The following is a summary of the notes from the opening and closing statements for this year’s GISEC 2016 Conference. For more on the insights from the conference please see the separate report – ‘Gulf Information Security Exhibition & Conference 2016 Insights’.
Welcome to GISEC 2016, the Gulf Preeminent Information Security Conference.
As threats continue to mount, understanding and managing cybersecurity risks have become top of the mind for leaders in business and government and more than a few consumers if recently reported sentiment is anything to go by.
Organisations are responding by taking action. Increasingly, they are adopting innovative technologies like cloud-enabled cybersecurity, Big Data analytics and advanced authentication to reduce cyber-risks and improve cybersecurity programmes.
Regrettably it is often the basics that are overlooked:
- 86% of vulnerabilities in the Top 50 software applications had patches available on the day of disclosure, placing the power to patch end-points in the hands of end-users and organizations, according to Secunia. So why not just patch the stuff? I bet there is a lot of insurance premium being wasted on this non-compliance alone!
- The number of users running unpatched operating systems has gone up to 12.6%, from 11.1% last quarter. Users running unpatched End-of-Life programs is also up to 5.7%, from 4.9% last quarter. Why not upgrade? It will look cheap in the face of a Randsomware attack.
- Speaking of which 50 million Android users are at risk from unpatched mobile devices, devices that are unlikely to ever be patched and were Identified by Kaspersky as the platform of choice for Banking Trojan and Randsomware bridging attacks. After all, these mobile devices get through any physical security, and sandboxed applications are a lure into a false sense of security as Dr.Aaraj from Darkmatter educated us at GEMEC yesterday. Just say NO. I have every confidence Google will get their act together if the industry spoke with its feet. (For more on the insights from the GEMEC conference please see the separate report – ‘Gulf Enterprise Mobility Exhibition & Conference 2016 Insights‘.)
- The number of businesses adopting Internet of Things (IoT) technology will rise by half in 2016, by the end of which, 43% of all organisations will have some kind of IoT technology in place, according to Gartner, hitting over 20billion devices by 2020.
- The ‘Online Trust Alliance’ comprising Microsoft, Symantec, Verisign, ADT and TRUSTe, reckons the Internet of Things (IoT) market is being pushed with no regard to either security or consumer privacy and it calls on gadget vendors to stop acting like clowns. Are we learning nothing?
- The exposed systems are so prevalent they warrant their own search engine. Shodan the search engine to humble an industry, that reveals 100,000’s of devices and systems that are not properly secured.
Not wanting to be accused of that old security industry practice of using scare tactics, there are notable measures of progress and a renewed willingness to invest in security. This year, a PWC survey found security organisational spending is up by almost a quarter on average to better enable them to tackle the cybersecurity juggernaut head on. Hardly a surprise. The global economy cannot keep taking hits of almost $500billion a year, according to McAfee.
Constructively businesses are embracing a more collaborative approach to cybersecurity, one in which Cyber Threat Intelligence and response techniques are shared with external partners. Internally, organisations are rethinking the roles of key executives and the Board of Directors to help create more resilient and proactive security capabilities.
Which brings me full circle to why we have all gathered here. The greatest asset we can leverage against the Cyber threats is collaboration. Over the next two days you will hear from leading figures in this space:
- Get insights into security best practices.
- Share experiences / Get answers.
- Understand new approaches / Reappraising old assumptions
- Evolving established ways of thinking / Leave seeing with fresh eyes
- Taking the fight to the mal-intents, sensitive that a PWC study stated 36% of security professionals saw rogue employees as a potential security threat, and I am sad to say there will be some reality there for some of you.
All good things must come to an end.
It is a privilege to close such a salubrious conference, rich with experience, insights and guidance. I cannot start to cover the rich tapestry of subjects that we have embraced this week in our field of information security. If I was to make one observation, it would be this – Technology from all its potential is now our challenge. I believe far from being made redundant in the face of the wave of machine learning tools and automated threat detection solutions we have heard about, the human element is more important than ever.
Our challenge is to harness the technology and play to its strengths in our confidence that Cyber Threats are a human creation and we are the best assets to confront them.