[ad_1]
Help AG report dives into top threats over the past 12 months
read more…
Improper configuration and device setup to be one of top risks for organizations in 2022 – KT documents
According to the NIST National Vulnerability Database (NVD), the number of reported vulnerabilities in 2022 hit an all-time high of more than 26,000.
In 2022, improper configuration and device settings are among the biggest risks facing organizations, while the continued use of weak and insecure protocols, especially on externally facing assets such as weak SSL/TLS protocols on web servers, is often is a prime target for attackers to gain a foothold in the network.
These are some of the findings revealed by Help AG, the cybersecurity arm of e& enterprise (formerly Etisalat Digital), in its Market State Report 2023.
The third edition of Help AG’s annual market status report, titled “Innovate. Automate. Boost.”, focuses on how organizations in the region are innovating their technology and processes, as well as automating playbooks and operations, to ultimately improve their cybersecurity posture . The report provides an in-depth look at the top threats over the past 12 months, attack types and attack vectors of concern, anatomy of high-profile vulnerabilities, best practice recommendations, security investment patterns of organizations in the region, adoption rates of emerging technologies, and of course the market The direction of development in terms of technology and development.
Help AG observes that with a significant increase in the prices of cybersecurity solutions worldwide, including some original equipment manufacturers (OEMs) with prices rising by more than 30% compared to 2021, coupled with the fact that large organizations run on average in their assets 50-100 different cybersecurity solutions Organizations invest and focus on cybersecurity asset consolidation, leveraging long-term contracts such as Enterprise License Agreements (ELAs) to ensure better budget predictability and reduce complexity.
Investments in on-premises hosting solutions and services have increased significantly. Investments in secure services edge (SSE) and OT/IoT security have tripled this year, and investments in DDoS protection have grown by more than 50%. Additionally, managed cyber defense has become essential for cyber resilience and compliance, with investments up 50% year-over-year, with more than 930% invested in digital risk protection and threat intelligence.
Service-centric business evolution
A service-led approach to cybersecurity offers several advantages over traditional in-house cybersecurity models, including 24×7 access to the best people, processes and technology under a predictable OPEX payment model. Emerging trends in Cybersecurity as a Service (CaaS) include leveraging Artificial Intelligence (AI) and Machine Learning (ML), increased adoption of Security Service Edge (SSE), Cybersecurity Compliance as a Service and Incident Response as a Service (IRaaS) .
The report highlights the evolution of the service-centric market and how UNIFY, Help AG as a Service 3.0 addresses the top concerns of organizations when they need a unified approach to cyber defense.
Cybersecurity has become a critical issue for organizations of all sizes in the region. In 2022, the cyber threat landscape is characterized by an increasing number of advanced persistent threats (APTs), malware attacks, and cybercrime.
The main risks faced by organizations are often related to the human element, misconfigured default credentials, and missing patches.
Both ransomware and phishing attacks are becoming more sophisticated, with attackers using tactics like double extortion to increase pressure on organizations to pay ransoms, and social engineering tactics to trick victims into revealing sensitive information.
The forms of DDoS attacks are becoming more and more complex and diverse. The total number of DDoS attacks detected in 2022 exceeds 150,000. DDoS attack volumes in excess of 40Gbps against UAE businesses have become the norm, with the largest observed attack volume being 238.6 Gbps. Over 61% of observed DDoS attacks were multi-vector attacks, with UDP and DNS amplification being the most dominant attack types.
Technology trends for 2023 and beyond
Comprehensive Cyber Defense: As threats become more numerous, persistent and complex, manual alert triage is no longer sufficient. Instead, correlating all data points into a single thread of operation is critical to comprehensive protection against threats. To this end, Help AG has launched UNIFY, an integrated cyber defense platform as the foundation of its cyber defense services, unifying key functions such as visibility, collaboration, orchestration and intelligent automation to deliver a seamless customer experience.
Secure Cloud Support: With cloud adoption at an all-time high and organizations increasingly embracing microservices architectures, one of the most significant risks they face is cloud insecurity. To ensure a secure cloud posture, organizations must take steps to address these risks. This involves identifying and remediating security issues, managing and securing access to cloud resources, and complying with regulations and industry standards.
Secure Service Edge (SSE): One of the key considerations for the adoption of security services on the Middle East fringe is the growing importance of data privacy and the need for local content inspection.
Stephan Berner (left) and Nicolai Solling. – Photos provided
Organizations looking for an SSE provider that can truly unify security consoles, endpoint agents, and converged policies; a single checkpoint for all security services; on-premises data residency and compliance; and a large ecosystem of on-premises partners delivering services to ensure the highest levels of security support and rapid implementation.
Data and Identity Protection: Companies face the challenge of trying to simplify data protection by securing sensitive data while enabling employees to be productive and, more importantly, maintain the company’s success. On a regional level, the UAE, Qatar, Bahrain, Kuwait, and Saudi Arabia have all introduced laws to regulate the legal use of data within their respective countries.
Identity has become the new security perimeter. Adversaries also reciprocate by targeting identity and governance gaps. Very strong Identity Governance and Administration (IGA) practices will become a core requirement for security operations, and we can expect to see increased attention and investment in this area in 2023.
IoT security: IHS predicts that the IoT market will grow from 15.4 billion devices in 2015 to 75.4 billion in 2025. The Internet of Things is the future, and as such, organizations aim to achieve comprehensive visibility and perform asset discovery, create solid baseline measures for security in IoT devices, including security starting with IoT project planning, adopt a strong Zero Trust strategy, As well as enabling SecOps to detect, prevent and mitigate security incidents.
Stephan Berner, CEO of Help AG: “Cybersecurity is a key component of a successful digital transformation and needs to be built from the ground up and beyond. With the State of the Market 2023 report, we enable readers to understand how they are innovating to introduce the most The best people, process and technology, through automation to enhance agility and reduce time to value, and improve the elasticity of enterprises to thrive in the hyper-connected era where experience matters and availability needs to be continuous.”
Nicolai Solling, CTO of Help AG, added: “In a hyperconnected world where threats are becoming more sophisticated and frequent, it is increasingly necessary for the public and private sectors to work together, share knowledge and create a united front against malicious actors In the digital realm. Making our market status reports readily available to organizations in the region can provide essential intelligence on the state of cybersecurity in the Middle East, giving key players in the industry the knowledge to protect themselves from cybersecurity threats.”
[ad_2]
Source link