Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

In today’s cloud-connected world, user and enterprise security is demanding new ways of developing and modeling IT infrastructure as connectivity moves closer to the edge.

End-point edge devices enabled by IoT technology have become the latest weak links for unauthorized access to company networks and red flags are being raised far too often.  

Recent stats show that 86% of Middle East IT leaders (global average: 81%) have agreed that the shift to remote working during the pandemic has led to an increased risk and vulnerability from unsecured IoT devices on their organisations’ business networks.

While 93% of Middle East IT decision-makers (global average: 85%) have enough visibility into IoT devices of their remote workers that connect to the corporate network, reports shows that 91% of Middle East IT Leaders believe their organisation’s approach to IoT security requires improvement. Although 100% of the respondents surveyed in the Middle East have a specific IoT security strategy in place, many personal IoT devices are increasingly being connected to corporate networks by remote workers, opening new opportunities for hackers to break into organisations to launch ransomware attacks, steal data and launch crypto-jacking operations.

Conversely, governments across the region are witnessing a buildup of complexity in their IT infrastructure during the COVID-19 crisis, including a higher risk from endpoint security brought about by remote working. A recent KPMG survey of UAE business stakeholders reported some 61% of respondents being concerned about phishing scams, 54% about email spamming, and 42% wary about ransomware incidents. Regional government authorities have often been prime targets of cybercriminals.

Cybersecurity leader Symantec researchers have pointed out that attackers rely on a mixture of legitimate remote administration and security assessment tools, and publicly available malware. After breaking into a network, the attackers stole credentials and moved laterally across the network.

In some cases, compromised organizations may have been used as a bridge to target additional victims, while others may have been compromised solely to perform supply-chain type attacks on yet other organizations, according to the researchers.

Hence, technology that effortlessly fits in with existing deployments to give customers more visibility across their network, accurate threat detection, and actionable data-driven information for interoperability in operational technology (OT), information technology (IT), and IoT environments is of utmost importance. Delivery of fast, reliable, and secure connectivity to the hybrid work era and beyond seems to be a constant challenge for network engineers and operators.

Intelligence-driven methods

To counter-attack this growing cyber menace, Etisalat has collaborated with Abu Dhabi Digital Authority (ADDA) along with Trend Micro Incorporated to launch Cyber Eye – an initiative designed to strengthen the Abu Dhabi Government entities’ cybersecurity capabilities.

As part of Abu Dhabi government’s cybersecurity strategy, Cyber Eye will employ first-in-class technology and systems to identify cyber threats in real-time and take effective and proactive actions to mitigate risks and increase protection, further strengthening the security of Abu Dhabi government entities digital assets. Etisalat is currently leveraging its wide range of digital technologies and services and powering a great digital-first experience to encourage digital adoption by its customers.

Considering the rise in ransomware attacks that have the potential to cripple organizations in their operations, especially with the trend in remote work culture, adoption of solid cybersecurity management to protect core IT services, with special emphasis on end-point devices connected to the networks should be implemented at an organizational level.

Expert suggestions

Starting with the router: All IoT devices connect to the internet through routers. Changing the default settings to something relatively difficult or unique is important. The network should then be encrypted by simply updating router settings to either WPA3 Personal or WPA2 Personal.

Making data inaccessible: Backup data, system images, and configurations must be tested regularly. Backups are best kept offline and not connected to the business network because ransomware can encrypt network data, disabling restoration of systems.

Patch management program: Timely maintenance of the security of operating systems, applications, and firmware is key. The use of a centralized patch management system with a risk-based assessment strategy is highly recommended.

Segmentation of networks: Corporate business functions and manufacturing/production operations should be kept separate, limiting internet access to operational networks and identifying connections between the two networks. Develop workarounds or manual controls to ensure industrial control systems (ICS) networks can be isolated and continue operating if the corporate network is compromised.

Strengthening DNS security:  Most ransomware and malware use DNS for cyberattacks.  DNS may be used during the reconnaissance phase when it is a targeted attack. Using threat intelligence and analytics on internal DNS can detect and block improper activity early before ransomware spreads or downloads the encryption software.

Internal security checks: Using a third-party pen tester to test the security of internal systems and their capacity to defend against a sophisticated attack is always a sane strategy. Even the use of

digital twins to simulate potential attack threats can go a long way in protecting the overlooked attack surfaces.

In light of the pace at which digital transformation is encompassing every sector and industry, the flexibility and agility provided by edge technology are relevant and timely. However, it is the prerogative of organizations as well as individuals to build a strong security posture, through the orchestration and the use of security intelligence and adoption of the cybersecurity best practices that involve the whole organization.

Pin It