Help AG’s Stephan Berner on the importance of integrated cyber defence

The Middle East cybersecurity landscape is evolving rapidly, with increasing threats and a growing emphasis on defence strategies. In the realm of cybersecurity, Stephan Berner, CEO of Help AG (the cybersecurity arm of e& enterprise), speaks about the trends shaping the cybersecurity sector in UAE, the importance of integrated cyber defence and how Help AG is securing the region’s organisations with its Unify platform.

What are the key trends shaping the cybersecurity sector in the UAE?

Some of the key trends are:

Secure cloud enablement
As cloud adoption reaches an all-time high and organisations increasingly adopt a microservice architecture, one of the most significant risks they face is cloud insecurity. To ensure a secure cloud posture, organisations must take action to address these risks. This involves identifying and remediating security issues, managing and securing access to cloud resources, and complying with regulations and industry standards.

Security services edge (SSE)
One of the key considerations while adopting security services at the edge in the Middle East is the growing importance of data privacy and the need for local content inspection. Organisations look for SSE providers that provide true unification of security consoles, endpoint agents and converged policies; a single point of inspection for all security services; local data residency and compliance with regulations; and a large local partner ecosystem to deliver services ensuring the highest level of support and quick implementation.

Data and identity protection
Companies face the challenge of trying to streamline their data protection by safeguarding their sensitive data while enabling their employees to work productively and more importantly, maintain company success. On a regional level, the UAE, Qatar, Bahrain, Kuwait and Saudi Arabia have all introduced laws that govern the lawful use of data within their respective countries. Organisations look at powerful platforms to discover, protect, govern, identify risks and manage their data estate while adhering to regional regulations.

Moreover, identity has become the new security perimeter, and adversaries are reciprocating by targeting identities and gaps in governance. A very strong identity governance and administration (IGA) practice will become a core requirement of security operations, and we can expect to see more focus and more investment in this area in 2023.

Internet of things security
IHS forecasted that the IoT market will grow from an installed base of 15.4 billion devices in 2015 to 75.4 billion in 2025. The IoT is the future, and hence, organisations aim to achieve comprehensive visibility and perform asset discovery, creating solid baseline measures for security in IoT devices, including security from the start of IoT project planning, adopting a strong zero-trust strategy, and enabling SecOps to detect, prevent and mitigate security incidents.

Integrated cyber defence
As threats become increasingly numerous, persistent, and sophisticated, manual alert triage is no longer sufficient. Instead, contextualising all data points into a single action thread is vital to a comprehensive defence against threats.

What are the top threats that you see in the region?

Cybersecurity has become a critical concern for organisations of all sizes in the region. In 2022, the cyberthreat landscape was characterised by a growing number of advanced persistent threats, malware attacks and cybercrime.

Major risks that organisations faced were often related to human factors, misconfiguration of default credentials, and missing patches. Ransomware and phishing attacks are both becoming more sophisticated, with attackers using tactics like double extortion to increase pressure on organisations to pay the ransom, and social engineering tactics to trick victims into divulging sensitive information.

Distributed denial-of-service (DDoS) attacks are also becoming more sophisticated and diversified in their forms. The total number of DDoS attacks detected in 2022 exceeded 150,000. DDoS attacks targeting UAE businesses with a volume of over 40Gbps have become the norm, while the max attack volume observed was 238.6 Gbps. Over 61 per cent of DDoS attacks observed were multi-vector attacks, with the top attack types being UDP and DNS Amplification.

When looking at implementing a new cybersecurity programme/model, what are the areas organisations should focus on?

In the times we live in, the use of technology-driven innovation is crucial for organisational success. As companies adopt and implement transformative technologies such as cloud, blockchain, artificial intelligence and quantum encryption, they must safeguard their intellectual property, processes and sensitive data collected from suppliers, employees and customers.

To achieve this, companies need to build resilience against cyber risks that are constantly evolving with new technologies. This was evident in findings and insights shared at the 2023 World Economic Forum in Davos.

According to the Global Risks Perception Survey respondents, cyberattacks on critical infrastructure are among the top five risks for 2023. In the long run, cybercrime and cyber insecurity are considered a top priority for any leading government and enterprise organisation globally.

By developing a positive cybersecurity culture into day-to-day operations and fostering a vigilant attitude among employees to identify and report potential threats, organisations can establish a formidable line of defence against cyber adversaries.

Recognising and incentivising proactive incident reporting not only bolsters the overall security posture but also fosters a sense of collective responsibility in safeguarding the organisation’s digital assets.

However, it is not enough to simply focus on transforming cybersecurity practices. Organisations must also maintain the highest levels of performance and reliability, as they adopt new technologies and approaches. At the heart of this effort is the enablement of human capital. It is crucial that organisations empower employees with the knowledge and tools they need to stay ahead of the curve. This requires a continued investment in training and development, as well as a focus on cultivating a positive and proactive cybersecurity culture across all levels of the organisation.

Why is integrated cyber defence important in today’s digital landscape and how does it enhance overall security?

Today’s security teams face challenges related to complexity and consistency, especially as the implementation of point products creates silos in an organisation’s IT environment. Additionally, having a single pane of glass view into your threat environment is more important than ever as threats multiply and become increasingly sophisticated.

Against this backdrop, organisations in the Middle East have realised that investing in multiple security tools without any integration leads to an ineffective fragmented defence framework with continuously escalating operational costs. Hence, businesses have begun prioritising automation and consolidation of their cybersecurity estates, leveraging platform/mesh value propositions from leading cybersecurity vendors, as revealed in our State of the Market Report 2023.

This integrated approach to cyber defence is one of the technology trends that will dominate in coming years, as managed security service providers in the region strive to deliver cybersecurity services that unify various capabilities, enhancing customer experience and visibility, enabling security teams to protect assets, and ultimately eradicating threats as they arise.

What is Unify? What is the added value that it brings to your customers?

Unify is the integrated cyber defence platform unifying the customer experience across all our services. Serving as the single touchpoint for our managed security services customers, the modernised Unify platform provides automation at scale, omnichannel collaboration, and unified visibility into customers’ complete cybersecurity portfolio. Unify brings together people, processes and technologies in a next-generation platform delivering consistent, high-quality services and a seamless customer experience.

The power of Unify is embedded within our managed detection and response subscription, and customers enjoy market leading capabilities as a standard offering from Help AG. As a solution to fragmented and overly complex security infrastructures, the vendor-agnostic platform integrates third-party data and products, supports dedicated environment with the customer, multi-cloud and hybrid customer environments, and is delivered in-country, ensuring compliance with local data regulations.

Additionally, the platform embeds intelligent automation across all our services to improve incident accuracy, response time and actions with layered security orchestration, automation and response, automating routine tasks to give security teams (including but not limited to cyber analysts) time to focus on developing more intellectual human driven work.