Help AG CTO Nicolai Solling shares the impact of cyber threats in the GCC

Help AG recently published its State of the Market report. What were the key findings derived from the company’s research and experience working with more than 500 of the region’s largest enterprises and government organisations in the area of cyber threats and vulnerabilities?

For the fourth consecutive year, the State of the Market Report delivered insights into cybersecurity threats, trends, and emerging technologies and practices over the past year, providing a detailed analysis of threat tactics, high-profile breaches, and best practice recommendations from the perspective of Help AG, strategic partners and leading organisations in the UAE and Saud Arabia.

The findings highlighted a notable increase in cyber threats across various attack vectors. Ransomware attacks saw a substantial rise as attackers focused on critical areas such as supply chains and VPN devices.

These devices, due to their unique placement and connectivity within infrastructures, provided attackers with elevated access, making them prime targets.

Additionally, there was a significant shift in attacker strategies, with a clear focus on exploiting the supply chain of digital transformation. This included targeting software vendors, service partners, and hardware vendors, thereby increasing systemic risks for organisations. The evolving landscape of cyber threats also underscored the importance of addressing digital risk protection comprehensively.

The rise of AI introduced both opportunities and challenges in cybersecurity. While generative AI-powered many initiatives, it also presented risks such as biases in AI models and potential data leaks.

Ensuring the security of AI models and employing effective prompt engineering were identified as crucial steps to mitigate these risks.

Elaborate on the dominant threat categories identified by Help AG in 2023, such as credential theft, brand abuse, data leakage and phishing, and the sectors most impacted by cyber threats in the GCC.

In today’s interconnected and ever-evolving ecosystem, organisations across various sectors face increased threats from attackers.

These threats are focused on compromising availability, damaging reputation, and eroding customer trust, leading to significant financial losses, operational disruptions, and long-term reputational damage.

In 2023, Help AG identified nearly 30,000 critical digital risk alerts, revealing the prevalence of certain digital risk categories. Credential theft accounted for 49 per cent of the alerts, followed by brand abuse at 39 per cent.

Data leakage and phishing incidents represented 10 per cent and 1.5 per cent of the cases respectively. Additionally, there has been a noticeable increase in advanced ransomware attacks, double extortion schemes, sophisticated phishing campaigns, and application layer attacks, underscoring the constantly evolving nature of the threat landscape.

With a significant increase in distributed denial-of-service (DDoS) attacks recorded by Help AG in 2023, what are the primary sectors targeted by such attacks, and what measures are being taken to mitigate these threats?

In the bustling metropolises and thriving business hubs of the Middle East, the spectre of DDoS attacks looms large.

In 2023 alone, our team managed over 200,000 DDoS attacks, including the largest such attack ever recorded globally, which targeted the UAE.

Help AG noted a staggering 42 per cent increase in DDoS attacks in the UAE, totalling 213,434 incidents. The longest of these assaults persisted for over five days, while the most massive attack reached an unprecedented bandwidth of 461.5 gigabits per second (Gbps).

These attacks are poised to become even more sophisticated as perpetrators leverage advanced technologies such as AI to amplify their impact and automate their strategies.

How have cyber defence investments evolved in the GCC region in response to the growing complexity of the digital threat landscape, as observed by Help AG in 2023?

Organisations in the region have demonstrated remarkable resilience amid global turbulence. By swiftly adapting business models, accelerating investments in cyber defence, and maintaining a dynamic approach to digital transformation, they have navigated challenges with agility and foresight.

Cyber defence spending has been a noticeable acceleration, accompanied by a strong shift towards cybersecurity as a service. This emphasises clear deliverables, SLAs, KPIs, and transparent costs.

Investment in managed cyber defence has surged due to the complex digital threat landscape.

Services such as network detection and response, endpoint detection and response, threat intelligence, digital risk protection, and incident response have experienced significant growth. Organisations prioritise comprehensive threat management and security, indicating a proactive approach to cybersecurity.

Cloud services have emerged as the preferred choice, with a clear shift towards “everything as a service” (EaaS). This trend, including digital transformation initiatives and endpoint security, highlights the dominance of cloud technologies in cybersecurity.

Investments in cybersecurity advisory services have also grown by over 100 per cent, driven by the increasing regulatory compliance requirements and the need for expert guidance.

In light of this shift, we remain committed to investing in people, processes, and technology to ensure robust client support and cyber resilience. As part of this strategy, we have launched the largest cyber defence centre in the UAE and expanded our centre in Riyadh.

Tell us about the company’s strategic approach of blending human intelligence with intelligent automation to enhance digital defences.

As AI permeates virtually every industry, it revolutionises processes and drives unprecedented innovations. The critical synergy between AI-driven intelligence and strategic human expertise is becoming essential in today’s rapidly evolving digital environment.

Help AG recognises the imperative of integrating artificial and human intelligence in cybersecurity, which is crucial for maintaining competitiveness and resilience amidst technological advancements.

We have developed robust automation and integration capabilities to tackle key cyberattacks effectively. For instance, when a user reports a suspected phishing email, we can swiftly execute the necessary response actions within just 20 minutes if confirmed as phishing.

Without automation, this process would require our customers to allocate upwards of three hours, involving multiple teams. With automation and integration, our analysts can access all necessary information from a single console, saving over 500 hours of human effort per month. Over a year, this translates to 6,000 hours of effort saved.

By embracing automation and AI, Help AG’s SOC teams enhance their ability to protect organisations against cyber threats. This approach not only improves security posture, but also allows analysts to focus on strategic thinking, threat hunting, and proactive security measures. While automation is a powerful tool, it augments rather than replaces human expertise.

Over the past few years, our Managed Security Services team has focused extensively on automation and AI to provide efficient, consistent, and advanced security services.

What are the key elements of Help AG’s ‘Cybersphere Nexus’ strategic approach, particularly regarding securing AI and intelligent defence mechanisms, advancing post-quantum cybersecurity and championing sustainable cybersecurity practices?

The Help AG Cybersphere Nexus represents our commitment to advancing cybersecurity through innovative technologies and sustainable practices, focusing on three pivotal areas: securing AI, post-quantum cryptography and sustainable cybersecurity.

We are dedicated to enabling the safe use of AI in enterprise organisations, identifying innovative AI-powered security solutions, and ensuring oversight, control and predictability of AI.

With the rise of quantum computing, traditional encryption methods will soon become inadequate. We are collaborating with pioneers to deliver encryption that can withstand quantum threats, ensuring our cybersecurity defences remain robust and effective against future threats.

Sustainable cybersecurity goes beyond protecting data — it’s about doing so in an environmentally responsible and economically viable manner. Through the Cybersphere Nexus, we are leading the way in green computing technologies and practices that minimise our carbon footprint while maximising security efficacy.

Give us insights into Help AG’s expertise in critical areas such as secure cloud and apps, data security and privacy, identity fabric immunity, OT and IoT Security, intelligent automation, and Secure Access Service Edge (SASE).

 Secure cloud and apps: We empower organisations’ secure cloud enablement by helping them carry out a compliant cloud migration, implementing corrective controls and security from day zero, and delivering assessments to identify the security risks in cloud configurations and reveal deviations from recommended cloud security architecture.

Data security and privacy: We assist organisations in developing effective data protection strategies utilising the right technologies and controls,  including data loss prevention (DLP), encryption, and access control.

Identity fabric immunity: From active directory security and adaptive to extended multi-factor authentication and endpoint privilege management, we offer a comprehensive suite of identity protection services to assist organisations at every step of their journey toward identity fabric immunity.

OT and IoT security: Help AG turns OT security into an enabler of organisational growth and success through capabilities that include risk assessments, strategic consulting, professional services, and managed security, while simultaneously securing IoT connectivity and providing organizations with total visibility of their environments.

Intelligent automation: We leverage intelligent automation to streamline security processes, enhance threat detection capabilities, and respond promptly to security incidents.

SASE: Protecting users, applications and data, our SASE service provides best-in-class network security anywhere and everywhere. Powered by a multi-vendor ecosystem and hosted locally, it delivers fast reachability to SSE platforms with industry-leading managed service options available.

As the MSS Leader in the GCC recognised by IDC MarketScape for 2023, what sets Help AG apart in terms of managed security services, innovation and customer-centric philosophy?

Our Security Operations Center (SOC) is the heart of our cybersecurity strategy, providing continuous round-the-clock monitoring to ensure constant vigilance and rapid response to threats. Achieving the prestigious SOC CMM Level 3 certification, we validate our risk-focused strategy and demonstrate our ability to deliver high-quality cybersecurity services.

Innovation is at the core of what we do. We leverage extensive cyber threat intelligence libraries, the MITRE ATT&CK framework, and a centralised threat content repository to keep ahead of emerging threats. Our advanced techniques, such as event chaining and regular threat hunting, enhance our detection capabilities, ensuring comprehensive protection against complex attack patterns.

Integrating artificial intelligence into our operations allows us to analyse large datasets, detect anomalies, and automate intelligent decision-making, continuously refining our security measures and responses.

Our customer-centric philosophy drives us to align our efforts with our clients’ business outcomes. By prioritising actions based on the potential impact on our clients’ businesses, we ensure that our cybersecurity measures are tailored to safeguard their critical assets.

Our outcome-focused strategy means we concentrate on delivering clear, measurable value, supporting our clients’ broader business success rather than merely addressing technical issues.

We are dedicated to providing a proactive and resilient cybersecurity posture. Our continuous improvement efforts and proactive threat management ensure that our clients are not only protected against current threats but also prepared for future challenges.

By automating communication and interaction between different security controls, we create a unified security ecosystem, maximising the effectiveness of each tool and enhancing the overall value of our clients’ security investments. Automation in incident analysis, response steps, and enrichment ensures consistency, reduces human error, and allows our analysts to focus on strategic tasks and proactive security measures.