Three-day IT security conference GISEC 2014 gave the masses a chance to meet first class security vendors as well as listen to presentations from internationally renowned security professionals. CNME reports from day one of the show.
The region’s top security event drew first class speakers and some of the Middle East’s top IT pros to Dubai World Trade Centre, and the event served as a forum for a variety of fresh IT security perspectives.
Kicking things off was Robert Bigman, former Chief Information Security Officer for the Central Intelligence Agency, who drew on his vast experience to discuss the importance of intelligent IT architecture, and the prospects of both government and business in dealing with security threats.
Next up was Konstantinos Karagiannis, Director, Ethical Hacking, BT Global Services, who offered a more scientific-based perspective. He discussed how the theory of sending data from one quantum computer to another via fiber channels could render data unhackable with high encryption. He said that if a system was created where electrons dissolved once they had been discovered, data would be unreadable.
John Taylor, of Protection Group International, used his presentation slot to discuss the power of human behaviour within IT security. He chose to highlight the importance of the analysis of motivation for why sacked employees often revert to their former companies to inflict damage. “Behind every technical attack, there is always at least one human being,” he said. “It is essential to analyse the motivation for someone who works inside a company to cause harm to it. Look at Edward Snowden, all the indicators were there that he was unhappy in his job, and he initiated a deliberate act of stealing information. It is possible to predict with 80 percent certainty who will become disloyal.”
Ashraf Ali Ismael, National Information Assurance Manager, ICT Qatar, framed regional security challenges as ones that required collaboration, “I believe public-private partnerships are a valuable way to allow governments to see what is going on on the ground,” he said. “I don’t believe regional collaboration is up to scratch, and a unified legal ecosystem would be beneficial.”
GISEC also enlisted a speaker from Africa – Stephane Konan, Special Advisor to the Minister of Homeland Security, Ivory Coast. He discussed prevalent threats in his country, and how its skills shortage was making it easy for cybercriminals to get away with their endeavours. “The criminal considers three factors in plotting a crime: investment, risk and gain,” he said. “The risk element is currently very low for them, as we face challenges such as weak identification, dynamic IP addressing and mobility.”
Sameer Shaikh, IT Security Policies and Risk Manager, Emirates Group IT, highlighted the importance to balancing robust security whilst fostering an environment that encourages innovation. He said, “Power is nothing without control, but too much control will slow us down. IT security stops innovation, but innovation is a threat to security and systems. Security needs to innovation, while innovation needs to manage risk. It’s important to remember that organisations need a balance of skills, you need core ‘techies’, but also people who understand the business.”
The explosion of applications has left most IT users unware of the extent to which their day-to-day use has exploited their security. Nader Henein, Regional Director, Product Security, BlackBerry, discussed how apps pose an innate threat to user privacy, “Today, there are a total of 124 different application permissions on Android, and more often than not we do not realise what these permissions entail.” he said. “[Reddit app] BaconReader has access to your email, once installed. WhatsApp, an application that I’m sure most people in this room use, is exporting your contact list to its servers in California. Each contact list is worth at least $100. Information is currency in this age, and it is important to realise exactly what information with applications.”