13th annual e-Crime & Cybersecurity Congress in Dubai
7 March 2022 • Conrad Dubai
Next generation technology for next generation threats?
The old way of doing cybersecurity is increasingly unsustainable. But do new technologies really provide an answer? The 13th annual e-Crime & Cybersecurity Congress in Dubai will reimagine a new kind of cybersecurity landscape.
It has been clear for some time that the current model we use to try to keep organisations and individuals safe from cyberattack is flawed. It’s not simply that the perimeter has disappeared; it’s not just that the IT/OT boundary is blurring and the IoT has become so significant so quickly; it’s not even Cloud or digital transformation or hybrid working.
The key problem is that we still cannot solve some of the most basic and longstanding problems with the current security set-up: email is still the most problematic attack vector; patching and vulnerability management are still almost impossible tasks in organisations of any size and complexity; open ports, exposed RDP, password management, joiners/movers/leavers, basic Cloud misconfiguration, default settings left on IoT devices, core asset visibility … the list goes on. There is still no real definition of the CISO themselves.
In addition to these issues, threat monitoring and detection have got more difficult as the volume and sophistication of attacks has risen; almost no organisation can keep up with the changes in technology used by their business units, customers, suppliers or providers of IT infrastructure; and no company can continually revise their security technology stacks to cope with new developments there either.
In trying to maintain the current model, companies are investing in an unsustainable security infrastructure that can neither solve legacy issues nor any of the problems posed by the profound changes wrought by overwhelming digitalisation. We still cannot ‘do’ even basic cyber hygiene.
So, what would cybersecurity look like if we started with a clean sheet of paper today? Would anyone still want to stack up dozens of single-issue solutions? How much security technology would companies want to own or deploy? To what extent would the large providers of technology and communications infrastructure, from Microsoft, to BT to Salesforce, be expected to protect the users of their technology from all but the most sophisticated or insider threats? And what skillsets would cybersecurity personnel possess? Would they be technologists or data scientists or compliance and governance specialists?