Connect with us


Riyadh Gets Ready for Black Hat MEA 2022



Black Hat is gearing up to bring together the top minds in information security to Riyadh this November, as part of an iconic 3-day event. Taking place from the 15 to 17 of November at the Riyadh Front Exhibition Center, Black Hat MEA is set to welcome 30,000 visitors to Riyadh, making it the largest cybersecurity event in the region while featuring the most powerful speaker lineup of any technology show in its first edition.

Following the success of @Hack, Black Hat MEA will host over 250 exhibitors and more than 200 speakers this year. The event will also host international tech giants including Cisco, IBM, Spire, Infoblox, and more. The event is the result of the partnership between the Saudi Federation of Cybersecurity, Programming, and Drones (SAFCSP) and Informa Markets, the largest events company in the world. This strategic partnership highlights the Kingdom’s investments and growth in cybersecurity and the digital space while being a testament to the adaptation of modern technology in the region.

“@hack set the bar for cybersecurity events across the region in 2021, surpassing our expectations across all measures. This success reflects Saudi’s position as a growing center of global cybersecurity excellence & the global ecosystem’s confidence and curiosity in what we are building from the grassroots up” said Faisal Al-Khamisi, Chairman, SAFCSP. “The credibility of evolving @hack to Black Hat MEA is a powerful indicator of our intentions within the cybersecurity space. This partnership will spark innovation, supercharge our capacity building and develop investment opportunities which we are excited to share with the world in November”

“IBM recently reported that a data breach in 2022 can cost a company an average of USD 4.35 million. This cost is at its all-time highest now and sits at a 12.7% increase from 2020. In today’s digitally powered world, this is an alarming situation for all of us, but especially for those who are not aware of nor possess the tools needed to protect their sensitive data. This is where Black Hat MEA comes in and cements its position as a must-attend event to generate awareness, create understanding around the importance of cybersecurity and educate on how to safely use tomorrow’s digital space to its maximum potential.”

Mike Champion, Regional Executive Vice President of Informa Markets, added: “Last year we launched the largest infosec show of 2021, worldwide. This year, it’s grown even more – more than 25,000 visitors have seen it with their own eyes, there’s now only one event that gives you so many elite hackers and CISO speakers, so large a community, such a variety of hacking tools, so much prize money, such a big buzz – and that’s Black Hat MEA in Riyadh.”

Event attendees will get the chance to hear testimonies about cybersecurity and its implications from an exciting line-up of world-renowned speakers from leading companies including CISOs of Equifax, Boom Supersonic, and Lufthansa; Jamil Farshchi, Chris Roberts, and Naby Diaw respectively, as well as Dr. Alissa Abdullah (Dr. Jay), Deputy Chief Security Officer, Mastercard, Ira Winkler, Chief Security Architect, Walmart and Timothy Brown, VP & Global Chief Information Security Officer, SolarWinds among others. The event will also welcome David Colombo, CEO of Colombo Technology, and the teen tech genius, the world-renowned cyber security expert who hacked into Tesla cars. The show will also be home to demonstrations and product launches of the latest cutting-edge security solutions, from across all areas of the industry including software, services, and training.

Black Hat MEA will also feature several different themes and tracks to cater to the diverse audience, including

  • Training – 23 bespoke training sessions by 30 Black Hat-approved trainers in a hands-on environment with training partners like Offensive Security, we45, Orange Cyberdefense and Madiant
  • Executive Summit: The exclusive conference with over 200 senior leaders in information security, including CISOs and senior decision makers in charge of influencing and implementing security strategies.
  • Arsenal – A developer space where the latest open-source tools and products are showcased by developers along with hands-on experience.
  • Briefings – Where infosec experts present research on industry trends, hacking tools, and security vulnerabilities.
  • Capture The Flag – a jeopardy-style hacking tournament for over 1,000 participants to enhance their ethical hacking skills at different difficulty levels for a SAR 700,000 prize fund.

Other competitions include the Bug Bounty Cup with a prize fund of SAR 300,000, a Start-Up competition where the top pitches present to seasoned judges, angel investors, tech experts, and government stakeholders for a cash prize of SAR 90,000. The event will also host a merchandise design competition for talented and unique digital artists who can create artwork exclusively for the Black Hat MEA Cyber Heroes. The winning design will also be printed as a limited collection.

Cyber Security

Dragos Participates in Global Security Forum in Riyadh



Dragos, Inc. announced that it participated in the Global Cybersecurity Forum, held in Riyadh recently. The two-day event attracted cybersecurity experts and leaders from all over the world. Ben Miller, who represented Dragos as its Vice President of Services, spoke on the concluding day of the forum, about the threat of supply chain and third-party attacks. In his session, titled, “Pervasive and Insecure,” he discussed supply chain risk in critical infrastructure, examining the complex reality of third-party and supply chain attacks and sharing perspectives on the unseen vulnerabilities and how to address them.

Miller highlighted the complex nature of supply chain attacks, which potentially contain widespread vulnerabilities in the OT and industrial control systems (ICS). He outlined Dragos’ specific focus on the Kingdom’s supply chain risk in critical infrastructure including refineries and water treatment plants, as “Energy and water are specific focuses of ours in the region as they are critical not just to the economy but also to every person who lives here,” he said.

Giving an outline of the Dragos plan to help organizations detect and respond to the threat challenges posed to critical infrastructure in Saudi Arabia, he said, “We need to focus on educating the workforce, building a new understanding of how OT is different from IT, and gaining visibility and insights into what is happening in our critical infrastructure.” OT cybersecurity is in many ways a new field, he said.

“We need to communicate the needs of OT security as right now the concern exists but the specific needs aren’t well understood by asset owners. They do understand that digital transformation is happening and they need to secure it. I would focus on this business case and speak to the need for OT-specific monitoring, defensible architectures, and OT-specific incident response plans,” the Dragos official said.

Miller said supply chain attacks in critical infrastructure are complex with many suppliers, vendors, integrators, and long lifecycles that measure in decades. Commenting on the need to build industrial cyber resilience to keep such threats in check, he said: “The first challenge in the OT space is gaining visibility into what assets one has. You can’t defend something if you don’t know it exists.”

When it comes to safeguarding cyberspace, he had a few words of advice for Saudi Arabia, “The Kingdom should realize the potential challenges as early as possible. Commending the country’s efforts in cybersecurity. Over the last few years, Saudi Arabia has focused heavily on cybersecurity by investing in key programs and events such as the Global Cybersecurity Forum. The Kingdom of Saudi Arabia has impressed many by taking one of the world’s leading positions in developing and maintaining a cyber ecosystem. Therefore, the Kingdom now has a vantage point to bridge global cyber divides and ensure that cybersecurity benefits all societies in the region.”

A global expert in industrial cybersecurity himself, Miller joined other renowned thought leaders in the field, including Dr. Albert Antwi-Boasiako, Directory-General of the Cyber Security Authority, Ghana; Mary O’Brien, General Manager, IBM Security; Lothar Renner from Cisco Security; and Dr. Victoria Coates, Former Senior Advisor to the US Secretary of Energy.

Continue Reading


Arab International Cybersecurity Summit to be Held in Bahrain on December 6, 2022



The organisers of the Arab International Cybersecurity Summit (AICS) have announced that the event will be held from December 6 to December 8 at Exhibition World Bahrain. Co-hosted by the National Cyber Security Centre and held under the patronage of His Royal Highness Prince Salman bin Hamad Al Khalifa, Crown Prince, Deputy Supreme Commander, and Prime Minister of the Kingdom of Bahrain, AICS represents the region’s highest level of engagement, bringing together experts from government, industry, and business verticals including BFSI, oil and gas, energy, utilities, IT and telecommunications, manufacturing, education, and more.

The Summit’s three-day Cyber Leaders Forum, which has attracted decision-makers from across Europe, the USA, the UK, Asia, the Baltics, and the Middle East, will look to reframe the region’s Cyber Security Leadership landscape with His Excellency Dr Mohamed Al Kuwaiti, Managing Director of the National Data Centre under the UAE’s Supreme Council for National Security, expected to call for supercharged collaboration in his regional keynote address.

“With the cost of cybersecurity incidents in the Middle East reaching a new high of $6.93 million per data breach — significantly higher than the global average cost of $4.24 million per incident – it’s time to question whether we move the action dial from defence to offence,” he said.  “With cooperation at the heart of the ACIS theme, we need to explore the best practice and importance of working together as a regional team to develop strategies to quickly evolve our security space to address the pressing concerns of today and for years to come.”

With the guidance and expertise of Dr Jassim Haji, President of the AI Society, delegates will also explore whether the increasing adoption of Artificial Intelligence is fuelling cybersecurity breaches. “With almost all aspects of the industry now utilising the power of AI, there is a pressing need and demand for AI-driven tools to combat AI-driven attacks. This conference will help us better understand the aspects of AI and machine learning, which could be hijacked for the cyber-attacks of the future,” he explained.

The Forum will also look to explore how to change industry attitudes towards cybersecurity. Roshdi Osman, Cybersecurity Strategist of Saudi Aramco, will help delegates scrutinise the rationale for establishing a business enabler risk-based cybersecurity programme. “Nowadays, there are more devices than humans and hackers are getting more creative, making it difficult to implement efficient cybersecurity measures,” he said.

And as the Arab World increasingly regulates personal data use, the Forum will drill down into the role of regulations in safeguarding data, privacy, and security with the help of Karolina Mojzesowicz, Deputy Head of Unit Data Protection, European Commission. “With all services moving to the cloud, it is the role of regulations to ensure that citizens’ data is safe and secure, and regulators must always be mindful while drafting laws that they need to focus on ensuring data processing is lawful, fair, and transparent to the data subject,” she said.

The dilemma of talent gaps in the cybersecurity sector will also come under the Forum’s microscope with Dr. Viktor Polic, Chief Information Security Officer of the International Labour Organisation, looking to guide leaders along the pathway to talent development and upskilling. “The current cybersecurity skill and capability gaps constitute a systemic vulnerability in the world’s cyber resiliency. To solve this and create a robust digital economy system, it will be essential to create an inclusive cybersecurity workforce,” he said.

The Forum will also feature virtual sessions from headline speakers Steve Wozniak, the co-founder of Apple, and Marc Randolph, co-founder and former CEO of Netflix. Complemented by a Block Stage platform to probe technical aspects of specific topics, Room 42 will host specific executive and technical sessions through table-top exercises, simulation games and live demos, including the use of a Velociraptor, an advanced digital forensic and incident response tool that can perform targeted gathering of digital forensic evidence, to triage hosts on a network.

The Hack Arena activation zone will be running a ‘Capture the Flag’ team competition on ethical hacking and cyber awareness. Consisting of 125 multi-disciplinary cybersecurity challenges, the competition is designed to test the users’ capability across the entire spectrum of cybersecurity skills. There will be a prize for the winning team, and all participants will be awarded a certificate of attendance and a personalised breakdown of their progress and achievements.

Trying to drive the importance of good internet habits, there will also be a cyber hackathon for university students, and a cyber scavenger hunt for high school students. The summit is set to host some of the industry’s leading industry players, such as Forcepoint, Kaspersky, Axonious, Veritas, CISCO ACME, Beyon Cyber, stc, ReSecurity, Waterfall, NGN International, Interpol, Micro Focus, and more. AICS is jointly organised by Messe Frankfurt Middle East and Bahraini event specialists Faalyat WLL and enjoys the support of Bahrain’s Ministry of Interior, the Bahrain Economic Development Board, and the Central Bank of Bahrain. The event is sponsored by Benefit, Waterfall, NGN International and STC.

Continue Reading

Black Hat MEA

Cybersecurity Experts Warn “Everything is Vulnerable” to Hackers



As the world becomes increasingly reliant on the Internet of Things (IoT) and digital services, so too must step be taken to minimize the vulnerabilities that allow hackers to take advantage, visitors to day two of Black Hat MEA were told. The world is rapidly shifting towards a digital future as everything from banking to health services, agriculture and vehicles become more reliant on the Cloud and other IoT services. This brings a variety of benefits including convenience, flexibility, and ease of use. However, this also provides cybercriminals with far more vulnerabilities they can exploit to steal sensitive data, commit fraud, and more.

The second day of Black Hat MEA took the attendance since the start of the event to 20,000 and saw experts highlight threats while providing solutions that can be implemented to protect organizations and individuals from harm. Dr. Alissa ‘Dr. Jay’ Abdullah, Deputy Chief Security Officer at Mastercard highlighted the key areas of risk during a session related to mitigating cyber risks, focusing on technology, tactics, and talent. She mentioned, “Evolution is key, and we need to keep up with the pace of technology and evolve our infrastructure.” She also noted key tactics used by adversaries such as MFA (Multi-factor authentication) fatigue and the mimicking of user voice patterns, while highlighting the importance of upscaling talent, to build a more robust organization.

Caleb Sima, Chief Security Officer, Robinhood, hosted a session titled ‘Assume Breach’, with a key focus on a company’s crown jewels and how to protect them from hacking threats. “Crown jewels are anything that an attacker can take with them, including customer or employee data, tokens, and keys or even systems to modify financial transactions without repercussions.” He highlighted that much like our physical health; safety hygiene is key for any company.

During a panel discussion focused on the global laws related to the regulation, collection, use, retention, and disposal of personal information, Zaki Abbas, Chief Information Security Officer, Brookfield Asset Management said: “While it’s not exciting, data regulations play an important part and helps security programs mature. 70 percent of the world has some sort of data security regulation or legislation implemented.” Vikas Yadav, Chief Security Officer, Nyka, continued: “On a global scale a unified framework for compliance and fundamentals of privacy is the key to data protection. However, it should be implemented with customer trust at the heart of it all.” The panel also included Flavio Aggio, and Jon Staniforth, the Chief Information Security Officers of the World Health Organization (WHO) and Royal Mail respectively, and was moderated by Jaya Baloo, Chief Information Security Officer of Avast.

Taking a unique spin on things, Chris Roberts, Chief Information Security Officer, Boom Supersonic, showcased how connected livestock management and tracking platforms can be hijacked, referring to a previous experiment he had conducted. The session showed how data can be manipulated on platforms that use GPS trackers to show a completely different location, which in this case ‘relocated’ the camels from Riyadh’s deserts to snow-capped regions in Mongolia. “Our digital and physical worlds are colliding, and what you see isn’t always what you get. It is important to have a physical presence and not always depend on the digital,” said Roberts.

During the event, hacking experts showcased vulnerabilities in today’s connected environment where we are surrounded by connected devices including electric cars such as a Tesla. The demonstration showed that is possible to exploit system vulnerabilities where the car’s functions could be controlled remotely including lights, doors, and even the onboard infotainment systems. The three-day conference concludes on 17 November at the Riyadh Front Exhibition Center and features more than 250 exhibitors and over 200 speakers this year. It features international tech giants such as Cisco, IBM, Spire, Infoblox, and others that have a significant presence showcasing new technology and services.

The event was organized as part of a strategic partnership between Informa Markets, the largest events company in the world, and the Saudi Federation for Cybersecurity, Programming and Drones (SAFCSP) to highlight the Kingdom’s investments and growth in cybersecurity and the digital space.

Continue Reading

Follow Us


Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.