NTT Security, the specialised security company of NTT Group, has strengthened its UK management team with the appointment of Azeem Aleem to the position of Vice President Consulting and Head of its UK & Ireland (UK&I) business. Azeem is a highly respected cybersecurity specialist and joins following a six-year tenure at RSA Security, where most recently he held the role of Global Director and Head of its Worldwide Advanced Cyber Defense (ACD) Practice. Experienced cybersecurity expert “Azeem is a very experienced cybersecurity expert and leader with a strong global background and I am very glad to welcome him to NTT Security. He will strengthen our UK management team, but also contribute, based on his extensive experience, to the success of our EMEA organisation,” says Kai Grunwitz, Senior Vice President EMEA at NTT Security. Azeem joins NTT Security with a strong track record in cybersecurity with over 15 years’ experience in cyber defense technologies, security operations, counter threat intelligence, data analytics and behavioural classification of the cybercriminal. Within the domain of organisational operations, Azeem has wide-ranging experience in managing P&L, driving operational excellence, change management and process re-engineering. Azeem has been at the forefront of architecting cyber resilience capabilities against Advanced Persistent Threats Cyber threat prevention Azeem has been at the forefront of architecting cyber resilience capabilities against Advanced Persistent Threats (APT) for some of the best financial, government and public sector organisations across Europe, the US, Asia and the Middle East. He has worked with both national and international law enforcement agencies around intelligence training, detection and investigation of cybercrime. As a subject matter expert, he has made frequent appearances on regional television and radio programmes commenting on the increase of cyber threats that are affecting the security of our connected society. A published book author and academic criminologist, he has authored several periodicals on advanced security threats in peer reviewed journals and security magazines. He is an eminent plenary conference guest speaker both at national and international level.
NTT Security, the specialised security company and centre of excellence in security for NTT Group, is expanding its suite of phishing attack simulation services with the use of special social engineering techniques to check whether senior executives pose a security risk. ‘Management Hack’ The ’Management Hack’ service is specifically designed with C-level executives in mind, such as the CEO, CFO or even CIO. Cyber criminals are increasingly attracted to this level within an organisation as senior executives are more likely to have unrestricted access to highly confidential company data, including financial information, which makes them a valuable target. Senior executives also benefit from special privileges, with security policies or standards suspended or relaxed for example to simplify login – often with fatal consequences. NTT Security's Management Hack service includes verification of IT security, physical security (property protection) and human error analysis NTT Security will first coordinate with the client – typically a CISO or the Head of IT – and simulated, personalised social engineering attacks are then carried out, with the individuals involved unaware they are being targeted. NTT Security then analyses how executives respond, identifies specific weaknesses, and recommends appropriate measures, such as security awareness training. IT and physical security NTT Security's Management Hack service includes verification of IT security, physical security (property protection) and human error analysis. Using social engineering techniques, such as phishing and personalised spear phishing combined with malware or brute force attacks on passwords, a simulated attack involves a five-step approach: Building a phishing website that simulates a customer or a website known to the customer Designing a phishing e-mail that leads to the phishing website Sending the phishing emails to the client's senior management Intercepting login information or other sensitive information Producing a detailed report with statistics on the current security situation and measures to improve a company’s security posture. Enhancing security awareness NTT Security's new service is aimed at increasing security awareness at the executive and senior management level A number of management hacks have been carried out by NTT Security in Scandinavia already with surprising results. Kai Grunwitz, Senior VP EMEA, NTT Security explains, "In many cases, we were able to access critical data, such as confidential business plans, mergers & acquisitions documents, domain controllers, usernames and passwords, in just 10 minutes." NTT Security's new service is aimed at increasing security awareness at the executive and senior management level, but also in helping to establish a strong security culture across the entire organisation. "Our initial projects have shown that there is a need for action on the part of the company involved," adds Kai Grunwitz. "It seems the degree of maturity in terms of cybersecurity at the senior management level is still relatively low." Once a simulation attack is completed, NTT Security analyses the results together with the client in workshops. NTT Security can then work with the company to help design and implement a comprehensive company-wide security strategy, which incorporates the management level, and will protect against real-life social engineering attacks in the future.