How cybersecurity can be a powerful shield against threat actors

The Gulf Cooperation Council (GCC) countries have been witnessing a rapid digital transformation in recent years, with the widespread adoption of new technologies such as cloud computing, internet of things and artificial intelligence (AI).

While this has brought several benefits to businesses and individuals, it has also exposed them to new risks, particularly in the area of cybersecurity. As a result, governments and organisations in the region are focusing on strengthening their cybersecurity defences and developing new strategies to mitigate the risks.

Boosting cyber resilience

One of the key events that reflect the importance of cybersecurity in the region is the Gulf Information Security Expo and Conference (Gisec). The annual event brings together cybersecurity experts, vendors and professionals from around the world to discuss the latest trends and challenges in the field. The event provides a platform for organisations to showcase their products and solutions, and for attendees to network and learn from each other.

The 11th edition of Gisec Global, organised by Dubai World Trade Centre (DWTC) and hosted by the UAE Cybersecurity Council, took place from March 14-16, 2023. The event brought together over 500 cybersecurity firms, 300 InfoSec and cybersecurity experts and 1,000 ethical hackers from around the world. The aim was to explore opportunities and discuss the latest trends and challenges in the field of cybersecurity.

Read: Gisec Global 2023 boosts cyber resilience of Middle East digital economy

The event saw participation from top technology companies such as Microsoft, Huawei, Honeywell, Cisco and du, among others, who showcased their latest cybersecurity solutions. Additionally, InfoSec companies such as Mandiant, Spire Solutions, Pentera, Edgio, Crowdstrike and more were also present.

Trixie LohMirmand, executive vice president of Events Management at DWTC, said: “The cybersecurity challenge facing organisations is formidable. By bringing together the world’s leading cybersecurity experts and digital trailblazers, Gisec Global paves the way for regional organisations to demystify the complex cyberthreat landscape and unearth real-world solutions from global experts to build cyber-resilient digital businesses.”

Ransomware attacks on the rise

Ransomware attacks are becoming increasingly prevalent, with numerous high-profile incidents occurring in recent years. These attacks involve the malicious encryption of a victim’s data, with the attackers demanding a ransom payment in exchange for the decryption key. The rise of remote work and the increasing reliance on technology has made businesses and individuals more vulnerable to ransomware attacks. Hackers are constantly developing new and more sophisticated techniques for carrying out these attacks, making them more difficult to prevent and mitigate.

According to the latest Acronis Cyberthreats Report, in the UAE, targeted organisations lost over $1.4m in ransomware, forcing over 40 per cent of them to shut down. The report also noted that breaches reported in Saudi Arabia, for example, could reach an average of $7m. According to security experts, this is driven by factors such as weak credentials, phishing emails, and unpatched vulnerabilities, which remain the top cyber-attacking vectors.

Cyber protection experts from Acronis have warned that AI and machine learning technologies could pose a big risk to digital ecosystems that are not protected as cybercriminals are likely to take advantage of these new tools to increase the effectiveness of their assault through crafting harder-to-detect attacks.

Meanwhile, Ram Narayanan, country manager at Check Point Software Technologies – Middle East says that in recent years, the UAE has witnessed a substantial rise in cyberthreats, as attackers employ increasingly sophisticated techniques to gain unauthorised access to networks and systems.

“Check Point Software’s latest threat intelligence report reveals that, over the last six months, an organisation in the UAE has faced an average of 1230 attacks per week, while 83 per cent of the malicious files delivered in the UAE over the last 30 days arrived via email. It is therefore essential for organisations to grasp the significance of staying ahead of the curve and protecting their assets from these threats,” he explains.

Furthermore, Huawei said that ransomware attacks share some important key features from a service perspective: “Ransomware spreads quickly, leaving little time for administrators to respond once an attack begins. Microsoft found that ransomware can penetrate a system to obtain permissions in just 45 minutes.”

“The number of ransomware variants increased by 98 per cent between 2021 H2 and 2022 H1, making it very difficult to detect and respond to covert and new attacks quickly and effectively,” the company states.

Enterprise businesses feel the impact of ransomware attacks more acutely than other types of users, as it normally takes a long time to restore services after an attack and data often cannot be restored at all. This leaves enterprises in urgent need of effective end-to-end protection as traditional ransomware protection solutions simply cannot compete with these challenges.

Cybersecurity firms at the event shed light on how keeping your software and operating systems up to date with the latest security patches is one of the best ways to prevent ransomware attacks.

They also noted that it is important to regularly back up the data to an external source and test the backups to ensure that they can be successfully restored in case of an attack. Furthermore, educating employees on how to recognise and avoid phishing emails and suspicious attachments can help to prevent ransomware attacks caused by human error.

Additionally, implementing strong access controls and restricting administrative privileges can limit the impact of any potential attacks. “2023 is a crucial year for chief information security officers (CISOs) as they face a complex and dynamic threat landscape in addition to developing strategies to manage business-critical initiatives such as securing work-from-anywhere, ​enabling digital acceleration, ​staying ahead of increased cyber risk, ​and supporting sustainability goals. Our aim is to help them address these challenges, provide insight, best practice, and demonstrate how Fortinet can help them stay ahead of the curb,” observes Alain Penel, regional vice president – Middle East and Turkey at Fortinet.

Community of action

Meanwhile, top regional and global information security officers discussed creating a ‘community of action’ and chalked out strategies to help digital businesses in the region build cyber-resilience at the Gisec CISO Circle, part of Gisec Global.

Held on day two of the event under the theme of ‘Building a united cyber frontier’, the CISO Circle agreed that collaboration and information sharing within the cybersecurity industry is critical to tackling cybercrime.

Since its launch last year, the CISO Circle has brought together like-minded security experts from diverse sectors to exchange insights on tackling cybersecurity challenges and address critical priorities reinforcing business, economic and national security agendas. The panellists at this year’s CISO Circle included Dr Mohamed Al-Kuwaiti, head of the UAE Cybersecurity Council, Dr Aloysius Cheang, CSO, Huawei Middle East and Central Asia and Hadi Anwar, chief cyber defence officer, CPX.

Addressing the CISOs in his keynote speech, Dr Al-Kuwaiti, stressed the importance of collaborations based on the values of trust and transparency to achieve the common goal of building better cyber resilience.

The UAE Cybersecurity Council showcased its National Security Operations Centre (NSOC), with Dr Al-Kuwaiti highlighting its importance, stating: “We cannot control what we cannot measure, and we cannot measure without having that visibility, and the NSOC brings us that visibility.”

Global Police Metaverse

The popularity of the metaverse has prompted numerous companies to invest in the development of their own metaverse platforms, driving the growth of the industry. At Gisec Global, Dr Madan Oberoi, executive director for Technology and Innovation at Interpol, Singapore, unveiled the first Global Police Metaverse – a virtual platform designed specifically for the global law enforcement community.

“Like all other ever-evolving technologies, the metaverse represents unique opportunities and challenges for law enforcement,” said Dr Oberoi.

“We, therefore, need to understand what harm can occur in or through the metaverse. These include offences that mirror existing criminal threats like crimes against children, harassment, cybercrime, and fraud. At the same time, the metaverse will generate new forms of crime – called meta crimes – such as Darkverse or 3D virtual property crimes or harm to and misuse of avatars.”

Hack-O-Sphere

Gisec Global hosted the first edition of the Hack-O-Sphere event which witnessed participation from more than 1,000 ethical hackers in the world. The event also observed the inaugural CyTaka World Cyber Championship, delivered by Israel-based CyTaka in partnership with the UAE Cybersecurity Council and CyberGate.

Meanwhile, hardware hacker, tech wizard and author, Joe ‘Kingpin’ Grand, explained to the audience his hardware hacking mindset and showed live demonstrations of some of the more common hacking techniques.

💰THE GIST OF IT💰 Just when you thought winning a mastermind’s challenge was hard, four heroes went and hacked their way to it at the CyTaka World Cyber Championship! Congrats to our winners – you out-pwned the challenge and rolled in $20,000 each! 🙌 #GISECGlobal pic.twitter.com/I8CG56S9W5

— GISEC (@GISECGlobal) March 16, 2023

“Cyberattacks are continuously evolving,” said Grand. “Complex attacks such as fault injections and side-channel analysis, which were earlier limited to mostly those with knowledge in engineering, are now more common.”

Grand added that it is, therefore, important for organisations to have proper mitigations in place to tackle these attacks. “With the knowledge of hardware hacking, organisations can get into the mindset of an attacker and make their products more secure.”

Bringing together cybersecurity professionals

Going ahead, Gisec Global looks forward to continue to play a significant role in bringing together cybersecurity professionals to display latest technology, debate new threats and exchange information and best practices. The conference will also provide a platform for networking and collaboration, helping to advance the field of cybersecurity in the Gulf region and beyond