< PreviousWe have eliminated the stumbling blocks that slowed our nomination and admission processes for our clients. This is a vital step forward in our continuing journey to fulfil our obligations under Vision 2030.” Ahmad Al-Jebaly, Director of Networks and Operations Department IPA’s procurement department began a three-month project spear- headed by Al-Jebaly and his team with input from senior IPA management. The group determined that the ability to deliver responsive systems to Saudi government employees hinged on the higher performance, lower latency, and higher density associated with all- flash storage systems. The procurement team invited bids from leading suppli- ers and considered solutions from sev- eral well-established legacy vendors. In the end, IPA opted to replace its exist- ing storage with Pure FlashArray//X50, a 100% NVMe system designed for high availability and low latency of both mainstream enterprise and next-gen web-scale applications. EVERGREEN STORAGE TO THE RESCUE IPA’s procurement decision-makers cite Pure’s Evergreen Storage owner- ship model as a major reason for se- lecting Pure. With Evergreen, IPA has access to a truly elastic storage system that grows with its needs, without the need for downtime, performance impact, or data migrations during up- grades. Because of Evergreen, organi- sations can reap the benefits of their all-flash systems for a decade or more. “We were looking for a storage so- lution that was the best in its category, capable of providing consistent per- formance and low latency for servers and applications,” Al-Jebaly explains. “With the Pure Storage NVMe tech- nology in place, we not only achieved this, but also reduced our CAPEX and OPEX. Once the FlashArray solution was deployed, IPA migrated its production workload to the new infrastructure. IPA’s data migration process to the Pure solution was “really very quick and smooth,” Al-Jebaly notes. “The mi- gration part is not complex because all our servers are running on VMware.” “Pure storage has raised the bar,” he says. “They promised to complete the implementation in a couple of days, and this is what happened. With other vendors, two to five days was required for initialisation and implementation. The Pure solution fits smoothly into our environment, with no complicated requirements. And we leverage the benefits of the integration between Veritas and Pure Storage to enhance our backup process.” THE NEW ENVIRONMENT: EN- HANCED AVAILABILITY, LOW LA- TENCY Post implementation, IPA immediately noticed significant business benefits, logistically, operationally, and finan- cially. The Evergreen business model delivered a reported minimum 40% reduction in total cost of ownership (TCO). Al-Jebaly also highlights the avoidance of “the headache of migra- tion and application downtime” be- cause of Evergreen, as well as the own- ership model’s ability to provide 100% availability for applications during upgrade and maintenance, which is a critical component of IPA’s promise of excellence to its public-sector clients. Following the successful deploy- ment of the Pure Storage solution, IPA has plans to integrate Pure technology even deeper into its operations. Al-Je- baly reveals that the institute: • Intends to imbed a FlashArray sys- tem for disaster recovery • Plans to implement storage-based replication and automated failover and failback on Pure • Is considering a test of Pure solu- tions in its VDI environment for possible future deployment “With the Pure Storage FlashArray// X50 serving as the backbone of our data-center infrastructure, we are able to get consistent performance and la- tency across all our workloads. We have managed to eliminate the stum- bling blocks that slowed our nomina- tion and admission processes for our clients,” concludes Al-Jebaly. “This is a vital step forward in our continuing journey to fulfil our obligations under Vision 2030 and the National Trans- formation Plan—to enhance the skills of public-sector employees and ready them for service in the age of the new global digital economy.” VENDOR One of the fastest-growing enterprise IT companies in history, Pure helps customers put data to use while reducing the complexity and expense of managing the infrastructure behind it. The company has a certified customer satisfaction score in the top one percent of B2B companies. Pure Storage gives technologists their time back. Pure delivers a modern data experience that empowers organisations to run their operations as a true, automated, storage as-a-service model seamlessly across multiple clouds. // CASE STUDY / INSTITUTE OF PUBLIC ADMINISTRATION / WWW.NETWORKMIDDLEEAST.COM //20 / NETWORK MIDDLE EAST / JUNE-AUGUST 2020 //CYBERSECURITY SPECIAL REPORT June-August 2020 CYBER SECURITY SHIFTING GEARS NED BALTAGI ON BUILDING A SKILLED WORKFORCE BRIDGING THE CYBER TALENT GAPSANS FLEXIPASS Our mission is to empower current and future cybersecurity practitioners with training, education, certifi cations, and resources to create a safer global community. In challenging and uncertain times like these, we want to do our best to help and support. That is why SANS is introducing the Flexi-Pass. This Pass offers full fl exibility and a SANS training guarantee by offering “Full-access” to our different training formats PLUS a GIAC certifi cation attempt and NetWars Continuous access. 3 ways to train, 1 chance to certify, 6 months to play - all for the price of 1 training course! The SANS Flexi-Pass provides you with the ability to take your SANS course whenever and wherever you want. At the same time, the pass ensures you get the most well rounded training experience by including the GIAC certifi cation attempt and the challenging, hands-on learning experience of NetWars Continuous. Get the complete SANS Training Experience for only 7,519 USD. It allows you to study one selected course across all three SANS training modalities: What does the SANS Flexi-Pass offer? The Complete SANS training experience SANS OnDemand (6 months) SANS Live OnlineSANS Live In-Person Training Includes one complimentary GIAC Certifi cation attempt Includes complimentary NetWars Continuous access (6 months) Training EventOnDemand Live Online ++++ If you would like to know more or speak to a SANS representative, please reach out to us: The SANS Flexi-Pass is only available until June 30th, so don’t miss this unique opportunity and secure your training today. mea@sans.org+971 4 431 0761 sans.org/FlexiPass-2020 Flexi-Pass Media Partner ad A4.indd 1Flexi-Pass Media Partner ad A4.indd 103/06/2020 15:1103/06/2020 15:11Cybersecurity forms the foun- dation of the digital work- space, which is more vulner- able to cyber threats than ever. Network and data security are simultaneously growing in importance as cyberattacks and data breaches es- calate, resulting in millions of dollars in losses - not to mention the potential legal and reputational damage. Understandably, mobility and digi- tal workplace security investment is a top priority now because traditional and complex security technology silos no longer work. IDC analysts estimate that global spend on security-related hardware, software and services will amount to $133.8 billion by 2022. This number is understandable since the traditional security model is no longer viable in the digital workspace. With their expanding digital footprint, businesses need to bolster security to thwart threat actors from exploiting any security gaps that new technology may introduce. As millen- nials drive the demand for broader access to business apps on mobile de- vices, secure online and offline access to corporate on-premises or cloud content is more important than ever. Success in the digital era will be driven by digital transformation initiatives built alongside a strategic security plan. The resultant digital workforce will not only contribute to increasing the organisation’s produc- tivity, efficiency and costs but will be well-prepare to face future chal- lenges. However, there is a risk that the organisation’s digitisation efforts may unlock a host of security vulner- abilities since this evolution not only expands the boundaries of what’s possible but also creates risks. An essential feature to support seam- less remote operation is controlling who within the workplace has access to busi- ness applications and resources. The human factor is a persistent threat. Although access control partly addresses the challenge of intentional or accidental data leaks, it is also important for organisations to strengthen this weak link. This means educating the digital employee on the importance of data security and equipping them with appropri- ate tools and devices to employ safe practices both inside and outside the confines of the traditional office. Further, the responsibilities of the IT teams are getting more and more complex. Hence, they must adapt to become more agile and proactive. The shortage of security skills is a global problem. While it cannot be solved overnight, measures can be taken to ensure that the organisation’s workforce is upskilled and certified. Our Knowledge Partner this month is SANS Institute, which is a trusted resource for information security training, cyber security certifications and research. The global pandemic has changed the way we work and the priorities we place. Organisations around the globe need to secure the expanding perimeter-less workplace. This means their workforce needs to be skilled to tackle security challenges. SANS Institute has taken upon itself to ensure that all its training EDITOR’S NOTE A proactive approach to security THE TRUSTED SOURCE FOR NET- WORK NEWS AND ANALYSIS CONNECT WITH MORE THAN 30,000+ INDUSTRY PROFESSIONALS courses are available online. On p24 Ned Baltagi, SANS managing direc- tor, MEA stresses on the impor- tance of a well-trained and certified workforce and above all acquiring the right skillsets to keep organisa- tions secure. We have also included a training roadmap to SANS’ com- prehensive courses on p26 for easy reference. Sarah Rizvi Editor sarah.rizvi@itp.com // SPECIAL REPORT / EDITOR’S NOTE // JUNE-AUGUST 2020 / NETWORK MIDDLE EAST / 23// WWW.NETWORKMIDDLEEAST.COM /Shifting gears to build a skilled cybersecurity workforce The importance of acquiring new skills cannot be overstressed. Being equipped with the right skills will allow organisa- tions to bring the required intelligence and expertise into the services they de- liver. IT training is an expense for the business, but it is one which brings sub- stantial short and long-term benefits. By investing in the right training, delivered by the right provider, employers get ex- pertly skilled staff who are committed to the organisation. As organisations around the world transition their workforce away from an office environment to work from home, many lack the policies, resources or training to enable their people to do so securely. In response, SANS has cre- ated the “Work-from-Home Deploy- ment Kit”. The free kit provides security awareness professionals with a step-by- step guide on how to rapidly deploy a training program for their remote staff. TAKING CYBERSECURITY TRAINING ONLINE While in-person training is currently unavailable, SANS has made all of its training courses available 100% on- line. There are two methods available to ensure students have the flexibil- Ned Baltagi, SANS managing director, MEA. As more organisations are faced with the challenge of building a remote workforce, acquiring new skills and upskilling existing staff has never been so important. Ned Baltagi, SANS managing director, MEA stresses on the importance of a well- trained and certified workforce and above all acquiring the right skillsets to keep organisations secure ity to continue learning around their new routine. SANS ONDEMAND Firstly, there’s OnDemand – a battle- tested, self-paced online learning plat- form where classes are pre-recorded and allow you to train at your own pace any- time, anywhere. For those requiring the maximum scheduling flexibility, SANS continues to offer more than 45 of our top courses in its OnDemand platform. “Students can start training immedi- ately, and SANS OnDemand allows you to view, rewind, and replay content for four months, engage in our hands-on lab exercises and quizzes to test your retention. I think some might think that the support offered via online training would be minimal in comparison to in- person training, but that’s not the case with SANS OnDemand, students receive GIAC-certified subject-matter-expert support for the duration of the course,” explains Baltagi. SANS LIVE ONLINE Live Online is the closest online expe- rience to in-person training as it offers students the ability to ask questions in real-time classes, interact with their peers in chat channels, take part in com- petitive challenges, and attend bonus sessions. No matter which option you choose, all SANS courses are hands-on and include practical lab exercises to ap- ply new skills. Students will be able to put into practice what they have learned as soon as they get back to their desk – that is the SANS promise. // SPECIAL REPORT / KNOWLEDGE PARTNER / WWW.NETWORKMIDDLEEAST.COM //24 / NETWORK MIDDLE EAST / JUNE-AUGUST 2020 //SKILLS ASSESSMENT SANS has a suite of eight web-based as- sessment tools as part of the CyberTal- ent Assessment scheme. It provides cy- bersecurity managers with information and data to better manage their team’s skills and performance, improve their hiring efforts, and make their training investment more productive. CLOSING THE SKILLS GAP SANS is also proactively helping to develop the next generation of cybersecurity pro- fessionals through a range of programmes and initiatives. SANS CyberStart Game is a virtual learning platform of games, tools and challenges, specifically developed to introduce young adults to the field of cy- bersecurity, develop and nurture their in- terest and inspire them to pursue a career in this field. SANS Cyber Academy finds, develops and certifies the next intake of cybersecurity practitioners, ready to en- ter into cybersecurity roles immediately after graduation. A CASE FOR CERTIFICATION GIAC Certifications provide the highest and most rigorous assurance of cyberse- curity knowledge and skill available to industry. More than 30 of GIAC certifica- tions align with SANS training courses. A GIAC certification is a reliable means for HR professionals to remove risk and doubt when recruiting and draws respect from peers and from the community to help individuals stand out from the crowd. As of May 2020, GIAC Certification exams can be proctored remotely from wherever you are. The launch of remote proctoring means SANS’ customer community can now train and certify from any location, at any time after scheduling. If you’re interested in SANS training or resources visit their website: sans.org/ skilled-workforce Live Online is SANS’ most interac- tive online training option, with classes taught online via live-streamed ses- sions with expert SANS instructors. “Engaging training keeps the students motivated, with real-world examples and applications, live hands-on lab ex- ercises and real-time answers to ques- tions,” Baltagi adds. FREE RESOURCES SANS has always provided free re- sources to help the information se- curity community, and there are now even more free offerings from SANS to help support cybersecurity profession- als while they work and train remotely. Additionally, SANS is hosting a series of Mini Netwars (capture the flag) events to provide continuous learning and hands-on training for everyone in the community right up until the end of August 2020. KNOWLEDGE PARTNER / SPECIAL REPORT // // JUNE-AUGUST 2020 / NETWORK MIDDLE EAST / 25// WWW.NETWORKMIDDLEEAST.COM /// SPECIAL REPORT / KNOWLEDGE PARTNER / WWW.NETWORKMIDDLEEAST.COM //26 / NETWORK MIDDLE EAST / JUNE-AUGUST 2020 //KNOWLEDGE PARTNER / SPECIAL REPORT // // JUNE-AUGUST 2020 / NETWORK MIDDLE EAST / 27// WWW.NETWORKMIDDLEEAST.COM /rganisations are al- ready facing busi- ness challenges in the wake of the coro- navirus pandemic, and a rapid rise in COVID-19 related cyberattacks is caus- ing additional stress. A new report from the Mimecast Threat Intelligence Centre, entitled 100 Days of Coronavirus, tracks cybercrime activity since the start of the outbreak. It found that between January and March O 2020, global monthly volumes of spam and opportunistic cybercrime detec- tions increased by 26.3%, impersonation fraud detections increased by 30.3%, mal- ware detections increased by 35.16% and the blocking of URL clicks increased by 55.8%. In addition, over 115,000 COV- ID-19 related spoof domains, designed to steal personal information, were detected over the three-month period. Focusing on the Middle East and North Africa (MENA), the Threat Intelligence team saw notable increases in malware (22%) and spam (36%) during Febru- ary and March, when the virus started spreading in the region. Shockingly, there was a 751% increase in unsafe clicks dur- ing the first three months of year – likely as a result of a rise in human error caused by stress, unusual working environments and our desire to stay informed. CYBERCRIMINALS FEED ON PEOPLE’S FEARS Phishing scams often tap into whatever is currently making headlines. Thank- SECURITY PROFESSIONALS ACROSS THE MIDDLE EAST MUST EDUCATE EMPLOYEES ABOUT THE RISE IN CORONAVIRUS- RELATED CYBERCRIME AND HOW TO AVOID PLACING THEIR ORGANISATION AT RISK, SAYS WERNO GEVERS AT MIMECAST COVID-19 CYBERATTACKS ARE PLACING ORGANISATIONS AT INCREASED RISK // ANALYSIS / MIMECAST / WWW.NETWORKMIDDLEEAST.COM //28 / NETWORK MIDDLE EAST / JUNE-AUGUST 2020 // Werno Gevers, cybersecurity specialist at Mimecast. fully employees’ awareness of cyberse- curity continues to grow, but criminals are making the most of the current situation by feeding on people’s fears and anxiety. In short, people just aren’t thinking straight. We’re also getting used to receiving emails from employers, authorities and just about every brand we’ve ever in- teracted with, about their response to COVID-19. Bad actors know this and are impersonating these organisations with the aim of getting concerned citizens to click on malicious links. Between March 9th and 20th alone, we saw a 234% increase in daily reg- istrations of new coronavirus-related web domains and sub-domains, at more than 6,100 a day. While some of these 60,000+ sites were legitimate, the ma- jority weren’t. Links were used to cap- ture credentials, allowing bad actors to access networks, or to directly infect them with malware. EVOLVING THREATS As the pandemic and the response to it has evolved, so have cybercriminals’ strategies and attacks. The scams change to match what people are talking about. Many of the first phishing attacks imper- sonated specialists from Wuhan, China. Criminals then masqueraded as regional authorities and later businesses communi- cating with their employees. In the Middle East, many businesses and authorities have had to warn custom- ers and residents of fake emails being sent out in their name. Some regional airlines, shared warnings about malicious emails offering them refunds on cancelled flights. On our own grid, our Threat Intelli- gence team discovered a phishing scam offering an immediate air ticket refund in exchange for credit card details. The Central Bank of UAE released an announcement at the end of March, saying, “Fraudsters always look for op- portunities to target consumers and as the public is engaged with COVID-19 pandemic news, they are using different tactics to increase fraudulent activities on banking customers.” The most popular COVID-19 phish- ing scam themes seen by the Mimecast Threat Intelligence team include: • COVID-19 policy updates – emails designed to look like they’re from HR departments directing employ- ees to ‘login’ and read updated busi- ness policies regarding the pandemic and working from home. • Coronavirus testing –Offering DIY kits, which take victims to fake sites where they capture their credit card data. • Virus updates from healthcare authorities – with fake links to the Centers for Disease Control and Pre- vention (CDC) and World Health Or- ganisation (WHO). BUILD A CYBER SECURE WORKFORCE With significant disruptions likely for many months, security professionals in the Middle East need to review their cy- bersecurity strategies and arm employ- ees with knowledge needed to protect themselves, and the business, against these attacks. Security and IT teams should encour- age employees to: • Update home Wi-Fi with a strong password. • Never click on COVID-19 related attachments received outside your trusted perimeter. • Double-check links – if suspicious, do not click! • Ensure links go to the correct domain. • Update usernames and passwords on trusted sites only. • Do not use personal devices at home to access business networks, data or emails. Most importantly, there’s an urgent need to refresh employee awareness train- ing; as highlighted by the rise in unsafe clicks seen in our report. The report also showed that employees from organisa- tions that didn’t have regular awareness training were 5 x more likely to click on unsafe links. Now more than ever, em- ployees need to be continuously edu- cated about risks and should be trained remotely. By instilling a culture of cybersecurity, organisations place themselves in a far better position to defend against grow- ing coronavirus-related attacks. MIMECAST / ANALYSIS // // JUNE-AUGUST 2020 / NETWORK MIDDLE EAST / 29// WWW.NETWORKMIDDLEEAST.COM /Next >