A State of Hack 2022 Challenges
The pandemic has introduced a cyber-pandemic which has constantly put us in a state of hack. In retrospect, 2021 globally has been a very hard year for organizations especially with vulnerabilities like Log4j being exploited in the wild and high-profile breaches such as Solar Winds and many others which resulted in causing serious impacts in organizations, more like a ripple effect. Hackers in 2022 are going to be more sophisticated adopting to new TTP’s (tactics, techniques, and procedures) and ways to compromise businesses. Threats like Ransomware, BCE (business email compromises) worry organizations and they should as the damage we have seen past couple years have been unprecedented.
Ahad, a leading cyber-security services and solutions company backed by veterans from the industry. We are best known to take the offensive security approach to best define security priorities for the remainder of the year.
1. Data Protection and Law of the land
UAE has introduced their first Federal Data Protection Law No. 45 of 2021 (Law), which came into effect on 2 January 2022. All private and public entities will have 6 months’ time to comply with the new law, should they fail to do so they could be heavily penalized. With the increasing number of security incidents in data breaches, Ahad is helping establish a process around data protection, classification and urging organizations to introduce a DPO (Data Privacy Officer) position who is going to be responsible for educating the employees of data compliance, identifying data owners to establish a data processing framework and conduct frequent security audits. We are already in the process of helping organizations comply to the new data protection law.
2. Attack Surface, Visibility & Intelligence
One of the most common problems identified is that organizations do not maintain an updated asset inventory of all their digital assets. This is critical to maintain to be able to gain visibility into which of the assets are in production that we do not know of, that are unpatched or that have already been compromised. Furthermore, mapping the external attack surface is going to bring added visibility into all possible points that an organization can be breached and compromised from, help generate a compliance report and help the security teams detect and respond to threats proactively before they are exploited.
3. Offensive Security Engagements
Offensive Security engagements are not optional for any organization today. Its testing the limits of a self-proclaimed “strong security posture” that helps in identifying key security, application, network, and infrastructure vulnerabilities that could lead to a security incident of the highest severity. Ahad’s offensive security practices are comprehensive, impactful, and conducted by white hats who understand security from a security and a compliance standpoint. We conduct assessments of any size, compile findings in technical report with a well-defined methodology and then define a cyber-security road for the organization on the basis of the engagement.