11th annual e-Crime & Cybersecurity Congress in Dubai
19th March 2019
Understanding the new rules of cybersecurity:
How financial markets and new technology are changing the job of the CISO
"As data and operations become increasingly digitised in the UAE... cybersecurity has become even more paramount... and collaboration with global leaders in this area is one step forward to ensure a safe environment for everyone."
- His Excellency Omar bin Sultan al Olama, Minister of State for Artificial Intelligence, UAE
The first era of cybersecurity is over. It was an era of myths and half-truths. These obscured the business realities of providing and implementing cybersecurity and were driven partly by hype, and partly by confusion among end-users over the nature of cyber-risk and the appropriate risk management structures and staffing.
That era is being swept away by a new set of challenges. By 2030, more than 500 billion devices will be connected to the Internet and Smart Cities will be top targets for hackers.
As the region's "most innovative city" and recently ranked by McKinsey as top region for deployment of Smart applications, Dubai is forging ahead in the race for digital domination. But this virtual landscape leaves a vast and exposed attack surface.
Hyper-connectivity also means perimeters now extend outside the business. The security of third parties is now as important as the security of your own organisation: a lesson major local ride-hailing app Careem learnt the hard way when a breach compromised the data of over 14 million users held on external third-party servers.
When 80% of data breaches originate from third parties, smart CISO's are looking for trusted suppliers who understand the unique business challenges this extended network brings.
At the same time, breaches and regulatory non-compliance are now making the front pages. Customers, investors and other stakeholders want to know that the companies they deal with or own are cybersecure. The current unwillingness to disclose breach and loss data, and to detail cybersecurity precautions, is untenable as stakeholders, customers and government demand this governance information and companies begin to use cybersecurity as a competitive differentiator.
This is changing the way senior management view cybersecurity and the staff who they hire to provide it. To them, cybersecurity is just another operational risk and needs to be managed like one. Cybersecurity is a business risk and so must be evaluated like any other business proposition. Everything cannot be protected equally.
From bolt-on to built-in: industry and government need to stop thinking about cybersecurity and start thinking about cyber risk management: what is the difference and why does it matter so much?
From techie to business partner: how can today’s CISOs jump the gap from IT specialist to business risk manager? How do you implement holistic cybersecurity?
It's all about the money: the financial impact of a breach on the bottom line has, up until now, been small enough that companies are prepared to chance it. But now investors and fund managers are taking an interest. Even without a breach, they’re evaluating your cybersecurity. And if they don’t like it, they can hit your company where it hurts: your share prices.
The changing nature of the crown jewels: is today’s obsession with data and breaches the right way to think about businesses’ cyber dependencies? What are the real weak links and how to protect them?
Building a best practice cybersecurity team: how, how much and who?
How must CISOs adapt to a new environment of scrutiny? As cyber becomes part of corporate governance and social responsibility, what does this mean for the role?
Cybersecurity as a competitive advantage: the myth that businesses are in this together will be exposed. Over time, companies with secure apps will beat those with insecure apps. Companies with better reputation for security will beat those with a worse reputation. Management knows this and will respond. What does this mean for the CISO?
As the UAE moves forward in its 4th Industrial Revolution, the e-Crime and Cybersecurity Congress returns for its 11th anniversary edition to cover the key themes and business risks faced by those charged with protecting key assets and sensitive data. We will be facing the truths the region needs to confront to succeed through this critical hyperconnected era.