Don't know it? Don't open it, experts at Gisec 2017 say

Gisec 2017 brought together several regional and international cyber-security experts to discuss the latest online threats, trends, and solutions.

Its better to be safe than to be sorry, especially when it comes to opening a suspicious e-mail, experts at the fourth Gulf Information Security and Conference (Gisec 2017) said.
The event brought together several regional and international cyber-security suppliers, providers and investors; with top industry experts, decision makers and business leaders gathering to discuss the latest online threats, trends and solutions. Exhibitors at the event also showcased the latest innovations in cyber-security solutions and services, while highlighting the best practices to tackle advancing regional cyber-crime.
Brian Pinnock, cyber resilience expert at Mimecast, noted that organisations across the Middle East, have seen greater volumes of attacks last year and have suffered larger losses than other regions in the world due to cyber incidents. One of the threat areas that has been mostly ignored by enterprises is e-mail security, he said.
"More than 90 per cent of cyber-attacks start in e-mails. While e-mail, itself, is seldom the end goal for the attackers, over 70 per cent of these attacks lead to other systems in the network. These e-mail attacks predominantly feature techniques such as spear-phishing, ransomware and impersonation of key employees," he explained. "Mimecast believes that e-mail security is critical to ensure cyber resilience against targeted attacks and IT failure. As e-mail moves to the cloud such as Microsoft Office 365, advanced security still requires a defense-in-depth strategy."
Natalya Kaspersky, president of Infowatch and co-founder of Kaspersky Lab, also spoke about the growing phenomenon of ransomware attacks. "Ransomware is not a new thing and we saw such attacks from over 10 years ago. From a technology point of view, it doesn't bring any new technology. The danger is that it uses encryption to make your files unreadable to you. The recent attack was massive compared to previous virus attacks that have been very particular about where they are targeted. Also, the real danger was due to the nature of the organisations that were targeted. We saw hospitals as well as many government ministries being attacked."
What should be done to prevent such attacks happening in the future is simple, she said. "Make sure your operating systems are updated regularly and make sure you install the latest security measures. Use your anti-virus, update it regularly; and don't visit suspicious sites and download suspicious files."
Another issue that was discussed at the event revolved around cybersecurity measures that need to be increased in companies across the GCC to cater to the digital habits of today's workforce.
Gulf Business Machines (GBM), in its latest security survey, revealed that 60 per cent of Generation X are confident that their companies have the tools to predict and prevent cyber-attacks. However, the same percentage of Generation Y, or millennials, stated the opposite. While inadequate corporate investment in IT security may be a contributing factor, there also appears to be a lack of security awareness programs within GCC companies, which in turn leads to reduced confidence among Generation Y in their companies' security capabilities.
"Since the last survey conducted in 2016, we have seen a 10 per cent increase in trust among GCC executives in their companies' ability to handle cyber-attacks, which is encouraging. However, there seems to be a general disconnect in the awareness of organisational security, which indicates the need to find the right channels to communicate with the different generations which make up the current workforce," said Hani Nofal, VP of Intelligent Network Solutions, Security and Mobility at GBM.
- rohma@khaleejtimes.com