FINAL WORD
The most successful attack vector right now is phishing , followed by credential theft and then human error .
However , within the UAE , there ’ s more of an external facing perspective . The first priority was addressing supplier risk and second was supporting remote working . Interestingly , KSA was different from most other global responses , because their top two were actually the lowest two for the rest of the world – 1 ) outsourcing security controls and 2 ) enabling business innovation .
Andrew Rose , Resident CISO , Proofpoint
theft attacks mean you really need to be able to identify those suspicious activities and understand the context of what ’ s happening so you can react appropriately .
How can CISOs instil confidence in their customers , stakeholders and the market , that the new environment – whether they ’ re completely remote or taking a hybrid approach – is workable indefinitely ?
For good or bad , we ’ re already in a remote work environment and I don ’ t think there ’ s any turning the clock back .
Looking at some of the data from the Middle East , two in three CISOs believe they are more vulnerable because they ’ ve moved to a largely remote working enterprise and 76 % say they ’ ve seen more attacks since this has happened . And that ’ s worse than the global position .
Globally , 58 % believe they ’ re more vulnerable and about 60 % saw more attacks so the Middle East is feeling the pain of remote working a little more than global organisations .
One key aspect is that it ’ s essential for CISOs to get good visibility on where data is residing . Because if you don ’ t know that , you can ’ t protect it . Then you have to think about how you can make sure that the identity that accesses the data is protected too , usually via multi-factor authentication ( MFA ).
But attackers are looking for ways to bypass MFA so we have to stay alert to that as well . Knowing where your data is and putting MFA in place is a good start .
What steps can organisations take to develop a strategy that addresses the ever-changing conditions and enables them to improve their security posture ?
There are layers of control you need to put in place but the first thing that CISOs really need to do in the current environment is to prepare to fail . You need to have the playbook ready to go for when something does happen to respond to those common threats .
Next , stop the firehose of threats – emails are where your users are being targeted so securing them should be a top priority . In line with this , make sure you ’ ve got a great security culture and security awareness in place .
You must also look at access management – make sure you minimise the access so that the ‘ blast radius ’ of any security breach by credential theft is minimised . By putting in place concepts like least privilege , and segregation of duties , you really are reducing the risk to the organisation .
Analyse behaviour and look for insider threats and stolen compromised credentials , ensuring you understand what ’ s going on inside your network , where the data is being moved to and from , analysing that behaviour and looking for those red flags and for scenarios that suggest a risk is happening .
And finally wrap all of that up with testing to make sure these controls are effective and that they ’ re being applied everywhere that they need to be . And if you put all of those in place , then you ’ ve gone a long way to making sure your organisation ’ s in a decent place . p
What are the top priorities for regional CISOs over the next few years and how does this compare to the global picture ?
The fact that CISOs don ’ t know where the next punch is coming from drives a great diversity in strategies as there is no one area to prioritise . Globally we are seeing a focus on core security controls , that is putting in place endpoint detection and response , patching perimeter devices and core elements which help across a broad range of security threats .
84 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com