Interview with Our Exhibitor Saeedurity26 Jul 2018
An interview was conducted with our proud exhibitor Saeedurity, exhibiting at stand 2226, to understand more about cybersecurity and its various effects in the region.
- What are the changes that are occurring in the cyber-threat field in that space, and why?
Cyber security industry is one of the rapidly changing beast where new attacks and their mitigation plans are discovered almost every day. Bad guys and good guys are playing mouse and cat games and it seems that bad guys are winning still in this modern age where more advance and sophisticated Security Systems are being designed and implemented. If we look few months back they remind us powerful DDOS Attack like 1.3TB/Sec DDOS attack on Github and WannaCry ransomware attack which is considered one the most powerful ransomware attack in history. As now IT is evolving fast like IoT, Crypto currency, Self-driving cars, block chain and more initiatives has been invented. All these technologies are facing cyber threats from adversaries and even many successful cyber-attacks have been carried out on these technologies already which raise many questions and that is why attackers are one step ahead of system designers. Attackers are targeting internet of things and the Crypto currency wallets are hacked several times. Security researcher’s fears that self-driving cars will expand the threat field like internet of things and some other new technologies and this will result in more cyber-attacks.
- What should be done to tackle them, in your opinion?
New cyber-attacks are not easy to tackle as now they are more mature and sophisticated and if not stopped on time they can do huge damage to any IT infrastructure. But by taking the right steps on time it can eventually minimize the risk and limit the attack surface. Signature based IPS/IDS or firewalls are becoming useless against latest attacks and there is much need to innovate new solutions and implement. However using SIEM can reduce attack surface and prevent many moderns cyber-attacks, UTM is also very effective than firewalls and signature based IPS/IDS. Artificial intelligence based cyber-attacks detection/preventions is more effective than old techniques and real time cyber security monitoring can play important role to enhance the security in any organization. AI can detect cyber-attacks more actively than human because it’s possible that attacker start attacking the machines on / off hours when there is no one to monitor the IT infrastructure. AI will help out here by blocking the attack without human intervention but its only drawback is the attack detection limitation which is being improved day by day and researchers are making detection more accurate with machine learning and artificial intelligence.
- How are the new nature of threats and their impact on national economies and stability currently being demonstrated? For example: attacks on electricity grid, water management, but also transportation.
Cyber security is no more luxury but a necessity, cyber-attacks are now driven by group of bad guys instead of individuals with the motivation of financial gain and popularity. State sponsored attacks are no more myth now, there has been some cyber-attacks few months back which later on said to be state sponsored by the victim, like Sony entertainment movies were leaked online before their release and Sony stated that there was an attack on their infrastructure was carried out by North Korean sponsored attackers. There are also multiple attacks on electricity grids, water management and much more. Most of these attacks are carried out using newly discovered vulnerabilities because old exploitation of old vulnerabilities can be easily blocked by the IDS/IPS of state-full firewalls however newly discovered vulnerabilities can make it easy to bypass the IDS/IPS because no signature will match in the database while anomaly based maybe detect that attack. Newly discovered or zero day exploits have huge impacts on national economies and financial institutions, attackers can exploit automation systems, financial institutions, plants with automation, transportation systems etc. This can cause huge loss to organizations for example a cyber-attack carried out on Bangladesh bank resulted in millions of dollars being lost and another cyber-attack carried on atomic plant in Iran caused electricity blackout with billions of dollar loss.
- How can governments play a role in establishing standards, and allowing various stakeholders to go towards smart initiatives and inter-connectivity (such as Command & Control), to monitor indicators (like prevention) and enhance incident response in case of crisis?
Governments can collaborate with stakeholders to establish new standards and procedures which can improve the cyber security frameworks to better protect the assets from cyber-attacks. Both government and private sector should collaborate with each other and invest more in cyber security innovation which will result in more advance security tools. New standards and procedures should be designed by managing with all stakeholders like how to fight against new cyber-attacks and reduce the attack surface in government and private organizations. In addition national security should be tighten with new best practices and procedures. It’s possible for governments to monitor all the incoming and outgoing traffic and add more honeypots to their networks to catch new attacks and then respond to them before they start spreading. Governments should create their own incidents response teams to actively respond to any incoming cyber-attack while also helping the private organisations which cannot afford in-house incidents response teams. Security training can also play an important role and both private and government organisations should conduct security training for their employees. Government backed incident response team should act as national cyber security response team which should tackle all type of incidents occurring in the state and respond actively on time. People handling IT infrastructure should be aware of all the technical complications about the cyber-attacks, for example if a cyber-attack occur they need to know what to do first so they will not end up losing incident evidence. They should be aware whom to contact and what to do when incident triggered.