On May 26, the fourth edition of GEC Security Symposium 2021 presented by Cyber Sentinels and Spire Solutions was held at Palazzo Versace Dubai, Jaddaf Waterfront. The event saw participation of nearly twenty IT decision makers who exchanged critical knowledge on the modern-day vulnerability landscape.
The yearly mega event continued its tradition of recognising outstanding individuals and companies in the security field through CISO 2021 Awards and Future Security Leaders Awards.
Below are the key highlights of the event:
Anas Elsadig Eltahir, Senior Information Security Specialist, Government of Dubai Legal Affairs Department
Eltahir delivered the keynote address highlighting the ongoing trend of remote work culture across the globe. He discussed how work from home arrangements can open multiple vectors for cyberattacks.
Steps taken by Dubai Government for the new normal:
- Paperless strategy
- Information security regulation
- Digital transformation
- New innovative solutions
Siddhartha Murthinty, Chief Solutions Architect, Spire Solutions
Murthinty delivered a session on Packets Don’t Lie: Detection & Response. The key premise for the presentation was that network data was not made for security. He highlighted that average dwell time is 78 days to find an attacker. Murthinty said that network data health logs have a visibility gap. He also elaborated network visibility, hunting and analytics.
Dr Hoda Alkhzaimi, Director of Centre of Cyber Security, New York University Abu Dhabi; President, Emirates Digital Association for Women
Alkhzaimi delivered a session on Rethinking the enterprise perimeter in the pandemic and transformation world. She discussed how Covid-19 has accelerated digitisation of customer interaction by several years. Remote working and collaboration are the top areas where change is witnessed the most. Cloud and digitalised services are going to stay, she added.
Alkhzaimi said that we need holistic cybersecurity to deal with rising attacks and the post-pandemic work model.
Tareque Choudhury, Vice President – Technology Risk & Enterprise Architecture, Risk Management Architecture & Governance, Dubai Airports
Choudhury delivered a presentation on Transforming a Cyber Intelligence Programme at The World’s Busiest International Airport.
Dubai Cybersecurity Strategy issued by Dubai Electronic Security Centre, DESC, focuses on cyber threat and compliance. Dubai Cyber Index ensures Dubai is the safest cyberspace place in the world.
Choudhury said that the challenges include rapid growth of Dubai Airport, regulatory compliance, ability to monitor enterprise and airport’s systems infrastructure. He also mentioned that getting skilled resources takes months. He highlighted that cybersecurity is among the top risks for them.
Choudhury also highlighted the Dubai Airport network infrastructure: 52,000 lights, 3,300 Wi-Fi access points, 110,000 network points, 100+ km of baggage belts and 5,000 security on doors.
Digital Defence Centre monitors 150 big data servers, 20+ gbps network. He said that the focus is on engineering services, IoT and industrial control systems.
Choudhury said that budgets were slashed but cybersecurity had to continue. They developed cyber bots using AI called NEO. There were 182,000 cyber incidents in Q1 2021 and 17% were managed by NEO.
Anil Bhandari, Chief Mentor & Thought Leader, ARCON
Bhandari spoke on Next Gen Approach to Digital Identities and Vaults. Footprints of the identities are moving out of the premise and converging into the cloud. Digital identities must be at the core of everyone’s cyber protection programme. Digital identities need to be protected and digital vault in the cloud can play an important role.
He mentioned that resilient framework is needed to respond quickly to threats. Identities are the gateway to do anything in digital space. Redesigning the cybersecurity framework needs to be constant.
Vijay Babber, Senior Channel Manager MEA, Gigamon
Babber delivered a session on Securing the Data Highway with NextGen Visibility. He discussed that hybrid environment is the reality for today’s enterprises.
Ashish Khanna, Information Security Professional, Dubai Government Entity
Khanna spoke about how some of the businesses had to shut physical offices and go online. He added that the UAE is going through a cyber-pandemic and healthcare and financial sector have been the most affected ones.
What needs to be protected is evolving now. Detection is becoming difficult with the rise in remote work environment, and this delays the response as well. Increasing need of knowing the unknown is the new reality for cybersecurity defenders.
Panel discussion: Reporting to the board, has the pandemic elevated the CISO’s role, position
The accountability of the position of the CISO has always been a key factor in how the executive functions inside the organisation. The line of reporting of the CISO varies depending on the market segment and the critical nature of the enterprise’s business. However, recent, and ongoing changes in the macro environment are driving positive appreciation of the critical role of this executive.
The panel included:
- Bilal Ahmad, Head Information Security & Business Continuity, Union Cooperative Society
- Syed Mohammad Ali Naqvi, Head of AI, Data and Analytics Al Hilal Bank
- Hariprasad Chede, Chief Information Security Officer, National Bank of Fujairah
- Rohit Bhargava, Business Unit Head, CloudBox
The panel was moderated by Arun Shankar, Sr Editor, GEC Media Group. Ahmad said that post the pandemic, CISO’s role also includes taking care of remote worker’s cybersecurity. He added that the transition to the cloud has been boosted. Naqvi said that Board members have realised that information security is something they cannot go wrong with, and it is important to get the right kind of skill set.
Naqvi added that Board members want to be aware of the security risks but want to leave the managing part of it to the CISO. Chede said that the culture towards security has changed. He said that security is everyone’s responsibility and managing it needs a transformational culture.
Bhargava added that there has been virtualisation and outsourcing of services. He cited examples where CISOs directly reporting to the CEOs can spot the risks faster and hence mitigate those sooner.
Among the proactive steps that a CISO can take to ensure, peers, top executives, and the board have confidence in the ability to manage a significant breach, Naqvi says that all controls need to be in place and be automated. Ahmad says that creating transparency is key while Chede believes that the culture is crucial. CISOs should only be focused on the business and convert data into value, Bhargava added.
Panel discussion: Best practices to manage and administer the security organisation
The panel included:
- Jean-Michel Briffaut, Rail OT Cybersecurity Manager
- Prashant Nair, Group Head of Operational Risk and Control, Network International
- Sheeba Hasnain, Head of IT Operations, Confidential
- Jacob Mathew, IT Consultant, Government of Abu Dhabi
- Wissam Saadeddine, Regional Manager ME, Infoblox
The panel was powered by Help AG and moderated by Nicolai Solling, Chief Technology Officer, Help AG.
Hasnain said that a holistic approach to cybersecurity is needed and highlighted that they are moving towards better business continuity plan.
Mathew said that while migrating to public cloud one should look at three main areas which are governance, architecture, and applications.
Nair said that everyone should do a risk assessment before they migrate to the cloud. He added that getting the right talent is a challenge.
Briffaut said that organisations should focus on how they can reduce the consequence of an event and focus on resilience.
Saadeddine said Infoblox helps in detecting threats and protecting against them at a much faster pace.
The event progressed with an Exclusive Secret Briefing – Adapting the Hacker Perspective were held by Siddhartha Murthinty, Chief Solutions Architect, Spire Solutions and Mohieddin Kharnoub, Chief Revenue Officer, Spire Solutions.
Anushree Dixit, Global Head Content & Strategic Alliances, GEC Media Group and Dr Erdal Ozkaya, President of Global CISO Forum announced the launch of Global CISO Forum. Dr Ozkaya said that this forum is built for the cybersecurity community to help them network and collaborate. We are better together, he concluded.
Partners and sponsors of GECSS 2021:
- Title Sponsor: Spire Solutions
- Cyber Security Partner: Help AG
- Gold Partners: Gigamon, Redington, SentinelOne
- Privileged Access Management Partner: Arcon
- Strategic Partners: Infoblox, iconnect
- Exclusive Managed Security Partner: Cloud Box
- Supporting Partners: Rubrik, AHAD, Genetec