DOHA: In the face of the reports of an increasing number of cyber crimes in the region, Qatari companies and enterprises need to scale up their protective measures against the possible threats, according to experts.
A recent annual survey by Gulf Business Machines (GBM) has found that approximately 45 percent of IT professionals in the GCC admit that their organisations had at least one IT security incident that they were aware of in the last 12 months.
Today’s cyber security infrastructure contains a number of detection, analysis and remediation gaps.
Currently Qatari organisations focus most of their attention on alerting and prevention tools. They should be focusing mainly on two things: detecting unknown threats and responding faster and more comprehensively to security incidents.
They also need a new “cyber security incident response approach” in the face of the increasing crimes in the region, experts noted.
Jason Mical, Vice President of Cyber Security, AccessData says when it comes to detection, most organizations rely primarily on signature-based alerting and prevention solutions, such as intrusion detection systems and antivirus, and they rely on data leakage prevention tools to catch data spills.
These products only catch what you tell them to look for, which leaves serious detection, analysis and remediation gaps in your cyber security program.
Additionally, even when a compromise triggers an alert, it is difficult to identify the real threats among the tens of thousands of alerts these tools bubble up.
There is very little integration among the tools within a traditional cyber security infrastructure, and the majority of them are designed to dump tons of information in your lap with no remediation functionality.
The IT team within organisations are then tasked with sifting through all the noise and correlating data manually to figure out what is really happening.
Most organizations do not have an integrated incident response platform that enables all this critical analysis within a single interface, and they have no real-time collaboration capabilities.
They must correlate network, host and malware information manually and usually in person at “war room” meetings. Operating under this model, we will see response time increase as the number and sophistication of exploits increase, Jason said.
The tools that offer better real-time collaboration and integrated analysis, are the way of the future, better equipping Qatari organizations to protect their domains against the ever-changing and evolving cyber security threats of today.