Take fight to cyber attackers, experts urge

When it comes to cybersecurity, companies across the Middle East and North Africa Region (Mena) need to seriously consider going beyond basic protection, experts have said.
"Too often threat intelligence in an organisation is operational. It's a case of people searching for a solution to fix a problem they have now. Companies should be sticking your heads about the castle walls and looking at what the potential threats are, who they might be coming and where they are emanating from," said Chris Pace, technology advocate for Recorded Future.
Cyberattacks are increasing in numbers and severity almost daily around the Mena region. According to a PriceWaterhouse Coopers (PwC) report, 56 per cent of companies surveyed in the region said they suffered losses of more than $500,000 annually from cyberattacks, compared with the global average of 33 per cent. With the Information Technology (IT) spending in the region set to reach $155 billion by the end of this year, according to Gartner, and the Middle East's cybersecurity market set to top $22 billion by 2022, private sector corporations are clearly recognising the need for action.
Experts at Recorded Future noted that 'threat-hunting' is catching on in the region, because it is a relatively new concept and because companies are increasingly acknowledging the need to take the fight to cybercriminals and hackers.
"Activating threat intelligence gives you the ability to make strategic decisions on how best to respond to those threats. Threat hunting, is where strategic threat intelligence has great power, allowing you to review the intelligence and making a strategic decision on where they might need security to plug potential gaps before they become big gaps," Pace said. "In this region, companies are starting to be proactive. They have an open-view about what is good for their security. They can see the benefit of threat intelligence."
Pace's views were echoed by Carbon Black, a developer of endpoint security software.
"Too many companies have been focused on detection and prevention as their cybersecurity strategy and relying on antivirus systems, thinking they are protected. Now they are realising that they haven't been protected at all, spending far too much time, money and resources in the process," said Rick McElroy, security strategist, Carbon Black. "By implementing proactive threat hunting, companies, even with limited resources can better understand threats and make better decisions based on the data the hunt produces and disrupt an attack on time. Threat hunting makes for better detection and prevention, you can tune your defences to be faster and automate systems."
- rohma@khaleejtimes.com