Dealing with security threats in the digital age
Industry experts warn that the Middle East has become a hotbed for cybercrime, a statement which is backed by reports and the fact that the region has witnessed several Distributed Denial of Service attacks, zero-day attacks, Trojans, and other advanced threats in recent times.
The volume of threats and attacks that have compromised data belonging to individuals and organisations has increased sharply year-on-year.
The Middle East is home to approximately 230 million people of which 48.3 per cent are Internet users . That equates to nearly 112 million Internet users, and with a growing focus on connectivity, technology and smart cities by regional governments and organisations, those numbers are poised to rise dramatically. Cisco's Annual Security Report for 2014 shows that mobile penetration in the Middle East and Africa will grow from the current 133 million devices to 598 million by 2018 . While the digital age has truly taken hold across the region, there is also cause for concern.
The volume of threats and attacks that have compromised data belonging to individuals and organisations has increased sharply year-on-year. According to Cisco's report, total global threats have reached a new all-time high, with a tracked increase of 14 per cent since 2012. Moreover, a sample of 30 of the world's largest Fortune 500 company networks generated visitor traffic to Web sites that host malware - a sharp rise was noted in malware attacks aimed at the Middle East's oil and gas sector. Industry experts warn that the Middle East has become a hotbed for cybercrime, a statement which is backed by reports and the fact that the region has witnessed several Distributed Denial of Service (DDoS) attacks, zero-day attacks, Trojans, and other advanced threats in recent times.
It is crucial that the security service provider has a solid network, as any chinks in the armor could have serious consequences. Hackers and cyber criminals are becoming more and more sophisticated and widening the scope of their attacks to new markets with increasing levels of sophistication.
Today's attacks are well organised and are customised for specific organisations, hence the need for custom defense strategies and a layered approach to security. Organisations have to be mindful that groups such as State Actors (foreign intelligence agencies, state-affiliated actors, freelancers / espionage-as-a-service), hacktivists and cyber criminals are highly active in the Middle East and Africa regions.
Very recently, few countries in the ME region faced multi source DDoS attacks, in addition to all the other traditional and advanced attacks. According to Cisco's Annual Security Report for 2014, 'adversaries are committed to continually refining or developing new techniques that can evade detection and hide malicious activity.' Meanwhile, the defenders, namely, security teams, must constantly improve their approach to protecting the organisation and users from these increasingly sophisticated campaigns.
At Tata Communications, we tackle these threats using proven techniques and methodologies. Recently an organisation in the region was facing small but frequent Distributed Denial of Service (DDoS) attacks, which impacted the integrity of their gateways. Although the organisation had an existing mitigation system in place, it was unable to mitigate the increasing size of the attacks. To protect its customers, the organisation required a network service provider with a larger capacity, so it could successfully mitigate these attacks.
In line with this, we carried out a detailed proof of concept (POC) and successfully mitigated attacks that ranged from 1 to 70 Gbps. Furthermore, we provided 100 Gbps of detection and mitigation capacity for both on-net, as well as links from other service providers, while offering 24x7 monitoring and mitigation of attacks against the organisation. The system also offered traffic re-routing through scrubbing farms, which allowed for the application of counter measures during attacks, which could then provide clean traffic delivered via GRE tunnel to the destination IP provided by the organisation.
Internet service providers' infrastructure is critical to any country today and these providers are adopting security measures to protect their own infrastructure and their customers from external attacks. Forrester Global Security survey 2014 states that decision makers who work with Data Centres, Network and application security are planning to adopt Security-As-A-Service offerings or approach.
At an organisational level, the new norm for security for any organisation is a Zero Trust Security model. Cyber security has evolved beyond just being the deployment of technologies - it is actually a combination of people, process and technology. Security tools and technologies are only one part of the equation, and more attention needs to be paid to the human aspect and getting the right security talent in the first place.
As these objectives can be challenging, global organisations are increasingly outsourcing their security practice to service providers based on defined SLAs, with special focus given to core IT and business applications. Organisations in the Middle East and Africa are following the same trend; in fact, reports state that the cyber security sector in the region will be worth approximately US $25 billion over the next 10 years.
By virtue of connecting enterprises, Tata Communications is at a unique advantageous point to be able to foretell, detect and stall militant activities on our networks, and protect our customers' valuable data. Tata Communications operates the world's largest fully owned submarine fibre network, which encompasses over 500,000 kilometers of subsea fibre, over 210,000 kilometers of terrestrial fibre, 400+ PoPs, as well as 44 data centres across the globe. Tata Communications has the know-how and the infrastructure in place to protect, and safely and securely, extend an organisation's reach without boundaries.
The writer is senior vice-president (Middle East, Central Asia and Africa) at Tata Communications. Views expressed by him are his own and do not reflect the newspaper's policy.
A man types on a laptop computer in an arranged photograph taken in Tiskilwa, Illinois, U.S., on Thursday, Jan. 8, 2015. U.S. officials are discussing whether new standards should be set for government action in response to hacks like the one suffered by Sony Pictures Entertainment, such as if a certain level of monetary damage is caused or if values such as free speech are trampled, National Security Agency Director Michael Rogers said in an interview with Bloomberg News. Photographer: Daniel Acker/Bloomberg