“While we are seeing relief from the pandemic arriving in the Middle East, digital transformation and distributed working are trends that are still going to grow. They create vulnerabilities and increase risks if organizations don’t have adequate cybersecurity solutions in place,” says, Mazen Dohaji, Vice President (iMETA) at LogRhythm, in an exclusive interview with ITSecurityWire.
ITSW Bureau: The Middle East region went through a “cyber pandemic” with COVID-19 related attacks skyrocketing in 2020. What is the state of cyber threats right now in the region, especially in the case of phishing and ransomware?
Mazen Dohaji: Growing cyber-attacks in the Middle East in 2020 coincided with rapid digital transformation and the move to “work from anywhere” scenarios. While we are seeing relief from the pandemic arriving in the Middle East, digital transformation and distributed working are trends that are still going to grow. They create vulnerabilities and increase risks if organizations don’t have adequate cybersecurity solutions in place.
The traditional risks associated with digital communications networks and supply chains are being compounded by rapid cloud adoption, growing attack surfaces with new connected devices, and growing opportunities to exploit human error. This isn’t unique to the Middle East, but I think the pace of digitalization is a challenge. The region is moving extremely fast, and organizations need a secure foundation and a “Security First” mentality.
We have seen increases in Phishing and Ransomware across the board. Google has registered 2,145,013 phishing sites as of Jan 17, 2021, a 27% increase in the last 12 months. Ransomware is expected to deliver losses of $20 billion or more this year.
ITSW Bureau: Is there a need for increased coordination and more partnerships between public and private sectors to combat cyber threats?
Mazen Dohaji: There is always an ongoing collaboration and conversation happening between the private and public sectors. For example, we are very humbled that LogRhythm was chosen by the United Arab Emirates’ Cyber Security Council to provide advice and recommendations for cybersecurity monitoring and threat mitigation. That is a huge honor for us and shows how the public and private sector can work together to create strategies that benefit businesses and society as a whole.
We were given the opportunity to share our cybersecurity insights with the Organization of The Islamic Cooperation – Computer Emergency Response Teams (OIC-CERT) recently at a virtual event organized by the Council. OIC-CERT includes members from Africa, Asia, and the Middle East. That was about helping more countries define and develop their cybersecurity strategies.
I’m a big believer in these kinds of partnerships and knowledge sharing. There needs to be more of it, as it benefits both the private and public sectors.
ITSW Bureau: In what ways does a next-gen cloud SIEM tool give critical visibility to companies for effective threat hunting?
Mazen Dohaji: Next-generation SIEM provides a foundation for Security Operations Centres (SOCs). It gives cybersecurity teams visibility across endpoints, networks, and the cloud. Real-time and historic data are easily accessible so teams can visualize and understand what is happening across their IT estate. They can quickly identify threats, automate and collaborate on investigations, and remediate threats before they impact their organization.
One of the most interesting aspects of NextGen SIEM is the automation capabilities. It isn’t just about a person sitting in front of a screen and making decisions. Threat hunting can be automated and optimized using Security Orchestration, Automation, and Response (SOAR). By automating workflows, one can remove human error and rapidly respond to emerging threats. It also helps small teams to scale-up efficiently without needing a lot of resources. As cyber threats grow, scalability is critical in security operations.
ITSW Bureau: Security professionals are increasingly adopting MITRE ATT&CK for network threat hunting. In what ways can it help businesses improve their threat detection and response?
Mazen Dohaji: Collaboration in cybersecurity is crucial. Anytime a community can come together with a common purpose, we increase our chances of success. If one can understand the motivations, strategies, techniques, and procedures of hackers, then they can predict behaviors and adapt to changing threats.
It is an extremely valuable approach, especially as every organization has to be constantly evolving its approach to cybersecurity. It provides a methodology for understanding the adversary and then taking action to proactively stop threats.
ITSW Bureau: What does the future of cybersecurity look like, with new digital transformation trends especially like the rollout of 5G technology?
Mazen Dohaji: The deployment of industrial 5G is going to create new cybersecurity challenges. There’s a massive opportunity in enabling vertical targeted solutions that are underpinned with 5G, but that requires new levels of security. Mobile Network Operators have traditionally been focused on serving consumers, and now they are being asked to do mission-critical networking. That requires rapid threat detection, visibility across a growing number of thousands or even millions of endpoints, and a security-first approach. If one can’t provide ultra-secure solutions, then the B2B opportunity in 5G will disappear.
Similarly, digital transformation will only deliver ROI if organizations can manage their risk and reduce vulnerabilities. There needs to be a mindset shift where cybersecurity is a priority across entire organizations and not just in the SOC. Everyone has to be conscious of the threats an organization faces, and education will have a lot to do with that. Security might not be in the job description, but everyone should be aware of how their role may be impacted by cyber threats. That’s another level of cybersecurity.
ITSW Bureau: How do your jurisdiction’s cybersecurity laws affect organizations on their digital transformation journey?
Mazen Dohaji: For the most part, a government with a proactive approach to cybersecurity benefits organizations on their digital transformation journey. Everyone wants governments to take cybersecurity seriously and have mechanisms in place to support local organizations. The Essential Cybersecurity Controls (ECC) introduced by the National Cybersecurity Authority (NCA) in the Kingdom of Saudi Arabia directly benefits ICT operations across both the private and public sectors in the country.
The goal of the ECC is to establish best practices in cybersecurity at a national level, covering high-priority sectors, critical infrastructure, and government services. All government-run departments and agencies within the Kingdom must comply with the ECC, and any privately-run organization that wants to do business with public sector organizations must also comply.
That’s a great example of taking a proactive approach to cybersecurity that will ultimately benefit the entire value chain from businesses through to citizens.
Mazen Dohaji is a cybersecurity business strategist professional and Vice President (iMETA) of LogRhythm. For more than 25 years, he has developed and delivered business strategies that drive growth and focus on customer outcomes. Mazen has managed strategic markets for some of the top IT and Information Security companies in the world.Mazen Dohaji is a cybersecurity business strategist professional and Vice President (iMETA) of LogRhythm. For more than 25 years, he has developed and delivered business strategies that drive growth and focus on customer outcomes. Mazen has managed strategic markets for some of the top IT and Information Security companies in the world.