Connect with us

Tech

IT security starts with knowing your assets: Europe, the Middle East, and Africa

Published

on

IT security starts with knowing your assets: Europe, the Middle East, and Africa


Nations in Europe, the Middle East, and Africa are taking note: the European Commission plans to build a Joint Cyber Unit to tackle large-scale cyberattacks. The government of Saudi Arabia launched the National Cybersecurity Authority to enhance the country’s cybersecurity posture. And the African Union has identified cybersecurity as part of its Agenda 2063 for transforming Africa.

To explore the challenges facing today’s cybersecurity teams and the strategies they must embrace to protect the attack surface—the sum of points an unauthorized user can use to gain access to an organization’s systems— MIT Technology Review Insights and Palo Alto Networks conducted a survey of 728 business leaders. The survey was global, with 38% of respondents from Europe and 13% from the Middle East and Africa. Their responses, along with the input of industry experts, provide a solid framework for safeguarding against a growing battalion of bad actors and fast-moving threats.

But organizations themselves can also take critical steps to better understand where attacker entry points are in their information technology (IT) environments in a smart, data-driven manner.

The vulnerabilities of a cloud environment

The cloud continues to play a critical role in accelerating digital transformation. And for good reason: cloud offers solid benefits, such as increased flexibility, cost savings, and greater scalability. Yet cloud-based environments account for 79% of observed exposures, compared with 21% for on-premises assets, according to the “2021 Cortex Xpanse Attack Surface Threat Report.”

That’s concerning, given that 53% of survey respondents in Europe, and 48% of those in the Middle East and Africa, report that more than half of their assets are in the cloud.

“Many companies started their journey to the cloud because it made sense,” says Amitabh Singh, chief technology officer for Europe, the Middle East and Africa at Cortex, Palo Alto Networks’ security operations platform division. But there are pitfalls, too, he says.

“With the cloud, the high wall around organizations’ core assets and infrastructure has melted away. As a result, some of the assets companies thought were secure may be exposed to vulnerabilities.”

Certainly, there are technologies that can bolster cloud security. But Singh says many organizations in Europe have been slow to adopt more innovative tools. “I still see companies struggling with old antivirus and anti-malware platforms,” he says.

Remote work has also contributed to increasing cybersecurity risks for cloud environments. Remote workers rely on the cloud to do their jobs, whether it’s corresponding with co-workers, collaborating on projects, or getting on video conferencing calls with clients. And when IT, now at a physical remove, is not responsive to their needs, remote workers can easily shop for their own online solutions to problems. It’s what’s known as shadow IT: it bypasses normal cybersecurity practices—and opens up a world of worry for IT teams.

Just ask Chris Sandford, director of industrial cybersecurity services at Applied Risk, an industrial cybersecurity consultancy in the Netherlands. Sandford says while work-from-home arrangements have long been common in Northern Europe, “there are many companies that weren’t ready for remote work and its associated challenges and vulnerabilities” when the 2020 coronavirus pandemic forced many employees to work from home. Case in point: the majority (53%) of respondents in Europe, and 35% in the Middle East and Africa, say they have experienced a cybersecurity attack originating from an unknown, unmanaged, or poorly managed digital assets.

Sandford provides the hypothetical example of an employee who uses an unsecured cloud server to access business applications without the necessary authentication or authorization measures in place. “How do you know someone’s not backtracking from that cloud back into your own network?” he asks. “There’s very limited visibility or understanding of that cloud service.”

A powerful action plan

Fortunately, there are steps organizations in Europe, the Middle East, and Africa can take to minimize exposure to cybersecurity threats and gain control of their cloud environments. Most survey respondents in Europe (70%) and the Middle East and Africa (89%) rely on continuous asset monitoring technology for protection. Long gone are the days when companies could take an ad hoc approach to identifying security risks.

“In the good old days, when we were managing vulnerabilities, we used to scan our infrastructure on a regular basis, find the vulnerabilities, and then patch them,” says Singh. “Now, we don’t have the luxury of time. If there are vulnerabilities, and we don’t manage them almost on an instantaneous basis, bad actors can exploit them.”

Download the full report.

Find out what organizations in other regions of the world are doing to understand and counter today’s cyberthreats.

This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff.

Tech

Donald ’67, SM ’69, and Glenda Mattes

Published

on

Donald ’67, SM ’69, and Glenda Mattes


Don Mattes started giving to the Picower Institute for Learning and Memory at MIT before he himself was diagnosed with Alzheimer’s disease. Since his death in 2020, his wife, Glenda, has carried forward Don’s passion for its work. “My wish is that no one ever has to go through the horrors of Alzheimer’s disease ever again,” Glenda says. The Matteses have also supported the Koch Institute for Integrative Cancer Research at MIT.

Legacy sparks hope. An early key employee of Andover Controls who later ran the company’s European operations, Don visited six continents with Glenda during their 30-year marriage—often to ski or bicycle. “Don’s was a life well lived, just too short,” Glenda says. The couple made provisions in their estate plan to support the Picower Institute. After Don died, Glenda made a gift to MIT of real estate that established both endowed and current-use funds there to support research on Alzheimer’s, dementia, and other neurodegenerative diseases. Glenda is a cancer survivor, and the gift also endowed a fund in the couple’s name at the Koch Institute.

Great discoveries being made at MIT: “Don always said the best thing he got from MIT was being taught how to think,” Glenda says. “MIT is an amazing place. Picower Institute director Li-Huei Tsai and her team are doing more than looking for a treatment for Alzheimer’s. They’re looking for the root cause of the disease. I am also fascinated with the Koch’s melding of engineering and biology. The chances they are going to solve the cancer issue someday are very high.” 

Help MIT build a better world.
For more information, contact Amy Goldman: (617) 253-4082;  goldmana@mit.edu. Or visit giving.mit.edu/planned-giving.

Continue Reading

Tech

Investing in women pays off

Published

on

Investing in women pays off


“Starting a business is a privilege,” says Burton O’Toole, who worked at various startups before launching and later selling AdMass, her own marketing technology company. The company gave her access to the HearstLab program in 2016, but she soon discovered that she preferred the investment aspect and became a vice president at HearstLab a year later. “To empower some of the smartest women to do what they love is great,” she says. But in addition to rooting for women, Burton O’Toole loves the work because it’s a great market opportunity. 

“Research shows female-led teams see two and a half times higher returns compared to male-led teams,” she says, adding that women and people of color tend to build more diverse teams and therefore benefit from varied viewpoints and perspectives. She also explains that companies with women on their founding teams are likely to get acquired or go public sooner. “Despite results like this, just 2.3% of venture capital funding goes to teams founded by women. It’s still amazing to me that more investors aren’t taking this data more seriously,” she says. 

Burton O’Toole—who earned a BS from Duke in 2007 before getting an MS and PhD from MIT, all in mechanical engineering—has been a “data nerd” since she can remember. In high school she wanted to become an actuary. “Ten years ago, I never could have imagined this work; I like the idea of doing something in 10 more years I couldn’t imagine now,” she says. 

When starting a business, Burton O’Toole says, “women tend to want all their ducks in a row before they act. They say, ‘I’ll do it when I get this promotion, have enough money, finish this project.’ But there’s only one good way. Make the jump.”

Continue Reading

Tech

Preparing for disasters, before it’s too late

Published

on

Preparing for disasters, before it’s too late


All too often, the work of developing global disaster and climate resiliency happens when disaster—such as a hurricane, earthquake, or tsunami—has already ravaged entire cities and torn communities apart. But Elizabeth Petheo, MBA ’14, says that recently her work has been focused on preparedness. 

It’s hard to get attention for preparedness efforts, explains Petheo, a principal at Miyamoto International, an engineering and disaster risk reduction consulting firm. “You can always get a lot of attention when there’s a disaster event, but at that point it’s too late,” she adds. 

Petheo leads the firm’s projects and partnerships in the Asia-Pacific region and advises globally on international development and humanitarian assistance. She also works on preparedness in the Asia-Pacific region with the United States Agency for International Development. 

“We’re doing programming on the engagement of the private sector in disaster risk management in Indonesia, which is a very disaster-prone country,” she says. “Smaller and medium-sized businesses are important contributors to job creation and economic development. When they go down, the impact on lives, livelihoods, and the community’s ability to respond and recover effectively is extreme. We work to strengthen their own understanding of their risk and that of their surrounding community, lead them through an action-planning process to build resilience, and link that with larger policy initiatives at the national level.”

Petheo came to MIT with international leadership experience, having managed high-profile global development and risk mitigation initiatives at the World Bank in Washington, DC, as well as with US government agencies and international organizations leading major global humanitarian responses and teams in Sri Lanka and Haiti. But she says her time at Sloan helped her become prepared for this next phase in her career. “Sloan was the experience that put all the pieces together,” she says.

Petheo has maintained strong connections with MIT. In 2018, she received the Margaret L.A. MacVicar ’65, ScD ’67, Award in recognition of her role starting and leading the MIT Sloan Club in Washington, DC, and her work as an inaugural member of the Graduate Alumni Council (GAC). She is also a member of the Friends of the MIT Priscilla King Gray Public Service Center.

“I believe deeply in the power and impact of the Institute’s work and people,” she says. “The moment I graduated, my thought process was, ‘How can I give back, and how can I continue to strengthen the experience of those who will come after me?’”

Continue Reading

Copyright © 2021 Seminole Press.