Letters

Most people here are generous and donate money for various causes during the holy month. But time is also very important, as is sharing your skills. And, perhaps it is even more important to get your children involved and engrave in them, from an early age, that giving back to society is a must, not a choice.

For example, children living in our compound of Hani Gardens and their friends recently collected money and distributed dry rations to around 300 labourers.

A big ‘thank you’ also goes to Sanjay Gupta, chairman of Riffa Lions Club for supporting us, and, of course, special praise goes out to all the children involved who worked so hard to make it such a successful occasion.

Madhubani Madhu, Bahrain.

Thank you to Kristian Harrison for last week’s article about the Ramadan dome at Jumeirah Royal Saray Bahrain. It was amazing and an extremely well-written piece describing the process and journey of the structure that we at Design Creative proudly brought to the hotel.

Thanks a lot.

Jalal Mohammed,

Project manager of Design Creative.

l See Eating Out: Page 9

The Holy Month of Ramadan requires lifestyle changes due to adjustments in work, sleep, and eating habits. Fasting can reach up to 14 hours without even so much as a drink of water. So just imagine how it can affect the vital functions of the body, not just physically, but mentally.

The obvious results are dehydration and low blood sugar that can lead to fatigue, exhaustion, distraction, inattentiveness, irritation, etc., thus making Ramadan the peak season for traffic accidents.

Knowing these effects can help motorists come up with precautionary measures to cushion the outcome and avoid getting into and causing an accident.

Getting enough rest and sleep coupled with eating nutritious food will help the body buffer the effects of fasting. Whilst hydration is the key to keeping the body functioning well so keep it hydrated until the next fasting starts.

If motorists understand the cause of their mood swings and other psychological urges, they will most likely be more tolerant on the road and at the same time more accepting of their limitations.

Thomas Edelmann, by email.

l Editor’s note: Follow the hashtag #HappyNotHastyRamadan on social media.

Data breaches and cyberattacks are unignorably on the rise and hackers are becoming increasingly sophisticated. Across the world, businesses are finding it difficult to grapple with rapidly shifting cybercriminal motivations, tactics and appetites for destruction.

The problem is exacerbated by emerging technologies such as IoT constantly expanding exploitable attack surfaces. At the same time, massive volumes of work data and applications are moving to the cloud in various deployment configurations, potentially leaving additional swathes of data unprotected.

To both understand and keep pace with cybercriminal mindsets, many businesses are seeking to fight fire with fire. It is particularly important to consider every single possible attack vector when protecting applications. This is where the ethical or ‘white hat’ hacker can often make a difference.

While security architects have a wealth of knowledge on industry best practise, they often lack first-hand experience of how attackers perform reconnaissance, chain together multiple attacks or gain access to corporate networks.

Equipped with – one hopes – all the skills and cunning of their adversaries, the ethical hacker is legally permitted to exploit security networks and improve systems by fixing vulnerabilities found during the testing. They are also required to disclose all discovered vulnerabilities.

According to the 2019 Hacker Report, the white hat hacker community has doubled year over year. Last year, $19 million was doled out in bounties, nearly matching the total paid to hackers in the previous six years combined. Eye-catchingly, the report also estimates that top earning ethical hackers can make up to 40 times the median annual wage of a software engineer in their home country.

So where do you find these mythical creatures?

The most common method is a ‘bug bounty’ scheme operating under strict terms and conditions. This way, any member of the public can search for and submit discovered vulnerabilities for a chance to earn a bounty. It can work well for publicly available services, such as websites or mobile apps. Rewards depend on the level of perceived risk once the affected organisation confirms the validity of its discovery.

Using crowdsourcing and paying incentives has obvious benefits. Hackers get reputational kudos and/or hard currency to showcase and test their skills in a very public forum. In exchange, the hiring organisation gains new dimensions of security smarts and perspectives. 

Some businesses choose to hire hackers direct. Hands-on experience is key here. While it may sound counter-intuitive to make use of external hackers – some of which have a track record of criminal activity – the one thing they have in abundance is hands-on experience. At the end of the day, a hacker is a hacker. The only difference is what they do once a bug or vulnerability is found.

Ultimately, employing an ex-cybercriminal is a risky decision that should be made on a case-by-case basis. It is also worth noting that criminal background checks only help identify previous offenders – they lack context on how a person has changed. For example, it is unlikely that someone charged for a denial of service attack at a young age has mutated into an international career criminal. Indeed, some young offenders often go on to become well respected security consultants and industry thought-leaders.

Another fertile hunting ground for hackers could be closer to home. The best practitioners are curious, with a strong passion to deconstruct and reassemble. Businesses need to get better at harnessing the skills of those building their applications, code and network infrastructure. They may already know about vulnerabilities but have yet to report them as it isn’t part of their job description. This is a waste. Decision-makers need all the insight and help they can get, and there’s more of it out there than you think. Over the years, I’ve met many people at security workshops or capture the flag hacker events that have built products but claim to enjoy the process of ameliorative, intelligence-gathering hacking even more.

Finally, ethical hacking is also becoming increasingly formalised. Notable qualifications include Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or Global Information Assurance Certifications (GIAC). Naturally, many seasoned hackers will balk at such educative evolutions but watch this space. Ethical hacking is set to become more mainstream as perceptions and security-first business imperatives change.

Tabrez Surve, Regional Director – Gulf, Levant & Turkey, F5 Networks.