- Cybercrime is second most common form of economic crime in the Middle East
- International Cybersecurity Leader Dan Lohrmann to disclose cyberdefence strategies against cybercriminals and cybermercenaries at Gulf Information Security Expo & Conference 2015
15 March 2015, Dubai, United Arab Emirates- The speed, convenience and anonymity of the Internet are continuously being exploited by cybercriminals who are relentlessly upping their game by launching brute force targeted attacks against organisations across the Middle East and North Africa (MENA). These cybercriminals are committing a diverse range of criminal activities to penetrate even the most sophisticated and secure internal networks of organisations in the region.
According to the Cisco 2015 Annual Security Report, enterprises are using solutions that block network breaches and other malicious attacks, however, cybercriminals are learning to evade detection by changing tactics to steal information, extract money through scams and disrupt networks. Cyberattackers choose varying methods such as devise spam campaigns using hundreds of IP addresses to bypass IP-based anti-spam reputation products. They also use malicious advertising or malvertising and design malwares that persistently infect users’ machines.
Last month, the first known Arab-speaking group of cybercriminals Desert Falcons was revealed to be a cyberespionage group targeting multiple high profile organisations and individuals from Middle Eastern countries including the UAE. Started in 2011, the group have attacked more than 3,000 victims across 50 countries globally with over one million files stolen.
Groups like the Desert Falcons have made cybercrime one of the fastest growing transnational organised crimes in the world. According to a 2014 report from the Centre of Strategic and International Studies (CSIS), cybercrime costs the global economy approximately USD445 billion every year, with losses ranging between USD375 billion and USD575 billion. In the Middle East, cybercrime is the second most common form of economic crime reported with total losses varying between USD1 million and USD100 million annually, according to PricewaterhouseCoopers’ (PwC) 2014 Global Economic Crime Survey.
With the shifting security landscape and the emergence of new cyberthreats, countries in the MENA region must continue to formulate cyberdefence strategies and frameworks to adequately prepare individuals, organisations and governments against potential attacks and security concerns such as the Desert Falcons. At the 3rd Gulf Information Security Expo & Conference (GISEC), global industry experts including Dan Lohrmann, an internationally recognised Cybersecurity Leader and ex-Chief Security Officer for the State of Michigan in the U.S.A., will convene at the region’s leading I.T. security platform to address various risks and dynamic changes happening within the Middle East’s security environment.
Scheduled to take place from 26-28 April 2015 at the Dubai World Trade Centre (DWTC), GISEC - the region’s leading I.T. security platform - will address key issues surrounding cybersecurity management, identity management and disaster recovery. The event will address susceptible industry sectors such as financial services, governments, oil & gas, I.T. and pharmaceuticals as well as for individuals. GISEC’s exhibition segment will also showcase over 150 exhibitors, attracting over 5,000 trade visitors and security professionals from 50 countries including Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs).
As organisations and governments around the globe are preparing for hostile cyberthreats that could potentially cause a major global crisis, Lohrmann, one of the conference’s keynote speakers, will be discussing cyberdefence strategies and how to use the most advanced technologies and integrated systems to protect governments and companies against cyberattacks.
“Governments, organisations and companies must first of all be alert and aware of the cyberthreats they face each and every day. This means an active programme in educating everyone from front-line staff to senior executives in the importance of protecting sensitive information,” said Lohrmann.
He also added that cyberdefence teams must be equipped with skills, tools and other resources to effectively counter cyberattacks that are relentless and constantly changing. Trusted partnerships are vital to provide real-time intelligence to work together across traditional siloes, such as police, government, defence, technology companies and company staff.
“Companies need to create a vibrant cyber ecosystem to detect, respond and recover from cybercrime and other types of online attacks,” Lohrmann said.
Tareque Choudhury, Head of Security, BT Middle East and Africa also explained that organisations in the MENA region are investing in cybersecurity at a rate not seen before, fuelled by regional tensions. Concerns over attacks from cyberspace also resulted in an increasing level of complexity which makes them harder to identify and react to in a timely manner.
“It is crucial to attain executive level buy-in for cybersecurity. Without this, most cybersecurity programmes will not serve the purpose of the business. A company requires a solid security ecosystem to monitor their business and use it to identify risks as they unfold,” Choudhury said.
Choudhury also explained that one way for enterprises to ensure a solid security ecosystem is to invest in people, processes and technology. The other way is to achieve an enhanced level of cybersecurity by partnering with a service provider that provides a managed security service programme wherein organisations can get better visibility of the security threats that impact them and have predictable costs.
Lohrmann also highlighted that - unlike emergencies that are caused by natural disasters such as ice storms, hurricanes or tornadoes - a cyberdisruption can be difficult to predict and even harder to know when the attack has truly ended. The overall coordination of roles and responsibilities when responding to cyberemergencies remains a serious challenge for governments around the world. “The fact that over 80% of critical infrastructure is owned and operated by the private sector is also a complicating factor, requiring new types of coordination, information sharing and emergency management exercises,” Lohrmann furthered.
At GISEC, Lohrmann will also share several cyberdisruption response plans and examples as part of emergency management efforts being implemented by state governments in the U.S.A. As new efforts are continuously rolled out to address the growing regional cyberthreats, these examples and best practices can be further adopted to strengthen the emergency management plans of governments in the MENA region.
Furthermore, Lohrmann will conduct a training session about how to build a vigilant security culture within an organisation. This interactive session will centre on the impact of new cyberattacks, mobile malware, insider threats and online security challenges on business strategies.
As Chief Strategist & Chief Security Officer at Security Mentor Inc., Lohrmann has served global organisations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO) and Chief Technology Officer (CTO). He has also been named ‘CSO of the Year’, ‘Public Official of the Year’, and ‘Premier 100 IT Leader’ by Computerworld.
Aside from Lohrmann, other global visionaries speaking at the two-day conference include Steve Williamson, Director of IT Risk Management at GlaxoSmithhKline, UK, who will focus on unmasking the risks and threats lurking in the region’s cyber streets. He will be joined by Les Anderson, Vice President of Cyber at BT, who will share information on the threat landscape and future of hacking and Hani Nofal, Executive Director INS at GBM, UAE, who will tackle the evolving holistic concept of privacy, cyberlaw and data protection, among others.
Key sponsors of GISEC include BT Global Services as the Leader Sponsor; GBM and Spire Solutions as the Diamond Sponsor; CISCO as the Platinum Sponsors; and Etisalat and Paladion Networks, Palo Alto Networks and Fortinet as the Gold Sponsors; and Guidance Software and Paramount and Qualys as the Silver Sponsors. Key exhibitors also include Airwatch, Airbus Defence & Space, Neustar, Bit 9, Cyberroam, Splunk, Lancope, Mindware
Powered by GITEX TECHNOLOGY WEEK, the region’s leading technology event, GISEC and GEMEC are strictly trade-only events and are open to business and trade visitors from within the industry only. GISEC and GEMEC are open 10am-6pm from 26-28 April 2015 at Sheikh Rashid Hall at Dubai World Trade Centre. Visitor attendance is free of charge.