Osama Al-Zoubi, the Vice President of Phosphorus Cybersecurity, says over the next year, we will see more sophisticated OT-focused malware (more…)

The highly anticipated Black Hat MEA officially opened its doors yesterday in Saudi Arabia, marking a global record as the largest cybersecurity expo by space with an overall floor space of over 53,000 square meters. Running from November 26-28 at the Riyadh Exhibition and Convention Centre in Malham, the three-day mega-event launched with an engaging Executive Summit addressing critical topics such as the transformative impact of AI on cybersecurity, the rapidly shifting cyber threat landscape, and the challenges of hacking in outer space.

The opening ceremony was officially inaugurated by His Excellency Eng. Faisal Al-Khamisi, the Chairman of the Saudi Federation for Cybersecurity, Programming & Drones. In his opening remarks, Al-Khamisi underscored the event’s growth and importance.
“We take great pride in announcing that Black Hat MEA has officially become the world’s largest cybersecurity event by area, reflecting its remarkable growth and global stature,” he said. “Four years ago, we demonstrated the readiness of the Saudi market with the inaugural edition, and by Black Hat MEA 2023, it had grown to become the most-attended cybersecurity event globally. Over the next three days, attendees will experience a truly unique event featuring more than 350 speakers, 450 exhibiting companies, and participation in 10 diverse features.”

Kirsten Davies, Founder and CEO of Institute for Cyber Civics.

Black Hat MEA 2024 promises to set a new benchmark for innovation, collaboration, and knowledge-sharing within the global cybersecurity community. Opening the Executive Summit was Kirsten Davies, Founder and CEO of the Institute for Cyber Civics, who conducted a session called ‘Guarding the Ballot’. Davies said that while there were enormous measures for securing the votes in the ballots, there were still quite a few cybersecurity headlines.

“We had issues in software systems with duplication ballots, where the registrations hadn’t been cleaned up before election day, meaning there were people voting who shouldn’t have been eligible to,” she said. “In some states, there were even cases where thousands of votes had no signatures or ID attached to them.

“As an industry, we are charged with protecting the most sensitive and critical data, and even in the most sacred parts of our governments and election processes, we need to be unafraid to look where the gaps are, where we should be doing risk analysis. With the adoption of artificial intelligence in its many forms, we could see the use of blockchain when it comes to voting, whether we want to transition to a fully digital platform or use mobile phone face scans to verify the ID of said voter.”

Discussing the complexities of cybersecurity and its multifaceted domain involving systems, people, and processes, Gary Hayslip, CISO at Softbank Advisors, highlighted the importance of understanding a company’s purpose, data usage, and stakeholder relationships to build resilient security programs. Hayslip shared his experiences from various roles, including the US Navy, the City of San Diego, Webroot, and Softbank Investment Advisors, detailing how he adapted different frameworks to fit each organization’s culture and needs.

Gary Hayslip, CISO at Sofback Advisors.

“When I left the federal government and joined the city of San Diego as their first CISO, what was unique in this environment was the sheer scale of smart city projects and networks sprawling across the city, supplying services to over four million citizens,” Hayslip said. “When I first started, no one had any idea what a framework or system was, but they just knew they needed someone to manage everything. “Even though we were handling things such as credit card transactions, what I learned pretty quickly was that it was all about relationships.

Many of the stakeholders had known each other for years, so it was extremely important for me to take – what I call – the ‘fish taco’ approach, which is to invite them for lunch and get an understanding of their needs. I faced a lot of pushback, but occasionally, I would find someone who would be willing to take my help and do a project together, finding my champions. Once you do a few assessments around baseline risk and results start to show, that’s when things start to happen, and the net gets cast wider.”

In an insightful and slightly terrifying session surrounding deepfakes and the impact of such malicious AI attacks, Bilal Baig, Technical Director, Mediterranean, Middle East, and Africa, for Trend Micro, pondered how it is possible to keep up with what is happening with so much data, AI systems, and models being created and circulated. “The current threat landscape can be divided into three factors: Ransomware, data theft, and phishing. We have platforms such as YouTube, which are the perfect places for bad actors to use AI programs to scan the faces of a CEO or Chief Legal Officer [CLO] in videos, which are then used as tools to gain valuable company information,” said Baig.
“We have seen instances where a targeted email is sent to an employee requesting a Zoom call with the CEO and CLO, and the deepfake video is played during the call requesting the employee to upload sensitive financial company information ahead of a last-minute and important meeting with a client or government partner. To the untrained eye, it is hard to tell the difference, and these types of attacks work all the time.”

Bilal Baig, Technical Director, Mediterranean, Middle East, and Africa, for Trend Micro

Day One of Black Hat MEA also heard from cybersecurity expert Umar Khan, who shed light on hacking satellites, rockets, and more at the Executive Summit. Khan, who is Chief Information Officer and Senior Vice President at Relativity Space, has worked with industry giants such as SpaceX and MaxLinear and highlighted the different components of satellites and rockets, explaining how they function and communicate. Highlighting the increasing accessibility of information due to the use of commercially available parts and open-source software, Khan argued how this public access has fed into new attack vectors for malicious actors.

“Satellites are no longer these mysterious black boxes,” Khan said. “Many are built with components we already know, such as smartphone processors and Linux operating systems. This makes it easier than ever for attackers to exploit weaknesses in the software and hardware. The rise of low-cost ground station technology means anyone with a US$35 software-defined radio and an internet connection can potentially eavesdrop on satellite communications or even take control of a spacecraft.” Khan concluded his session with a call to action for the cybersecurity community, emphasising the urgent need for secure-by-design principles in space systems, regular vulnerability scanning, and robust incident response plans.

“The resounding success of the first day of Black Hat MEA has surpassed all expectations. The energy, innovation, and collaboration on display have set a powerful tone for the days ahead,” said Annabelle Mander, Senior Vice President of Tahaluf. “It’s enlightening to see industry leaders, experts, and enthusiasts come together to address today’s most pressing cybersecurity challenges while shaping the future of digital resilience. This is more than an event – it’s a movement towards a safer, more connected world.”

Axidian is set to showcase its innovative product portfolio at Black Hat Middle East & Africa (MEA) 2024, taking place in Riyadh, Saudi Arabia. The company will introduce its flagship product for 2025, Axidian Shield, an advanced Identity Threat Detection and Response (ITDR) solution, alongside its other solutions including Privileged Access Management (PAM), Identity and Access Management (IAM), and Public Key Infrastructure (PKI) management.

Axidian will be exhibiting at booth number H2.H31 at Black Hat MEA, and its participation comes as Saudi Arabia accelerates its digital transformation, with rapid advancements in technology driven by the country’s Vision 2030 initiative. As organizations in Saudi Arabia adopt new technologies, maintaining robust IT security has become critical.

Axidian views Black Hat MEA as a pivotal platform for advancing innovation within Saudi Arabia’s tech industry. The event not only raises awareness of modern security solutions but also encourages local organizations to adopt the latest technologies, ultimately fostering a culture of cybersecurity excellence and innovation in the Kingdom.

“Black Hat MEA plays a key role in driving the adoption of progressive security tools in Saudi Arabia. It’s an excellent forum for showcasing advanced technologies and building partnerships that contribute to the growth of the local tech ecosystem. We are proud to contribute to the country’s growing cybersecurity landscape and support the Kingdom’s Vision 2030 goals”, Georgy Ovanesyan, CEO of Axidian, highlighted.

Axidian is committed to expanding its footprint in Saudi Arabia and aligning with the country’s long-term technological goals. The company is already working with leading organizations across the Kingdom, providing tailored identity security solutions that meet local regulatory requirements and business needs. Axidian plans to establish a branch in Saudi Arabia, reinforcing its dedication to local business development and expanding its network of partners. Axidian is focused on supporting Saudi Arabia’s Vision 2030 and its aspirations to become a global leader in technology and innovation.

The vision shared by Axidian’s CEO, Georgy Ovanesyan, “As Saudi Arabia continues to evolve as a global tech hub, organizations must stay vigilant in the face of increasing cybersecurity threats. At Axidian, we specialize in identity security, and our participation at Black Hat MEA allows us to demonstrate how our solutions help businesses mitigate these risks. We are especially excited to unveil Axidian Shield, a pioneering Identity Threat Detection and Response (ITDR) solution, which is poised to transform the way organizations protect user identities. Another thing that we observe in the region and the industry is that having a reliable product or the most advanced technology is vital but it is not enough. That is why Axidian provides training, consulting, implementation and support as a part of our recent initiative called Axidian Academy. We understand that to use the product efficiently organisations have to create the infrastructure for it, implement it and support it.”

The launch of Axidian Shield marks a major milestone for the company as it expands its presence in the Middle East, a region that is experiencing significant growth in the cybersecurity sector. With its ability to detect and respond to credential-related attacks, adaptive multi-factor authentication (MFA), and enhanced protection beyond traditional MFA methods, Axidian Shield is designed to integrate seamlessly into existing infrastructures while minimizing disruptions to business processes.

At the event, Axidian will also showcase its thought leadership with daily presentations at its booth (Stand # H2.H31). Key spokespeople, including Georgy Ovanesyan (CEO), Anna Surovova (Head of Global Sales and Partnerships), and Kirill Bondarenko (Regional Sales Director), will present insights on global and regional trends in cybersecurity, the importance of identity security, and the evolving threat landscape. These presentations aim to provide attendees with a deeper understanding of the challenges organizations face and how Axidian’s solutions can help mitigate those risks.

In addition to product showcases and presentations, Axidian is using the event as an opportunity to expand its network of strategic partnerships. The company is engaging with potential partners to strengthen its regional presence and explore new collaborations, furthering its commitment to supporting cybersecurity initiatives across the Middle East. As a global company based in UAE Axidian is growing its footprint not just in its local region but also globally. The company has surpassed 150 partners across 25 countries, serving over 100 customers in sectors including banking, government, telecommunications, IT, and more.