» ENSURING A SECURE DIGITAL ECOSYSTEM

Shinoj Sebastian, Group Head of IT, Royal Group (IHC), UAE talks to CXO DX on the current cybersecurity landscape of UAE.

Shinoj Sebastian

Group Head of IT, Royal Group (IHC), UAE

Cybersecurity is never static, it’s ever-evolving to a newer and wider threat landscape, and that’s especially true today. After widespread and frequent disruptions across various industry verticals in the past few years, the shift to remote work due to the COVID-19 pandemic, which would likely become a permanent fixture, increases the threat surface for most organizations. "What was old is now new," in the Cybersecurity landscape. In 2019, ransomware was starting to decrease, but with COVID, attackers have pivoted back to ransomware, and they are having a lot of success with it.

As working from home continues to be the norm for many, threat actors will have more opportunities to deliver ransomware. The threat landscape remains fluid as attackers look to take advantage of disasters to phish and social engineer employees. A prominent report revealed a 41% increase in malware attacks in the last two years, as 52% of organizations faced a malware attack in 2020, compared to only 37% in 2019. These attacks have become one of the most prominent threats of the last few years, and they will likely keep growing in the future.

We had taken the WFH context as an opportunity to transform Enterprise IT into a Secure Digital Ecosystem. We have taken the following steps to tackle the ever-evolving threat landscape. We established a Security Operations Center (SOC), proactively monitoring the threat surface of our Enterprise IT. We implemented top-notch cybersecurity solutions in SIEM (Security Incident & Event Management), VMDR (Vulnerability Management, Detection & Response), EDR (Endpoint Detection & Response), NAC (Network Access Control), PAM (Privileged Access Management), MDM (Mobile Device Management), DLP (Data Leakage Prevention), et. We applied Principle of Least Privilege & multi-layered Defense-in-Depth security to protect End users, Desktops, Infrastructure, Applications and Gateways. We developed Information Security Awareness Program for the year 2021-22, delivered awareness training for the entire user community with Desktop Screensavers, Banners, Interactive sessions, Security games and puzzles, etc. We do realistic Phishing simulations on the human side of Cybersecurity, and subsequently implement mandatory security awareness training for those who have been phished, using AI-powered Information Security learning solutions.

As more organizations migrate their data, applications and other assets to the cloud, it becomes even more important to understand how to protect highly sensitive business information that could potentially be exposed. We had embarked on our cloud journey before the pandemic and nothing has derailed our journey to the IT Centre of Excellence for the Group, aligned to IT roadmap & Enterprise Architecture.

Implementing a Zero Trust model has become a leading security strategy for most organizations as traditional security perimeters have become ineffective. Many find the “Zero Trust Journey” as overwhelming at the outset, however, a Zero Trust Ecosystem will be rewarding, quite challenging though. It uniquely addresses the modern challenges of today’s business, including securing remote workers, hybrid cloud environments, ransomware threats, etc.

2022 promises to be both exciting and challenging for IT leaders. We have set the following digital agenda to get the most value from IT in the year ahead. WE want to innovate and build future-proof IT systems, transform IT as a Business Enabler with a Data-Driven Business Model and give more focus to strengthen organization-wide cybersecurity skills and awareness. We will look to improve Digital Dexterity by advancing automation work processes using Robotic Process Automation (RPA) and Artificial Intelligence (AI). We are committing to Cloud and completing the digital transformation journey. We will look at AI-powered automated Security Assessment System, and monitoring of application performance and the end-user experience.