Black Hat MEA
Cybersecurity Experts Warn “Everything is Vulnerable” to Hackers
As the world becomes increasingly reliant on the Internet of Things (IoT) and digital services, so too must step be taken to minimize the vulnerabilities that allow hackers to take advantage, visitors to day two of Black Hat MEA were told. The world is rapidly shifting towards a digital future as everything from banking to health services, agriculture and vehicles become more reliant on the Cloud and other IoT services. This brings a variety of benefits including convenience, flexibility, and ease of use. However, this also provides cybercriminals with far more vulnerabilities they can exploit to steal sensitive data, commit fraud, and more.
The second day of Black Hat MEA took the attendance since the start of the event to 20,000 and saw experts highlight threats while providing solutions that can be implemented to protect organizations and individuals from harm. Dr. Alissa ‘Dr. Jay’ Abdullah, Deputy Chief Security Officer at Mastercard highlighted the key areas of risk during a session related to mitigating cyber risks, focusing on technology, tactics, and talent. She mentioned, “Evolution is key, and we need to keep up with the pace of technology and evolve our infrastructure.” She also noted key tactics used by adversaries such as MFA (Multi-factor authentication) fatigue and the mimicking of user voice patterns, while highlighting the importance of upscaling talent, to build a more robust organization.
Caleb Sima, Chief Security Officer, Robinhood, hosted a session titled ‘Assume Breach’, with a key focus on a company’s crown jewels and how to protect them from hacking threats. “Crown jewels are anything that an attacker can take with them, including customer or employee data, tokens, and keys or even systems to modify financial transactions without repercussions.” He highlighted that much like our physical health; safety hygiene is key for any company.
During a panel discussion focused on the global laws related to the regulation, collection, use, retention, and disposal of personal information, Zaki Abbas, Chief Information Security Officer, Brookfield Asset Management said: “While it’s not exciting, data regulations play an important part and helps security programs mature. 70 percent of the world has some sort of data security regulation or legislation implemented.” Vikas Yadav, Chief Security Officer, Nyka, continued: “On a global scale a unified framework for compliance and fundamentals of privacy is the key to data protection. However, it should be implemented with customer trust at the heart of it all.” The panel also included Flavio Aggio, and Jon Staniforth, the Chief Information Security Officers of the World Health Organization (WHO) and Royal Mail respectively, and was moderated by Jaya Baloo, Chief Information Security Officer of Avast.
Taking a unique spin on things, Chris Roberts, Chief Information Security Officer, Boom Supersonic, showcased how connected livestock management and tracking platforms can be hijacked, referring to a previous experiment he had conducted. The session showed how data can be manipulated on platforms that use GPS trackers to show a completely different location, which in this case ‘relocated’ the camels from Riyadh’s deserts to snow-capped regions in Mongolia. “Our digital and physical worlds are colliding, and what you see isn’t always what you get. It is important to have a physical presence and not always depend on the digital,” said Roberts.
During the event, hacking experts showcased vulnerabilities in today’s connected environment where we are surrounded by connected devices including electric cars such as a Tesla. The demonstration showed that is possible to exploit system vulnerabilities where the car’s functions could be controlled remotely including lights, doors, and even the onboard infotainment systems. The three-day conference concludes on 17 November at the Riyadh Front Exhibition Center and features more than 250 exhibitors and over 200 speakers this year. It features international tech giants such as Cisco, IBM, Spire, Infoblox, and others that have a significant presence showcasing new technology and services.
The event was organized as part of a strategic partnership between Informa Markets, the largest events company in the world, and the Saudi Federation for Cybersecurity, Programming and Drones (SAFCSP) to highlight the Kingdom’s investments and growth in cybersecurity and the digital space.
Black Hat MEA
Phosphorus Cybersecurity to Partner with Cyberani for Black Hat MEA 2024
Osama Al-Zoubi, the Vice President of Phosphorus Cybersecurity, says over the next year, we will see more sophisticated OT-focused malware (more…)
Black Hat MEA
Black Hat MEA 2024 Expects to Host Over 40,000 Cybersecurity Professionals
The highly anticipated Black Hat MEA officially opened its doors yesterday in Saudi Arabia, marking a global record as the largest cybersecurity expo by space with an overall floor space of over 53,000 square meters. Running from November 26-28 at the Riyadh Exhibition and Convention Centre in Malham, the three-day mega-event launched with an engaging Executive Summit addressing critical topics such as the transformative impact of AI on cybersecurity, the rapidly shifting cyber threat landscape, and the challenges of hacking in outer space.
The opening ceremony was officially inaugurated by His Excellency Eng. Faisal Al-Khamisi, the Chairman of the Saudi Federation for Cybersecurity, Programming & Drones. In his opening remarks, Al-Khamisi underscored the event’s growth and importance.
“We take great pride in announcing that Black Hat MEA has officially become the world’s largest cybersecurity event by area, reflecting its remarkable growth and global stature,” he said. “Four years ago, we demonstrated the readiness of the Saudi market with the inaugural edition, and by Black Hat MEA 2023, it had grown to become the most-attended cybersecurity event globally. Over the next three days, attendees will experience a truly unique event featuring more than 350 speakers, 450 exhibiting companies, and participation in 10 diverse features.”
Black Hat MEA 2024 promises to set a new benchmark for innovation, collaboration, and knowledge-sharing within the global cybersecurity community. Opening the Executive Summit was Kirsten Davies, Founder and CEO of the Institute for Cyber Civics, who conducted a session called ‘Guarding the Ballot’. Davies said that while there were enormous measures for securing the votes in the ballots, there were still quite a few cybersecurity headlines.
“We had issues in software systems with duplication ballots, where the registrations hadn’t been cleaned up before election day, meaning there were people voting who shouldn’t have been eligible to,” she said. “In some states, there were even cases where thousands of votes had no signatures or ID attached to them.
“As an industry, we are charged with protecting the most sensitive and critical data, and even in the most sacred parts of our governments and election processes, we need to be unafraid to look where the gaps are, where we should be doing risk analysis. With the adoption of artificial intelligence in its many forms, we could see the use of blockchain when it comes to voting, whether we want to transition to a fully digital platform or use mobile phone face scans to verify the ID of said voter.”
Discussing the complexities of cybersecurity and its multifaceted domain involving systems, people, and processes, Gary Hayslip, CISO at Softbank Advisors, highlighted the importance of understanding a company’s purpose, data usage, and stakeholder relationships to build resilient security programs. Hayslip shared his experiences from various roles, including the US Navy, the City of San Diego, Webroot, and Softbank Investment Advisors, detailing how he adapted different frameworks to fit each organization’s culture and needs.
“When I left the federal government and joined the city of San Diego as their first CISO, what was unique in this environment was the sheer scale of smart city projects and networks sprawling across the city, supplying services to over four million citizens,” Hayslip said. “When I first started, no one had any idea what a framework or system was, but they just knew they needed someone to manage everything. “Even though we were handling things such as credit card transactions, what I learned pretty quickly was that it was all about relationships.
Many of the stakeholders had known each other for years, so it was extremely important for me to take – what I call – the ‘fish taco’ approach, which is to invite them for lunch and get an understanding of their needs. I faced a lot of pushback, but occasionally, I would find someone who would be willing to take my help and do a project together, finding my champions. Once you do a few assessments around baseline risk and results start to show, that’s when things start to happen, and the net gets cast wider.”
In an insightful and slightly terrifying session surrounding deepfakes and the impact of such malicious AI attacks, Bilal Baig, Technical Director, Mediterranean, Middle East, and Africa, for Trend Micro, pondered how it is possible to keep up with what is happening with so much data, AI systems, and models being created and circulated. “The current threat landscape can be divided into three factors: Ransomware, data theft, and phishing. We have platforms such as YouTube, which are the perfect places for bad actors to use AI programs to scan the faces of a CEO or Chief Legal Officer [CLO] in videos, which are then used as tools to gain valuable company information,” said Baig.
“We have seen instances where a targeted email is sent to an employee requesting a Zoom call with the CEO and CLO, and the deepfake video is played during the call requesting the employee to upload sensitive financial company information ahead of a last-minute and important meeting with a client or government partner. To the untrained eye, it is hard to tell the difference, and these types of attacks work all the time.”
Day One of Black Hat MEA also heard from cybersecurity expert Umar Khan, who shed light on hacking satellites, rockets, and more at the Executive Summit. Khan, who is Chief Information Officer and Senior Vice President at Relativity Space, has worked with industry giants such as SpaceX and MaxLinear and highlighted the different components of satellites and rockets, explaining how they function and communicate. Highlighting the increasing accessibility of information due to the use of commercially available parts and open-source software, Khan argued how this public access has fed into new attack vectors for malicious actors.
“Satellites are no longer these mysterious black boxes,” Khan said. “Many are built with components we already know, such as smartphone processors and Linux operating systems. This makes it easier than ever for attackers to exploit weaknesses in the software and hardware. The rise of low-cost ground station technology means anyone with a US$35 software-defined radio and an internet connection can potentially eavesdrop on satellite communications or even take control of a spacecraft.” Khan concluded his session with a call to action for the cybersecurity community, emphasising the urgent need for secure-by-design principles in space systems, regular vulnerability scanning, and robust incident response plans.
“The resounding success of the first day of Black Hat MEA has surpassed all expectations. The energy, innovation, and collaboration on display have set a powerful tone for the days ahead,” said Annabelle Mander, Senior Vice President of Tahaluf. “It’s enlightening to see industry leaders, experts, and enthusiasts come together to address today’s most pressing cybersecurity challenges while shaping the future of digital resilience. This is more than an event – it’s a movement towards a safer, more connected world.”
Black Hat MEA
Axidian Unveils Advanced Identity Security Solutions at Black Hat MEA 2024
Axidian is set to showcase its innovative product portfolio at Black Hat Middle East & Africa (MEA) 2024, taking place in Riyadh, Saudi Arabia. The company will introduce its flagship product for 2025, Axidian Shield, an advanced Identity Threat Detection and Response (ITDR) solution, alongside its other solutions including Privileged Access Management (PAM), Identity and Access Management (IAM), and Public Key Infrastructure (PKI) management.
Axidian will be exhibiting at booth number H2.H31 at Black Hat MEA, and its participation comes as Saudi Arabia accelerates its digital transformation, with rapid advancements in technology driven by the country’s Vision 2030 initiative. As organizations in Saudi Arabia adopt new technologies, maintaining robust IT security has become critical.
Axidian views Black Hat MEA as a pivotal platform for advancing innovation within Saudi Arabia’s tech industry. The event not only raises awareness of modern security solutions but also encourages local organizations to adopt the latest technologies, ultimately fostering a culture of cybersecurity excellence and innovation in the Kingdom.
“Black Hat MEA plays a key role in driving the adoption of progressive security tools in Saudi Arabia. It’s an excellent forum for showcasing advanced technologies and building partnerships that contribute to the growth of the local tech ecosystem. We are proud to contribute to the country’s growing cybersecurity landscape and support the Kingdom’s Vision 2030 goals”, Georgy Ovanesyan, CEO of Axidian, highlighted.
Axidian is committed to expanding its footprint in Saudi Arabia and aligning with the country’s long-term technological goals. The company is already working with leading organizations across the Kingdom, providing tailored identity security solutions that meet local regulatory requirements and business needs. Axidian plans to establish a branch in Saudi Arabia, reinforcing its dedication to local business development and expanding its network of partners. Axidian is focused on supporting Saudi Arabia’s Vision 2030 and its aspirations to become a global leader in technology and innovation.
The vision shared by Axidian’s CEO, Georgy Ovanesyan, “As Saudi Arabia continues to evolve as a global tech hub, organizations must stay vigilant in the face of increasing cybersecurity threats. At Axidian, we specialize in identity security, and our participation at Black Hat MEA allows us to demonstrate how our solutions help businesses mitigate these risks. We are especially excited to unveil Axidian Shield, a pioneering Identity Threat Detection and Response (ITDR) solution, which is poised to transform the way organizations protect user identities. Another thing that we observe in the region and the industry is that having a reliable product or the most advanced technology is vital but it is not enough. That is why Axidian provides training, consulting, implementation and support as a part of our recent initiative called Axidian Academy. We understand that to use the product efficiently organisations have to create the infrastructure for it, implement it and support it.”
The launch of Axidian Shield marks a major milestone for the company as it expands its presence in the Middle East, a region that is experiencing significant growth in the cybersecurity sector. With its ability to detect and respond to credential-related attacks, adaptive multi-factor authentication (MFA), and enhanced protection beyond traditional MFA methods, Axidian Shield is designed to integrate seamlessly into existing infrastructures while minimizing disruptions to business processes.
At the event, Axidian will also showcase its thought leadership with daily presentations at its booth (Stand # H2.H31). Key spokespeople, including Georgy Ovanesyan (CEO), Anna Surovova (Head of Global Sales and Partnerships), and Kirill Bondarenko (Regional Sales Director), will present insights on global and regional trends in cybersecurity, the importance of identity security, and the evolving threat landscape. These presentations aim to provide attendees with a deeper understanding of the challenges organizations face and how Axidian’s solutions can help mitigate those risks.
In addition to product showcases and presentations, Axidian is using the event as an opportunity to expand its network of strategic partnerships. The company is engaging with potential partners to strengthen its regional presence and explore new collaborations, furthering its commitment to supporting cybersecurity initiatives across the Middle East. As a global company based in UAE Axidian is growing its footprint not just in its local region but also globally. The company has surpassed 150 partners across 25 countries, serving over 100 customers in sectors including banking, government, telecommunications, IT, and more.
-
Cyber Security5 days ago
Positive Technologies and MCS Join Forces as MEA Cyber Threats Surge
-
Cyber Security5 days ago
ESET Unveils Security Integrations with Major Vendors
-
Expert Speak5 days ago
Advanced Cyberthreats Targeting Holiday Shoppers, Says Fortinet
-
Cyber Security2 days ago
OPSWAT and TCC Partner to Secure Saudi Arabia’s Critical Infrastructure
-
News2 days ago
Tenable Forecasts Cloud Data Security to Lead as AI Accelerates in 2025
-
Cyber Security1 day ago
Here’s How Smart Devices are Eroding Privacy and Security
-
Market Research18 hours ago
AI to Power Over Half of Cyberattack Techniques Soon, Says Positive Technologies
-
News1 day ago
NetApp Names Suhail Hasanain Regional Senior Director for MEA