With the world on constant alert for cyber attacks, CIOs and IT decision makers flooded to the Habtoor Grand hotel last month to discuss the most recent security trends, concerns and solutions at CNME’s aeCERT-partnered Security Strategist 2013 conference.
Cyber security is, and has been, a hot topic for every IT team around the globe for a long time. However, more recent breaches and attacks on national government entities have resulted in a wide-spread movement from the highest authorities to clamp down on cybercrime.
Last year, Saudi Aramco suffered a massive 30,000-machine malware attack, and the oil giant now sits as the benchmark example for the damage that can be done by sophisticated attackers.
The evolution of not only the threat landscape, but also the intelligence of the attackers, has brought to light just how severe and real the situation surrounding web-based attacks has become in recent years.
With an action-packed agenda, including two specialised roundtables covering the banking and aviation sectors, the day was sure to provide end-users with insightful and engaging information that would be pivotal for any business moving forward.
Presenters covered all major talking points ranging from defending attacks to data loss prevention. The speakers included Meshal Abdulla BinHussain, Head of UAE CERT Operations at the Telecommunications Regulatory Authority; Dr Deepak Kalra, CIO, Al Asas; Ahmed AlAhmed, CIO, Nakheel; Ahmed Baig, IT Security and Compliance, DWTC; Jude Pereira, Managing Director, Nanjgel; Niraj Mathur, Security Practice Manager, GBM; Ali Alamadi, Manager, Strategic Consulting, help AG; Omar Fathallah, Senior Technology Consultant, RSA; Mohammed Khatib, CIO, Amman Stock Exchange; Hazem Bayado, Technical Manager, Novell Middle East; and Nagaraj Hebbar, Senior Sales Engineer, FVC.
Scare mongering
End-users aren’t known for their subtlety at the best of times, and many of the presentations addressed the issues which were on the tip of many company’s tongues, like cost of solutions, security of products, and embracing technologies while maintaining compliance.
One frightening theme which continuously popped up was the argument of awareness in regards to how secure companies in the Middle East are – as Pereira of Nanjgel said, “People are essentially bringing a knife to a gunfight.”
Whether businesses are bringing a knife to a gunfight or not, they will certainly have more in their arsenal following Security Strategist 2013. However, predicting what will be on next year’s agenda may prove to be more difficult than one may have expected – with no speakers or delegates daring to comment on what the future of IT security holds.
Head in the clouds? Securing the aviation sector
Many of the aviation industry’s leading security analysts and managers gathered during the second half of the day to discuss security in their vertical. The panel members, who all wished to remain anonymous, took part in a heated discussion which covered not only generic security concerns, but also compliance issues and major aviation-related news stories, such as the recent claim that Android phones could be used to hack an aircraft.
The common theme surrounding the discussion was the importance of company and customer data. This essential data and information was described as so sensitive that some believe IT security should be an entirely independent entity in order to safely and more professionally deal with these concerns.
The major concern around exposing data was the balance between providing next-generation technologies for customers and keeping business-critical data secure.
“It’s a key challenge,” said one panel member. “The balance between what the business wants and what we want to give as a business, against what we can expose.”
Being able to push the boundaries of what they can provide for companies is always a hot topic in an area as competitive as aviation, but from a technology standpoint, the risks just continue to increase. Many carriers are now looking into offering Wi-Fi in-flight, and the risks here are obvious.
“We want to provide Wi-Fi for all of our customers, but being logged into a Wi-Fi network for 16 hours is a very long time,” another member stated.
A mandate for action
Senior IT executives from eight of the Middle East’s leading banks met with representatives of aeCERT (the UAE Computer Emergency Response Team) to discuss the current security challenges facing them and their customers.
In order to facilitate the full and frank discussion that proceeded, the participants requested to remain anonymous.
At the brunt of discussion was the recent security breach at Bank Muscat, in which cyber criminals pulled off a $39 million ATM heist using pre-paid travel cards.
Participants challenged aeCERT to ensure banks go public when they suffer security breaches, and to speak out to allow the rest of the industry to gain learning and insight from the experiences.
Further to this, the mandate of aeCERT was questioned to understand whether the cyber security coordination centre can issue a policy statement declaring best practises that banks must adhere to.
The head of aeCERT – which was established by the Telecommunications Regulatory Authority (TRA) as an initiative to facilitate the detection, prevention and response of cyber-security incidents on the Internet – said that whilst it is not within their mandate now, it is certainly something they can address with the TRA going forward.
The roundtable’s participants also expressed significant concern with the current set-up of IT infrastructure, which many believed was inadequate to protect against modern threats.