BizBahrain May-June 2017

More documents

Recommendations

Info

Interview | CTM360 security. So that was the big difference that we are out here in this part of the world having a 24 x 7 x 365 cyber security unit with our own technology reaching out to the world and managing threats and attacks which could be residing anywhere in the globe. There are no other companies like that in this part of the world. Why in your opinion are people not ready to increase their investment in IT security despite the rising frequency in cyberattacks? No, that is not so. There is lot of money moving in to cyber security. Organisations are investing. The tendency normally, across the world, and especially in this part of the world, is to be reactive. So when the pains happen, people go out spending money on it, and right now there is a lot of pain happening and therefore, investment. In many large organisations this is even an agenda that is being discussed at the board level. There may be areas where their organisations may try to budget and reduce spend, but cyber and information security are areas where they don't really compromise, not anymore. Cyber security needs to be considered like the Intelligence Agency, Information security is your Ministry of Defence, and IT security is the Ministry of Interior. What are the most common sources of cyber-security threats? Now it has to be understood that any cyber threat or a cyber attack is made up of a number of pieces. So when you say… ‘What is the source?’… but yet cant really pinpoint such a source because it could be coming from anywhere in the world. What you can look for is the real motivation behind the attacks because the source could be from anywhere and everywhere. The attacks could be residing anywhere. In finding the motive behind the attack, you see what is more visible. In fact what you really see, is when there is the money trail - the financial criminals. What you don't see is the espionage, when they are there just to listen in and look. They don't change anything; they don’t leave any clues so you don't feel their presence. What risk does a company run by not having a dedicated IT governance, risk and compliance function? It's a huge risk if you don't do that, especially for large organisations. You don't have a ready framework and you will always be reactive and because of that you may have issues with the solutions, and you will end up spending too much in areas where you didn't even need to do so. So with the framework what happens is, to begin with, you understand your own risk and you are able to rate it and you are able to know where you really need to spend the money. You don't do an over kill in any area. Without the framework it's all knee jerk reactions, it is chaos. CTM360 promises ‘Dependable Security as a Service’ via a secure cloud-based platform. Can you explain how this works? For that the first thing is that you got to be clear about what we say is cyber security, because when we provide cyber security, we are outside the perimeter. We do not enter the organisation. What we are saying is that we are not information security, we are not IT security, or the police or military. We are the Intelligence Agency that works outside the borders, outside the perimeter. When you are outside the perimeter do you need somebody who you can reach at any time who will be there, who has the ability and the tools to do analysis for any kind of attack components, which are residing on the Internet and also is able to take action on it? And only so, they should be really capable of even analysing and taking action on attacks which nobody even knows as of today. As and when something comes we ought to have our research team capable of identifying those kind of new attacks and mitigating those attacks. We have developed the whole team in that sense that we have all the tiers and that's why we say it's dependable. Like I said before, we provide ‘Dependable Security as a Service’ via a collaborative cloud-based platform, which enables members to tackle evolving cyber threats on a realtime basis. Tell us about the strategic alliances that make CTM 360 a complete service. We have a number of strategic alliances. Actually we have two different companies: CTM360 here in Bahrain and IT Matrix in KSA, which does a lot of other things, such as working inside the firewall. We deploy a lot of different technologies but at CTM360 we only work in cyber security and offer it as a subscription service. Our alliances are with organisations, which are hosts or cyber threat intelligence providers on the Internet. There are communities, which provide a collaborative platform for different type of attacks. We have alliances across the world in that sense and have established working relationships with them which enable us to tackle targeted attacks out of the hosted services onto the targets and any players elsewhere in the world. Over time, we have formed thousands of such alliances and partnerships because we need to know every host anywhere and wherever we see something residing on their services. We are the Intelligence Agency that works outside the borders, outside the perimeter. How can a company predict a cyberattack and take action before it happens? Is there any way to know before it happens? Cyber-attacks have a number of pieces. It starts with reconnaissance, and then weaponization and delivery and so on till they actually get into your organisation, which may take a year or one and half years. When people start doing this, there is a complete ecosystem there. Somebody may be collecting a lot of information across organisations and selling it to entities with unethical intentions to resell, with this cycle being repeated consistently. When something like that is happening, if we are able to identify it and make it difficult for people to go up this Kill chain, then we can neutralize an attack even without knowing what it really is for in the very early stage. For example, somebody registers a domain name that looks like an 24 May-June 2017
Interview | CTM360 organisation. Now he has just registered a domain name, we don't know what he would actually use it for. It may only be visible after a couple of months when he has already constructed all the pieces of his attack. What we do is to find out if we can take action on that domain, at that point in time, without knowing anything. And so many times we are successful in doing so. That is called taking out the domain. So we are able to reach out to the registrar and tell them that the registrant, the one who registered, is a bogus or fraudulent person. If we have been able to retrieve some evidence on that, then the registrar will actually take action on it. That's one way that you are able to prevent something before it even went anywhere. But this is just one part. There are many cases where we are able to accurately predict an attack. We see an attack happening anywhere in the world or right here with one organisation, and we understand patterns, then we know where and what next will happen and which organisations will be targeted. So pre-emptively we can guide them, which we do regularly. Within CTM360 there is something called situational awareness in which we issue alerts, advisories, research reports to alert the customer prior to any attack happening so they can take certain mitigation actions, and are able to restrict the attack from achieving any kind of compromise. We have envisioned Bahrain as a cyber security hub. So what should an ordinary individual watch out for? There's a lot, and it's a very challenging area. At the end of the day, it really is that individual who is on the front line. You can put in as much technology and you can lock down something with a million-dollar lock but if the individual somehow gives away the key himself to the attackers, what good is that lock. So for the individuals on the front line, the first rule to remember is: 'There are no free lunches'. Anything that sounds too good to be true IS too good to be true. People somehow don't understand that. That's the start of them falling victim to something which may grow. Cyber security needs to be considered like the Intelligence Agency, Information security is your Ministry of Defence, and IT security is the Ministry of Interior. All the three have different missions. Ministry of Interior's mission is give a more secure experience to the individual but the mission of Defence is to secure the assets of the country. The mission of cyber security is to identify and do covert operations. Till that is understood and implemented, I don't believe we can really manage this growing menace of cyberattacks. What trends lie ahead for cyber security and for CTM360 in 2017? Globally everybody is still struggling. We can easily say that the struggle will keep on in this manner because if you look at past, the gap between the attacks and whatever we have been able to manage is growing, which simply means the losses are growing. They are now predicting that by 2019, yearly losses of US$ 2 trillion are expected. Now that means something is extremely wrong in the way companies like us are guiding or implementing security. We need to change something. We need to say, You know what? Something is wrong. We need to change the way we are doing things today. And that's what we are bringing in as CTM360. What has been your experience doing business in Bahrain, and how is it different from other places? Bahrain for me is the hub for doing any business in the Arab world. Look at any reports; Bahrain is THE place. It is business friendly, and the ease of doing business out of Bahrain makes it perfect for expats to be living here. Plus, they are very welcoming here. The people, hands down are the best people here according to me. I came here and this is my country now, that's it. I don't want to go anywhere. The government and especially the EDB have been talking a great deal about promoting Bahrain as an IT hub. Your comments. We have envisioned Bahrain as a cyber security hub. So I am saying now, why don't we make Bahrain the real cyber security hub for the Arab world? We have started working with the local university right now and they will launch a bachelor's degree program that will try to encourage others. We put together a cyber-security group here encouraging all the security managers to come together and start working on it. We need to do a lot more and Inshallah we are hoping we can get Bahrain to become in the cyber security hub of the Arab world. May-June 2017 25
Page 1 and 2: May-June 2017 1
Page 5 and 6: CONTENTS May-June 2017 40 | OBG | B
Page 13 and 14: Dr. Jassim Haji Director Informatio
Page 15 and 16: Interview | Dr. Jassim Haji explain
Page 17 and 18: Interview | Dr. Jassim Haji new log
Page 19 and 20: Atanu Sanyal Managing Director, G4S
Page 21 and 22: Don’t miss the nights of Ramadan
Page 23: CYBER SECURITY OPERATING BEYOND THE
Page 27 and 28: Interview | Alliance Business Cente
Page 31 and 32: Interview | DHL Express How has DHL
Page 33 and 34: Memories are the one gift you give
Page 35 and 36: The pace of innovation in the finan
Page 39 and 40: Interview | Tasneem Yousif replacin
Page 43 and 44: OBG | Business Report These project
Page 45 and 46: CBRE | Real Estate Analysis Strong
Page 47 and 48: The words in a commercial lease con
Page 49 and 50: ASAR | Corporate Law Analysis benef
Page 55 and 56: Expert Viewpoint | Investor Behavio
Page 57 and 58: RAMADAN NIGHTS AT THE GULF HOTEL BA
Page 59 and 60: A MEMORABLE RAMADAN AT SOFITEL BAHR
Page 61 and 62: THE NEW AUDI A5 COUPÉ Sportiness a
Page 63 and 64: Government Hotel Revenues increase
Page 67 and 68: Banking & Finance TAKAUD partners w
Page 71 and 72: Telecom Brand Zain valued at US$2.3
Page 75 and 76:
Real Estate The new Address Residen
Page 77 and 78:
May-June 2017 77
Page 79 and 80:
Technology IFLIX launches in the Mi
Page 81 and 82:
May-June 2017 81
Page 83 and 84:
Automotive New INFINITI Q60 Sports
Page 85 and 86:
www.stratfordholding.com M: +973 39
Page 87 and 88:
Other Business APM Terminals Bahrai
Page 89 and 90:
DOWNLOAD THE APP A leader in what i
Page 91 and 92:
Telecom Sector Revenues (in BD Mill
Page 93 and 94:
May-June 2017 93
Page 95 and 96:
A GRACIOUS RAMADAN RETREAT Ramadan
show all

BizBahrain May-June 2017

Create successful ePaper yourself

Delete template?

Save as template?