As the international cybersecurity community gears up for GISEC – the Middle East and Africa’s largest and most impactful cybersecurity super-connector that will take place from 23 to 25 April at Dubai World Trade Centre – experts are weighing in on the dramatic evolution of data breaches, and how companies and governments can join forces to strengthen global cyber-resilience.

In the Middle East specifically, oil and gas operations, government entities, and financial institutions have been most affected and continue to emerge as key targets for data breaches. Globally, over 30 billion known records have been breached so far in 2024 – accounting for more than 5,000 publicly disclosed incidents – according to the UK-based market consultancy, IT Governance.

With each breach, comes a cost, and these continue to rise year-on-year as new attack methods, new vulnerabilities, and new risks appear. IBM’s ‘Cost of a Data Breach Report 2023’ reflects an upward trend in data breach costs, with the average breach in 2023 accounting for US$4.45 million – a 2.3 per cent increase from 2022.

The increase in record breaches around the world, and the associated costs, reflect a gap between rapidly evolving malicious malware and companies’ readiness to avert emerging incidents. GISEC Global experts will address the impact of this gap at GISEC’s main stage, bringing their unique insights and expertise to the table.

Saiful Islam, Chief Information Security Officer at Dhaka Bank in Bangladesh

With a storied career spanning over 15 years in IT and Information Security in financial sectors, Saiful Islam, Chief Information Security Officer at Dhaka Bank in Bangladesh, identifies a glaring inadequacy on the private sector’s part. “Despite heightened awareness and investment in cybersecurity measures, this surge [in breaches] indicates systemic and persistent vulnerabilities,” said Islam, who will be speaking on GISEC Global’s main stage on the 25th of April as one of the 350-plus international speakers joining the 13th edition of the show.

“It underscores the urgent need for organisations to reassess their cybersecurity strategies, fortify defences, and prioritise proactive measures such as robust assessments, employee training, continuous improvement, and clear incident response plans. Failure to address these deficiencies could result in severe consequences, including financial loss, reputational damage, and regulatory repercussions,” he warned.

Charles Brooks, President of Brooks Consulting International and Adjunct Professor at Georgetown University in Washington, D.C., will be speaking on the main stage of GISEC Global on the 23rd of April, echoed a similar concern, “Every year, cyberattacks cost businesses more money and occur in greater numbers. Despite the increasing frequency, sophistication, lethality, and liabilities linked to intrusions, industrial management has mostly lacked the necessary preparation and has moved slowly to strengthen cybersecurity. The underlying line is that corporate cybersecurity and the C-Suite need to shift from a passive to a prepared posture.”

According to both experts, government and enterprise efforts in cybersecurity have largely focused on responding to the most recent breach or threat, meaning that defenders were usually always one step behind attackers. “We’ve seen organisations increasingly choose to pay off ransomware attacks as they struggle to keep up with new threats and advances in AI-assisted intrusions,” said Oren Maguid, Regional VP for MEA, APAC, and ANZ at Votiro, a Zero Trust Content Security Company and one of the 750 exhibiting brands from around 130 countries who are participating at GISEC Global 2024 taking place at Dubai World Trade Centre.

Oren Maguid, Regional VP for MEA, APAC, and ANZ at Votiro

“Without proper threat prevention in place, these attacks will only become more common and demand more time and money from already-strained enterprises. Organisations waiting for their endpoint to be breached and mitigating the damage after are using a reactive approach that leaves IT teams scrambling to keep up as attacks become faster and more sophisticated,” Maguid concluded.

The recent news around the existence of a ‘Mother of All Breaches’ (MOAB) file – which allegedly contains 1.2 terabytes and over 3,800 files of data, including personal information and credentials from over 26 billion records – was especially alarming to the international cybersecurity community. While industry experts have long said that a centralised data leak was inevitable, it doesn’t have to be unavoidable. Governments play a crucial role in establishing and enforcing regulations and standards to safeguard citizens’ data privacy and have a responsibility to address the escalating landscape of data breaches.

“The fact is, just as businesses are the custodians of consumer data, governments must act as responsible stewards by enforcing regulations that ensure the proper steps to privacy security are not overlooked. This commitment to data security is not just a legal obligation but also a crucial aspect of maintaining consumer trust and business integrity,” Maguid said. Brooks agreed, “The private sector, which manages much of the vital infrastructure, needs to receive more threat intelligence and cybersecurity tools from the government. Most businesses just lack the security knowledge and resources necessary to counter the kinds of threats coming from state actors.”

To combat evolving threats and malicious malware, public and private partnerships will require intense coordination. A careful allocation of resources and thorough design of resiliency strategies, paired with investment into developing technologies and information exchange, can bring businesses access to national security-tested procedures and tried-and-true methods of risk management.

Of particular interest to governments and enterprises seeking to strengthen their cybersecurity posture is the rise of Artificial Intelligence (AI) and Machine Learning (ML), both of which are poised to revolutionise defence strategies for organisations and individuals alike. “AI-powered tools can analyse vast amounts of data in real-time, enabling swift detection and response to cyber threats,” said Islam. “These systems can identify anomalous patterns indicative of potential attacks, enhancing proactive threat prevention measures. AI can also augment human capabilities by automating routine tasks such as patch management and malware detection, freeing up cybersecurity professionals to focus more on strategic initiatives.”

Because of its adaptive nature, which enables it to learn and evolve, AI is increasingly able to stay ahead of sophisticated cyber threats – setting it apart as an especially promising solution to bolstering cybersecurity defences. Quantum computing is equally as impressive, powering problem-solving with previously unheard-of processing speeds and predictive analytics. According to Brooks, the adoption of both AI and quantum computing should be handled with caution, as both carry the potential to cause harm when used improperly.

“The downside of AI is that it can be used for evil. Malicious AI can be used by criminal business actors to conceal malware in commonly downloaded programmes and can launch covert attacks that adapt to an organisation’s security environment through complex system maintenance,” he said. “Quantum computing, like AI, carries serious hazards. There are significant concerns associated with both the rapid development of the technology and the primary risks that these systems will enable.”

Despite the challenges facing the future of cybersecurity, like-minded professionals are eager to come together and strengthen the global industry’s approach to data protection and threat repulsion. Votiro, the company that Maguid helps spearhead, provides companies with Zero Trust services, which assume that all incoming files or content contain malware. By preventing both known and unknown threats from entering the organisation, the solution proactively stops malware in its tracks before it reaches an endpoint – entirely removing the need for breach mitigation and, by better-preparing response teams, greatly reducing the time it takes to get back on track following an organisational breach.

At GISEC Global, the international cybersecurity community will converge to share knowledge, showcase emerging solutions, and address relevant trends impacting the industry’s daily operations. With increasingly complex cyber threats, the widespread accessibility of AI, and an under-prepared corporate landscape, there is room to improve traditional approaches to data security and breach prevention.

“Security breaches can and will occur,” said Brooks. “And continuity depends on remediation. Effective cyber threat repercussion strategies primarily focus on risk reduction and incident handling – businesses and governments must stay informed about how the danger landscape is changing if they are to prepare for any eventuality.”

In 2023, the United Arab Emirates (UAE) actively repelled more than 50,000 cyberattacks daily, according to the UAE Cybersecurity Council. In the first three quarters of the same year, the country successfully prevented over 71 million attempted attacks in total. These findings, highlighted in a report from analysts Frost & Sullivan (F&S), show the exponential growth of the region’s cybersecurity landscape – and serve as a sobering reminder of the rising threats that accompany it.

Bashar Bashaireh, Managing Director of Cloudflare

As the GCC (Gulf Cooperation Council) cybersecurity industry continues to grow – with F&S estimating it to triple in value by 2030 to reach $13.4 billion – countries like the UAE and Saudi Arabia continue to reduce their dependence on oil exports and are instead opting for digital tools and technologies.

This shift in economic agenda has made businesses increasingly prone to escalating cyber threats, with regional geopolitical instability further driving vulnerability across key sectors. The detailed report, titled ‘Middle East Cybersecurity: Exploring the Middle East Cybersecurity Market Potential’, was released ahead of GISEC Global 2024 – the Middle East and Africa’s largest and most impactful cybersecurity super-connector, which returns to Dubai World Trade Centre from 23-25 April. In collaboration with Frost & Sullivan, it aims to identify the challenges and opportunities facing the region’s expanding industry.

In the UAE and Saudi Arabia, specifically, there has been a dramatic uptick in the adoption of technology across the finance, healthcare, and manufacturing sectors, further boosting the need for cybersecurity and robust regulatory frameworks. Contributing to the existing challenges with increased reliance on technology are issues around awareness and a scarcity of skilled professionals, as well as a lack of clarity among businesses regarding proactively combating cyberattacks.

Kenneth D’Souza, Marketing Manager of Spire Solutions

In response to these industry-wide shortcomings, and as the region continues to navigate the global overhaul of technology, countries in the Middle East are taking measurable steps to enhance their cybersecurity posture. Setting up cyber-specific departments and innovation centres, driving awareness through educational campaigns and training programmes, and promoting entrepreneurship through cybersecurity conferences are just some of the ways that the region is equipping the next generation and bridging the existing skills gap.

In fact, as per the ITU Global Cybersecurity Index 2020 highlighted in the report, Saudi Arabia has ranked second, and the UAE fifth, among 194 participating countries, indicating that both countries have taken extensive measures in terms of regulatory approaches. As a result, they have become destinations of choice for academics, businesses, research, and innovation, with the UAE government launching the first national Cyber Pulse Innovation Centre aimed at upskilling professionals at Abu Dhabi Polytechnic.

Saudi Arabia, the UAE, and Bahrain have also established the National Cybersecurity Authority, the National Electronic Security Authority, and the National Cybersecurity Centre, respectively, to oversee ongoing industry efforts. Parminder Kaur, Director and Head of Security Advisory, MEASA, Frost & Sullivan, said, “Compliance and regulation remain the strongest multipliers for cybersecurity growth. The proliferation of technology has greatly increased organisational exposure to complex cyber risks, while the surge in e-commerce and digital banking across the Middle East has generated a heightened need for security. As a nerve centre for the oil and gas industry – as well as several large financial institutions and fintech startups – the region is fast becoming a preferred provider of next-gen cybersecurity products and services worldwide, requiring a stringent approach to cybersecurity solutions that protect both financial dealings and personal data.”

Parminder Kaur, Director and Head of Security Advisory, MEASA, Frost & Sullivan

As the Middle East continues to develop a robust cybersecurity infrastructure and economy, it remains one of the most promising global regions for industry growth; its commitment to regulation, cybersecurity training, and supply chain security set it apart as an industry leader with an ambitious vision to integrate technologies and meet evolving client needs. Organised by DWTC and hosted by the UAE Cyber Security Council, the upcoming GISEC Global 2024 exhibition is a testament to the UAE’s prioritisation of collaboration, innovation, and talent development.

“GISEC is the ultimate cybersecurity event in the region,” said Bashar Bashaireh, Managing Director of Cloudflare, which is set to participate in the exhibition for the third time. “GISEC is the ideal place to meet present and future customers and partners and engage in new conversations around cybersecurity with relevant audiences. “We are in a very dynamic and innovation-hungry region and are witnessing an increase in cybersecurity awareness and leadership across the UAE, Saudi Arabia, Bahrain, Qatar, and Oman. Organisations will need to accelerate their digital transformations and undergo modernisation efforts through the adoption of technologies that can counter increasingly sophisticated cyberattack attempts.”

Spire Solutions, a proud partner of GISEC since its inception, will also be attending the super-connector event with one of the largest stands in the exhibition. Kenneth D’Souza, Marketing Manager of Spire Solutions, commented on current industry conditions, saying, “The GCC cybersecurity market is poised for growth, with areas such as identity access, IoT, and cloud security – which were merely debated earlier – have developed into major challenge areas for organizations across the region. Several Middle Eastern countries, most notably the UAE and Saudi Arabia, are at the forefront of achieving their cybersecurity objectives. Bolstered by government initiatives and massive awareness for a safer digital expansion, organizations in the region are investing heavily in cybersecurity measures to establish efficient, measurable, and sustainable business frameworks.”

GISEC Global 2024 will welcome over 20,000 visitors and 750 of the world’s foremost exhibiting companies, such as Huawei, Honeywell, du, Microsoft, Google Cloud Security, Kaspersky, Cloudflare, Qualys, Spire Solutions, and Pentera. More than 350 global cybersecurity speakers, and over 1,000 ethical hackers from 130-plus countries will come together at the 13th edition of the Middle East and Africa’s largest and most impactful cybersecurity event.

CyberKnight has announced its participation as a Premier Sponsor at the Gartner Security and Risk Management Summit in Dubai on February 12-13. The company’s participation underscores its commitment to advancing cybersecurity practices and fostering awareness around the critical paradigm of Zero Trust. During the Summit, CyberKnight will emphasize the significance of adopting a comprehensive Zero Trust Security approach in tackling cybersecurity challenges faced by IT security leaders.

At the Gartner Security and Risk Management Summit, CyberKnight will be joined by:

• Checkmarx: Industry’s Most Comprehensive AppSec Platform
• Xage: Identity-Based ZTNA for Critical Infrastructure
• Group-IB: Fraud Detection, ASM, DRP, Threat Intelligence & DFIR

“Our Theme for this year’s participation at Gartner SRM is “Elevating Cyber Resilience with Zero Trust Security”. In the face of escalating cyber threats, our Zero Trust Security approach stands as a beacon, guiding organizations toward a robust cybersecurity posture. Our Zero Trust Security methodology is more than a framework; it’s a transformative journey towards resilience: we believe in empowering businesses with the knowledge and tools needed to proactively defend against the ever-evolving threat landscape,” commented Avinash Advani, the Founder and CEO at CyberKnight.

“As a trusted advisor to enterprise and government organizations across the region, CyberKnight remains committed to contributing to the growth of regional cybersecurity capacity and resilience. Sponsoring Gartner SRM, one of the most reputable IT Security events in the Middle East covering key topics that matter most to security leaders, is not just an opportunity to showcase our innovations but also a commitment to collaborative efforts aimed at building a more secure digital ecosystem in the Middle East,” added Olesya Pavlova, CMO at CyberKnight.