Cost and frequency of cyber attacks continue to increase. The increase of economic losses is primarily attributed to cyber threats that continue to evolve in sophistication. The threats render existing defences to become less effective. There is a growing need for new approaches in dealing with new and unknown cyber threats. Two approaches are discussed in this session. This includes: a) Collective defence through community threat intelligence sharing and b) automated threat analysis employing Artificial Intelligence. Beyond the current approach and defenses, enterprises can strategize to ensure adequate cyber-resilience.

The session will highlight the limitations of human factors in keeping organizations and users secure. The changing paradigm of cyber threats and increased pace of targeted and sophisticated attacks are making it difficult for organizations to remain protected using traditional measures. The human errors remain one of the most significant reasons for breaches and losses. At the same time, the intentional damages caused by human factors are rising substantially. The classical approach of keeping users educated about cyber threats are insufficient. The session will highlight strategy and practical approaches to minimize the cyber security risks arising due to human factors.

Digital Transformation is the trend of our time. Organisations are disrupting their business models, or being disrupted by their competitors. In pursuit of sustainable differentiation and new sources of growth through digital strategies, organizations are exposed to increased risks in the cyber domain. To achieve the immense business benefits afforded by digitization, a highly robust and secure network infrastructure is required and the need for a simplified, threat-centric security model is critical to maintaining security effectiveness before, during and after an attack.

The session discusses cyber security and compliance topics in the cloud. This talk uses Amazon Web Services (AWS) as an example of a cloud then discusses various ways users of cloud can ensure their services are secure. The talk highlights the Cloud Shared Responsibility Model, account and identity management options, audit and log service usage and security in the cloud.

The session provides an overview of the current threat landscape in Bahrain. The talk also provides a few stories of successful intrusions against Bahraini targets and advice on ways to fight back—all from a Bahraini perspective.

The presentation covers the concept of ‘secure by design’ and takes a close look at the challenges of putting this theory into practice. It covers issues such as reliance on technical solutions, exponential growth of technology, misunderstanding of threats, cyber talent shortage and absence of a common cyber language. It also highlights some of the positive trends identified during the last 12 months.

Over the last 5 years, information security has been playing catch up with hackers. Increasingly sophisticated phishing scams have emerged which expose users. Vulnerable code is everywhere (e.g. cars, wearable’s, IoT devices, SCADA (Supervisory Control and Data Acquisition), mobile devices, payment systems).
The traditional systems of security awareness campaigns, code testing, patching or network signature based detection, firewall, IDS/IPS are no longer enough. Modern hackers are agile, creative, share information and develop new undetectable attack methods. A fresh look at the new generation of defense mechanisms is needed. In addition, a growing need arises for methodologies and tools that can be effective against these new attacks and can respond quickly in time before its too late.

Organizations face a frequent barrage of attacks by threat actors around the world who are looking to make a profit. Cybercrime has become an industry today.
Today’s attackers are well-funded and well-equipped. They use evasive tactics to succeed in gaining a foothold in a network, launching both high-volume and sophisticated attacks while remaining invisible to an organization’s traditional defenses –from packet obfuscation, polymorphic malware, and encryption to multi-phased payloads and fast-flux DNS. What we used to do before does not cut it anymore, and to make matters worse, traditional network security products are still using the same defensive strategies employed before the threat landscape evolved. Traffic is only inspected on certain ports and, while adding single-function devices to the defensive stack may help alleviate a particular problem, it results in poor visibility and performance. This has left a dangerous situation, where gaping holes are present in network defenses because security solutions are fractured and difficult to manage, while attackers are increasingly adept at penetrating them. The session focuses on:
• The evolving threat landscape
• The Cyber attacker chain, and how we can prevent them
• Next generation security and threat prevention
• Components of a next generation security platform

The increase in the likelihood and sophistication of cyberattacks is skyrocketing. When a cyberattack strike an organization, business has to resume its normal operations to mitigate adverse impact on the business. Cyberattack can shut down a business for days and business continuity plan might not be able to deal with cyberattacks’ sophistication and impact. Using real life examples, this session discusses ways to minimize business disruption after a Cyberattack.

The world is going through a digital revolution and the amount of connected devices are exponentially increasing. This leads to a great and new landscape of cyber security threats to individuals and organizations. These trends are global and more importantly they are happening in our region; the Middle East and GCC.
This session presents the basic cyber security challenges that face organizations and illustrates the basic response to face these threats; based upon regional survey information. Additionally, the session showcases the full findings of our Security survey where IT executives expressed their views on the security landscape in the GCC region.

The Internet of Things (IoT) is the third wave of IT revolution, after the computer revolution and the Internet revolution. The session discusses the current development of the IoT and its related technologies and applications, focusing on security aspects. This includes a four-level security index system that is proposed based on the three-level architecture of the IoT which uses FAHP (Fuzzy Analytic Hierarchy Process) to evaluate the various indicators and to find the key indicators as the key to the IoT security development. The session also offers some recommendations on the IoT development.

Cybersecurity has matured significantly over the last few years. Organisations increasingly recognise that security must be managed as a business risk issue. Information security governance provides the necessary framework to support this. Having a suitable information security governance model in alignment with corporate and IT governance provides a powerful link between an organisation’s governing body, executive management, and those responsible for information security.
Implementing an effective information security governance framework with the right leadership structure is not an easy task, but failing to do so could mean the difference between a contained crisis and a devastating catastrophe when things go wrong.
The session explores how IT Security Governance can help organisations take a holistic approach to cybersecutiy and provides a basis for organisations to implement IT security governance. Includes the discussion of a case study to illustrate the effective use of IT Security Governance.

Ransomware attacks have become one of the most sophisticated cyber attacks. Many companies have lost millions of dollars because of these attacks. There needs to be more awareness on how to deal with such attacks. This session provides a real case scenario of a multinational company from the gulf region that was attacked using ransomware. Based on this case study, this session concludes with strategies and tips on how to prevents and address such attacks.

The session discusses a case of four men who have been sentenced to a prison in the Kingdom of Bahrain, after an investigation by the National Crime Agency (UK), in conjunction with the Kingdom of Bahrain, Ministry of Interior Police and Bahrain Public Prosecution. They were charged with a range of offences including sexual assault of children, forcing children by threat and blackmail to obscene acts and publishing and circulating audiovisual recordings of children. The Cyber Crime Directorate had initiated the legal steps to start investigating as per Bahrain’s laws through a team who were dedicated to tackle this type of on-line offenses. The involved officers’ efforts made sure that those behind the crime that was targeting boys on a massive scale across the country and beyond are punished for their acts.