MENAISC2021: Saudi and Global Cybersecurity Experts Urge Need for Cyber Vigilance to Combat Threats from 5G Networks

31
  • One incident of cyber piracy every 39 seconds by 2025 
  • Samir Omar: Increased cloud dependency contributed to rise in cyberattacks.
  • 90% human error responsible for cyber breaches.
  • $145 million total ransom paid for cyberattacks in 2019. 

Riyadh: The ninth edition of Virtuport’s Middle East and North Africa Information Security Conference (MENAISC2021) launched virtually on Tuesday, under the theme “Cybersecurity Vigilance, Continuous Monitoring & Mitigation: Understanding the Impact of the 5G Era.” The two-day event, running until May 26, includes the participation of more than 40 local, regional and international experts.

This year’s theme is in line with the growing global interest in the 5G technology, in general, and the Kingdom’s increased usage of 5G networks in various industries, coinciding with an escalation of cyberattacks, in particular. CEO of Virtuport Eng. Samir Omar highlighted the importance of the conference, especially in view of the global remote working and education trend, and the increasing dependence on cloud computing, which has also contributed to a rise in cyberattacks. All of this requires the creation of a proactive cyber vigilance strategy using roadmaps of the most important operational and technological links of mutual and infrastructural importance.

Omar said the development of the 5G technology has exposed its users to more cyberattacks and that 5G has the potential to significantly change the threat landscape of the telecommunications industry. The more widespread the technology becomes and the more devices that are connected to the 5G network, the greater is the number of attackers looking for vulnerabilities that they could use for their own goals.

The conference is spotlighting a number of critical topics such as: 5G networks, cybersecurity frameworks, artificial intelligence, analytics, cloud security and virtualization, data security and privacy strategy, satellites and communications, human skills for cybersecurity and advanced hacker threats. Other subjects being discussed include: Cyber espionage, the rise in healthcare data breaches, email as an entry point for data theft, increasing security vulnerabilities and high-risk malware and cybersecurity intelligence.

Cybersecurity Measures

During the event, Ameer Khan, Technical Leader at Trend Micro KSA, noted that the total global spending on cybersecurity has reached $173 billion and that between 2018 and 2019, 30 percent of financial damage was as a result of cybercrimes. He said an increased investment in cybersecurity-related technical measures, improving training and education of employees and establishing or enhancing corporate policies can help companies cope with cyberattacks.

“Most companies believe in the possibility of a cyberattack coming from the cloud environment,” he said, adding that the total ransom being demanded rose from $800,000 in the fourth quarter of 2019 to $1.3 million in the same period of 2020.

Rawad Sarieddine, Vice President for Middle East, Turkey and Africa at Crowdstrike, highlighted the role of the COVID-19 pandemic in stimulating digital and security transformation. He said the pandemic has provided opportunities to reassess, recalibrate, refresh and retool cybersecurity strategies. Sarieddine was joined by Mercedes-AMG Petronas F1 CEO Toto Wolff to discuss the impact of COVID-19 on the F1 team’s year and how they had to adapt to win.  

During the conference proceedings, Baldeep Dogra, Director, Solutions Marketing at Blackberry, explained the continuing escalation of cybersecurity threats, warning about the importance of bridging the global cybersecurity skills gap. “50 percent of IoT endpoints have been attacked, with an annual increase of 300 percent in cybercrimes. By 2025, attacks will reach 67 billion connected endpoints, equivalent to an incident of cyber piracy every 39 seconds, and the rate of breaches as a result of human error will reach 90 percent,” he added.

Artificial Intelligence

Tripwire Chief Technology Officer David Meltzer presented a session titled “Continuous Monitoring for Integrity,” noting that integrity is the key to all security programs. He highlighted the importance of learning how to move from the current situation to the desired situation and knowing whether these changes are good or bad.

During the “Machine Learning and Artificial Intelligence, What Does and Doesn’t Work” session, Matthias Maier, a Security Evangelist, CEH, CISSP, CISM at Splunk, said that there is a huge professional shortage of 3.5 million jobs, warning that 80 percent of CIOs are not ready for transformation. “Data scientists spend 80 percent of their time cleaning and collecting data, so machine learning requires a solid understanding of statistics and a scientific way to work on solving problems,” he added.

Oliver Cheal, General Manager, EMEAR for Duo Security, Cisco, outlined during his session titled “Democratising Security with Passwordless,” the problems associated with passwords. He said that the average number of passwords used by corporations is 190, resulting in a poor user experience, and that 80 percent of breaches are due to inadequate passwords.

Cyber Resilience

Osman Khan, Chief Operating Officer at I(TS)2, discussed the impact of cyberattacks, which includes financial losses, reputational damage, downtime, loss of sensitive data and others, during his session “How prepared are you for a breach? Key considerations & recommendations for readiness.” He also noted that phishing attacks increased from 11 to 36 percent in the past year.

In a session titled “Cybersecurity Vigilance: Challenges and Strategies,” Mohammed Al-Sammarraie, Cybersecurity Public Sector Director, reviewed the 5G era, data acceleration, cybersecurity challenges, and the impact on the sustainable economy. He highlighted the importance of increasing digital security investments as one of the most important strategies to address potential threats.

Sudeep Chatterjee, Associate Vice President – Sales at MetricStream, hosted a session titled “Being Cyber Resilient – Key Focus and Strategies for a Practical Cyber Resilience Program.” The session focused on how risks are interconnected and constantly evolving and the need for an integrated approach when it comes to cyber resilience, identifying IT management and e-policy, governance, activating IT compliance management and the Internet, testing controls, surveillance and configuration, assessing workflows, assessing cyber risks, and managing security vulnerabilities.

Thom Langford, Security Advocate at SentinelOne, revealed that in 2019, the total ransom that was paid amounted to about $145 million. This was as a result of phishing attacks, hacking of websites, and breach of computer browsers and messaging applications. He stressed the importance of raising awareness among users and creating legislation to prevent such threats.

Dr. Almerindo Graziano, CEO of Silensec, hosted a session titled “Understanding the Attack Simulation Security domain: Use cases, services, tools and technologies.” He said many organizations are turning to attack simulation for testing their security posture and cyber resilience. 

Attack simulation includes a range of services, tools and technologies such as Red Teaming Exercises, Breach-and-Attack Simulation Solutions, Adversary Emulation Tools and Cyber-Range-Enabled Attack Simulation (CREAS) training and exercises.

Dr. Graziano discussed attack simulation security and the importance of expanding various use cases, highlighting the strengths and weaknesses of various services, tools and techniques, in order to provide the public with a clearer understanding of the options available to improve the organization’s security position and electronic flexibility, while ultimately ensuring the desired return on investment.

MENAISC2021 is sponsored by CROWDSTRIKE and TREND MICRO  as Diamond Sponsors; BlackBerry,  Cyberreason,  CYBER  RANGES, ITS2, SentinelOne, Splunk, tripwire,  BTC Networks CISCO,  metricstream (Platinum Sponsors); Beyond Trust, CYBERX  and Lookout, McAfee, MINDWARE, RSA, ANOMALI,  CYBRScore,  VMRAY, ExtraHop, FireEye and Kaspersky (Golden Premium Sponsors); DARKTRACE, Recorded Future,  One Trust, Bitdefender,   Corelight,    ZEROFOX (Gold Sponsors); INTEL471,   RAPID1, Infoblox,  VECTRA (Silver Sponsor Premium); nuix (Silver Sponsor); ORACLE, EC-Council, Acronis,  Int@j (Strategic Sponsors); ISC 2 and Global Knowledge (Educational Sponsors); and DOT  MOTIONS,  Marcom  ARABIA  and  W7Worldwide (other sponsors).

All of these companies have invested their time and financial resources to provide an important intellectual leadership experience in the path of rapid digital transformations taking place around the world.