https://adgully.me/post/5101/surge-seen-in-ai-powered-startups-new-cybersecurity-tools

Surge seen in AI-powered startups, new cybersecurity tools

In 2024, there will be a surge in AI-driven startups, marked by the development of cybersecurity tools leveraging generative AI models and the integration of artificial intelligence as a supportive assistant.In its prediction for 2024, Positive technologies, a cybersecurity leader, sees setting up of services with the help of natural languages, private blockchain, trusted blockchain, and advanced encryption methods, which are fuelling the evolution of blockchain technology.2024 is set to feature an astonishing landscape of change for organisations across the Middle East especially in light of the region’s race towards digitalisation.Artificial intelligence and cybersecurityAlexandra Murzina, Head of Advanced Technologies, Positive Technologies, says new capabilities of generative AI have reshaped many industries this year. Just a year ago, few would have imagined the multi-pronged uses of AI: image generation, text generation along with text-to-speech, as well as scriptwriting and the creation of script-based videos in real time.“Today, we are witnessing a boom of AI-powered startups. Artificial intelligence has advanced so fast that it has taken root in some professional areas, forcing the workforce to master new tools.”This trend also applies to cybersecurity. AI technologies have benefited both defence teams and attackers. They have helped companies make threat detection and response processes more effective, and cybercriminals improve their cyber kill chains. GitHub now features many different cybersecurity tools based on generative AI models.AI as assistant“In addition, we are seeing a trend towards the use of artificial intelligence as an assistant. Take Microsoft Security Copilot, for example. This trend is pushing the industry to rethink conventional cybersecurity products.”The open-source community has contributed a lot to this progress by developing many of the ML solutions currently available. Companies, academies, and individual enthusiasts have trained many large language models, shared their image generation algorithms based on the Stable Diffusion model, and posted useful materials and tutorials. This has made advanced technologies more accessible than ever before.Knowledge distillation of large language models was a major trend of 2023. Training LLMs takes a lot of effort and using them is expensive. That's why experts are looking for a solution that would simplify this task and make it available to more people. This has resulted in quantified and distilled LLMs that can run on laptops, and some even on mobile devices. At the same time, guidelines and recommendations on performing these tasks are now available.Creating servicesAnother emerging trend is creating services with the help of natural languages. It is projected to make big strides as early as next year, enabling development of breakthrough technologies without coding. For example, prior to AI, if you wanted to build an application or query a database, you needed to know the language syntax to work with those tools. Now you can do it by writing prompts in natural languages, and LLMs will follow your instructions and apply the necessary format.Moreover, the industry's still trying to figure out what an artificial general intelligence (AGI) should be. AGI is a hypothetical type of artificial intelligence capable of performing any intellectual task even better than human professionals. There are many opinions and interpretations. In November 2023, for example, Google DeepMind published a paper presenting their vision of artificial general intelligence as a framework for classifying the capabilities and behavior of AGI models and their precursors.Growth drivers for blockchain projects in 2024In 2023, the world witnessed a rapid advancement of technology based on zero-knowledge proof (ZKP). ZPK technology already found application in a range of Ethereum L2 chains and Proof-of-Reserves approaches.It even started spreading beyond blockchain. Much work has been done in the field of identification. For example, the Worldcoin project, which was launched not so long ago, uses retinal scans to identify individuals and has already gained over one million users. Inter-blockchain technologies, such as the Cosmos and Polkadot ecosystems, will definitely continue to expand.The blockchain market is growing, indicating a rise in investment and innovation spending in this area. In addition to cryptocurrencies, blockchain is being widely used in industry and the Internet of Things. Since 2020, we've observed strong investment in blockchain projects, which is driving the application of these technologies in business.The geographic distribution of blockchain increases the sustainability of projects: North America and Asia-Pacific are leaders in the use of blockchain technology. The emerging standards and solutions such as private blockchain, trusted blockchain, and advanced encryption methods, are fuelling the evolution of blockchain technology.
https://adgully.me/post/4796/cybersecurity-in-the-ai-era-how-the-threat-landscape-evolved-in-2023

Cybersecurity in the AI era: How the threat landscape evolved in 2023

Adopting a multifaceted approach, the analysis explores the implications of AI, focusing on its use by defenders and regulators, and separately assessing its potential exploitation by cybercriminals. This comprehensive examination – part of Kaspersky Security Bulletin (KSB) – is a yearly compilation of predictions and in-depth reports illuminating key shifts in the dynamic field of cybersecurity.Amid the rapid pace of technological progress and societal shifts, the term “AI” has firmly positioned itself at the forefront of global conversations. With the increasing spread of large language models (LLMs), the surge in security and privacy concerns directly links AI with the cybersecurity world. Kaspersky researchers illustrate how AI tools have helped cybercriminals in their malicious activity in 2023, while also showcasing the potential defensive applications of this technology. The company’s experts also reveal the evolving landscape of AI-related threats in the future that might include:More complex vulnerabilitiesAs instruction-following LLMs are integrated into more consumer-facing products, new complex vulnerabilities will emerge on the intersection of probabilistic generative AI and traditional deterministic technologies, expanding the attack surface for cybersecurity professionals to secure. This will require developers to study new security measures like user approval for actions initiated by LLM agents.A comprehensive AI assistant to cybersecurity specialistsRed teamers and researchers leverage generative AI for innovative cybersecurity tools, potentially leading to an assistant using LLM or machine learning (ML). This tool could automate red teaming tasks, offering guidance based on executed commands in a pentesting environment.Neural networks will be increasingly used to generate visuals for scamsIn the coming year, scammers may amplify their tactics using neural networks, leveraging AI tools to create more convincing fraudulent content. With the ability to effortlessly generate convincing images and videos, malicious actors pose an increased risk of escalating cyber threats related to fraud and scams.AI will not become a driver for groundbreaking change in the threat landscape in 2024Despite the above trends, Kaspersky experts remain skeptical about AI changing the threat landscape significantly any time soon. While cybercriminals do adopt generative AI, the same is true about cyberdefenders, who will use the same or even more advanced tools to test enhance security of software and networks, making it unlikely to drastically alter the attack landscape.More AI-related regulatory initiatives, with private sector’s contributionAs fast-growing technology develops, it has become a matter of policy making and regulation. The number of AI-related regulatory initiatives is set to rise. Non-state actors, such as tech companies, given their expertise in developing and utilizing artificial intelligence, can provide invaluable insights for discussions on AI regulation on both global and national platforms.Watermark for AI-generated contentMore regulations, as well as service provider policies will be required to flag or identify synthetic content, with the latter continuing to invest in detection technologies. Developers and researchers, on their part, will contribute to methods of watermarking synthetic media for easier identification and provenance.“Artificial Intelligence in cybersecurity is a double-edged sword. Its adaptive capabilities fortify our defenses, offering a proactive shield against evolving threats. However, the same dynamism poses risks, as attackers leverage AI to craft more sophisticated assaults. Striking the right balance, ensuring responsible use without oversharing sensitive data, is paramount in securing our digital frontiers,” comments Vladislav Tushkanov, security expert at Kaspersky.On December 11, Kaspersky experts joined by prof. Dr. Dennis-Kenji Kipker of cyberintelligence.institute will delve deep into the multifaceted current influence of AI on cyber threats and the privacy landscape. To join the session, register here for free.To learn more about AI in cybersecurity, visit Securelist.comv.These are part of Kaspersky Security Bulletin (KSB) – an annual series of predictions and analytical reports on key shifts within the cybersecurity world. Follow?this link?to learn more about other KSB pieces.
https://adgully.me/post/4663/58-of-companies-in-saudi-arabia-plan-to-outsource-cybersecurity

58% of companies in Saudi Arabia plan to outsource cybersecurity

Company bosses are boosting their cybersecurity following an alarming increase in cyberattacks, a new study commissioned by Kaspersky has found. The data shows that 71% of companies in Saudi Arabia suffered at least one cyber incident over the last two years. One of the main reasons cited was the shortage of qualified IT security staff (34%). Among measures to strengthen cybersecurity, overall up to 58% of respondents claimed that their companies plan to invest in different forms of outsourcing cybersecurity in the next 12 to 18 months.Kaspersky conducted a study to learn the opinions of IT security professionals working for SMEs and corporations worldwide regarding the impact people have on cybersecurity in a company. The survey gathered information about various groups of people who influence cybersecurity, looking at both internal staff, and external actors. It also analyzed levels and types of online safety company bosses believed warranted investment.In Saudi Arabia, more than three quarters (71%) of respondents reported that their company had experienced cybersecurity incidents within the last two years, with 75% of these judged as ‘serious’. Some said the main reasons for cyber incidents occurring in their company were a lack of necessary tools for threat detection (22%) and a shortage of internal IT security staff (34%).The respondents indicated that a variety of measures would be appropriate to address the gaps in cybersecurity. Specifically, 10% said they would like to see more external specialists brought in. One quarter of organizations (24%) plan to invest in third-party professional services, and as many as 42% of respondents are aiming to outsource their cybersecurity to MSP/MSSP (Managed Service Providers/Managed Security Service Provider). The most likely industries to invest in third-party services in the near future are critical infrastructure, energy and oil & gas companies.At the same time, many organizations plan to invest in automating their cybersecurity processes. In the next 12 months almost half of businesses globally (53%) have concrete plans to implement software that automatically manages their cybersecurity, while 13% are discussing the subject. “The automation and outsourcing of cybersecurity tasks are major areas that organizations struggling because of a lack of experts and alert fatigue can focus on. Turning to external experts, — whether it’s outsourcing, to manage the whole cybersecurity system, or adopting expert-level services to assist the IT Security department — is the optimal solution for many. Cybersecurity vendors, Managed Service Providers, Managed Security Service Providers are the companies that have relevant expertise, all the necessary tools, and can manage cybersecurity effectively for customers of any size. Additionally, they can provide the customer with various options, such as Managed Detection and Response services, where SOC experts continuously carry out monitoring, or assistance in case of emergency like investigating a particular incident. Automation tools provided by cybersecurity vendors is another way an organization can strengthen its cybersecurity. For example, our XDR and MDR has out-of-the-box automation through investigation and response playbooks and embedded AI, enabling clients and partners to significantly automate their information security processes. With all possible options provided by experts, each company can determine the scope of services that are needed, based on cybersecurity gaps or desired development trajectory,” comments Ivan Vassunov, VP, Corporate Products at Kaspersky.To cope with a shortage of tools or IT Security employees in-house, Kaspersky recommends:Make use of the expertise offered by managed security providers offerings. For example, Kaspersky Managed Detection and Response raises the overall protection level of an organization by monitoring of telemetry coming from the company's IT network 24/7, and helps with the development of in-house processes and best practices while following the incident response guidelines provided by Kaspersky experts. Additionally, the AI assistant in MDR automatically handles about half of all security alerts to ensure maximum protection.Implementing Kaspersky Professional Services optimizes the workload of a struggling IT department. Kaspersky experts assess the state of your current IT security, then deploy and configure Kaspersky software quickly and properly to ensure hassle-free ongoing performance. And Kaspersky Premium Support speeds up and boosts the efficiency of any Kaspersky-based IT security infrastructure.For SMBs that lack the budget to purchase some cybersecurity products and hire dedicated IT security professionals, just one IT administrator (even part time or outsourced) is enough to easily manage Kaspersky Endpoint Security Cloud through a console with numerous automated scripts.Invest in cybersecurity trainings so your current IT security specialists’ skills are always up-to-date and equipped to handle anything the cyber threat landscape throws at your organization. Kaspersky Cybersecurity for IT Online training helps build up simple yet effective IT security best practices and simple incident response scenarios for general IT administrators. And Kaspersky Expert Training equips your security team with the latest knowledge and skills to manage and mitigate threats, protecting your organization from even the most sophisticated attacks.The full report and more insights on the human impact on cybersecurity in business are available via the link.
https://adgully.me/post/4551/knowledge-summit-2023-discusses-significance-of-enhancing-cybersecurity

Knowledge Summit 2023 discusses significance of enhancing cybersecurity

Dubai, UAE - On the sidelines of the eighth edition of the ‘Knowledge Summit,' a panel discussion titled ‘Shielding the future: Cybersecurity imperatives in the 5th industrial revolution’ stressed the current cybersecurity landscape, AI-driven threats, as well as essential defenses and tools necessary to counter cyber-attacks.The speakers of the sessions were Kawther Haciane, Security Leader for Gulf, Levant, and Pakistan, IBM; Sebastian Madden, Chief Corporate Development Officer, PGI, and Middle East Lead, CREST; and Salwa Alessa, Director of Information Security and Quality Governance, DETASAD. The session was moderated by Maliha Rashid, Managing Director and Security Lead, Accenture Middle East.Salwa Alessa underscored the need for organizations and individuals to possess enhanced cyber resilience, highlighting that the Middle East is the second-most targeted region globally for cyberattacks. She further highlighted the significance of channeling collective efforts to counter these threats.Alessa further emphasized the importance of ensuring that all employees in companies receive cybersecurity training to effectively combat and prevent cyber-attacks. She also highlighted the pivotal role of collaborations between governmental entities, several companies, academic institutions, and other stakeholders to build a unified defense in cybersecurity.For his part, Sebastian Madden underlined the need for providing continuous cybersecurity training for all professionals, highlighting the need to possess the necessary skills to combat cyber threats. He also elaborated on the importance of communication, collaboration, writing, documentation, and leadership skills in combating cyber threats, pointing out that there is a significant need for a secure space for information exchange and sharing experiences.Madden further shed light on some cybersecurity initiatives in the UAE, Saudi Arabia, and Oman, all of which aim to enhance cyber resilience in the Arabian Gulf region. He highlighted the necessity of keeping pace with various cutting-edge cybersecurity technologies and the need to enhance relevant skills.Kawther Haciane illuminated the central role of human interaction in enhancing cybersecurity. She underscored enhancing supply chain resilience, as a threat impacting a specific company could affect all other interconnected institutions.Haciane explained that the increasing volume of data presents significant security challenges, necessitating the integration of modern technologies like AI and machine learning into cybersecurity strategies, with human intervention being the primary defense.Haciane also emphasized concentrating on time in cybersecurity management, especially given the rapid changes in today’s technology.The Mohammed bin Rashid Al Maktoum Knowledge Foundation (MBRF) is organizing the eighth edition of the ‘Knowledge Summit’ in collaboration with the United Nations Development Programme (UNDP), under the theme ‘Knowledge Cities and the Fifth Industrial Revolution.’ The summit is taking place at the Dubai World Trade Center between November 21 and 22, with virtual sessions continuing on November 23, 2023. The summit features a broad participation of experts, leaders, government officials, and specialists from various fields worldwide.
https://adgully.me/post/4224/proofpoint-signs-definitive-agreement-to-acquire-tessian

Proofpoint signs definitive agreement to acquire Tessian

Proofpoint Inc., a leading cybersecurity and compliance company, today announced it has entered into a definitive agreement to acquire Tessian, a leader in the use of advanced AI to automatically detect and guard against both accidental data loss and evolving email threats. The acquisition is expected to close in late 2023 to early 2024, subject to customary closing conditions, including any required regulatory approvals.Proofpoint protects organizations against social engineering attacks by applying award-winning AI and large language models (LLMs) to block threats and provide real-time threat insights. AI-based detection has proven to be notably effective in identifying threats targeting people, such as email fraud and supplier-based attacks, and preventing data loss due to negligent or malicious actions. With the acquisition of Tessian, Proofpoint will enhance its threat and information protection platforms by adding powerful layers of AI-powered defense that address risky user behaviors, including misdirected email and data exfiltration.Misdirected emails (sending emails to the wrong recipient) and mis-attached files continue to be a leading cause of compliance violations and accidental data loss for organizations according to Ponemon research: in 2022 alone, 65% of all data loss incidents occurred via email, and nearly two-thirds of organizations experienced data loss or exfiltration due to an employee mistake on email. As a result, it takes security teams 48 hours, on average, to detect and remediate a data loss and exfiltration incident caused by employee negligence.“Far too often, human errors with email lead to organizations putting their own and their customer’s data at risk, breaching industry and data protection regulations and losing mission-critical intellectual property,” said Darren Lee, executive vice president and general manager, Security Products and Services Group, Proofpoint. “By combining Proofpoint’s best-in-industry data, detection stack, and efficacy with Tessian’s advanced behavioral and dynamic detection platform, we can provide our customers with world-class defense and instant protection. Proofpoint channel partners can quickly bring value to their customers with these new, easy-to-deploy solutions that integrate natively with Microsoft 365 and Google Workspace.”“Our long-standing vision to secure the human layer has been the driving force behind our innovative platform offering inbound email security, as well as outbound data loss prevention,” said Tim Sadler, chief executive officer, Tessian. “By joining forces with Proofpoint, we can empower organizations to further improve their email security posture, reduce the risk of data breaches, and lighten the workload on their security teams.”More than nine in 10 organizations have dealt with a data breach caused by an end-user error on email. Using behavioral understanding and machine learning, Tessian's AI-powered email security platform will enhance Proofpoint’s email data loss prevention (DLP) offering by addressing accidental data loss and malicious insiders through its seamless Microsoft 365 and Google Workspace deployment. Tessian solutions include:Tessian Guardian: Protects sensitive data, helps customers meet regulatory compliance and confidentiality agreements, and eliminates the risk of reputational damage by preventing misdirected emails and mis-attached files.Tessian Enforcer: Automatically protects against data exfiltration and safeguards intellectual property without predefined rules or deny-lists.Tessian Defender: Context-aware, AI-based email defense that detects and prevents the full spectrum of email attacks, while providing end users with in-the-moment contextual warning banners to help them decide whether an email is safe.Tessian’s solutions are expected to become part of Proofpoint’s offering upon the closing of the acquisition.
https://adgully.me/post/3935/eight-of-ten-of-uae-ceos-see-ai-as-an-important-enabler-for-cybersecurity

Eight of ten of UAE CEOs see AI as an important enabler for cybersecurity

According to new research by Censuswide, commissioned by Palo Alto Networks, 95% of UAE organisations surveyed plan to increase investment in Artificial Intelligence (AI) technologies to improve their respective cybersecurity strategy, with 81% seeing AI as an important enabler for their organisation’s overall approach to cybersecurity.“As organisations adopt new technologies at a rapid pace, it is critical that they take steps to improve their cybersecurity posture, including their ability to detect and respond to threats in real-time,” said Ercan Aydin, Regional Vice President at Palo Alto Networks, Middle East and Africa (MEA). “By incorporating AI into their cybersecurity strategies, organisations in the UAE and regionally can improve their ability to defend against a wide range of cyber threats, reduce response times, and gain better visibility into their security posture – combined with other best cybersecurity practices such as employee training, strong policies, and a layered security approach.”The research found that 94% of UAE respondents understand the potential cyber risks, and 89% feel their organisation is cyber-ready. However, 52% of organisations researched said they have seen an increase in cyberattacks in the past 12 months.69% of CEOs researched said that cybersecurity is a board-level issue within their organisation, 39% have said they are accountable with the CIO for ensuring their organisation is protected against cyberattacks, especially if that could impact the business, customers and reputation.While 65%5 said they are looking to increase investment in cybersecurity protection, 92% of respondents have confirmed that their company’s CIO or CISO plan to lower the number of security solutions deployed in order to reduce complexity.Palo Alto Networks is showcasing its leading cybersecurity technology at GITEX Global 2023, with live demos of its best-in-class cybersecurity platforms representing three main security pillars plus services: Strata (The Networks Security with NGFW and SASE), Cortex (Endpoint security and SoC Automation, Unit 42 Incident Response), Prisma Cloud (Cloud Security) and Professional Services.The research was conducted by Censuswide with 502 CEOs across the UAE and Saudi Arabia between 20.09.2023 - 28.09.2023. Censuswide abides by and employs members of the Market Research Society which is based on the ESOMAR principles and are members of The British Polling Council.
https://adgully.me/post/3872/cybersecurity-in-the-spotlight-as-gitex-global-2023-opens

Cybersecurity in the spotlight as GITEX GLOBAL 2023 opens

UAE: The world's leading cybersecurity experts have convened at GITEX GLOBAL 2023 to address the urgent challenges of cybercrime, projected to cause $10.5 trillion in annual damages by 2025. Ransomware, crypto crime and risks associated with Generative AI are some of the key threats that CISOs and security professionals need to tackle in the digital era.His Excellency Dr. Mohamed Al-Kuwaiti, Head of Cybersecurity, UAE Government, gave a keynote address at GITEX GLOBAL, highlighting how digital transformation across all sectors in the UAE has made it a catalyst for improved collaboration. Al-Kuwaiti also highlighted UAE's Cybersecurity Council's work across the UAE and how it collaborates with partners to protect and defend people and organizations against threats. "We strive to continuously innovate and form partnerships with entities, nations, and governments. Our vision is to create a great place to collaborate, work, and serve the entire world," he added.Cybersecurity in the AI eraAt the show, Huawei is demonstrating its leading-edge cybersecurity capabilities and solutions to address the evolving threats faced by organisations and nations hopping onto the digital transformation bandwagon.Dr. Aloysius Cheang, Chief Security Officer, Huawei Middle East & Central Asia, highlighted some cybersecurity risks associated with the rapidly advancing AI industry. "While generative AI can enhance cyber security, it can also introduce potential vulnerabilities and risks. There is a need for businesses, governments, and society to proactively address the possible risks, regulate the ethical use of generative AI in cybersecurity, and establish robust governance frameworks."Dr. Aloysius advocated for greater collaboration and information-sharing among organisations to combat cyber threats effectively. "We must pivot and focus our efforts on building Data Security Governance and adopting the 'follow the data' model as an abstraction to address any new technology that comes our way, whether it be cloud or AI."A panel discussion titled "Cybersecurity at the Heart of Digital Transformation" featured HE Dr. Mohamed Al-Kuwaiti along with Amer Sharaf, Executive Director of Cyber Security Systems and Services Sector, Dubai Electronics Security Centre, Nathan Swain, former Senior Security Advisor to the U.K. Government, His Excellency Pengiran Dato Shamhary Mustapha, Minister of Transport and Infocummunications, Brunei and Hon. Ousman Bah, Minister of Communications and Digital Economy, Gambia. The panellists shared their insights on balancing security and innovation in the digital age. Together, they collectively emphasized the importance of collaboration with both public and private entities, underscoring the need to sustain investments in cybersecurity.GITEX GLOBAL 2023 marked the global debut of the year's most anticipated cybersecurity showcase, GITEX Cyber Valley, hosted by the UAE Cybersecurity Council. The Cyber Valley hosts various hackathons with over 500 white hackers participating across five challenges to solve global tech issues. Cyber Valley participants can also explore X-Labs Security, a cutting-edge platform for technical talks and the latest product demos.Leading cybersecurity organisations including Huawei, Netscout, ESET, Kaspersky, Norton, Palo Alto, Fortinet, and more, are exhibiting at GITEX GLOBAL to showcase how their solutions are helping organisations protect their most precious assets.Autonomous Mobility Meets Extreme SportsAutonomy is advancing at a remarkable pace, with the power to redefine mobility. Today, the Advanced Technology Research Council (ATRC) unveiled the Super Formula Dallara model at GITEX ahead of the first autonomous race at the Abu Dhabi F1 track in April 2024.Dr. Tom McCarthy, Executive Director of ASPIRE, the technology transition arm of ATRC, said, "The Dallara Super Formula car has been adapted with an autonomy stack, allowing the vehicle to perceive its environment and race autonomously at the Abu Dhabi Yas Marina Circuit. A2RL marks a significant milestone for Abu Dhabi and the wider UAE, setting the stage for disruptive innovations in mobility through extreme sports."GITEX GLOBAL and Expand North Star comprise a combined 41 halls spanning 2.7 million sq. ft of exhibition space, a 40% growth year-on-year attracting 1,800 start-ups across the two mega-events. GITEX GLOBAL and Expand North Star converge the best minds and most visionary companies to scrutinise, challenge, define, and empower the digital agendas of the world.
https://adgully.me/post/3766/remotepass-secures-prestigious-soc-2-type-ii-certification

RemotePass secures prestigious SOC 2 Type II Certification

Coinciding with Cybersecurity Awareness Month, RemotePass, the UAE’s leading platform for managing remote teams, has announced that it has achieved the SOC 2 Type II certification, highlighting its dedication to maintaining the highest standards of data security and that its clients’ sensitive information, including payroll and personal details, is managed with utmost care and the highest security measures.SOC 2 Type II is a widely-recognized certification within the technology and cloud computing domains, managed by the American Institute of Certified Public Accountants (AICPA). It focuses on a company's ability to manage data securely and uphold privacy and confidentiality. Achieving this certification requires a thorough independent audit spanning six months, examining a company’s adherence to stringent criteria that relate to security and operational processes.The certification, which is often a prerequisite for business with public and regulated entities, is vital for RemotePass, enhancing its competitiveness and ability to acquire business. The rigorous assessment and audit enable the company to identify, address vulnerabilities, and enhance its security framework, safeguarding sensitive data. Achieving and maintaining this certification enhances the company’s market standing, credibility, and trust among existing and prospective clients and partners.Kamal Reggad, Co-Founder and CEO of RemotePass, commented, "Securing the SOC 2 Type II certification is not just another badge for RemotePass, but a promise to our clients and remote teams that their data is in safe hands. Our team works tirelessly to ensure that our client’s data is handled with the utmost security and precision. This certification echoes our continuous commitment to providing a platform that businesses can trust, ensuring that every transaction and piece of information is safeguarded with the highest security standards.”Since RemotePass achieved SOC 2 Type I certification in 2022, it has refined RemotePass's internal processes, incorporating regular audits, enhanced security measures, and comprehensive training programs to uphold and elevate its data protection and compliance measures. This recognized standard bolsters confidence in RemotePass's services, giving teams the confidence that their information is secure while they work towards their objectives.Maintaining and enhancing credibility remains a steadfast focus, with RemotePass not only pursuing its SOC 2 Type II certification annually but also exploring other relevant certifications. To ensure enduring compliance, RemotePass employs continuous monitoring, regular internal audits, and swift improvements to its processes.To highlight its commitment to secure remote work solutions, RemotePass will also participate in the upcoming Expand North Star Dubai during GITEX Global 2023.
https://adgully.me/post/3763/honeywell-to-showcase-the-latest-5g-ml-and-sensing-innovations-at-gitex-2023

Honeywell to showcase the latest 5G, ML and sensing innovations at Gitex 2023

Dubai: At GITEX 2023, Honeywell will present its newest digital solutions in important industries, helping customers accelerate their digital transformation efforts. The event will take place at the Dubai World Trade Centre (DWTC) from October 16-20.“Digital transformation is bringing about widespread change and significant impact throughout the region. Honeywell is an established leader in digital transformation across the Middle East, and through Industrial Internet of Things (IIoT)-based solutions, we have enabled many of the region’s major projects to improve performance and efficiency,” said Taylor Smith, vice president and general manager of voice automation at Honeywell’s Productivity Solutions and Services business. “We look forward to showcasing the key solutions that are contributing to fast-growing developments in the region, which is a key priority for local governments.”At the event Honeywell will highlight a diversified portfolio based on software-enabled technologies, including:Fit for purpose tools for industry: Honeywell’s mobility solutions, including the CT30 Handheld Computer, include the technology designed to help transportation, logistics, warehouse and retail workers complete their tasks faster and deliver a superior customer experience.Voice automation technology: Currently available in more than 40 different languages, Honeywell Voice can help oil and gas companies streamline repair and inspection processes while documenting every step to ensure strict compliance with regulations or standard operating procedures. Utilizing machine learning, mobile workers can speak in their native languages to quickly complete tasks.Healthcare technologies: With the Real-Time Health System (RTHS), Honeywell solutions can help save clinicians’ time and limit unnecessary interruptions for patients. The RTHS captures and records patients' vital signs both within the hospital setting and remotely using a wireless device paired with an app. Caregivers can access real-time respiratory and heart rate, skin temperature and posture from a central location, enabling more targeted interventions.Honeywell Building Technology offerings: These ready-now solutions include Smart Cities that connect more than 100,000 IoT sensors, Data Center solutions to optimize uptime, reduce costs and achieve sustainable operations and Cybersecurity technology to help customers protect brand, assets and people. Honeywell has been operating in the Middle East for more than 70 years, creating value for customers and ultimately supporting long-term national development visions and economic diversification. GITEX attendees can experience Honeywell’s offerings at Hall 5, Stand B1 at the DWTC.
https://adgully.me/post/3644/delinea-to-enable-middle-east-organisations-to-meet-cybersecurity-challenges

Delinea to enable Middle East organisations to meet cybersecurity challenges

Delinea, a leading provider of solutions that seamlessly extend Privileged Access Management (PAM), today announced its participation at GITEX Global 2023 under the theme ‘Empowering Businesses for Secure Digital Future’. Aligning with its mission of enabling organisations to meet an increasingly complex cybersecurity landscape and stringent requirements from cyber insurance providers, the company will use its GITEX participation to showcase its complete product portfolio and recent innovations, including enhancements to Secret Server, its award-winning vault solution. and to DevOps Secrets Vault. As the volume and sophistication of cyberattacks continues to soar, organisations are increasingly looking for a safety net and in the Middle East, 63% of companies have purchased some form of cyber insurance. However, due to a growing number of claims, insurance providers are becoming more risk averse, introducing more stringent requirements to qualify for cyber insurance while reducing the policy coverage. A recent Delinea survey report found that 47% of US respondents needed to purchase an MFA enforcement solution to meet cyber insurance requirements. “Companies in the Middle East are faced with a double-edge sword,” said Mohammad Ismail, VP Middle East, Africa & Türkiye at Delinea. “They need to protect their digital assets from increasingly sophisticated attacks and demonstrate the maturity and effectiveness of their cybersecurity strategy and infrastructure to insurance providers. At GITEX we will show attendees how the right PAM solutions can help increase their defences against bad actors and negotiate better insurance premiums and coverage.”  Among others, Delinea will present the recently announced enhancements to Secret Server which introduced a new layer of security for highly sensitive accounts with MFA on credentials. Separate from the one at login, this second MFA is extremely flexible in its enforcement and organisations can continue to use their existing authenticator solutions such as the Delinea Mobile App, Yubikey, and other devices using FIDO2 protocols. It will also present the newly updated policy editor to its DevOps Secret Vault which improves the ability for administrators to set more granular access controls for secrets used in code, greatly reducing the time and complexity of setting up secrets management across multiple DevOps teams and ensuring secrets only have the permissions needed for their intended use.  Delinea will also demonstrate how it is extending PAM access across the entire enterprise hybrid infrastructure according to zero-trust and least-privilege best practices with the Delinea Platform.  As it employs a 100% channel-centric strategy in the Middle East, Delinea regards GITEX Global as the optimal platform for emphasising its unwavering dedication to the regional channel ecosystem. “Our partners assume a pivotal role as trusted consultants to our customers, adding immense value with precise solutions to the challenges these businesses face. In keeping with our commitment to our channel, Delinea is making substantial investments in training and empowerment initiatives designed to facilitate partner certification, address deficiencies in cyber skills, and broaden their horizons for business growth. We look forward to welcoming and engaging with both existing and new channel partners at GITEX 2023,” concluded Ismail. Delinea will be present at stand B55 in Hall23.
https://adgully.me/post/3114/648-employees-in-saudi-arabia-believe-the-meta-will-revolutionize-industries

64,8% employees in Saudi Arabia believe the meta will revolutionize industries

According to Kaspersky research, the majority of employees in Saudi Arabia believe that the metaverse is the future of internet and will revolutionize entire industries (64,8%). Only few were skeptical of the metaverse and thought that it is a trend that will pass (19,5%). Many employees said their companies already have projects related to the metaverse (32,3%) or have specific plans for such projects (42,5%). However, with the metaverse come new cybersecurity challenges.The metaverse is a virtual, interconnected universe that merges physical and digital realities. In it, people can interact, socialize, work and engage in other activities through immersive technologies like virtual reality and augmented reality. The metaverse is often envisioned as the next-generation internet, blurring the boundaries between the online and offline worlds and offering limitless possibilities for social, economic, and entertainment experiences.Kaspersky experts warn that new phenomena like the metaverse bring cyber risks. VR headsets can be attacked to manipulate content, virtual assets earned in the metaverse can be stolen and whole virtual economies compromised. There are new privacy concerns as well: extensive data about users' actions, preferences, and behaviors is collected, which could be exploited for identity theft or surveillance. Protecting individuals' privacy in such a vast and interconnected digital space is a significant challenge. As the metaverse continues to evolve, cybersecurity strategies will need to adapt to address emerging threats and vulnerabilities.“When we discuss linking the metaverse and real-world objects and devices, technically we talk about the rising importance & new roles of IoT in the metaworld. Hence the attractiveness of the ‘Internet-of-Everything’ for global cybercrime increases as well,” comments Victor Ivanovsky, KasperskyOS Business Development Lead. “This is why IoT vendors should consider implementing a next generation cybersecurity approach on their devices. Kaspersky pioneers the Cyber Immune approach, where devices are able to be designed and developed with innate, built-in protection that would make them virtually impossible to compromise. For instance, Kaspersky IoT Secure Gateway is designed to serve as a secure gateway for the Internet of Things in Industrial IoT networks, Smart Cities and other modern use cases on the boundaries of the metaverse.”To keep your company protected from cyber threats in traditional and virtual environments, Kaspersky experts recommend:Organizations should conduct regular cyber skill checkups among employees and offer competent training. Kaspersky Security Awareness portfolio offers flexible ways to train staff, is easily customizable and scalable to meet the needs of any company size.Corporate users should be educated on potential privacy risks when working in virtual environments. Organizations should implement best practices in safeguarding personal and corporate data.Install updates for the firmware used on digital devices (including virtual headsets) as soon as they become available.Use Cyber Immune solutions for IoT protection on corporate networks. Use a dedicated IoT gateway that ensures inbuilt security and reliability of data transferring.Use Kaspersky Threat Intelligence to block network connections originating from malicious network addresses detected by security researchers.
https://adgully.me/post/2268/16-new-content-creators-announced-in-abu-dhabi

16 new content creators announced in Abu Dhabi

Abu Dhabi: Leading digital marketing and transformation company MAGNITUDE announced the new stars of its groundbreaking ‘Digital Stars’ content creator learning program, a first of its kind in Abu Dhabi that aimed to elevate the skills and knowledge of digital storytellers in specialized fields.The program’s 16 content creators were recognized for their exceptional contributions to promoting various untouched industries on social media platforms, including general education, sports, community affairs, cybersecurity and coding, space and astronomy, general education, sustainability, technology, real estate, and finance, among others.‘Digital Stars’ was launched last February for a period of one month to enable video creators, streamers, and social media influencers the opportunity to train on posting meaningful, high-impact content that adds positive value to the community. Candidates were able to benefit from trainings across scripting, storytelling, filming, editing, branding, strategizing, and digital marketing.Selected through a rigorous process that evaluated their skills and contributions, the content creators were chosen based on their dedication to producing impactful and educational content that adds positive value and knowledge and contributes to the communities in their specialized fields."We are thrilled to celebrate the content creators who have been selected as part of our ‘Digital Stars’ program," said Namrata Raina, Managing Director of MAGNITUDE. "We believe that supporting emerging online leaders is essential for the growth and development of the digital marketing industry, and by exposing them even further and giving them the recognition they deserve, we hope to inspire more people to explore new and exciting opportunities in these industries."Untouched industriesThe ‘Digital Stars’ content creators have touched on content that is not typically seen in their respective regions, bringing attention to industries that have been largely overlooked."It is inspiring to witness the ingenuity and creativity of the content creators as they bring attention to underrepresented industries and subjects like cybersecurity, space, and sustainability, for instance," said Namrata. "This shift towards more practical and educational content is reflective of the changing needs of society and highlights the potential of social media as a tool for learning and professional development."During the process, MAGNITUDE provided the content creators with the latest industry insights and best practices, ensuring that they were well-prepared to produce high-quality content that would allow them to embark on their journey."Their commitment to producing high-quality and innovative content that pushes the boundaries of traditional storytelling is a testament to their talent and unwavering dedication. Moreover, their unique perspectives and insightful analysis shed light on important industries that are often overlooked in social content," she added.In the next steps, MAGNITUDE will continue to contribute to the success of the content creators."Now that the program is completed and the creators are well-equipped with the needed digital knowledge, we will still be contributing to the journey of the selected content creators in leading the industry by planning their social media strategies, introducing them to the top government and private entities, and giving them all the needed support to reach the summit of the digital world", said Alexandre Ghanem, head of the influencer marketing department at MAGNITUDE.The content creators are Naema AlShehhi, Mohammed AlNaqbi, Rayan AlRaeesi, Ali AlBlooshi, Ali AlHammadi, Fatmah AlHantoubi, Alhasan Farajallah, Mohammed AlHeera, Anas Alhamoud, Nadine Zidani, Wafa Yahya, Saeed AlZubaidi, Ahmed AlKhawaja, Mahmood AlHosani, Yousif AlHammadi, and Fatma AlBlooshi.
https://adgully.me/post/2148/uae-cybersecurity-26000-vulnerabilities-were-reported-in-2022

UAE cybersecurity: 26,000 vulnerabilities were reported in 2022

Dubai: A record high of more than 26,000 vulnerabilities were reported in 2022 identified as per the NIST National Vulnerability Database (NVD).Improper configuration and device settings emerged as one of the top risks to organisations in 2022, while consistent usage of weak and insecure protocols, especially on externally facing assets such as weak SSL/TLS protocols on web servers, are usually the first target for an attacker to gain a foothold in the network.These were part of finding revealed in the State of the Market Report 2023 by Help AG, the cybersecurity arm of e& enterprise (formerly Etisalat Digital).Help AG’s annual State of the Market Report’s third edition, themed around the adage of “Innovate. Automate. Elevate.”, is focused on how organisations across the region can innovate their technology and processes and automate playbooks and operations to ultimately elevate their cybersecurity posture. The report dives deep into the top threats over the past 12 months, the kinds of attacks and attack vectors which are a cause of concern, anatomy of high profile breaches, best practice recommendations, security investment patterns of organisations in the region, uptake rates of new emerging technologies, and, of course, directions on where the market is moving towards in terms of technologies and evolution. With the substantial increase in prices of cybersecurity solutions globally, including some OEMs increasing their prices north of 30 per cent compared to 2021, combined with the fact that the average large organization runs 50-100 different cybersecurity solutions in their estate, Help AG has observed organizations investing and focusing heavily on cybersecurity estate consolidation, utilizing longer term contracts such as Enterprise License Agreements (ELAs)) to ensure better predictability of budgets and reduced complexity.There has been a marked increase in investment in locally hosted solutions and services. Investments into Security Service Edge (SSE) and OT/IoT security have seen twice the increase in the year, and over 50% growth in DDoS protection investments. Additionally, Managed Cyber Defense has become essential for cyber resilience and compliance, with investment growing 50% YoY and over 100% in Digital Risk Protection and Threat Intelligence. The services-led cybersecurity approach offers several advantages over a traditional in-house cybersecurity model, including 24x7 access to the best people, processes, and technologies, under a predictable OPEX payment model. Emerging Trends in Cybersecurity as a Service (CaaS) include leveraging Artificial Intelligence (AI) and Machine Learning (ML), greater adoption of Security Service Edge (SSE), Cybersecurity Compliance as a Service, and Incident Response as a Service (IRaaS).The report spotlights the evolution of the service centric market and how UNIFY, Help AG as a Service 3.0 addresses the top concerns of organizations when it comes to the need for a unified approach to cyber defense. Cybersecurity has become a critical concern for organizations of all sizes in the region. In 2022, the cyber threat landscape was characterized by a growing number of advanced persistent threats (APTs), malware attacks, and cybercrime.Major risks that organisations faced were often related to human factors, misconfiguration of default credentials, and missing patches.Ransomware and phishing attacks are both becoming more sophisticated, with attackers using tactics like double extortion to increase pressure on organizations to pay the ransom, and social engineering tactics to trick victims into divulging sensitive information.DDoS attacks are also becoming more sophisticated and diversified in their forms. The total number of DDoS attacks detected in 2022 exceeded 150,000. DDoS attacks targeting UAE businesses with a volume of over 40Gbps have become the norm, while the max attack volume observed was 238.6 Gbps. Over 61% of DDoS attacks observed were multi-vector attacks, with the top attack types being UDP and DNS Amplification. As threats become increasingly numerous, persistent, and sophisticated, manual alert triage is no longer sufficient. Instead, contextualizing all data points into a single action thread is vital to a comprehensive defense against threats. In response to this, Help AG launched UNIFY, an integrated cyber defense platform serving as the foundation of their cyber defense services, unifying pivotal capabilities like visibility, collaboration, orchestration, and intelligent automation to deliver a seamless customer experience. As cloud adoption reaches an all-time high and organizations increasingly adopt a microservice architecture, one of the most significant risks they face is cloud insecurity. To ensure a secure cloud posture, organizations must take action to address these risks. This involves identifying and remediating security issues, managing and securing access to cloud resources, and complying with regulations and industry standards. One of the key considerations while adopting security services at the edge in the Middle East is the growing importance of data privacy and the need for local content inspection. Organisations look for SSE providers that provide true unification of security consoles, endpoint agents and converged policies; a single point of inspection for all security services; local data residency and compliance with regulations; and a large local partner ecosystem to deliver services ensuring the highest level of support and quick implementation.Companies face the challenge of trying to streamline their data protection by safeguarding their sensitive data whilst enabling their employees to work productively and more importantly, maintain company success. On a regional level, UAE, Qatar, Bahrain, Kuwait and KSA have all introduced laws that govern the lawful use of data within their respective countries. Identity has become the new security perimeter. Adversaries are also reciprocating by targeting identities and gaps in governance. A very strong Identity Governance and Administration (IGA) practice will become a core requirement of security operations, and we can expect to see more focus and more investment in this area in 2023.IHS forecasted that the IoT market will grow from an installed base of 15.4 billion devices in 2015 to 75.4 billion in 2025. The IoT is the future, and hence, organisations aim to achieve comprehensive visibility and perform asset discovery, creating solid baseline measures for security in IoT devices, including security from the start of IoT project planning, adopting a strong zero-trust strategy, and enabling SecOps to detect, prevent and mitigate security incidents. Stephan Berner, chief executive officer at Help AG, said: “Cybersecurity is the crucial component of successful digital transformation and needs to be built in from day zero and beyond. Through the State of the Market Report 2023, we enable readers to understand how they can innovate to bring in the best of people, processes, and technologies, automate to enhance agility and improve time to value, and elevate the resilience of their enterprise to thrive in the hyper connected era where experience is of paramount importance and availability needs to be constantly on.”Nicolai Solling, chief technology officer at Help AG, added: “In a hyperconnected world where threats are becoming more sophisticated and frequent, it is increasingly essential for the public and private sector to work together, sharing knowledge and creating a united front against malicious actors in the digital sphere. Making our State of the Market Report readily available to organizations across the region provides essential intelligence into the state of cybersecurity in the Middle East, arming key players in the industry with the knowledge to protect themselves against cybersecurity threats.”
https://adgully.me/post/2135/fake-chatgpt-apps-scam-users-out-of-thousands-of-dollars-sophos-reports

Fake ChatGPT Apps scam users out of thousands of Dollars, Sophos reports

Dubai: United Arab Emirates: Sophos, a global leader in innovating and delivering cybersecurity as a service, today announced that it had uncovered multiple apps masquerading as legitimate, ChatGPT-based chatbots to overcharge users and bring in thousands of dollars a month. As detailed in Sophos X-Ops' latest report, “’FleeceGPT’ Mobile Apps Target AI-Curious to Rake in Cash,” these apps have popped up in both the Google Play and Apple App Store, and, because the free versions have near-zero functionality and constant ads, they coerce unsuspecting users into signing up for a subscription that can cost hundreds of dollars a year. “Scammers have and always will use the latest trends or technology to line their pockets. ChatGPT is no exception. With interest in AI and chatbots arguably at an all-time high, users are turning to the Apple App and Google Play Stores to download anything that resembles ChatGPT. These types of scam apps what Sophos has dubbed ‘fleeceware’—often bombard users with ads until they sign up for a subscription. They’re banking on the fact that users won’t pay attention to the cost or simply forget that they have this subscription. They’re specifically designed so that they may not get much use after the free trial ends, so users delete the app without realizing they’re still on the hook for a monthly or weekly payment,” said Sean Gallagher, principal threat researcher, Sophos. In total, Sophos X-Ops investigated five of these ChatGPT fleeceware apps, all of which claimed to be based on ChatGPT’s algorithm. In some cases, as with the app “Chat GBT,” the developers played off the ChatGPT name to improve their app’s ranking in the Google Play or App Store. While OpenAI offers the basic functionality of ChatGPT to users for free online, these apps were charging anything from $10 a month to $70.00 a year. The iOS version of “Chat GBT,” called Ask AI Assistant, charges $6 a week—or $312 a year—after the three-day free trial; it netted the developers $10,000 in March alone. Another fleeceware-like app, called Genie, which encourages users to sign up for a $7 weekly or $70 annual subscription, brought in $1 million over the past month. The key characteristics of so-called fleeceware apps, first discovered by Sophos in 2019, are overcharging users for functionality that is already free elsewhere, as well as using social engineering and coercive tactics to convince users to sign up for a recurring subscription payment. Usually, the apps offer a free trial but with so many ads and restrictions, they’re barely useable until a subscription is paid. These apps are often poorly written and implemented, meaning app function is often less than ideal even after users switch to the paid version. They also inflate their ratings in the app stores through fake reviews and persistent requests of users to rate the app before it’s even been used or the free trial ends. “Fleeceware apps are specifically designed to stay on the edge of what’s allowed by Google and Apple in terms of service, and they don’t flout the security or privacy rules, so they are hardly ever rejected by these stores during review. While Google and Apple have implemented new guidelines to curb fleeceware since we reported on such apps in 2019, developers are finding ways around these policies, such as severely limiting app usage and functionality unless users pay up. While some of the ChatGPT fleeceware apps included in this report have already been taken down, more continue to pop up and it’s likely more will appear. The best protection is education. Users need to be aware that these apps exist and always be sure to read the fine print whenever hitting ‘subscribe.’ Users can also report apps to Apple and Google if they think the developers are using unethical means to profit,” said Gallagher. All apps included in the report have been reported to Apple and Google. For users who have already downloaded these apps, they should follow the App or Google Play store’s guidelines on how to “unsubscribe.” Simply deleting the fleeceware app will not void the subscription. Learn more about these scam ChatGPT apps and how to avoid them in ’FleeceGPT’ Mobile Apps Target AI-Curious to Rake in Cash on Sophos.comLearn More About Fleeceware apps on the Google Play and Apple App Store How to use ChatGPT to your advantage when thwarting cyberattackers in GPT for you and me: Applying AI language processing to cyber defensesAttacker behaviors, techniques and tactics in the 2023 Active Adversary Report for Business Leaders, based on analysis of Sophos incident response casesThe threat landscape and trends likely to impact cybersecurity in the 2023 Threat ReportSophos X-Ops and its groundbreaking threat research by subscribing to the Sophos X-Ops blogs
https://adgully.me/post/2058/data-encryption-from-ransomware-reaches-highest-level-in-four-years

Data encryption from ransomware reaches highest level in four years

Dubai: Sophos, a global leader in innovating and delivering cybersecurity as a service, today released its annual “State of Ransomware 2023” report, which found that in 76% of ransomware attacks against surveyed organizations, adversaries succeeded in encrypting data. This is the highest rate of data encryption from ransomware since Sophos started issuing the report in 2020.The survey also shows that when organizations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery costs ($750,000 in recovery costs versus $375,000 for organizations that used backups to get data back). Moreover, paying the ransom usually meant longer recovery times, with 45% of those organizations that used backups recovering within a week, compared to 39% of those that paid the ransom.Overall, 66% of the organizations surveyed were attacked by ransomware—the same percentage as the previous year. This suggests that the rate of ransomware attacks has remained steady, despite any perceived reduction in attacks.“Rates of encryption have returned to very high levels after a temporary dip during the pandemic, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes," said Chester Wisniewski, field CTO, Sophos.“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation,” said Wisniewski.When analyzing the root cause of ransomware attacks, the most common was an exploited vulnerability (involved in 36% of cases), followed by compromised credentials (involved in 29% of cases). This is in line with recent, in-the-field incident response findings from Sophos’ 2023 Active Adversary Report for Business Leaders.Additional key findings from the report include:In 30% of cases where data was encrypted, data was also stolen, suggesting this “double dip” method (data encryption and data exfiltration) is becoming commonplaceThe education sector reported the highest level of ransomware attacks, with 79% of higher education organizations surveyed and 80% of lower education organizations surveyed reporting that they were victims of ransomwareOverall, 46% of organizations surveyed that had their data encrypted paid the ransom. However, larger organizations were far more likely to pay. In fact, more than half of businesses with revenue of $500 million or more paid the ransom, with the highest rate reported by those with revenue over $5 billion. This could partially be due to the fact that larger companies are more likely to have a standalone cyber insurance policy that covers ransom payments“With two thirds of organizations reporting that they have been victimized by ransomware criminals for the second year in a row, we’ve likely reached a plateau. The key to lowering this number is to work to aggressively lower both time to detect and time to respond. Human-led threat hunting is very effective at stopping these criminals in their tracks, but alerts must be investigated, and criminals evicted from systems in hours and days, not weeks and months. Experienced analysts can recognize the patterns of an active intrusion in minutes and spring into action. This is likely the difference between the third who stay safe and the two thirds who do not. Organizations must be on alert 24x7 to mount an effective defense these days,” said Wisniewski.Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:Strengthen defensive shields with:Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentialsAdaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) providerOptimize attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response planMaintain good security hygiene, including timely patching and regularly reviewing security tool configurationsData for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023. Respondents were based in 14 countries across the Americas, EMEA and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.
https://adgully.me/post/2053/cyber-resilience-needs-improvement-in-uae-ksa-security-leaders

Cyber-resilience needs improvement in UAE & KSA: Security leaders

Riyadh: Despite a continued increase in cybersecurity spending in the region, organizations in the United Arab Emirates (UAE) and Saudi Arabia remain ill-equipped to face down the cyber-menace. This was the key finding in a global report released by Trellix, the cybersecurity company delivering the future of extended detection and response (XDR).End-of-decade CAGRs for the GCC cybersecurity market have been revised upwards, from 5.9% in 2017 to as high as 7.6% last year. While this is a clear illustration of heightened interest in security matters at the board level, Trellix’s “Mind of the CISO” report shows that two thirds (66%) of CISOs in the UAE and KSA still believe their organizations lack the right people and processes to be cyber resilient and almost three quarters (74%) believe their current technology setup is insufficient.The research — which was conducted by Vanson Bourne across nine countries and surveyed 500 CISOs at companies with more than 1,000 employees — found that when it came to challenges around people, more than one in four CISOs in the UAE and KSA (26%) decried the lack of skilled talent, as well as their inability to recruit and retain this talent. More than one in five (22%) were concerned about a lack of buy-in from their board, and 30% cited lack of buy-in from other parts of their organization.From a process standpoint, some 38% of CISOs in the UAE & KSA said they lacked the freedom to communicate outside of their organization for learning purposes. A further 38% expressed frustration with their inability to respond quickly to changing regulatory frameworks and 18% said their processes were poorly designed or they were presented with too many sources of information to be adequately in control of their environment.“The United Arab Emirates and Saudi Arabia rank consistently high on global maturity indexes for cybersecurity,” said Khaled Alateeq, Head of Middle East, Trellix. “This is because government entities have done a great job in laying out cybersecurity guidelines and regulations and introducing a wide array of skilling initiatives and incentives to attract top talent to the region. Now it is for talent but incumbent upon organizations to answer the call and support their CISOs. Our recent Mind of the CISO research is quite clear on what would make life easier for CISOs in the UAE and Saudi Arabia.”Asked for suggestions on how their enterprise’s senior leadership could help them overcome their challenges, half of CISOs in the UAE and Saudi Arabia said better engagement from such stakeholders would be a good start. And 38% said better understanding from the rest of the organization on issues of cybersecurity would help, with 32% calling for a strong support team to assist in their defense efforts.But predictably, technology continues to be the largest stumbling block between the regional CISO and their ideal threat posture. While two thirds (66%) said people and processes are holding them back from being cyber-resilient, nearly three in four (74%) — a whopping 25 percentage points higher than the global average — said the same of technology.The report showed further evidence that the strategy of multiple point solutions is out of date. When asked about their experiences with their current security tools and platforms, 38% described them as outdated, 30% said there were too many, and 34% said they did not work well together. Almost all (92%) of those polled across the two Gulf nations said their organization was using anywhere between 11 and 35 separate tools.“What comes across most in this study is not the lack of investment,” Alateeq added. “There are plenty of signs that commitments in this regard are on the rise, including the fact that only 36% of respondents cited budget and resource challenges. What emerges here is more of a misdirection of investment. We must ensure the right people and processes are in place for sure. But it is worrying is that amid all the budget increases, we are not yet seeing the right tech in place.”Alateeq continued: “CISOs are telling us plainly that ‘more solutions’ is not the answer. They need a platform approach that is open and capable of learning and adapting to build a proactive defense. CISOs and their teams must be able to see, protect, and resolve. They must be able to maximize visibility and peer into every corner of the enterprise. They must be able to have coverage of every asset and be equipped with unrivaled discovery speed when picking up on potential threats. And they must be able to automate their response across this connected security ecosystem to keep their organization from becoming the latest victim of the threat landscape.”
https://adgully.me/post/2027/devops-and-cybersecurity-analyst-tops-the-most-searched-jobs-in-saudi

DevOps and Cybersecurity analyst tops the most searched jobs in Saudi

Riyadh: The information technology sector is experiencing a surge of growth in Saudi Arabia, especially in the areas of cybersecurity and digital transformation. According to a report by Gulf Business, the IT job market in Saudi Arabia was expected to grow by 9% in 2022, driven by demand for cybersecurity and digital transformation specialists. The Saudi Arabian government's investment in digital transformation initiatives and smart city projects, coupled with the shift towards remote work and digital services, are driving the growth in demand for IT professionals.Qrator Labs, a DDoS mitigation service provider and an expert in the continuous availability of Internet resources, made a study on the job market rom 2022 to 2023 in Saudi Arabia. The report shows that the top three IT vacancies people are searching for in Saudi Arabia include DevOps engineer and Cybersecurity analyst. These positions have seen significant growth in search queries, with DevOps engineers growing by 100% and network engineers growing by 133.3%. At the same time, MCSE Microsoft Certified Systems Engineer has as well 100% growth in searches in Google in Saudi Arabia.The report also highlights the growing demand for cybersecurity professionals in Saudi Arabia. Cybersecurity work-related search queries jumped by 353% from 2022 to 2023. This trend is expected to continue in Saudi Arabia, as the government invests in cybersecurity initiatives and organizations focus on protecting their digital assets from cyber threats.The report also notes the growing interest in remote work opportunities in Saudi Arabia, as the country continues to respond to the COVID-19 pandemic. The shift towards remote work is creating new opportunities for IT professionals who can support digital transformation initiatives and remote work infrastructure.The IT job market in Saudi Arabia is booming, driven by the demand for cybersecurity and digital transformation professionals. As organizations continue to invest in digital initiatives and the government supports smart city projects, the demand for IT professionals is expected to continue growing.
https://adgully.me/post/2025/ministry-of-finance-kicks-off-2023-acfe-fraud-conference

Ministry of Finance kicks off 2023 ACFE Fraud Conference

Dubai : United Arab Emirates: Today, the 2023 ACFE Fraud Conference Middle East kicked off, which is being hosted by the UAE under the patronage of the Ministry of Finance (MoF) and in cooperation with the Association of Certified Fraud Examiners (ACFE). The Conference will be held in Dubai on 8 and 9 May 2023 at Fairmont The Palm – Dubai. More than 300 anti-fraud leaders and experts from various sectors in the Middle East are participating in the conference to discuss the latest trends and tools used in the fields of fraud detection and prevention.Her Excellency Mariam Al Amiri, Assistant Undersecretary for Government Financial Management Sector at Ministry of Finance, delivered the opening speech, during which she welcomed the participants and thanked the ACFE for hosting this conference in the UAE and for their role in executing sustainable initiatives in secure business environments.Her Excellency Al Amiri noted that the online payments segment has made great strides since its inception back in the mid-1990s, and the rapid development of online banking, shopping, and other services, driven by technological advancements, has resulted in a significant rise in digital payments on all types of devices.Al Amiri mentioned that technological advancements and digital initiatives are providing fraudsters with new tools to penetrate defences, noting that over the past years, there has been a major increase in fraud cases worldwide, with consumers reportedly losing billions of dollars, especially in the Middle East.Al Amiri said: “Fraud poses a serious threat to us all. If we want to protect our economies, we need to work hand in hand to combat fraud, and that’s why we are here today. We have gathered to explore the best means of detecting and preventing fraud, as well as ways to raise the levels of compliance and internal control in an optimal manner. This is in addition to discussing ways of consolidating integrity in the public and private sectors in the Middle East, as well as the best practices and global issues that have emerged in light of the developments the world is witnessing in the fields of finance, technology, and sustainability.”Al Amiri added: “If we want to make our region secure for regional and international investors, we must collaborate to foster a transparent environment. I am proud to come from a country that has been a frontrunner in this field. Since its establishment, the UAE has positioned itself as a business hub. Our country has always been keen on devising strategies to make doing business easier, attract foreign investors, and diversify sources of the national income, and we are equally dedicated to combating fraud, money laundering, and corruption in order to create a secure investment climate.”Al Amiri noted that UAE government entities are developing and implementing nationwide initiatives to raise awareness about fraud detection and prevention, such as the National Fraud Awareness Campaign that was launched to protect consumers from financial cybercrime and fraud. The campaign went a long way in educating the public about fraud and the means of preventing it. “At the Ministry of Finance, we take our role in safeguarding the business climate very seriously. This falls within our remit to regulate all financial services as per the highest standards of quality, efficiency, and transparency. It is also part of our ongoing endeavours to strengthen the UAE’s competitiveness in the fiscal and economic field,” she added.Al Amiri stated: “The Ministry of Finance deploys the best modern financial systems to reduce fraud, through systems that define financial and administrative powers, the policies followed in establishing and monitoring accounts with banks, and the powers to sign and approve financial payments. This is inline with our commitment to apply best practices that reduce the risks of fraud. Despite the widespread use of digital technology and its risks, it has contributed in some way to reducing the occurrence of fraud and exploitation of individuals, through strict and meticulous regulatory systems."Al Amiri noted that the Ministry of Finance has developed the anti-fraud manual in 2018 to combat fraud in the federal government with the aim of enhancing transparency and integrity as well as reducing corruption, and the manual is implemented by all federal entities. Also, she mentioned that the ministry holds training workshops on an annual basis for all federal entities on enhancing the application of the anti-fraud manual in the federal government.Al Amiri also noted that the ministry established a secure and confidential communication channel that can be accessed by all our stakeholders. Through the channel, they can report any cases of corruption or other violations that have occurred or are planned at the ministry without any fear of retaliation.At the end of her speech, Al Amiri stressed the UAE’s commitment to supporting the region’s ongoing efforts to combat fraud and maintain the stability and integrity of the fiscal systems. Al Amiri said: “Together, we can promote accountability and transparency in the public and private sectors and create a secure business environment to boost prosperity across the region. Today and tomorrow, we look forward to discussing ways of safeguarding our investment climate, and sharing our experience and expertise to help reduce fraud cases in the Middle East.”Bruce Dorris, President and CEO of Association of Certified Fraud Examiners (ACFE) said, “We greatly appreciate the support and partnership with the UAE Ministry of Finance for our eighth Middle East Fraud Conference. With new fraud threats arising everyday, it is important to have events like this one to learn from financial crime experts and one another so that we can prevent these frauds from greatly impacting our businesses and governments. The Ministry of Finance has demonstrated their commitment to the anti-fraud community by being a part of this conference.”The first day of the conference included two panel discussions; the first was titled “Operational shifts and their impacts on the financial industry”, and the second was titled “Managing fraud risks in sustainability initiatives”. Additionally, a panel session was held on the evolution of fraud in the global financial market, in addition to an optional session on how to pass the CFE exam.On the second day, a symposium will be held under the title “Harnessing the power of fraud technology” in addition to a panel discussion titled “Navigating fraud-related compliance and ethics challenges”. Moreover, there will be a workshop on Fraudsters’ modus operandi and the differences between “traditional” fraud and cyberfraud.
https://adgully.me/post/1957/arab-advisors-group-to-host-its-regional-5g-summit

Arab Advisors Group to host its regional 5G summit

Amman: Gearing up for its upcoming regional summit, Arab Advisors Group, a leading market research and consulting firm in the MENA region, is announcing four main tracks that are designed to guide the participants; from thought leaders to C-level executives and directors, to stakeholders, towards the summit’s foresight.Scheduled to take place on June 6, 2023, Arab Advisors Group has selected for its one-day summit four main tracks that are considered a common vision for the participating stakeholders. The tracks include 5G for a Better Future, 5G Challenges and Opportunities, The Business Case for 5G, and 5G and beyond. These tracks will explore various sub-topics, such as transitioning to 5G, innovation in the 5G era, technology partners, and the creation of a viable 5G ecosystem."We look forward to bring together industry leaders and experts to discuss the future and promised potential of 5G," said Fayez Abu Awad, Arab Advisors Group’s Chief Advisor to the Board. "5G technology is unlocking novel opportunities for industrial applications, particularly in the areas of smart cities and IoT. With the combination of 5G, cloud, AI, and big data, we have a new spectrum of capabilities at our disposal. Cross-sector collaboration will be key to achieving a true digital paradigm shift. However, unprecedented challenges accompany this shift, particularly in the area of cybersecurity. Having said that, it is rather vital to prioritize cybersecurity from the outset and not just deploy first and protect later."The 5G Summit will feature keynote speeches, panel discussions, and networking opportunities. Attendees will have the opportunity to engage with leading experts in the telecommunication industry, share ideas, and network with peers.Arab Advisors Group's 5G Summit is a must-attend event for those looking to stay ahead of the curve in the rapidly evolving world of 5G and digitization. 
https://adgully.me/post/1899/sentinelone-unveils-revolutionary-ai-platform-for-cybersecurity

SentinelOne unveils revolutionary AI platform for cybersecurity

Dubai: Cybercriminals around the world are using generative artificial intelligence (AI) to execute malicious attacks that can take down companies and governments. SentinelOne, a global leader in autonomous security and pioneer in deep learning models and neural networks, plans to use the same technologies to defeat them. The company unveiled a revolutionary threat-hunting platform that integrates multiple layers of AI technology to deliver unparalleled security capabilities and real-time, autonomous response to attacks across the entire enterprise. The news was announced during RSA Conference 2023, the premier cybersecurity event being held at the Moscone Center in San Francisco.“Today marks a paradigm shift in cybersecurity,” said Tomer Weingarten, CEO, SentinelOne. “AI is among the most disruptive technologies of our time, and with our new capabilities, we can unleash its power to help companies control all aspects of enterprise security - from visibility to response - with unmatched speed and efficiency.”A first-of-its-kind offering, the SentinelOne threat-hunting platform seamlessly fuses real-time, embedded neural networks and a large language model (LLM)-based natural language interface, supercharging users with AI to monitor and operate all security data and boost their productivity and scale their operations. Through the platform, security teams can ask complex threat and adversary-hunting questions and run operational commands to manage their entire enterprise environment using natural language, and within seconds receive deep insights and full, transparent, correlated results to prompt actions across the cybersecurity ecosystem.An Intelligent, Action-Oriented ApproachBuilt on the industry’s most performant security data lake, the SentinelOne threat-hunting platform aggregates and correlates information from device and log telemetry across endpoint, cloud, network and user data, and not only delivers insights, but recommends response actions that can be immediately executed - from mitigation and investigation to endpoint, cloud and user management.“Our cybersecurity AI platform represents a major leap forward in cybersecurity,” said Ric Smith, Chief Product and Technology Officer, SentinelOne. “By allowing users to automate response and take action without the need for coding skills and process and analyze petabytes of data in near-real time, it promises to radically simplify security operations and empower defenders in unprecedented and unforeseen ways.”The Future of CybersecurityThe SentinelOne platform will also allow users to lay a solid foundation for the future and secure tomorrow, today.“Bad actors are increasingly employing AI-based, automated tools to infiltrate all facets of networks with unprecedented speed,” Weingarten said. “With our unmatched experience and capabilities, organizations can quickly scale their cybersecurity operations to stay ahead of these evolving threats and create a strong structural foundation for cybersecurity defenses for years to come.”A Force for GoodAnd they can do it in a responsible, ethical way. “At SentinelOne, our mission is to be a force for good, and our unwavering commitment to ensuring that our cutting-edge technologies are used safely, ethically and responsibly is evident in every aspect of our platform,” Weingarten said. “There is a huge shortage of cybersecurity talent, and in advancing the capabilities of skilled security practitioners, our new capabilities will allow organizations to quickly scale to secure the cloud and avoid the storm of automated and fast-flux attacks that adversaries using generative AI can create. In addition, we allow customers to retain complete control of their data, reinforcing our dedication to keeping sensitive information in the hands of its rightful owners.”The new capabilities will be delivered as part of SentinelOne’s threat-hunting experience and are available in limited preview today. 
https://adgully.me/post/612/trend-micro-and-moro-hub-collaborate-to-bolster-cybersecurity-skills-in-the-uae

Trend Micro and Moro Hub collaborate to bolster Cybersecurity skills in the UAE

Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, in partnership with Moro Hub, subsidiary of Digital DEWA, the digital arm of Dubai Electricity and Water Authority (PJSC) hosted a threat hunt workshop at the Sofitel Dubai Jumeirah Beach, Dubai, UAE, aimed at fortifying the nation’s digital infrastructure and raise awareness of cybersecurity.With 25 participants, the competition consisted of two separate phases: Phase 1: Attack and Phase 2: Defend. The IT experts were given the opportunity to face simulated cybersecurity challenges, determine the best course of action, and demonstrate their capabilities for both hunting cyber threats and protecting digital assets. Contestants collaborated to develop and execute strategies to effectively detect and block attacks while competing against each other during the event. Dr. Ahmed Alketbi, Chief Information Security Officer of Moro Hub inaugurated the event with a welcome note, setting the tone for an exciting day of cyber challenges, and industry-leading insights from an engaging session on cyber security. Trend Micro’s Senior Sales Engineers conducted a session on Data Center Security Strategy and Implementation, emphasizing the need to streamline operations with hybrid cloud security that delivers the automation and flexibility required to secure today’s modern data centers and journeys in the cloud. A multi-layered solution such as Trend Micro Cloud One is a purpose-built platform for deployments, delivering the operational efficiency required to support and protect various endpoints. “Occasions such as the threat hunt workshop provide us a valuable opportunity to not only raise awareness on robust cybersecurity practices but to also enhance the nation’s digital capabilities to navigate through modern-day cyber threats,” said UAE Country Manager, Majd Sinan, Trend Micro. “Building on our collaboration with Moro Hub, we are dedicated to providing emerging professionals and future industry leaders with the knowledge, in-depth understanding of the threat landscape, and cutting-edge cybersecurity tools essential to protecting all digital environments. We look forward to more collaborative initiatives that advance the cybersecurity movement and help the nation’s organizations, communities, and individuals transform their digital experiences.” “Moro Hub has always been committed to scale and introduce advance security solutions to the region. The threat hunt workshop was designed to enable professionals in this space with strong analytical and technical skills to evade security challenges. The comprehensive workshop not only served as a powerful platform to help cyber professionals learn new insights about tools, tactics and procedures, but also offered an in-depth view on the essential components of effective threat hunting,” said Dr. Ahmed Alketbi, Chief Information Security Officer of Moro Hub. The Trend Micro Security Predictions for 2022: Toward a New Momentum, states that threat actors in 2022 continue to focus on ransomware attacks on data center workloads regardless of their location, as well as exposed services, to take advantage of the large number of people continuing to work remotely. Therefore, platforms like the cyber defense challenge provide an ideal opportunity to further strengthen the protection of the country’s digital ecosystem against modern-day threats