Sertan Selcuk, VP of Sales, META at OPSWAT talks about the growing need to protect the critical infrastructure, and how the company is investing in new office and a comprehensive CIP lab to serve its customer in the region even better.
How would you describe the cybersecurity landscape in the region?
The cybersecurity landscape in the Middle East region presents significant challenges and risks. Generally, critical infrastructure relies heavily on outdated or legacy systems that lack robust security features. These systems were not designed with security in mind, making it difficult to implement conventional cybersecurity technologies. Upgrading these systems is complex and often impractical.
Moreover, the increasing interconnectivity between operational technology (OT) and information technology (IT) systems poses a significant concern. This interconnectedness expands the attack surface and creates potential entry points for cybercriminals that may go unnoticed. Securing the interdependencies and ensuring the resilience of these interconnected networks is a substantial challenge.
Additionally, the region faces the risk of insider threats due to the expansion of critical infrastructure entities and the involvement of third-party contractors, employees, and individuals with privileged access to systems. Insider threats can arise from malicious intent, negligence, or individuals falling victim to social engineering tactics.
How do you see the convergence of OT and IT security gaining momentum in the Middle East?
The convergence of OT and IT security in the Middle East is gaining momentum as businesses recognize the interdependency of critical infrastructure on both information technology (IT) and operational technology (OT). Critical infrastructure industries all heavily rely on these systems and assets for their operations. With the ongoing migration to the cloud and digitalization, these organizations are becoming increasingly interconnected, thereby increasing the need for robust security measures to protect their critical systems.
It is crucial for businesses to proactively address cybersecurity concerns as cyber threats are not a matter of if, but when, they will occur. By taking a proactive approach, organizations can better safeguard their infrastructure, data, and operations from potential cyber incidents. Failing to do so may result in reactive responses, either due to an actual incident or the need to comply with industry regulations.
How is OPSWAT positioned in the market and what role does it play in protecting the critical infrastructure?
OPSWAT holds a significant position in the market by providing specialized solutions that play a crucial role in safeguarding critical infrastructure. With a focus on both IT and OT environments, OPSWAT collaborates with public and private/government organizations, recognizing the dependence of businesses on critical infrastructure across diverse sectors such as finance, energy, transportation, and communication. By offering purpose-built and effective solutions, OPSWAT enables these organizations to comply with industry standards and regulations, thereby ensuring the protection and integrity of their critical systems and assets.
Which solutions in your portfolio are gaining traction in the region?
The solution that is mostly having traction in the region is the scanning/sanitization of removable media devices. The reason is obvious — there is currently no other solution in the market that solves the challenge of having to transfer files from removable media, such as flash memory USB devices, SD cards, hard disks and so on, onto the internal or secured/air gapped network. In the region, there are strict regulations on allowing removable media devices in critical environments. These regulations are aimed at covering big security gaps, while employees often see them as obstacles having a diminishing outcome on productivity.
Often, organizations rely on a manual operation to inspect USB devices and can easily be overloaded by the amounts of files that need to be transferred. The emergence of highly sophisticated malware is on the rise, and there are criminal entities specialized in developing such artifacts. Relying on a human to decide whether a file is malicious or not seems ineffective today.
OPSWAT’s MetaDefender Kiosk product that we provide serves as a point of entry for all removable media and relies on our state-of-the-art MetaDefender Platform to ensure each file passes through a hefty scanning and sanitization process before it is automatically transferred inside the network.
Which are the key industry verticals contribute to OPSWAT’s business in the region?
We protect organizations in the manufacturing, nuclear, energy, oil and gas, government and defense sectors, among others.
According to you, what are the major challenges a CIO or CISO encounter while balancing the OT and IT security in their organisation?
Securing critical infrastructure in general is challenging for a few reasons. The first being is the complexity of these networks, which often consist of both OT and IT systems. Another challenge is the lack of technologies specifically designed to protect critical infrastructure. Traditional antivirus technology or sandbox solutions are often insufficient to address the unique security needs of critical infrastructure. This creates a significant gap in the security posture of critical infrastructure networks. A third challenge is the lack of training and certification programs focused specifically on critical infrastructure protection. As a result, there are very few professionals with the necessary expertise to secure these networks effectively.
What role government can play in ensuring the protection of critical infrastructure?
The main action to be taken when protecting critical infrastructure is proper training and awareness. Although the number of cybersecurity certifications and programs is increasing, there aren’t really many that focus on critical infrastructure protection. Cybersecurity enthusiasts often think that applying traditional security practices on critical infrastructure results in a secure environment without taking into consideration that these measures do not account for all the variables present in critical networks such as legacy systems and the OT network.
The impact our governments have on promoting this awareness is huge, but still hasn’t been put in an official format, to mandate critical infrastructure employees to pursue such trainings and certifications.
What advice would you give to cybersecurity professionals involved with critical infrastructure protection?
It’s crucial for cybersecurity professionals involved with critical infrastructure protection to stay updated with emerging threats via advisories and industry reports. They should also foster collaboration between IT and OT security teams – although the two are separate, information sharing is essential as the two continue to merge. These professionals can also develop and practice an incident response plan, create a culture of cybersecurity awareness, and help their organization remain compliant with regulation requirements.
What are your plans for Middle East and where do you see OPSWAT in next 12 months?
OPSWAT has ambitious plans for the Middle East over the next 12 months. With a strong track record of growth, we anticipate doubling our business once again in 2023. As part of our expansion strategy, we will soon be establishing a new office in Dubai, reaffirming our commitment to this vital market. Our dedicated team is well-equipped to serve our clients in the region. The new office will feature a comprehensive CIP lab, enabling us to provide hands-on demonstrations and training, enhancing the experience for our partners and customers. We recognize the importance of cybersecurity in Saudi Arabia and the UAE, and our existing clientele includes government agencies, manufacturing companies, and financial institutions. We will continue to collaborate with our channel partners to extend the reach of our solutions to even more customers in the coming months.