Interview: Khalid Athar
Sultan Mahmood Malik, Chief Security Officer at Huawei Gulf North, speaks with Teletimes International at GISEC Global 2024 about the growing cybersecurity challenges faced by the Middle East
Khalid Athar: Can you share some key takeaways or insights from Huawei’s participation in GISEC this year?
Sultan Mahmood Malik: As the Lead Strategic Partner for GISEC Global 2024, Huawei focused on three key areas: data protection, network protection, and cloud security. Technologies like AI, networks, and cloud are pushing the boundaries of business design, boosting productivity, and redefining business models. Industries are plotting new roadmaps and moving ahead with greater speed. As digital transformation picks up speed, cybersecurity and privacy protection will become key to business success in the future digital world.
We launched two groundbreaking solutions—the industry’s first multi-layer ransom protection and ‘SecMaster,’ which incorporates AI to enhance security operations. Our Pangu Model and GPT technologies are being used to fortify cybersecurity measures, allowing organizations to leverage AI for better protection.
At GISEC, Huawei also demonstrated the class-leading capabilities of its HiSec SASE solution for multi-branch enterprises, providing all-round protection at the cloud, network, edge, and endpoint levels, along with the HiSec Endpoint EDR for efficient threat detection, one-click recovery, and lightweight deployment.
In addition, Huawei emphasized the importance of data protection, recognizing that data storage is the foundation of the intelligent world. Huawei OceanProtect Backup Storage delivers three to five times higher backup and recovery performance and, with the industry’s only six-layer Network and Storage Ransomware Protection capabilities that ensure the security and availability of backup copies.
Huawei also showcased its full-stack, cloud-native security system, empowered by AI and built upon the collaboration between a security operations center (SOC) and seven layers of protection covering physical, identity, network, application, server, data, and O&M layers that guarantee service resilience, data security, and regulatory compliance.
These innovations are crucial for safeguarding businesses and their customers against the escalating threats in today’s digital landscape.
KA: My next question concerns the key cybersecurity challenges currently faced by the GCC. How is Huawei Gulf North addressing these challenges? Feel free to discuss the general GCC context as well, not just the northern regions.
SM: To put things into perspective globally, every nation is actively pursuing digitalization to enhance their digital economies. However, digitalization brings several cybersecurity challenges. The GCC is no exception to these challenges. In fact, due to our advanced, high-paced technological, and industry-centric economies, the GCC, and particularly the Gulf North region, have more at stake compared to other parts of the world.
For instance, consider ransomware—should an entity in Asia or South Asia suffer a ransomware attack, the financial impact would be significantly lesser, perhaps 10 to 100 times less, than if the same were to happen to an entity within the GCC. This stark contrast underscores the heightened stakes for cybersecurity in our region. Furthermore, let’s consider network resilience; we recently witnessed heavy rains in Dubai, yet our telecom network remained stable. If such a network were to fail, it could result in financial losses amounting to hundreds of millions of dollars in just a short period, highlighting the critical nature of our cybersecurity challenges.
Addressing these concerns at Huawei, a global leader in cybersecurity, involves three fundamental strategies: First, we provide reliable and trustworthy solutions and services, ensuring our customers receive the best from Huawei, reflecting our core value of customer centricity. Second, we are proactive in developing and supporting policy frameworks that enhance the resilience of our digital economy. This involves engaging with regulatory bodies and industry partners to craft and refine these policies. Lastly, we are deeply involved in capacity building, addressing the global shortage of over three million cybersecurity professionals. Huawei, with its extensive experience and expertise in the global ICT and cybersecurity industries, contributes to this by engaging with universities and academia, conducting awareness campaigns, and providing expert-level training to prepare the next generation of professionals to handle cybersecurity challenges not only in the GCC but globally.
KA: Could you delve a bit deeper into the cybersecurity challenges associated with emerging technologies like virtual reality (VR) and augmented reality (AR), particularly how these affect Huawei Gulf North customers?
SM: The challenges associated with AR and VR primarily pertain to privacy issues. For example, the unauthorized collection and use of personal data in augmented reality are considered significant violations. These technologies, while innovative and efficient, introduce substantial risks concerning user privacy. Moreover, AR and VR blur the lines between the cyber and physical worlds. For instance, augmented reality applications that enable remote operations present unique challenges; a disruption in these services during critical procedures like medical operations could have dire consequences. Therefore, ensuring the reliability and security of AR and VR technologies is crucial for maintaining the integrity of both virtual and physical interactions.
“AR and VR blur the lines between the cyber and physical worlds. For instance, augmented reality applications that enable remote operations present unique challenges; a disruption in these services during critical procedures like medical operations could have dire consequences.“
KA: How does Huawei Gulf North ensure that its cybersecurity measures are in line with industry best practices and regulatory requirements?
SM: That’s an excellent question. At Huawei, everything revolves around our customers, with cybersecurity being paramount in maintaining and establishing their trust. We have developed an end-to-end cybersecurity assurance framework that spans people, processes, and technology. This framework ensures that every department at Huawei adheres to the highest cybersecurity standards and practices.
We employ over 3,000 security professionals who continuously monitor and incorporate industry standards into Huawei’s operations. Over the past five years, we’ve invested over $2 billion in securing our software and an additional $750 million in hardware security. These investments ensure that our products are secure by default, following the stringent baselines set by industry standards. Furthermore, we’ve obtained over 600 security certifications for our products, with 57 achieved in the last year. This rigorous compliance framework is part of our commitment to ensuring the safety and security of our customers through a robust and secure supply chain, where any software vulnerability can be traced back within an hour and hardware issues within 24 hours.
“We’ve obtained over 600 security certifications for our products, with 57 achieved in the last year. This rigorous compliance framework is part of our commitment to ensuring the safety and security of our customers.“
KA: Can you discuss any specific initiatives or announcements made by Huawei at GISEC that are particularly relevant to the cybersecurity landscape in the Gulf region?
SM: As part of its commitment to fostering cybersecurity knowledge and best practices, Huawei hosted several strategic industry forums at GISEC. The Huawei Cloud Security Forum, themed “Intelligent, Simplified Cloud-Native Security for Greater Resilience of Cloud Services,” featured Huawei Cloud experts discussing trends and challenges in cloud security governance, why cloud-native security is a better choice for the cloud era, and how to implement efficient security operations. The forum also hosted Huawei’s partners and customers, who shared their best practices concerning these topics.
At the Huawei Cybersecurity Forum, we explored how enterprises can build Secure Access Service Edge (SASE) and how to promote the development of the SASE industry in the future. We also hosted the Cybersecurity Enablement Bootcamp, which was designed for regulators in the Middle East and Central Asia region, providing them with an opportunity to learn about global cybersecurity legislation, governance practices, and industry best practices and standards in the areas of 5G and cloud security. Finally, Huawei also supported our ecosystem partner, Organization of The Islamic Cooperation – Computer Emergency Response Teams (OIC-CERT) to host an expert working group workshop during GISEC. As you may be aware, OIC-CERT involves prominent Islamic nations like the UAE, Saudi Arabia, and Qatar. These countries are leveraging their advanced technological capabilities to assist other member countries in enhancing their cybersecurity frameworks. This collaboration helps avoid common pitfalls and strengthens these nations’ overall security posture. OIC-CERT is rapidly becoming a global cybersecurity leader, with comprehensive frameworks already developed for 5G and cloud security. This initiative not only aims to bolster cybersecurity in Islamic countries but also sets a precedent for global cybersecurity standards.