BizBahrain May-June 2017
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Interview | CTM360<br />
security. So that was the big difference<br />
that we are out here in this part of<br />
the world having a 24 x 7 x 365 cyber<br />
security unit with our own technology<br />
reaching out to the world and managing<br />
threats and attacks which could be<br />
residing anywhere in the globe. There are<br />
no other companies like that in this part<br />
of the world.<br />
Why in your opinion are people not ready<br />
to increase their investment in IT security<br />
despite the rising frequency in cyberattacks?<br />
No, that is not so. There is lot of<br />
money moving in to cyber security.<br />
Organisations are investing. The tendency<br />
normally, across the world, and especially<br />
in this part of the world, is to be reactive.<br />
So when the pains happen, people go out<br />
spending money on it, and right now there<br />
is a lot of pain happening and therefore,<br />
investment. In many large organisations<br />
this is even an agenda that is being<br />
discussed at the board level. There may be<br />
areas where their organisations may try<br />
to budget and reduce spend, but cyber and<br />
information security are areas where they<br />
don't really compromise, not anymore.<br />
Cyber security needs to<br />
be considered like the<br />
Intelligence Agency,<br />
Information security is<br />
your Ministry of Defence,<br />
and IT security is the<br />
Ministry of Interior.<br />
What are the most common sources of<br />
cyber-security threats?<br />
Now it has to be understood that any<br />
cyber threat or a cyber attack is made up<br />
of a number of pieces. So when you say…<br />
‘What is the source?’… but yet cant really<br />
pinpoint such a source because it could be<br />
coming from anywhere in the world. What<br />
you can look for is the real motivation<br />
behind the attacks because the source<br />
could be from anywhere and everywhere.<br />
The attacks could be residing anywhere.<br />
In finding the motive behind the<br />
attack, you see what is more visible. In<br />
fact what you really see, is when there is<br />
the money trail - the financial criminals.<br />
What you don't see is the espionage, when<br />
they are there just to listen in and look.<br />
They don't change anything; they don’t<br />
leave any clues so you don't feel their<br />
presence.<br />
What risk does a company run by not<br />
having a dedicated IT governance, risk<br />
and compliance function?<br />
It's a huge risk if you don't do that,<br />
especially for large organisations. You<br />
don't have a ready framework and you will<br />
always be reactive and because of that<br />
you may have issues with the solutions,<br />
and you will end up spending too much in<br />
areas where you didn't even need to do so.<br />
So with the framework what happens is,<br />
to begin with, you understand your own<br />
risk and you are able to rate it and you<br />
are able to know where you really need to<br />
spend the money. You don't do an over kill<br />
in any area. Without the framework it's all<br />
knee jerk reactions, it is chaos.<br />
CTM360 promises ‘Dependable Security<br />
as a Service’ via a secure cloud-based<br />
platform. Can you explain how this<br />
works?<br />
For that the first thing is that you got<br />
to be clear about what we say is cyber<br />
security, because when we provide cyber<br />
security, we are outside the perimeter. We<br />
do not enter the organisation. What we<br />
are saying is that we are not information<br />
security, we are not IT security, or the<br />
police or military. We are the Intelligence<br />
Agency that works outside the borders,<br />
outside the perimeter. When you are<br />
outside the perimeter do you need<br />
somebody who you can reach at any<br />
time who will be there, who has the<br />
ability and the tools to do analysis for<br />
any kind of attack components, which<br />
are residing on the Internet and also is<br />
able to take action on it? And only so,<br />
they should be really capable of even<br />
analysing and taking action on attacks<br />
which nobody even knows as of today.<br />
As and when something comes we ought<br />
to have our research team capable of<br />
identifying those kind of new attacks<br />
and mitigating those attacks. We have<br />
developed the whole team in that sense<br />
that we have all the tiers and that's why<br />
we say it's dependable. Like I said before,<br />
we provide ‘Dependable Security as a<br />
Service’ via a collaborative cloud-based<br />
platform, which enables members to<br />
tackle evolving cyber threats on a realtime<br />
basis.<br />
Tell us about the strategic alliances that<br />
make CTM 360 a complete service.<br />
We have a number of strategic<br />
alliances. Actually we have two different<br />
companies: CTM360 here in Bahrain<br />
and IT Matrix in KSA, which does a lot<br />
of other things, such as working inside<br />
the firewall. We deploy a lot of different<br />
technologies but at CTM360 we only<br />
work in cyber security and offer it as a<br />
subscription service. Our alliances are<br />
with organisations, which are hosts or<br />
cyber threat intelligence providers on<br />
the Internet. There are communities,<br />
which provide a collaborative platform<br />
for different type of attacks. We have<br />
alliances across the world in that<br />
sense and have established working<br />
relationships with them which enable<br />
us to tackle targeted attacks out of the<br />
hosted services onto the targets and any<br />
players elsewhere in the world. Over<br />
time, we have formed thousands of such<br />
alliances and partnerships because we<br />
need to know every host anywhere and<br />
wherever we see something residing on<br />
their services.<br />
We are the Intelligence<br />
Agency that works<br />
outside the borders,<br />
outside the perimeter.<br />
How can a company predict a cyberattack<br />
and take action before it happens?<br />
Is there any way to know before it<br />
happens?<br />
Cyber-attacks have a number of<br />
pieces. It starts with reconnaissance,<br />
and then weaponization and delivery<br />
and so on till they actually get into your<br />
organisation, which may take a year or<br />
one and half years. When people start<br />
doing this, there is a complete ecosystem<br />
there. Somebody may be collecting a<br />
lot of information across organisations<br />
and selling it to entities with unethical<br />
intentions to resell, with this cycle being<br />
repeated consistently. When something<br />
like that is happening, if we are able<br />
to identify it and make it difficult for<br />
people to go up this Kill chain, then we<br />
can neutralize an attack even without<br />
knowing what it really is for in the very<br />
early stage.<br />
For example, somebody registers<br />
a domain name that looks like an<br />
24 <strong>May</strong>-<strong>June</strong> <strong>2017</strong>