THE inaugural Gulf Information Security Expo and Conference (Gisec) organised by the Dubai World Trade Centre, attracted industry heavyweights in diverse fields such as software architecture, telecommunications, data management and mobile devices and applications. Public sector representatives at the event included high-level national security analysts.

Kevin Mitnick, the iconic information consultant, who was one of the world’s most wanted cyber hackers, was a keynote speaker at the conference, where he gave delegates an eye-opening behind-the-scenes look into the thought processes of both hackers and their victims. Mitnick gave delegates a riveting demonstration on cyber hacking by calling international banks live on stage and demonstrating how easy it is to bypass their security safeguards and obtain sensitive information. This was part of a discussion on social engineering - a form of cyber crime in which criminals exploit the psychological vulnerabilities of human users (as opposed to the technological weaknesses in the security system itself), and manipulate unsuspecting employees or consumers into revealing valuable information.

Mitnick explained that criminals favour social engineering because it involves minimal cost and minimal risk, yet offers maximum returns. He said: “There isn’t a single security package on the market that can fully prevent social engineering, or a single app that can be downloaded to prevent an employee’s ignorance, greed or naiveté. Social engineers exploit human nature, so companies should explore human-centric solutions such as secretly staging false attacks on their own networks, to evaluate how employees react and teach them effective counter-hacking behaviour. Platforms such as Gisec are vital to the region so that companies, government entities, IT professionals and experts can exchange information and discuss the latest information security developments.”

Aubley speaking at the event

High-profile experts who also took centre stage at the conference included the conference chairman Roger Cressey, who has served as chief of staff of the Critical Infrastructure Protection Board for both President Bill Clinton and President George W Bush. The line-up of speakers included Curt Aubley, vice president and chief technology officer at global giant Lockheed Martin who spoke on security ramifications of cloud computing. Exploring cyber security from a human behavioural vantage point was Roberto Diniz – head of operating risk at Qatar International Islamic Bank. Niraj Mathur, security practice manager, Gulf Business Machines (GBM), gave conference delegates a regional perspective on cyber security and Ahmad Hassan MohdNoor, director of intelligent security risk and compliance management operations at du, gave provided insights into security compliance and the impacts of BYOD.

“Cloud computing is evolving quickly to build foundations and innovate. Applying it to security could change the game, and make following security easier, as well as being more secure than enterprise computing. In a world where cybercrime is prevalent, cyber security is a global team sport. Businesses need to understand what is out there, and execute solutions and practices to stay ahead of the game,” said Aubley.

The speakers delved into the most imminent threats facing the region, particularly in light of the fact that crucial public services such as water and electricity, inter and intra-city transportation, emergency response centres and even law enforcement services are increasingly being coordinated from centralised ‘nerve centres’, which makes them a more appealing target for ‘e-collar’ criminals and cyber terrorists.

Trixee Loh, senior vice resident, Dubai World Trade Centre, said: “Cyber analysts have warned that hackers are conducting online conferencing and forming syndicates to trade information and strategise on the best anti-detection measures. This makes it even more imperative for organisations to combine their expertise at a platform like Gisec and stay a step ahead. We are helping to accelerate the process of knowledge transfer among participating organisations, through acclaimed visionaries and top-level decision-makers. Additionally, we are giving delegates and exhibitors a 360-degree view of the digital landscape to examine the current and expected threats.”