINING SESSION

Hands-on-Session: How do you build a vigilint security culture in your organisation?

Dan Lohrmann, ex CSO State of Michigan, US

17.00 CLOSING REMARKS from the chair and close of conference day

17.30 I.T. Security AWARDS Ceremony

PREVIEW 29CYBER SENTINELS

DAY TWO, TUESDAY 28 APRIL 2015

10.00 Chairman’s welcome address

SCHNEIER ON SECURITY

10.10 - 10.40 TRAILBLAZER

Reactions and learnings from the Sony Hack

Bruce Schneier, Fellow, Berkman Center for Internet and Society, Harvard Law School, US

INTELLIGENCE DRIVEN SECURITY AND RISK MANAGEMENT

10.40 - 11.10 KEYNOTE ADDRESS

What do we need to make IoT security a reality?

Phillipe Roggeband, Business Development Manager, Cisco Security Architecture

11.10 - 11.40 KEYNOTE ADDRESS

The Defenders Advantage

Peter Clay, CISO, Invotas

11.40 - 12.10 KEYNOTE ADDRESS

Revealing the quiet intruder – understanding techniques used in modern cyber attacks

Brian Tokuyoshi, Senior Solutions Analyst, Palo Alto Networks

12.10 - 12.40 MORNING COFFEE

NEXT GEN THREATS AND VULNERABILITIES

12.40 - 13.05 KEYNOTE ADDRESS

The enterprise impact of cyber risk through the shareholder lens

Kamran Ahsan, Senior Director of Security Services, Digital Services Business, Etisalat, UAE

13.10 - 13.40 KEYNOTE ADDRESS

Intelligent Security Operations Centre (I-SOC) - Framework

Firosh Ummer, MD EMEA, Paladion

13.40 - 14.30 Networking Lunch

INCIDENT RESPONSE

14.30 - 15.00 IDEA SWAP

The future of authentication amongst web services

Brett McDowell, Executive Director, FIDO AllianceMayank Upadhyay, Director of Engineering, GoogleDhruv Soi, Chair, OWASP India

15.00 - 15.30 IDEA SWAP

Protect, detect, respond: anatomy of an effective incident response plan

Mohammed Darwish Azad, Head of Group Information Security, Group IT - Emirates NBDRoshdi A. Osman, Deputy CISO, Banque Saudi FransiMayank Upadhyay, Director of Engineering, Google

15.30 - 16.00 IDEA SWAP

Active defence: how can data-centric protection increase security in cloud computing and virtualisation?

Dr. Jassim Haji, Director Information Technology, Gulf AirGeorge Yacoub, Acting Group CIO, SEHA

16.00 CLOSING REMARKS from the chair and close of the conference

PREVIEW30CYBER SENTINELS

Sponsors and Partners

GISEC

GEMECInsights Partner

Insights Partner

Alert Plus

ConeXa

Avera

Entera

TalariaX Pte Ltd76 Playfair Road, #08-01,LHK2 Building, Singapore 367996

Tel +65 6280 2881 Fax +65 6280 6882Email info@talariax.com Website www.talariax.comFacebook https://www.facebook.com/sendQuick

sendQuick® is the industry’s �rst appliance based SMS gateway for enterprise messaging. Implemented by clients in 30 countries; many being Fortune Global 500 companies from industries, including banking, �nance, insurance, manufacturing, retail,

government and healthcare. Enterprises depends on sendQuick® to send SMS (Text) for IT alerts, 2 factor authentication with SMS OTP, SMS marketing and emergency broadcasting as part of their business IT management. Our products are self su�cient Gateway Appliance for Enterprise Mobility (includes license free OS, application and API for unlimited devices and users). Fully scalable, Redundant, Fault Tolerant with Hardened Design.

© 2013 TalariaX Pte Ltd. All rights reserved. sendQuick® is a trademark or registered trademark of TalariaX Pte Ltd.

IT Alerts & Noti�cations Network Monitoring via SMS

2 Way SMS

Streamline Business Processes 2FA SMS OTP

Pre-emptive IT Alerts to reduce System Downtime

Active System Monitoring for Continuous Operability

SMS for Efficient Streamlining of Business Processes

2 Factor Authentication via SMS One Time Password

C

M

Y

CM

MY

CY

CMY

K

TalariaX - GISEC 2015 Advert.pdf 1 25-Feb-15 4:56:03 PM

DO MOREWhether you’re managing your business, or overseeing your com -pany’s IT, ESET’s security products are fast, easy to use, and deliver market-leading detection. We deliver the protection that allows you to DO MORE. Find out more at ESET.COM/ME/BUSINESS

WITH YOUR I.T. SECURED BY ESET

www.eset.com/me info@esetme.comTel +971 4 3754052 - Fax +971 4 4290967 -Dubai Internet City Bldg 2, Off 305 Dubai United Arab Emirates