Article by H.E. Dr. Mohamed Al-Kuwaiti & Dr. Aloysius Cheang
The past three years have been of immense global upheaval. The Covid-19 pandemic, geopolitical instability, and rapid de-globalization have fuelled global tensions, sparking off a paradox of a global cyber pandemic amid rapid digital transformation and growth.
Background
The UAE was not spared of these changes. The upheaval of the Covid-19 pandemic cultivated an urgent need to increase the pace of digital transformation, hence paving the way for the UAE to establish itself as a trusted regional digital hub. The country took advantage of the situation and ramped up digital initiatives to become a digital economy leader in the region. Immense efforts were employed to build a conducive environment in the UAE with the right government policies. An industry-led regulatory regime and a uniquely open economy helped drive digital innovation further while many other countries were closing their borders to contain Covid-19. Having said that, the UAE did not throw caution to the wind. Instead, it implemented well-calibrated measures designed to build controls that enhance trust, security and branding of a world-leading economy. Such an economy is resilient in the face of cyber pandemic headwinds characterized by supply chain attacks and ransomware blitz, amongst other threats in a volatile risk landscape. Indeed, this bold approach embraced by the UAE over the last three years has been instrumental in the rapid digitalization in the country, building up a momentum that elevates UAE into a global digital leader.
Moving from a Position of Defence to Offense
Over the years, various platforms have become increasingly influential in supporting the digital leadership efforts of the UAE. Among these are DWTC’s flagship event GITEX and its sister event, GISEC. While GITEX focuses on the entire ICT spectrum, GISEC specifically provides cybersecurity leadership. Being hosted for the 14th consecutive year in 2023, GISEC has grown from strength to strength, becoming a platform of choice for the UAE to be an agent of change for top cybersecurity enterprises from 40 countries. CISOs from major corporations across the Middle East, Africa & Asia, government dignitaries and cyber leaders, regional and international innovators and experts come together to shed light on the world’s most pressing cybersecurity challenges and discuss ways to stay ahead of potential threats through robust and innovative strategies.
Football offers an excellent analogy, with the recent FIFA World Cup still fresh in our minds. While the defence is critical, winning the game requires players such as Lionel Messi, who, as a midfield general, will not only orchestrate and control the game to play according to the winner’s tune but also possesses a poacher instinct that enables him to switch role instantaneously into a menacing striker and a magnificent goal getter. As such, this year’s theme for GISEC is to take the fight to the cyber attackers by following the age-old adage: attack is the best form of defence. CISOs should therefore adopt a GISEC-first strategy, using a page out of the cyber attacker’s own playbook. Through GISEC, we can build a platform based on openness, transparency and collaboration because, just like football, building cybersecurity requires teamwork.
The Case for a GISEC-First Strategy in Proactive Defence Strategy
A GISEC-first strategy encourages CISOs to take a proactive approach because the traditional reactive model is simply ineffective. Today, only 19% of global cyber leaders are confident that their organizations are cyber resilient. Further, the need for more effective cyber defence tactics is only becoming more urgent as digitization takes hold. By 2025, digital transformation will inject $100 trillion into the world economy, according to the WEF.
With this in mind, top cyber executives will unveil CISO’s 2023 strategy at GISEC to decode the uptick in cyberattacks and costs while navigating the evolving threat landscape. The new era of cyberattacks ranges from Metaverse cybercrime, crypto-jacking, 51% attacks on blockchains, drone exploit delivery attacks to Quantum threat, cloud security to applying AI internally and at the edge across healthcare, banking & finance, utilities, oil & gas, transport, nuclear, defence & communications.
GISEC is, therefore, the ideal platform of choice for CISOs to learn from each other as we develop our own game plan for our organizations. There’s a renewed sense of urgency for collaboration because cybersecurity rules have changed since the pandemic and the rapid rise of threats in new ecosystems like the Metaverse & Quantum computing. To define the new cybersecurity paradigms, we are gathering an extraordinary league of cybersecurity leaders at GISEC. The UAE Cybersecurity Council fully supports GISEC’s initiative of creating an inner circle for InfoSec leaders to discuss critical challenges and help build the cyber resilience of businesses in the UAE and the world.
Moreover, GISEC is not just a platform for CISOs to join forces. It is also the platform of choice to train our technical team to beat cyber attackers at their own game! This will be the second year GISEC will host a Bug Bounty Challenge. Last year, The Bug Bounty Challenge set a Guinness World Record for the largest Bug Bounty competition in the world. In GISEC 2022, we also set another Guinness World Record for most users in a Capture[1]The-Flag (CTF) competition. Together with the $1 million award bounty for the World Cyber Championship (a form of CTF competition), we are set for a fruitful CTF, bug bounty and technical exchange for GISEC in 2023.
Thirdly, in line with tradition, an innovation sandbox for start-ups and/or new/emerging technology pitching will be held again under GISEC. Known as GISEC Cyber Stars, we shall work with transformers of the industry towards cyber resilience and therefore build capabilities to get in front of the cyber attackers in addressing some of the BHAG in cybersecurity globally today.
Back to Basics
However, before we start to tackle sophisticated cybersecurity problem set, we need to return to basics through capacity building, by providing training and enablement to all stakeholders of the ecosystem, while at the same time reinforcing the recognition of the importance of cybersecurity and encouraging the adoption of basic cyber hygiene thus building a culture of cybersecurity for the nation as a whole. Towards this end, the UAE Cybersecurity Council, in collaboration with its strategic partners, launched the Cyber Pulse initiative that aims to encourage the community members in the UAE to play part in cybersecurity efforts. It seeks to increase public awareness on suspicious online activities and explains the necessary steps to be taken to prevent becoming a victim of Phishing. The initiative also provides training courses, workshops and lectures about cybersecurity in an increasingly digital world. As a result, the UAE has successfully integrated the digital lifestyle into everyday living of its citizens and residents, through creating smart telecommunications and digital transformation infrastructure, further advancing its status as an inspiring model of development and digitisation.
In fact, the first national cybersecurity innovation centre was launched in Abu Dhabi Polytechnic last October, that provided an action plan to enable the next generation of cyber professionals to tackle cyber skills gaps while also protecting UAE citizens and businesses from global threats. This lays the foundation for UAE to be a key player in the region for cybersecurity, and further position the country as a safe hub.
Truly Entering Into a New Era of the CISOs
Last but not least, GISEC aims to empower the industry to take a proactive posture by fostering collaboration between partners and professional bodies. The various partnerships formed during GISEC will serve as feeders for future projects and collaborations that will be featured in future GISEC and GITEX conferences.
We have previously written about the coming of the golden age of CISOs, marking a turning point in cybersecurity. We have stated a pre[1]requisite for that to happen, which is the need to return to basics when it matters the most. GISEC as a platform and the adoption of the adage “attack is the best form of defence” as the heart and soul of the cybersecurity industry, binding all the stakeholders in the ecosystem together, will be critical for realizing this dream. Otherwise, we’d be risking everything on a pipedream if non-action is allowed to prevail.
Conclusion
“Attack is the best form of defence” is the cyber art of war theme for 2023. The time is ripe for us to take a proactive approach to defend our assets rather than being reactive, setting up stalls and waiting for cyber attackers to appear but not knowing when they will appear, where they will show up and in what form and shape that they will be carrying out the attack. Assuming that you will not get hit is no longer a luxury we can afford, given that ransomware attacks will remain prevalent this year. Cybercrime is highly rewarding financially for successful attacks, the primary driver for escalating cybercrime.
Taking the fight to the cyber-attack requires brains as well as brawn. In the Art of War, Sun Tzu talked about the importance of ”Laying Plans” in any warfare. While he advocated against war fare, but once that decision is made he spoke of the need to take actions swiftly, but not without an elaborated plan that dedicates more than 50% of the estimated time taken for the battle to complete, where all possible scenarios are played out. And chief among all, is the need to ensure a robust, united backline that are harmonized in not actions but in intents as well, leveraging on culture and mindset to reach a common ground internally that will mobilise the entire nation into supporting the warfare.
Fortification, supply chain and constant capacity building to ensure the reserves are ready to be called up anytime, and that is what it takes in cybersecurity as well. Before we take the offensive, we need to ensure that we have the best cyber defence mechanism in place. And that is the motivation for the National Security Operations Centre or NSOC initiative that will be showcased during GISEC.
Following that, we shall create a community of action for the cybersecurity industry, for example, through the GISEC CISO Circle, that the industry can come to adopt a baseline cybersecurity strategy with a common design factor of a proactive approach of pushing the last line of defence forward towards the enemy den further away from our defence line and our digital assets. Next, we shall turn on protein overdrive and build up the muscles to wrestle with the enemies in the pit, with technical excellence taking center stage where our best of the best can hone their skills in the various competitions such as Bug Bounty and CTF that will be hosted at GISEC.
Lastly, we shall validate our latest techniques and technology in the innovation sandbox. GISEC is a treasure trove of tools, providing the necessary people-process-technology support that we can harness to realize our strategy and burn cybersecurity into the DNA of our organizations, keeping the enemies at bay and on the back foot, pushing them to be on a constant retreat from our line of defence and pushing it deep within enemies’ territories with no time to create havoc for us making it economically inviable. These cyber adversaries will eventually collapse like a house of cards as we enter a new era where the CISOs finally enter the boardroom and be counted as equals among our peers. And that is where the CISO revolution starts, not ended as we usher in the new digital era and the CISOs as the guardians of this new digital era.