International chief information security officers (CISOs) met to discuss and map out strategies to protect financial institutions from cyberattacks on the final day of GISEC 2021, the Middle East’s most influential and connected cybersecurity event at Dubai World Trade Centre (DWTC).
The main stage discussion, chaired by Nathan Swain, former Security Advisor for the UK Government, explored different tactics in dealing with cyber threats.
Mohammed Darwish Aza, Chief Information Security Officer, Emirates NBD, said, “Threat intelligence is a key indicator of every feed that you have in the organisation. It helps us make decisions from a strategic perspective, and I believe one of the spaces that really needs to improve is intelligence around third-party suppliers – seeing what their posture is on a day-to-day basis. Conducting a threat audit on a yearly basis won’t help you to understand what the overall defence is for your suppliers, and what the latest attack patterns are.”
Viktor Polic, CISO, Head of Information Security and Assurance Services, International Labour Organisation, said that education would be critical. He said: “If you look up at the sky at night, you see new satellites, which will one day be connecting the remaining 4 billion people on the earth, who are without internet – hyper-connectivity and Starlink. With people constantly trying to bridge the digital divide, even with AI and 6G, I think we are going to see quick adoption. We need to match innovation in technology with innovation in people.”
Strategies for increasing female cybersecurity participation discussed at GISEC
A GISEC Inspire panel discussion highlighted the overarching challenges women face in the world of cybersecurity and explored what still needs to change in the industry.
Hessa Salem Al Nadhi, CISO, Department of Culture & Tourism Abu Dhabi highlighted the need for governments and the private sector to encourage women of all ages to explore careers in cybersecurity.
“The majority of women don’t consider cybersecurity as a career because they aren’t aware of the many opportunities in the field,” said Al Nadhi. “Leaders and businesses need to empower both genders to enter the cyber world, whilst helping develop the skills of the younger generations and helping to close both the gender and the skills gap in the sector.”
Inass Farouk, Marketing Director, Microsoft UAE, said that only 24% of the global cybersecurity workforce is made up of women, according to the latest cybersecurity workforce study by (ISC)2, which shows that there is still a lot to do in order to attract more women into the industry. “Attracting women to the industry at a young age is crucial,” she said. “Providing them with a STEM education and a better understanding of STEM-led careers is key to bringing about change and increasing the number of women in cybersecurity.”
SolarWinds CEO delves into Orion security breach
Visitors to the GISEC main stage heard from Sudhakar Ramakrishna, President and CEO of SolarWinds, who discussed how the firm learned that threat actors were in its systems eight months prior to December 2020, when it was reported globally that the Orion security breach allowed thousands of its clients to be hacked.
According to Ramakrishna, attackers managed to get inside SolarWinds’ build environment and place a backdoor in 2019, which was then wrapped into its legitimate software without detection. The updated software was distributed to as many as 18,000 organisations leading to follow-on attacks on about 100 companies and nine government agencies.
“Since the initial attack, it has been a whirlwind of learning about the breach, understanding what we need to do and obviously implementing the lessons learned,” Ramakrishna said. “The cyberattack that we faced, and other large technology companies are also facing, should be of great concern. As I am sure you will attest from certain recent attacks, no single company is immune to these attacks, especially if they are to be carried out by nation states which are incredibly patient, incredibly persistent and who have many more resources available than any one company must protect itself.”
Dubai Police raise awareness on everyday cyber threats
Captain Khalid Tahlak, Head of Social Crime, Dubai Police, briefed GISEC visitors on how the public can safeguard themselves against a range of online scams. He highlighted how bogus charity campaigns, online blackmail and phishing attacks were all commonly used to catch out unwitting citizens, adding that the over-sharing of private information caused a lot of people to fall victim to cybercrime. Tahlak said that the public can report cybercrime incidents at www.ecrime.ae.