Hus­sam Si­dani, 37, is re­gional man­ager for the Gulf at Sy­man­tec, a provider of global cy­ber se­cu­rity so­lu­tions for gov­ern­ments, busi­nesses and con­sumers. He tells us how to be safer on­line

Friday - - Contents -

Hus­sam Si­dani doesn’t wear a po­lice uni­form, but he knows how to pro­tect you from crime – the cy­ber kind.

What are the biggest cy­ber­crime threats we face to­day? We’ve seen the first mal­ware to be jeop­ar­dis­ing hu­man life. In Ukraine, mil­lions of peo­ple were left with­out power for some time be­cause of a cy­ber at­tack. We’ve also seen mal­ware that was go­ing to jeop­ar­dise the ther­mo­stat of a nu­clear power sta­tion and could have caused a dis­as­ter. Re­cently we’ve seen that new con­nected cars can be ma­nip­u­lated re­motely. Cy­ber­crime clearly is im­pact­ing hu­man life in a big way. How much worse is the prob­lem get­ting each year? It’s ad­vanc­ing at a very rapid pace and it will carry on. The biggest prob­lem is there’s a lot of peo­ple who don’t un­der­stand the im­pact of not hav­ing the proper se­cu­rity mea­sures on their de­vices: user ig­no­rance is the weak­est link in the whole equa­tion. A small mis­take can have dev­as­tat­ing im­pact and the prob­lem is go­ing to get worse as ev­ery­thing be­comes more and more con­nected. How many peo­ple are af­fected by cy­ber­crime each year? We track around 90 mil­lion se­cu­rity in­ci­dents a year, of which we spot­ted two mil­lion in the UAE. The to­tal amount lost due to on­line crime in the UAE in the last year was Dh4.9 bil­lion. So it’s a big prob­lem. What are the lat­est trends in cy­ber­crime? One is ran­somware: you re­ceive an email with a link, you click on it and what hap­pens is that mal­ware in the back­ground gets down­loaded on the de­vice and will run in the back­ground to en­crypt the data on that de­vice. Then, the next time you log in, you will be prompted with a win­dow say­ing if you want to de­crypt your in­for­ma­tion you need to pay a cer­tain amount of money. A lot of peo­ple end up pay­ing and even then they don’t get their data back. How com­mon is that? Last year we spot­ted 7,400 in­ci­dents of this in the UAE, and it’s more than dou­bling each year. We’ve just re­cently seen mal­ware on iOS [Ap­ple] de­vices, too. In the next few years cy­ber­crime is go­ing to be a tril­lion­dol­lar in­dus­try and a lot will come from ran­somware. Any other new things you’re see­ing? We’re see­ing a lot of at­tacks on so­cial me­dia, es­pe­cially Face­book. For ex­am­ple, you re­ceive a post from Face­book say­ing, ‘There’s this video here and it’s some­thing you’re in­ter­ested in’ and you click on the link, and it will ad­vise you to share this with your friends be­fore you can watch it. Then when you click it, noth­ing hap­pens. This link has ma­li­cious code, you sent it to all your friends, they trusted you and then they click on it, too. It could in­stall mal­ware, it could maybe prompt you to change your pass­word and then as you change your pass­word, an attacker will steal it and will com­pro­mise your ac­count or en­crypt your hard­ware for ran­som. What else can mal­ware do? It can give the hacker con­stant con­nec­tion to that de­vice when­ever it’s con­nected to the in­ter­net. They can browse the de­vice look­ing for in­for­ma­tion, things like Ex­cel sheets with all your pass­words on. There’s no limit to what a hacker can do. And now we even have smart TVs with cam­eras: mal­ware could im­pact that, you’re sit­ting in your liv­ing room and the next thing you know, there’s footage of you on the in­ter­net. What are the top three things that peo­ple should be do­ing to pro­tect them­selves? The first thing is to get a bet­ter aware­ness of how to pro­tect your­self, and also how to review bank and credit card state­ments, look­ing for ir­reg­u­lar­i­ties. There’s lots of use­ful in­for­ma­tion on­line and from ser­vice providers that can help. When you down­load apps you need to make sure you check the terms and con­di­tions; you need to make sure you en­force strong pass­words – be­cause very weak pass­words are com­mon. Many peo­ple feel they are in con­trol of their se­cu­rity when they’re on­line, but that’s not the case. What can we do to be ‘bul­let­proof’ on­line? There is no bul­let­proof so­lu­tion: a breach is in­evitable, it’s just a mat­ter of time. You can min­imise the risks by en­gag­ing com­pa­nies like us and also by stay­ing up to date on in­ter­net se­cu­rity. Con­sumers can bet­ter pro­tect them­selves for the price of a cou­ple of cups of cof­fee a month, but you need to im­prove aware­ness, too. Any golden op­por­tu­ni­ties for the crim­i­nals? The In­ter­net of Things: it’s the next big thing. In Dubai you hear about smart cities com­ing up; this needs a lot of de­vices to be con­nected and cy­ber­crim­i­nals are go­ing af­ter that be­cause there’s a lot of in­for­ma­tion that will be shared. Who are these cy­ber­crim­i­nals? There are dif­fer­ent types, each with their own in­ten­tions. Some are af­ter money; some are af­ter in­tel­lec­tual prop­erty; it has be­come an in­dus­try. They could be sit­ting any­where in the world – all they need is an in­ter­net con­nec­tion. Are multi­na­tion­als get­ting at­tacked often? Last year, among the top 100 com­pa­nies in the world, five out of six were breached. The prob­lem is that some­one can go into your net­work, steal your in­for­ma­tion and you’ll only find out much later. At Sy­man­tec what we try to do is to de­tect the IOCs: the in­di­ca­tors of com­pro­mise. An at­tack will have in­di­ca­tors that some­thing is go­ing wrong, and if you can spot that, you can pre­vent the at­tack. What does your job en­tail? We not only find the bad guys but block them too. We are tak­ing the fight to cy­ber crim­i­nals by part­ner­ing with global law en­force­ment agen­cies. We con­trib­uted to sev­eral in­ves­ti­ga­tions and bot­net [in­fected com­puter net­work] dis­rup­tions, in­clud­ing the take­down of the Ram­nit bot­net, and the fi­nan­cial fraud bot­net, Gameover Zeus.

Newspapers in English

Newspapers from UAE

© PressReader. All rights reserved.