The third edition of GISEC, the largest IT security knowledge event in the region, gathered top-notch experts in Dubai to discuss megatrends that CISOs can’t afford to take for granted. Topics included cybersecurity management, mobile security and enterprise security among others.
“While we are in the path of technological advancements, we cannot ignore information security.” This was the statement underlined by H.E. Eng. Majed Sultan Al Mesmar, Deputy Director General, UAE Telecommunications Regulatory Authority, during his opening keynote address at the recently held GISEC 2015.
He added that the Internet has made the world a global village where information can flow freely and easily, providing more opportunities for businesses to flourish. “Technology has been an instrument that allows entrepreneurs and small businesses to evolve. This generation has witnessed how even the smallest ideas can turn to massive businesses. However, this doesn’t rule out the threats involved in data security.
“As we are approaching the age of Smart Cities, it is important to understand that the risks involved in Big Data are unprecedented, just as the data revolutionised itself. Data is the air that Smart Cities breathe, and there is a great opportunity for us to strategically tackle the challenges involved in this area. After all, data is considered to be the oil of the 21st century,” he added.
He also emphasised that as the regulatory body tasked to lead the UAE’s mGovernment initiative, the TRA is tactically handling issues on cybersecurity and will implement legislation that considers the security, privacy, and the rights of individuals and companies.
Farid Farouq, VP, Information Technology, Dubai World Trade Centre, then took to the stage and discussed how the role of CIOs has evolved over the years. “CIOs are no longer limited by the boundaries of their departments. We no longer live in isolation, the world is more connected than what it used to be. An occurrence in one region can significantly affect another, hence we should be aware of the turbulences that are happening around the globe. We are living in a world of rapid change which will only continue to increase, therefore as leaders we need to learn how to react to changes even faster,” said Farrouq.
He also pointed out that IT leaders are now under a great deal of pressure to keep their security strategies in check due to the vast level of connectivity. This connectivity requires them to deal with an environment that is becoming more vulnerable to cyber attacks.
Calling upon his experience as a former CSO of the State of Michigan, Dan Lohrmann, now the Chief Strategist and CSO, Security Mentor, identified different cybersecurity challenges present today as well as the skills CSOs need battle these issues. “There is no one solution against cyberattacks,” he said. “A risk assessment and understanding of an organisation’s baseline must be conducted in order to find a solution that applies to specific experiences.”
Lohrmann also revealed four strategic response goals that should be part of a cyber disruption strategy. These include an improved situational awareness among critical infrastructure owners, creation of specific operational plans for the response to and recovery from cyber-disruption events, training of key staff and exercising communication and response plans, and thorough risk assessment to identify vulnerabilities.
He also underlined the importance of public and private sector partnerships, stating that the collaboration between the two can create a good defence against cyberattacks.
Steve Williamson, Director IT Risk Management, GlaxoSmithKline, discussed the importance of developing a security culture and making this a responsibility for and every employee within a company to adhere to. “Our job as security professionals and risk managers is not to hinder our companies in exploring new technologies, but instead to help them in adopt it effectively and securely.”
Highlighting the prevalent challenges on privacy protection, Niraj Mathur, Manager Security Practice, GBM, delivered a presentation on the different privacy concerns and threats in the Gulf region. “Every year, statistics related to connectivity are increasing, and devices such as smartphones that enable this growth are continuously changing the way we do business. BYOD, while advantageous in terms of enhancing mobility and productivity for employes, poses a significant amount of risk as well.”
He mentioned that their research shows that around 90 percent of organisations that implement BYOD policies in the region do not adopt appropriate security measures to protect their data. This makes them vulnerable to security breaches.
“CIOs and CSOs should implement mobile security best practices to ensure data protection within the company. Creating a policy is one practice. Such a policy should clearly identify who can access what data as well as when and where they can access it. Next is containerisation, which entails the segregation of the corporate and personal data on your device by means of virtualisation.”
The conference also featured two panel discussions. The first explored ways to effectively secure data and avoid future attacks, and involved experts Manal Masoud, Principal Consultant, Paramount Computer Systems; Amit Bhatia, Head of Information Security Governance, Oman Insurance Company; Jonas Zelba, Senior Research Analyst ICT MENA, Frost & Sullivan; Hadi Jaafarawi, CISSP, CISA, Managing Director Middle East, Qualys, Inc.; and Nader Baghdadi, Regional Enterprise Director South Gulf & Pakistan, Fortinet.
The second panel session included Ahmad Baig, Senior Director, Corporate Strategy, Risk & Excellence, Smartworld; Nick Pollard, Senior Director Professional Services, EMEA & APAC, Guidance Software Inc.; and Sandra Baer, Director, Smart Cities Council. The discussion assessed how one can identify insider threats.
The second day of the conference started with an address by security guru Bruce Schneier, who took the audience through the events of the Sony hack. “Sony couldn’t have prevented the attackers from getting in but they could have managed their response better,” he said.
Next, the audience heard from Kamran Ahsan, Senior Director, Digital Security Solutions, Etisalat. “We need an ecosystem of shareholders, business custodians and trusted security service partners to jointly safeguard our business environments; government, enterprise and SMBs,” he said.