Understanding context in cybersecurity is key to managing threat landscape, says Hassan El Karhani, General Manager, Forescout - Middle East, Turkey, and Africa
Companies in the META region, like those in other parts of the world, are at varying levels of cybersecurity maturity. Some companies are taking the right steps to secure their digital assets and infrastructure, while others may be lagging or overlooking critical security measures. Hassan El Karhani, recently appointed by Forescout Technologies Inc., as its General Manager for the Middle East, Turkey, and Africa region, shared an overview of what companies in the region are doing correctly and where they might be falling short:
What companies are doing correctly:
1. Adoption of security frameworks and standards: Many companies in the META region are adopting internationally recognized security frameworks and standards, such as ISO 27001, NIST Cybersecurity Framework, and CIS Critical Security Controls, to guide their cybersecurity efforts.
2. Employee training and awareness: Some companies are investing in regular employee training and cybersecurity awareness programs to help reduce the risk of human error and improve their overall security posture.
3. Regular security assessments and audits: Companies that prioritize cybersecurity conduct regular security assessments and audits to identify vulnerabilities and implement necessary remediation measures.
4. Incident response planning: Proactive companies in the region have established incident response plans, which outline the necessary steps to take in the event of a security breach to minimize damage and ensure a swift recovery.
5. Collaborating with security experts: Companies with a strong focus on cybersecurity often collaborate with external security experts, managed security service providers (MSSPs), or professional services firms to enhance their in-house capabilities and stay updated on the latest threats and best practices.
Where companies might be falling short:
1. Insufficient investment in cybersecurity: Some companies in the META region may not allocate sufficient resources towards cybersecurity, which can leave them vulnerable to attacks.
2. Lack of comprehensive risk management: Companies that do not have a comprehensive risk management process in place might not fully understand their risk exposure or prioritize their security efforts effectively.
3. Over-reliance on technology: While the security technology is essential, some companies might over-rely on it without addressing the human element of cybersecurity, such as employee training and developing a security-conscious culture.
4. Slow patch management: Some companies may not prioritize patch management or have slow processes in place for updating their systems, leaving them vulnerable to known vulnerabilities.
5. Limited information sharing: Companies in the region might not effectively share threat intelligence and best practices with their peers, which can hinder their ability to respond to emerging threats collectively.
Due to the nature of their business, the following industries are the most at risk – the highest level of exposure here in the region
1. Finance and Banking: due to the value of the information and financial assets they handle.
2. Government: Highly exposed targets for nation-backed threat actors and cybercriminals.
3. OT-Centric Industries / Critical Infrastructures:
a. Energy and Utilities: Disruption to the energy sector and utilities can have widespread consequences, making it a high-priority target
b. Healthcare: The sensitivity of personal and medical data stored by healthcare organizations, along with the potential for disruption to critical health services, make this industry highly vulnerable.
c. Telecommunications: The reliance on telecommunications infrastructure for modern societies puts it at significant risk.
4. And finally, in Retail and E-commerce, handling large volumes of customer data and financial transactions, their overall exposure is somewhat lower than in the previously mentioned industries.
What can companies and government entities can remain safe
1. Have complete visibility of all devices and networks: In today's complex and distributed IT environment, it's essential to have complete visibility of all devices and networks, including IoT / IoMT and OT devices. Discovery - accurately classifying devices, assessing devices for compliance, identifying their Operational Criticality, understanding their Vulnerabilities and their behavior on the Network to know their weight their Risk and Prioritize based on it.
2. Implement a Zero Trust security model: A Zero Trust security model assumes that all devices and users are potentially hostile, and requires continuous authentication and authorization to access network resources. This can help to prevent unauthorized access and lateral movement by attackers.
3. Use continuous monitoring and response: Continuous monitoring and response is a critical component of a proactive security strategy. This involves using real-time threat intelligence and automated response capabilities to detect and respond to potential security incidents in real time.
4. Conduct regular security assessments: Regular security assessments can help you identify potential vulnerabilities and risks, and ensure that your security controls are effective and up-to-date.
5. Use best practices for endpoint security: Endpoint security is a critical component of any security strategy, and it's important to use best practices such as keeping systems up-to-date, using strong passwords, and limiting access to sensitive data.
a. Invest in employee training and awareness: Educating employees on cybersecurity risks and best practices is critical in preventing social engineering attacks, insider threats, and other common security risks.
b. Leverage the latest technologies and threat intelligence: Keeping up-to-date with the latest technologies and threat intelligence is essential in staying ahead of potential threats and attacks. This includes leveraging emerging technologies such as machine learning and automation while looking for a way to Assure / Ensure that all your tools are effective and Operational (how to prove it? Efficient), and staying up-to-date with the latest threat intelligence sources and best practices.