Cyber threat intelligence has gained a lot of recognition over the last five years in the UAE. While some businesses have taken proactive measures by protecting sensitive data and training their employees in cybersecurity protocols, others in the country and the region are failing on their basic cyber protection strategies.
A total of 274 cyber attacks were reported in the first seven months of 2017 in the UAE, targeting both government and private entities, according to data released by the Telecommunications Regulations Authority. A survey conducted by Mimecast and Vanson-Bourne showed that although 69 percent of UAE respondents agreed on the importance of cyber threat intelligence, about 32 percent of businesses in the UAE are not even using a firewall gateway for basic information security.
“I know there’s a big debate about what the basics of security practice are, but I don’t think anybody would argue that having a firewall at your perimeter is something that you should not have. This is a bit of a scary number – that almost a third of people here do not have a firewall set up … However, if you look back five years ago, cyber threat intelligence was focused on the largest organizations in the world, the large financial services, the large government state actors. If you ask folks today, 75 percent have implemented some level of threat intelligence, and the other 25 percent are interested in doing it over the course of the next year. So it’s a monumental shift of folks saying, ‘I don’t really know what it is’, to saying, ‘I think I need to do it too’ …” said Marc French, Senior Vice President and Chief Trust Officer of Mimecast, one of the top email and data security companies.
Marc French, Chief Trust Officer of Mimecast, spoke to AMEinfo in an exclusive interview and shared his thoughts on major cyber risks for businesses, the impact of innovations on cybersecurity, artificial intelligence, machine learning and more!
Threats facing small businesses
Marc French: So I think the threat is one of resourcing, more than anything else. I think the perception is that you’re always going to have somebody coming after you – everybody recognizes that. However, what I’ve seen – from a threat actor perspective – is that everyone’s a target. This was not true before. But now, with the weaponization of ‘crimeware as a service’, it’s so much easier for them to go down the stack with respect to business weaponization. So what happens is, is that you’ve got all of these smaller businesses, which weren’t necessarily a target now becoming targets, while the really big organizations have gotten really hard to get into. Criminals are motivated by money – if they can do a bunch of small ones versus one big one, that will be just as good for them.
Proactive protection strategies
Marc French: I think intelligence is one of the things that’s a feeder into a proactive position. Lean on your vendors more than anything else to help you with that. If you think about email, as an example, I would say most people have an email environment, whether they’re hosting or are running it. Probably a quarter of them have no way to actually recognize the threats that are in their environment. That’s when you rely on someone like Mimecast to come in and say I have an intelligence team; I should be providing you that data to help you in your protective strategy.
Shortage of cyber-skilled professionals
Marc French: I think at the top, there’s still a shortage of security experts. You see it here in the Middle East; we see it in the States and in Europe as well. There’s just not enough folks coming in – and it is part of my job as a senior security leader to bring up that next generation. So I mentor about 40 high-school and college students to actually get them interested in security. And it’s beholden to us as security experts to make sure that we do that because the colleges aren’t going to do it for us.
Another good strategy to have, in my opinion, would be ‘force multiplication’. You’re never going to train everybody in your organization to be a security expert, but you should train everybody to have a certain amount of security awareness. So if you raise the bar up just a little bit, you’ll see the amount of potential breach drop. 100 percent of employees in an organization will tell you that they have done some kind of awareness training, but what we find is that a third or less actually do continuous training. That’s another the thing that Mimecast is bringing to the table – continuous awareness training.
Impact of artificial intelligence (AI) and machine learning (ML)
Marc French: I think it’s going to be absolutely critical to scale. There’s no way that you can have human intervention in intelligence generation anymore. I mean, most state-sponsored intelligence agencies use a combination of AI and ML, and that’s going to trickle down into the private sector. You need to have that machine learning to actually crunch the numbers. We do millions of emails; I don’t have millions of folks in my intelligence team looking at all the data. I need ML and AI and that infrastructure to do some of that base correlation. And then, for higher order, humans get involved to take a look at that and then re-adapt the algorithm to go forward.
There’s a lot of trepidation about letting the machine do the remediation. There’s a conversation going on about people losing jobs to AI and ML and it’s not unique to the U.S. It’s a conversation in the EU and it’s the same conversation here. I would tell you, that it is not really a true statement. There’s a security innovation landscape that’s looking for really smart people that are going to hire people right out of college, or right out of their apprenticeship program. So what I’ve seen in our area is that innovation is driving the next generation. There will always be higher order jobs that will need human intervention. Folks will need to learn new skills and move with innovation.
Apprenticeship is probably the best thing. Because that can come at any stage in life. Most people in the States do their degree in university right after they get out of secondary school, and then ever go back. I’m advocating for apprenticeship programs throughout your lifespan. We do that now with veterans that come out of the military; we do it for older adults that want career changes. If they have the aptitude, and the willingness to learn, I’m going to hire that person, because I can train them to do any one or number of jobs.
Impact of 5G
Marc French: 5G does raise concerns about the proliferation of your attack surface. 5G is going to allow for much more connectivity then you’ve ever seen in the past. It also takes the conversation to how much more connected the human is going to be with respect to that. So now 5G, when it comes to wearables, is an interesting conversation as well. Also, think about augmented reality in a 5G world, you can kind of do it. Think about an augmented reality situation where I need to find my way down to the World Trade Center in Dubai and I can see that virtually on my phone or through my glasses.
Now think about that, from a security perspective. So what if I could hijack the stream there and direct you to a place that you shouldn’t go. So there’s always an angle. The more connections I have, the more technology I’m going to introduce, the more likelihood for someone to actually monetize that from a crimeware perspective. If you look at 5G, it just opens up the opportunity to inject more kit into the environment, which means more real-time connections; which means that I’m going to have more access to data that I need to protect. So this goes back to the ML-AI perspective. Today, if you’re going to ask me if humans can do that work – they absolutely can’t do that work. So without AI and ML, we are not prepared at all to face the threats that innovations that 5G are bringing in.
Innovation is outstripping cybersecurity. It’s just the reality. This has happened in the past with innovation outstripping the security side. Tactically, what I’d probably do is focus on response detection and response in the short term, knowing that the adversaries are probably going to be ahead of me out of the gate. So, my blue team is going to be right on their tail getting up to speed while you make sure you can identify telemetry, do some kind of detection, and you’ve got a good response by compartmentalization. There are a whole bunch of ways that we can do it. In that time, ML catches back up. And then we’ll be in the race that we are today.