TECH TALK
working on a specific set of attacks on a
specific set of servers.
The combination of physical and cyber
security framework for data centres
must be designed, implemented and
tested on regular basis. However, data
centres in the GCC are much better
physically protected than counterparts
around the globe. GCC physical security
framework enjoys higher standards,
dictated by regulation, which has
secured these facilities. However, there
is still a lag on the cyber aspect.
With increasing network
speeds and data traffic
across networks, are
enterprises adequately
investing in pre-emptive
security precautions and
monitoring tools? Is a
lag with regulation in the
region enabling a lag with
compliance?
This is great questions. At IT SEC we
see hardly any pre-emptive security
measures across the region; only a few
organisations have recently taken the
necessary steps to create a plan and
start looking at pre-emptive measures
to combat cyber-attacks. 95% of the
security measures are reactive and
after the breach has taken place. This is
primarily due to lack of the awareness
and inadequate budgets in place for
cyber security training and testing.
For example, most large enterprises
have selected someone in the building
as their fire marshal to conduct drills
and in a case of fire or disaster will
have the ultimate management power
to coordinate, rescue and minimise
damage. Why not conduct a survey
to see how many “Cyber security
Marshalls” have been designated to
deal with cyber disasters!
Are governments in the
region adequately investing
in SCADA security and
how is ITSEC advising
governments and private
enterprises on network and
subsequent data centre
security from hackers or
spyware/malware?
34
INTELLIGENTCIO
AMIR A. KOLAHZADEH
Managing Director, IT SEC
Simply put, we are at war. According
to the Norse Live Cyber Attack Map,
the UAE is the second highest attacked
country on all protocols, with only the
US tracking more. The concentration
of wealth, success and the geo-political
location of the UAE has placed it in top
priority for all range of cyber criminals
from fraudsters, ransomware coders to
politically motivated groups, to attack
and disturb the critical infrastructure
operations in the Middle East.
We have seen a raise in Industrial
Control System “ICS” security inquiries
in the past year or so however, the slow
decision making process and biased
procurement processes has only created
red tapes that is only advantageous to
the cyber criminals. Most SCADA and
ICS system are not protected nor they
have been even tested for potential
threats that might exists.
The framework is not in place and most
critical infrastructure such electrical,
water, gas, telecom, transport and
aviation are prone to attacks and
exploits. Governments and Enterprises
have to be more vigilant and define
strategies to protect these assets. They
should stop allowing procurement
departments to make such important
decision that can affect millions of
people in the regions. This is a cyber
war and every minute that is wasted
not securing your system has given
hackers 1,000 more windows to be
more creative to take over your SCADA,
ICS and data centre to either control,
destroy or held it hostage for ransom?
Are enterprises/gov.
departments adequately
investing in data centre
security training for staff
in 2016 and beyond in
order to fulfil compliance &
regulatory requirements?
Both enterprise and government
departments are exploring the
possibilities of data centre Security
Training and Testing. However, the
speed that these initiatives are moving
forward are disappointing. Hackers
are working 24x7 without red tape
and bureaucracy to advance their
agenda and we are not. I believe
standardisation and regulations that is
under development by UAE government
such National Emergency Crisis and
Disasters Management Authority
“NECEMA” and National Electronic
Security “NESA” are exactly what is
required to protect data and secure
the networks. The UAE is definitely the
leader in the region on this and we
hope to work with all parties involved to
raise awareness and be able to protect
the national cyber boarders from
intruders and anyone wanting to harm
the country or the region.
www.intelligentcio.com