Interview: Why BHMEA is a critical cybersecurity event

Welcome to the new 174 cyber warriors who joined us last week. 🥳 Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA23 keynote stage.

Keep up with our weekly newsletters on LinkedIn, Subscribe here.

This week we’re focused on…📣

How to build a culture in which security is the beating heart of your organisation – and what causes the most damage when a breach happens. 

Why? 

Because we interviewed Black Hat MEA exhibitor Ashraf Daqqa (Regional Sales Director for the Middle East, Turkey and Africa at Illumio). 

Here’s what he told us. 

As a major global cybersecurity provider, have you identified any key emerging threats in 2023 - or pre-existing types of attack that are becoming more prevalent? 

“Ransomware remains the biggest threat globally and is something that is particularly prevalent in the Middle East. Attacks primarily have two motives – stealing data or causing maximum disruption, the latter of which is more likely to drive a quicker payout. So, the focus for businesses must be on building a security function that can maintain operations in the event of an attack.

“The ransomware problem is only getting worse because of the rapid migration to the cloud and digital transformation that we are seeing in the region, which makes it harder to see risk and is exposing businesses to new security threats. In fact, the average cost of a data breach in the Middle East is now over $8 million according to IBM, the second-highest cost globally behind the US.”

How can large companies strike a balance between security tooling, and security awareness among their teams?🛡️

“The most important thing is to have a unified cybersecurity strategy to guide decision-making. Ideally, this should be a risk-based approach built around the principles of defence-in-depth – Zero Trust being a good example. Otherwise you run the risk of simply buying security tools in response to new threats. This strategy should also set the focus for cybersecurity awareness programmes. For example, Zero Trust is also built on the premise of not trusting anyone or anything that you don’t know. 

“Ensuring that this mantra is lived and breathed throughout the whole organisation will make businesses more resilient to an attack.

“In reality, it’s not about having the most security tools, but about having the right tools that align to the business objectives, integrate well, and work effectively together to build resilience. Having too many security tools can also lead to complexity and complexity is the enemy of good security. It’s also important that staff understand how to use and maximise tools – you could have the greatest cybersecurity tools out there, but if people don’t know how to use them then they won’t be effective.”

How important is company culture when it comes to maintaining a large organisation's overall security posture?  🔒

“Organisations need to foster a culture of cyber resilience and this needs to be driven from the top-down. Every organisation now needs to be operating on the principle of ‘assume breach.’ That means assuming that breaches will happen and planning for how staff and the business should respond in order to mitigate the impact of breaches.

“Employees need to understand that there is always a risk and that everything and everyone must be verified. Most attacks still start at the endpoint, so everyone needs to know what they can do to help limit and contain attacks. Those companies that foster a breach containment mindset throughout the organisation will have a much better security posture and will be able to rapidly limit the spread and impact of a breach.”

💡 What's one thing you wish everyone knew about cybersecurity? 

“It’s not the initial breach that causes the most damage to a business; it’s when a breach is able to spread freely throughout an organisation. Yet, companies are still spending 99% of cybersecurity effort and budget on trying to detect and stop bad things from happening.

“The reality is that companies could triple their cybersecurity budget and still have breaches. Most risk exposure comes from bad hygiene, bad process, and human error, so we will never be able to remove all risk. What we can do is reduce risk and mitigate the impact of attacks by prioritising cyber resilience and breach containment.”

And finally, why are events like Black Hat MEA important to you? 

“For us, Black Hat MEA is a critical event for learning, knowledge sharing, and continuing to raise awareness of Illumio and Zero Trust Segmentation. 

“Black Hat events are one of the biggest global cybersecurity events worldwide, so it’s great to see an event hosted in the Middle East. The fact that the event is being hosted in the KSA rather than the UAE is also significant and only exemplifies the level of cybersecurity focus and investment that we now see driven from Saudi Arabia.”

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 15 November 2023.

Catch you next week,
Steve Durning
Exhibition Director

P.S. - Mark your calendars for the return of Black Hat MEA from 📅 14 - 16 November 2023. Want to be a part of the action?

*Referral program terms and conditions