13th Annual e-Crime & Cybersecurity Congress 2023 - Abu Dhabi | e-Crime & Cybersecurity Congress Events Series | 9 May 2023 | The St. Regis Abu Dhabi, Corniche, Nation Towers, 1st St, Al Bateen, Abu Dhabi, UAE

All too often cybersecurity is still seen as a binary, IT issue: is our IT infrastructure secure? The problem with that approach is first, the answer is always ‘not 100%’, and second, the question completely avoids the factors that should drive a real-world security programme. Cybersecurity is a business risk like any other; its significance is a function of the risk cyber-crime is to the business; there is a finite level of resourcing to mitigate the most material elements of that risk; and there will always be residual risk that cannot be mitigated – this represents the limitations of the budget and the risk appetite of the firm.

So, is there a better way to do cybersecurity than thinking of it as a constant battle to purchase the latest IT to keep up with ever more technologically advanced hackers? One answer is to move away from a granular focus on IT. For example, the foundation of many cybersecurity programmes is the asset inventory. Get a list of every device and application on the network so that you can monitor and log activity, ensure regular patching and check for anomalous behaviours. But treating every device and every application the same, regardless of how they contribute to risk, is wasteful without a business-led evaluation of business-critical processes.

Taking a risk-based approach to security creates a more efficient and effective programme, it reduces waste and maximises the allocation of resources to issues that are of genuine, material significance to the business. It may also result in evidence that can be used to increase the resources available to the security team by demonstrating real business value.

Another way to apply real-world thinking to cybersecurity is to start with people: buying technology that is too complex, or that requires significant IT resources or ongoing staffing, means under-using that technology or even exposing the organisation to increased risk. So, start with the team you can afford and then think about what tech that implies. A realistic evaluation of the skillsets available and the flexibility of in-house resources may well lead to a decision to outsource.

And other business risks can at least partly be hedged or insured. Right now, the cybersecurity insurance market sems to be in flux, with some insurers even saying that cybersecurity is becoming an ‘uninsurable’ risk. In reality premiums are finally being adjusted to reflect the cybersecurity posture of firms that want to buy it. So, what do you need to prove to ensure continued access to cyber-insurance and are those requirements consistent with current levels of security resourcing?

2023 Speakers

H.E. Dr. Mohamed Al Kuwaiti
Head of Cybersecurity, United Arab Emirates Government

Abdulla Al Dhaheri
Cybersecurity Specialist, UAE Government

Rajesh Yadla
Head of Information Security, Al Hilal Bank

Jeevan Badigari
Director of Information Security and Governance, DAMAC Properties

Hussein Hassan Shafik
CISO, Abu Dhabi Islamic Bank

Zaheer Shaikh
Chief Information Security Officer, Al Maryah Community Bank LLC

Vikalp Shrivastava
Global CISO, Kerzner International

Hussain AlKhalsan
Chief Information Security Officer, ZAND

Aus Alzubaidi
Director of IT, Cybersecurity & Management, MBC Group

Philippe Lopez
Head of Security, Cigna International Health

Steve Kinghan
Head of Cyber Operations, Hiscox

Khalid Abubaker
Regional Sales Manager, Gatewatcher

Theshan Mudaly
Solutions Engineer, BeyondTrust

John Smith
CTO EMEA, Veracode

2023 Sponsors

STRATEGIC SPONSORS
• BeyondTrust
• Declinea
• GateWatcher

EDUCATION SEMINAR SPONSORS:
• B!nalyze
• Cequence Security
• Entrust
• ManageEngine
• Mandiant
• Seclore
• Veracode

NETWORKING SPONSORS:
• iZOOlogic
• PhishRod