As part of its ongoing efforts to empower organisations with intelligent cyber security, Microsoft today hosted the third edition of its popular CISO Executive Series, where industry experts and Chief Information Security Officers gathered to share and discuss current trends in cybersecurity
This edition, held at the Burj Al Arab hotel in Dubai, was titled “Insights for the Progressive CISO”, and allowed the region’s security professionals to engage in candid exchanges with some of the world’s most renowned experts, in a day of insights, networking and learning.
Microsoft released the 23rd edition of its Security Intelligence Report, a bi-annual publication that the company creates for customers, partners, and the industry to educate organizations about the current state of threats, recommended best practices, and solutions. The analysis on threat intelligence gathered from a global customer base across 100+ countries and millions of computers revealed three important trends in 2017. Firstly, the impact of Botnets, and how they continue to impact millions of computers globally, infecting them with old and new forms of malware. The second most notable trend was low-cost attack methods being used by Hackers for potentially higher returns. Third and still trending were Ransomware, which is still does not seem to be slowing down.
A live survey of UAE-based PCs, conducted by Microsoft in the first quarter of 2017, revealed that 10.2% of computers experienced malware of some kind, compared with a worldwide average of about 7.8%. Another research conducted by among chief information security officers in the gulf region in 2017, which revealed that 60% of regional organisations still use usernames and passwords to authenticate users to corporate networks. Only 30% use two-factor authentication (2FA) – the combination of username-password with SMS or some other form of mobile notification. About 5% said they used facial recognition.
Erdal Ozkaya, Cybersecurity Architect at Microsoft, spoke on the pressing need for “Intelligent Security”, as GCC CISOs continue to battle against increasingly sophisticated threats.
“An alarming number of regional organisations are still using outdated strategies and authentication models, even as international headlines continue to illustrate the intensity of the ongoing battles against bad actors,” said Ozkaya. “The good news is that the intelligent cloud is armed with weapons that can match the sophistication of the attacks. Microsoft will continue to strengthen those capabilities on behalf of our customers, as we progress with forums like The CISO Executive Series, where security professionals can hear from seasoned White Hat experts and likeminded CISOs.”
Along with Microsoft’s security experts, other industry leaders also addressed attendees at the event. Megha Kumar, Research Director at IDC, presented “The Evolving Security Landscape”, and Sheikh Shadab, Associate Director, Head of Cyber Security, KPMG, gave a talk on “Boardroom Engagement and Oversight in Cyber Security”.
“There are malicious parties out there that seemingly never sleeps; so CISOs need to take a 24-7, 360-degree view of cyber security,” said Megha. “The challenge has always been to find a workable middle ground between the rigidity of IT policy and the flexibility needed to be an agile, digital business.”
“Cyber strategies need to be holistic,” said Mohammed Arif, Regional Director, Modern Workplace and Security, Microsoft Gulf. “You need to consider that you will be breached. And then you need to consider what happens next. What do you do? Who do you call? How do you get back on your feet? Never forget that business continuity is as important as the protection of intellectual property.”
“From the boardroom on down, every employee needs to be vigilant and trained in best practices,” said Sheikh Shadab. “Appropriate technology tools must be complemented by policies that are sensibly and consistently enforced. Only then can organisations hope to adequately protect customers.”
The Microsoft Gulf CISO survey also revealed that 24% of CISOs said their users had clicked on links within emails and discovered they led to websites of unknown origin. Only 21% reported having a data-classification solution in place, with almost half (47%) saying they were still in the process of acquisition and 32% saying they had yet to make progress.
Microsoft invests around US$ 1 billion annually in cyber security, so that customers can be confident that the Microsoft cloud is a safe home. The Azure cloud platform is built from the ground up with industry-leading, AI-driven protection built into every layer. Data is encrypted at rest and in transit, and 24-hour event-remediation services are provided by a dedicated team of experts.