Thu, Nov 21, 2024 | Jumada al-Awwal 19, 1446 | DXB ktweather icon0°C

GISEC 2023 to highlight the need for ongoing cybersecurity training, and heavy investment into adaptable IT security infrastructure

Key exhibitors to showcase autonomous security solutions as well as effective ways to address the critical cybersecurity skills gap

Published: Mon 13 Mar 2023, 1:44 PM

With an ever-changing cyber security landscape to contend with, businesses in the Middle East have to constantly update and monitor their security solutions to deal with new threats and cyber-attacks. Previously static security solutions that were thought to be effective protection are no longer reliable, with new phishing and social engineering attacks making it more and more difficult to keep attackers at bay.

This is just one of the core talking points at this year’s GISEC, where companies have the opportunity to experience first-hand the nature of newer cyber-attacks and how to counteract them. The increase in remote working has opened even more vulnerabilities for organisations, with security teams being unequipped to cover multiple potential attack points. Even more critical is the focus on security training within organisations, covering not just core IT teams, but also end-users.

Top Stories

With a very evident IT security skills gap existing in the market, organisations need to be serious about always staying ahead of the security landscape. SANS Institute aims to address this skill gap at GISEC, with interactive demonstrations of their cybersecurity offerings and training to enhance employee security skills and capabilities. “Our participation aims to provide visitors with the latest industry trends and best practices, with cloud security being of paramount importance in digital environments. We offer specialised GIAC-certified training courses to enable individuals and organisations to stay ahead of the constantly evolving cloud security landscape and equip them to safeguard their data and systems against cyber-attacks on the cloud,” said Ned Baltagi, managing director — Middle East and Africa at SANS Institute. “We will also host a mini ‘Capture-the-Flag’ event at our stand, where visitors will have the chance to test their skills in a simulated cybersecurity environment, designed to provide real-world, hands-on experience and showcase our immersive training opportunities.”

Looking back, 2022 was another unprecedented year for cyber security, with several high-profile cyber-attacks making headlines. According to a security report from Nozomi Networks Labs, industries such as oil and gas, healthcare, transportation, and retail are just a few verticals where attacks have significantly increased over the past year, as corporate networks lack adequate cyber security control. To address this growing security problem, Nozomi Networks will be debuting Nozomi Arc at GISEC, the industry’s first endpoint security sensor, which aims to offer easy deployment to numerous sites while offering a more detailed overview of an organisation’s security environment to mitigate potential attack points. “We’ve observed an increase in demand for OT and IoT solutions in the Middle East, and both the public and private sectors are stepping up to strengthen defences. Robust cybersecurity is of top priority as OT and ICS systems embrace new technologies to stay ahead of the competition,” commented Bachir Moussa, regional director —MEA at Nozomi Networks.

Similarly, SentinelOne will be showcasing autonomous cybersecurity solutions that provide prevention, detection, and response across all devices. “Identity-based infrastructure has become a core function of scaling businesses and Identity. Cybersecurity is now vital as this surface has become a primary attack vector for threat actors,” observed Tamer Odeh, regional sales director, SentinelOne. “At GISEC 2023, our team is keen to demonstrate how our solutions can help organisations stay ahead of emerging threats and secure their digital environments with confidence.”

Security teams are also finding it harder to assess how secure their organisation really is from cyber-attacks, as this simple task often requires a much deeper visibility into all assets and exposures, which are becoming more challenging to account for. Exposure management company Tenable will be addressing this hurdle at GISEC, by demonstrating how older single-point solutions are no longer applicable to the modern cybersecurity environment. “Tenable has challenged this approach, enabling customers to proactively address, manage and reduce cyber risk across their entire infrastructure — be it cloud, IoT, OT, or other platforms,” said Maher Jadallah, senior director of Middle East and North Africa, Tenable. According to a recent Tenable threat landscape report, the number one group of most frequently exploited vulnerabilities came from a large pool of known vulnerabilities, some of which were originally disclosed as far back as 2017. Organisations that failed to apply vendor patches for these vulnerabilities were at increased risk of attacks throughout 2022, further highlighting how important it is for security teams to perform routine software updates and apply critical security patches in a timely manner.

Another growing topic around cybersecurity that will be explored at GISEC is the use of AI and machine learning to combat evolving cyber threats. In a recent survey from ManageEngine, around 91 per cent of all respondents say AI and similar technologies will play a significant role in strengthening their organisation’s IT security framework. The survey also highlighted that a notable proportion of organisations have already invested in AI to prevent cyberattacks (52 per cent). "The digital ecosystem is fast evolving due to technological advancements — but so are the threat actors. Unsurprisingly, cybersecurity remains the top priority for CIOs and CISOs in the region. Organisations should focus on identifying high-risk vulnerabilities and address them immediately,” said Nirmal Kumar Manoharan, regional director of ManageEngine.

With email being a ubiquitous method of communication for any organisation, companies still need to focus on and protect their email systems from evolving phishing attacks. Mimecast’s recent ‘The State of Email Security 2023’ report highlighted that a staggering 94 per cent of respondents from the UAE had been targeted by email-based attacks but had already implemented a system to monitor and protect against such threats. As cyberattacks continue to become more sophisticated, business leaders in the region have shown greater willingness to confront the risks involved and invest in proper measures to keep cyber attackers at bay. “Supply chain vulnerabilities, the rise of online collaboration and the growth of digital networking are among the chief reasons the cyber landscape is becoming more treacherous. The intersection of communications, people, and data carries a tremendous amount of risk, as malicious actors exploit the interconnectedness of the modern work surface,” says Werno Gevers, regional leader of Mimecast Middle East. “Our research shows that corporate boards have finally woken up to the realisation that cyber risk is business risk, so it’s time for CISOs to make the case for increased budgets and greater cyber resiliency."

With the commercial sector facing the same tactics and techniques from ransomware, phishing, and malware attacks, they should be preparing for a cyberwar now transcending geographical boundaries. Hackers are targeting businesses with complexity and frequency, with the intention of disrupting day-to-day operations, stealing sensitive or personal data, and inflicting reputational damage. IBM’s cost of a data breach report found the global average breach cost of Dh15.98m, with the GCC average now at almost double that (Dh27.4m).

“Businesses need solutions that can adapt to new tactics and techniques, utilising automated knowledge bases such as MITRE ATT&CK, reducing the time to test and validate their performance against the latest attacks and vulnerabilities. Businesses should now be transitioning to a cybersecurity strategy that aims to test their defence capabilities in realistic simulated environments, mitigating risk,” concluded Ross Brewer, chief revenue officer at SimSpace.

GISEC Global will run from March 14 to 16 at Dubai World Trade Centre.



Next Story