GISEC Global 2024 Digital Review

Dear Reader,

Welcome to the Digital Review of GISEC special edition of Cyber News Global,This informative publication has been brought to you exclusively by Cyber News Global Limited.The focus of the editorial team for this exclusive digital edition was to report many of the key activities that happened at GISEC 2024. The Cyber Security Council of the UAE and its senior leadership team worked tirelesslyto ensure that every aspect of cyber had its focus.

CNG ensured that it paid particular attention to the many Key presentations and activities that happened over the very busy three days.A major emphasis on collaboration was addressed at the CISO lounge, the state of the Critical National Infrastructure Within the Middle East was also addressed.

Collaboration was certainly front and centre for so many officials, vendors and leading technology providers.Partnerships were explored and the UK Pavilion finally returned to a very enthusiastic audience at GISEC, special thanks to the UK Embassy Staff for their tremendous support and additional thanks to the UK Department of Business and Trade team, (DBT) and huge support once again from one of the premier Cyber Security Cluster organisations in the UK, ScotlandIS.ment of Business and Trade (DBT).

The GISEC Digital Review has certainly lived up to its promise, providing tremendous insights into some exceptional activities, Exclusive opportunities to hear first hand from leaders, hackers and global cyber law enforcement representatives who ca e face to face Live at GISEC. Even through crime comes adversity, no more so than the chilling real-life story of Cyber Fraud, how Ayleen Charlotte Was Catfished by the Tinder Swindler, her story emphasises the challenge we all face in this digital world.

We hope you have an inspiring read,

was

this

AI in the spotlight as global cyber security experts attend

GISEC 2024

The benefits and risks of AI across key sectors including energy among the key topics explored at GISEC 2024.

Visitors to the annual cybersecurity super connector included industry leaders, specialised professionals and ex-hackers. Discussions got underway on how artificial intelligence (AI) is impacting cybersecurity and helping reshape the future of the sector.

GISEC Global is organised by Dubai World Trade Centre and hosted by the UAE Cybersecurity Council.

The opening day featured a packed schedule of insightful panel discussions, interviews, and fire chat sessions, ranging from financial implications and the power of technologies.

UAE’s Head of Cybersecurity highlights the importance of AI

In the opening session of GISEC Global, His Excellency Dr. Mohamed Al-Kuwaiti, Head of the UAE Cybersecurity Council, addressed the audience on why harnessing AI for security resilience and collaboration are fundamental practices.

He said: “Every year, GISEC always tries to beat the previous year.

Having so many people here with us is a great accomplishment and a great step towards what we’re trying to achieve. Previously, the UAE faced a number of cyber threats and without the people attending today and the partnerships that we have built, we would not have been able to prevent these attacks.

“Recently, we investigated a case where Chat GPT was not only used for drafting nice English grammar-free emails but also being used to produce coding scripts for ransomware, which can send data to a different location. “We are all working towards a common cause, and we cannot address the challenges ourselves.

We need to do this together and partnering with other organisations is key.

His Excellency Amer Sharaf, CEO of Cyber Security Systems and Services Sector, and Dubai Electronic Security Center (DESC), took to the stage and outlined what the future holds for the cybersecurity sector.

He identified cyber resilience, upholding trust through verification experience, the benefits and risks of AI through dual-use technology and collaboration as key pillars that cannot be overlooked if organisations and governments want to have secure systems.

The role of energy companies in protecting attacks, with energy transition a key priority to help tackle climate change, a panel was held on future planning by companies to ensure energy infrastructure and equipment, which serve as the backbone for nations to operate, can be protected by cyberattacks.

The panel said that the energy industry is already embracing AI especially in analytical tasks but emphasised having the right infrastructure in place is crucial to ensuring key data is not accessible by hackers.

The session brought together experts from Turkey, Oman, France and USA

The first day agenda also saw Vietnamese hacker Minh Hieu Ngo, the architect of a billion-dollar identity heist, meet the U.S Secret Service Agent, Matthew O’Neill, who had caught him, for the first time since his sentencing. Ngo had been responsible for causing more financial damage to Americans than any criminal in history.

Editorial Design

Advertising Events & Partnerships lucy@lucyharveyprcomms.co.uk

marketing@cybernewsglobal.com

media@cybernewsglobal.com

claire@consilioevents.co.uk

CONTRIBUTORS

Disclaimer:

Reshaping Cybersecurity:

How +971 CyberSecurity is Championing a Safer Digital Future in the Region

Their story is one of innovation, collaboration, and unwavering commitment to excellence—a true testament to their tagline, “reshaping the future of cybersecurity”.

In the rapidly evolving digital landscape, where cyber threats loom large and unrelenting, one company stands out as a beacon of innovation and security: Plus971 Cyber Security. With a mission to reshape the future of cybersecurity, Plus971 Cyber Security has not only positioned itself as a leader in cyber defense but also as a vital contributor to the broader cybersecurity ecosystem in the region.

Over Two Decades of Expertise

The foundational strength of Plus971 Cyber Security lies deeply rooted in the diverse and extensive experience of its founding members. Each founder brought a rich background of knowledge and skills, gathered from years spent in highstakes environments, including armed forces, financial sectors and governmental agencies. This wealth of experience has been crucial in shaping the company’s proactive and adaptive approach to cybersecurity.

Diverse Backgrounds, Unified Vision

The varied backgrounds of the founders of Plus971 Cyber Security are not just complementary; they are synergistic.

Coming from sectors where security is paramount, each founder understood the critical importance of not just defending against threats but anticipating them. In financial services, the focus is on protecting sensitive financial data and transactions from cyber fraud and breaches, which requires a keen understanding of evolving threat vectors and the implementation of advanced security protocols.

On the other hand, experience in governmental agencies brought insights into national security threats and the complexities of securing information in a landscape where threats can be both internal and external, physical and digital. Understanding governmental cybersecurity involves grasping policies, regulations, and the complex dynamics of international cyber relations.

Comprehensive Cybersecurity Services

Plus971 Cyber Security offers a broad and integrated suite of services designed to address the varied and ever-evolving ecosystem of cyber threats.

Hassan Hariry

Co-founder

They are committed to providing not just reactive measures but a proactive security strategy and it is implemented through a diverse portfolio of services that are crucial for comprehensive protection, from realtime monitoring to post-incident analysis.

At the core of Plus971 Cyber Security’s offerings is their Managed Security Operations Center (SOC), a state-of-theart facility staffed by experienced analysts who monitor, assess, and respond to cyber threats around the clock. This continuous vigilance is essential for the early detection of potential security incidents and ensures that responses are swift and effective. Complementing the SOC are Plus971 Cyber Security’s Incident Response teams, specialists who are expertly trained to quickly manage and mitigate any breaches, thus minimizing potential damage and recovery time.

Furthermore, Plus971 Cyber Security’s advanced Threat Hunting and Cyber Forensics capabilities go beyond traditional defenses by proactively searching for and identifying latent threats that might escape standard detection methods. Plus971 Cyber Security’s cyber forensics experts meticulously analyze past breaches to uncover the root causes and strengthen future defenses, ensuring that lessons are learned and applied.

The firm also extends its protective reach through comprehensive intelligence services that cover a wide spectrum of sources, including the open web, dark web, and various communication platforms. This extensive coverage provides Plus971 Cyber Security’s clients with an extensive view of the cyber threat landscape, enabling them to anticipate potential threats and strengthen their defenses accordingly.

By integrating these services, Plus971 Cyber Security not only ensures strong defense mechanisms across different layers and dimensions of cybersecurity but also maintains an effective posture that adapts to new challenges as they arise. This holistic approach to cybersecurity is what sets Plus971 Cyber Security apart, providing their clients with the assurance that their digital environments are secure and resilient against a range of cyber threats.

Strategic Partnerships

At Plus971 Cyber Security, the philosophy of “strength through collaboration” is not just a guiding principle; it is a crucial aspect that shapes every part of their operations. Recognizing the complexities of modern cyber threats, Plus971 Cyber Security has built a formidable network of partnerships that spans across various sectors and specialties within the cybersecurity domain. These partnerships are not just about enhancing technological capabilities but also a collaborative approach that is pivotal for developing comprehensive and adaptive security solutions.

By aligning with leaders in various aspects of cybersecurity, Plus971 Cyber Security ensures that their service offerings are enhanced by a team of expertise and cutting-edge technology, making their solutions more robust and effective.

These strategic alliances empower Plus971 Cyber Security to offer customized security solutions that are both scalable and tailored to the specific needs of their clients. For instance, collaborating with innovators in security information management and response automation allows Plus971 Cyber Security to deploy state-of-the-art tools that improve threat detection and incident management. Similarly, partnerships with intelligence providers widen the scope of threat visibility, providing a more nuanced understanding of potential risks. This kind of collaboration not only strengthens Plus971 Cyber Security’s defenses but also encourages ongoing innovation. This means that clients receive comprehensive security measures that are proactive, responsive, and aligned with the latest industry standards.

Fostering a Secure Future

At Plus971 Cyber Security, the commitment extends beyond providing top-tier cybersecurity services to actively engaging with the community and nurturing the next generation of cybersecurity talent. Understanding the importance of awareness and education for a safer digital world, Plus971 Cyber Security is committed to promoting cybersecurity knowledge and skills across different sectors of society.

Engaging with the Community and Industry

Plus971 Cyber Security actively participates in regional cybersecurity events like conferences, workshops, and seminars. These events allow the company to share expertise, engage with other leaders, and stay updated on cybersecurity trends. By contributing to these events, Plus971 Cyber Security helps improve standards and practices in the cybersecurity community, fostering collaboration and knowledge exchange.

Educational Outreach and Public Awareness

Plus971 Cyber Security has launched outreach programs to raise cybersecurity awareness among businesses, schools, and the public. These initiatives aim to emphasize the need for strong cyber defense and educate people about cybersecurity basics. Through workshops and talks, Plus971 Cyber Security simplifies cybersecurity and offers practical tips to safeguard personal and professional data.

Nurturing Future Cybersecurity Professionals

Plus971 Cyber Security offers a threemonth paid internship program designed for recent college graduates. This program provides hands-on experience in cybersecurity and allows interns to work with experienced professionals. It helps interns become skilled security analysts by exposing them to real-world cybersecurity scenarios. This initiative not only boosts their job prospects but also ensures a steady supply of trained professionals ready to tackle modern cyber threats.

The Road Ahead

As Plus971 Cyber Security looks to the future, they are determined to continue their journey of innovation and excellence in cybersecurity. With plans to expand their technological capabilities and deepen their regional engagements, Plus971 Cyber Security is set to play an even more pivotal role in securing the digital frontier. In a world where digital threats are an everpresent reality, Plus971 Cyber Security stands as a guardian of the digital realm, reshaping the future of cybersecurity and ensuring a safer tomorrow for all.

Elevate Your Data Protection Game: Why Data Protection Training Matters

If you would like to discuss how we can help you with your data protection training, please get in touch with me Irene@ ospcyberacademy.com

I am often asked as a Data Protection Officer, why data protection training is needed? Well, in today’s digital age, data is one of the most valuable assets a company possesses. With this invaluable resource comes great responsibility – the responsibility to safeguard it against breaches, leaks, and misuse. That’s where robust data protection training steps in. With the proliferation of cyber threats and stringent data protection regulations, investing in robust data protection training has become a necessity rather than a luxury. Why don’t we delve into the myriad benefits that data protection training brings to the table and why investing in data protection training is essential for any organisation:

Compliance Confidence: Data protection regulations such as the General Data Protection Regulation (GDPR) impose strict requirements on organisations regarding the handling and safeguarding of personal data and come with hefty fines for noncompliance. By ensuring your team is well-versed in data protection principles and regulations through training, you minimize the risk of noncompliance, costly penalties and legal consequences. Build Confidence!

Cultivating a Culture of Security: Data protection training isn’t just about ticking boxes; it’s about instilling a culture of security within your organisation. When every member of your team understands the importance of data protection and their role in maintaining it, you create a powerful defence against potential threats. Why would you not want to have a positive culture of security you know it makes sense!

Mitigating Risks: Data breaches occur daily, and they can have devastating consequences, ranging from financial losses to reputational damage. Comprehensive training equips your employees with the knowledge and skills they need to recognise potential risks, respond effectively to incidents, and prevent breaches before they occur. If your team are thinking about risks, then they will stop and consider their actions!

Building Trust: In an era where data privacy concerns are at an all-time high, earning and maintaining the trust of your customers is paramount. Demonstrating a commitment to data protection through ongoing training not only helps you comply with regulations but also strengthens your reputation as a trustworthy custodian of sensitive information.

I would only want to give my data to a trustworthy organisation that takes my data security seriously! to incidents, and prevent breaches before they occur. If your team are thinking about risks, then they will stop and consider their actions!

Empowering Your Team: Knowledge is power, and data protection training empowers your team to take ownership of data security. When employees understand best practices for handling data securely, they feel more confident in their roles and are better equipped to make informed decisions that protect both the organisation and its stakeholders. Empowerment is key!

Investing in data protection training is not just a legal requirement; it’s a strategic imperative. By arming your team with the knowledge and skills they need to safeguard sensitive information, you not only mitigate risks but also demonstrate your commitment to upholding the highest standards of data protection. In today’s data-driven world, that’s a competitive advantage worth investing in.

#DataProtection #CyberSecurity #Training #Compliance #PrivacyProtection

Swindler Victim Ayleen Charlotte shares her

Well, everybody knows Ayleen from the documentary, The Tinder Swindler, but she had a life before that. Ayleen used to work in high -end fashion with brands like Louis Vuitton, Hermès, Hugo Boss.

She met Simon on tinder, thought he was the love of her life, but he ended up the most horrible part of her life. Ayleen lives in Amsterdam. A beautiful city in the Netherlands, a very small country in Europe.

Romance fraud is one of the most horrible crimes and frauds there is because someone is making you fall in love with them. Someone is using love and the goodness of people to defraud them and scam them, which is horrible.

Fraudsters only have one goal and one purpose in life, they do their research deeply to find their pray. They work very hard to gain your trust, they make you emotionally depending on them, and create opportunities to build up pressure and fear. Eventually there is a crisis to make you want to support and to rescue them. This repeats it selve until you are completely empty.

My story started on Tinder. Simon was very charming, well dressed, well presented. We had a coffee date in London, and I felt that we immediately had a connection.

After our first date, we started to see each other more often. He visited Amsterdam a lot, and everywhere I was, he was.

We travelled to Barcelona, London, Amsterdam, Prague, he was also very interested in my friends, my family, my work life. I received a lot of flowers, I thought he was the perfect guy, in the meantime I totally fell in love with him.

It was about seven months into the relationship, when he shared that he had lost a big business deal, because of his work in the diamond industry, and shared with me that he had a lot of enemies, it was after he lost this deal, his enemies were chasing him more than ever, or so he claimed, if they wouldn’t come to him, they would have come to me.

Eventually, he used up all of my savings, he also persuaded me to take out two personal loans of 30,000 euros each, that wasn’t enough he kept on pushing me to get more money, and even suggested to me that I should sell my house and pawn my car. Every time he was working on an business deal he would get to step nine out of 10 and then the deal failed and after a year into the relationship his stories became more and more unbelievable.

Once I was waiting for my flight in Prague, I was scrolling down my phone and there I saw his face turning up on my own Instagram for the first time, there I read this article. It was called the “Tinder Swindler” from a Norwegian newspaper. Two other girls were sharing their story and they had been defrauded and lost a lot of money. I immediately knew, every piece of the puzzle fell into place. I knew that he had defrauded me and I knew I was in a lot of trouble in all areas of my life.

I told my friends and my family, one by one what happened to me and they became my beacon of support and trust.

But I wasn’t finished with Simon, my deepest anger was triggered. The only thing he could think of was money. So I suggested to him that we sell his expensive clothes and I would send him the money so he could continue and finish his business deals, so that’s what he did. He was very enthusiastic about this idea. He sent me pictures of all the clothes he had with him.

When I was contacted to be a part of the documentary, I really had to think about it for almost eight months but finally said yes. Within those eight months, I had a lot of discussions with my family and my friends.

What people don’t understand is that this was a very sensational story, but this story hosts the worst pages of my life. Like, that’s something people don’t understand. Yes, this actually happened. This was my life, unfortunately.

When I finally say yes, I came up with three purposes and those became my mission for the rest of my life because I really wanted to help other people who were dealing with the same issues I had to been through, and I wanted to break down the taboo and the shame on fraud. The more we are sharing, the more we can do something about it.

At this moment I am sharing my story, and now I am providing trainings to fraud departments in companies and banks worldwide. Focusing on how they can react to fraud victims, which I think is very important because a lot of people really don’t know what to do when an actual victim gets in contact with them.

A lot of people are sending you away because it’s too difficult to handle. Don’t be scared, listen to them, what I do at events like GISEC is share my story, making people aware that there is a human side behind these crimes.

What we see in cyber security are a lot of people working from their laptops or computers, oblivious to the real impact of Cyber Crime and Fraud like this, but they have never heard it from someone who was actually been standing right in front of them. I’m sharing my story to make them more aware, because these crimes happen to real people never forget that.

The biggest lesson I’ve learned is that if you are in love with someone, and they create a situation were they need your help and they are asking you for money, please take your time, step away from the situation, go share this story with your family and friends, see what their opinion is.

This is not something you need to decide over an hour or over a day, take a few weeks, and of course, please say no if you’re not absolutely sure. But if you say, give me a few weeks, then please watch how this person in front of you is responding. If they are pushing you, not allowing you think rationally, then you will know it’s a scam, a real friend or a real family member asking you for money, of course they would give you time because they respect you.

So please don’t make the same mistakes I did.

Watch our exclusive pod cast Interview with Ayleen Charlotte:

End-to-End Protection from Cyber Threats

Athena - Digital Risk Management Platform

Digital Risk Monitoring

Supplier Security Monitoring

Dark Web Monitoring

Athena is a cutting-edge SAAS-based digital risk management platform that offers a 360-degree view of an organization's brand, reputation, and online risks.

Thunder Bolt - Digital Identity Protection Platform

Executive Protection Monitoring

Thunderbolt is AI and ML-powered digital identity protection platform. It safeguards users ' digital identities and helps them maintain a healthy security posture.

Global leaders emphasise importance of collaboration to help prevent cyber-attacks at GISEC CISO Circle

His Excellency Amer Sharaf, CEO of Cybersecurity Systems and Services Sector, Dubai Electronic Security Centre, and Dr Aloysius Cheang, Chief Security Officer of Huawei Middle East and Central Asia, were among the experts to address the audience on at the CISO Circle GISEC 2024. Chief Information Security Officers gathered for key session to explore ways on how to shape cybersecurity globally.

Dubai, United Arab Emirates : Establishing connections with different organisations is fundamental to a strong and effective cyber resilience as top security officials gained an understanding of how Dubai isworking towards preventing cyber-attacks across the Emirate at GISEC Global 2024.

The CISO Circle serves as a key platform for CISOs to network, inspire, and shape cybersecurity globally. At GISEC Dr Aloysius Cheang, Chief Security Officer of Huawei Middle East and Central Asia was joined by His Excellency Amer Sharaf, CEO of Cybersecurity Systems and Services Sector, Dubai Electronic Security Centre. Taking part in an insightful fire chat session, they highlighted the importance of AI and the role it has in cybersecurity.

Dr Aloysius Cheang said: “We must come together and embrace AI technologies.

The world is changing so fast and therefore we should be resilient. AI is advancing but we need to work on the basics. Whether it is metaverse or 5G, everything can be resolved by having a good foundation, working upwards from the basics and address the issues level by level.

“This is why GISEC is a key platform where leaders can come together and work together to help build solutions so we can enable business and safeguard systems in any country. The future is really in our hands to overcome any cybercrime.”

His Excellency Amer Sharaf gave details of how Dubai is staying one step ahead through its Dubai Cyber Index. A first-of-its-kind in the world, the Index supports Dubai government entities with their cybersecurity efforts and helps protect the Emirate from a wide range of cyber security risks.

He said: “Previously, cybersecurity was very foreign to people as not all people were into security design. I think with all the projects that have taken place around the world, I think it makes perfect sense for customers to make sure they have cyber security installed on their systems

“In Dubai, we have been working with our partners across Dubai to ensure all the security elements are integrated in co-existence. The Dubai Cyber Index is one example where every government entity is linked with us. We look at this proactively and it’s a handin-hand approach where they can understand where they can focus

The audience also heard from Jorij Abraham, Managing Director, Global Anti Scam Alliance/ Scamadviser.com. He provided statistics on the impact cyber attacks are having on countries around the world with 41 per cent of all crime in the UK related to online fraud while revealing nearly 25 per cent of the global population have been involved in a scam experience.

Cybersec leaders weigh in on the state of Middle East critical infrastructure cybersecurity GISEC edition 2024.

“For organisations in these sectors, legacy systems and interconnectivity are vulnerabilities that should be of particular concern,” he said. “Many critical infrastructures rely on legacy systems that may not have been designed with current cyber threats in mind, and the increasing interconnectivity between different systems can create vulnerabilities, as a breach in one system can lead to a cascade of failures across others.”

“Given these factors, it is crucial for transportation sector entities to prioritise cybersecurity,” said van Zantvliet. “This involves not only protecting IT infrastructure but also operational technology (OT) systems, which are often used to control physical transport mechanisms and are increasingly targeted by cyber criminals. The integration of IT and OT systems, while beneficial for operational efficiency, also presents additional challenges as the two systems may have different security systems and vulnerabilities.”

Dimitri van Zantvliet, Cybersecurity Director and CISO of Dutch Railways

Experts in CNI joined forces at GISEC Global 2024 to provide insights into the current conditions surrounding critical infrastructure attacks – and how to prevent them.Dubai, United Arab Emirates, according to a survey conducted by Allianz Risk Barometer, analysed top cybersecurity risks around the world, cyber-attacks on critical infrastructure emerged as the as the second-highest concern among 1,112 global respondents.

Paired with the turbulence of current geopolitical events and an ever-deepening reliance on digital devices, respondents believe that the potential shutdown of critical infrastructure is expected to become the number-one priority for businesses in the future.

Defined as ‘systems and assets, whether physical or virtual, that are so vital to a nation that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters,’ critical infrastructure play a key role in upholding societal functions.

GISEC Global 2024 welcomed leading industry experts to the stage to discuss the importance of safeguarding critical infrastructure, the biggest vulnerabilities apparent in systems, and how organisations can better equip themselves for a cybersecure future.

Vulnerabilities persist across critical infrastructure sectors: Within the international cybersecurity community, it is widely understood that the most targeted critical infrastructure sectors often include utility sectors, such as energy and telecommunications, as well as healthcare, finance, transportation, and government services.

Dependence on third-part vendors, a lack of cybersecurity training, inefficient physical security measures, and insider threats also play a role in weakening critical infrastructure systems. Transportation and energy sectors emerge as popular targets:

For van Zantvliet, working in the transportation sector provides a unique set of challenges. The industry has proven to be an especially attractive target for cybercriminals, largely due to its criticality for the functioning of society, with disruptions having the potential to cause widespread repercussions for individuals, businesses, supply chains, and government operations.

The data-richness, high visibility, and interconnectivity of transportation services around the world also contribute to the motivations of various threat actors.

Mihir Joshi, Group Chief Cyber Security and Information Officer at Tata Power –India’s largest integrated power company – also spoke on the Critical Infrastructure Stage. He has faced similar challenges in the energy sector, and based on his experience, the supply chain and its major blind spots are a primary concern.

“As of late, the energy sector has seen a considerable rise in cybersecurity attacks,” he said. “There is a tremendous need to develop more cyber talent to keep pace with rapidly escalating threats.

The sector’s continued acquisitions and growing complexities have increased the attack surface to the point where a unified approach to OT security is becoming difficult. We have a long way to go with implementing basic approaches before we can find an advanced solution, and we will only achieve this through public-private relationships that share threat intelligence and mitigation strategies.”

The impact of ransomware, social engineering, and botnets: Perhaps two of the biggest – and fastest-evolving –threats affecting all categories of critical infrastructure are ransomware and social engineering.

For Pedro Cameirão, the Vice President and head of Nokia’s Cyber Defense Center (CDC), ransomware remains a significant concern, particularly due to its potential to cause widespread disruption and financial damage.

“In the current geopolitical context, ransomware attacks remain a huge concern for both companies and governments. Ransomware ‘detonation’ will always create noticeable service disruptions and impact on the victims’ systems,” he said.

Threats like these are often compounded by the rise of AI-enabled phishing campaigns, which leverage machine learning to craft more convincing fake messages and websites that are harder for users to detect. “Social engineering continues to be a prevalent attack vector, but not the only tactic employed to deceive employees,” Cameirão said. “One must note that as cybersecurity awareness matures, attackers keep adapting their phishing approach.

For example, vishing [voice phishing] and QRL jacking have increased in 2024 to circumvent growing phishing awareness and other protections deployed in email systems.”

Malicious botnets and Distributed Denial of Service (DDoS) attacks are also gaining momentum, as seen in the groundbreaking attack reported by Cloudfare in 2023, which peaked at an astonishing 71 million requests per second – a 54 per cent increase from 2022’s record. The attack originated from a network of over 30,000 IP addresses in a stunning display of unprecedented scale and coordination.

“Botnets harness the collective power of compromised devices to launch disruptive attacks. Ensuring these devices are not co-opted into botnets involves a commitment to rigorous security practices. As the number of IoT devices grows, the responsibility to maintain their security must be a top priority to prevent their abuse,” van Zantvliet said.

Joshi also cites their capacity to endanger human lives, with a DDoS attack carrying the potential to shut down the entire grid, resulting in disruptions to critical industries such as hospitals and causing interruptions to vital life-giving measures such as ventilators.

Government intervention is paramount to achieving cybersecurity:

Despite the challenges facing critical infrastructure around the world, there are still steps that can be taken to mitigate the evolution of attacks from cybercriminals –most notably, government intervention.

“Governments have a critical role in bolstering cybersecurity for critical infrastructure sectors, often providing the impetus for organisations that may lack intrinsic motivation due to financial constraints,” van Zantvliet said.

“Effective government strategies include setting regulatory standards, facilitating information sharing, and providing financial incentives or support for implementing robust cybersecurity measures.”

Cameirão agreed, emphasising the need for enforced regulations and greater collaboration between public and private sectors on a global scale, adding: “International cooperation is essential, as most cyberattacks and crimes are executed across country borders and outside the jurisdiction of a single state.”

Siker OT Security

When Siker embarked on its journey to provide cyber security training and awareness in mid-2013 (then known as HS & TC), our mission was simple: empower individuals with the skills they need to navigate their roles securely. We understood early on that not everyone needed to be a security expert, but rather, most users of today’s IT required a deeper understanding of how to be 'professionally secure'.

By fostering user awareness of their responsibilities, we aim to help organisations bolster their first line of defence, ultimately shrinking their attack surface and mitigating risk.

Whether your organisation calls it ‘Cyber’, ‘Digital’, ‘Information’, or simply ‘IT’, security has emerged as a focal point for boards worldwide. While generic certifications and courses once dominated the landscape, the evolution of Cyber Security demands a more tailored approach. Governments and corporations alike now prioritise highly trained individuals with specialised competencies, reflecting the growing importance of cyber defence in today’s landscape.

Tim Harwood is a veteran of the security world and has been providing information security guidance and expertise to corporate clients, the UK Government and the UK military for over 30 years. As CEO of Siker, he provides strategic direction for the company that he founded in 2013.

FORMER U.S. SECRET SERVICE

AGENT AND CONVICTED HACKER REUNITED AT GISEC.

For the first time on the GISEC Global stage Matt O’Neill and Hieu Minh Ngo share their unique story of redemption, as the pair looked to transform global understanding of evolving cybersecurity threats.

The pair shared the stage at GISEC the most prestigious cybersecurity event in the UAE, to discuss their unique cat-and-mouse-style chase, whichultimately resulted in an arrest and conviction.

Matt O’Neill, a decorated agent, has dedicated his life to fighting cybercrime. O’Neil is a retired U.S. Secret Service Agent who worked as the Managing Director of Cyber Operations, where he led the service’s global cyber investigative operations which included the digital forensics, mobile wireless tracking, and critical systems protection portfolio.

Arguably the biggest breakthrough in his career, the Ngo case saw O’Neil develop a plan to lure the hacker out of Vietnam and into Guam, resulting in a conviction and sentencing that led to countless other hackers being brough to justice from Hieu’s ensuing testimonies.

Matt O’Neil remains one of the most decorated agents in the history of the U.S. Secret Service, having received the U.S. Secret Service’s Special Agent of the Year Award and the Department of Homeland Security’s Gold and Silver medals, among others.

Hieu Minh Ngo’s story is one of transformation, redemption, and restoration.Hieu Minh Ngo – widely known by his online persona, Hieu PC – has been recognised as one of the most prolific identity theft hackers in U.S. history, having stolen and sold the data of over 200 million Americans before his arrest in 2013.

Hieu served seven years of his 13-year prison sentence, after which he returned to Vietnam in 2020 and shifted his focus towards improving cybersecurity practices and fighting against fraud.

His redemption story has been acknowledged by leading tech companies, such as Apple and Verizon, who have celebrated Hieu’s work in identifying and resolving security flaws in the global cybersecurity industry.

This historic session between agent and hacker staged during GISEC Global 2024 was the first time that agent and former hacker met each other in person since Hieu’s.sentencing in federal court in 2015. The session offered an unrivalled inside look at a major cyber-criminal investigation from the perspective of both the hunted and the hunter. It also provided a platform for Hieu to share his transition from hacker to cybersecurity specialist, using his skills and knowledge of cybercrime to combat evolving threats and educate a new generation of digital professionals.

Commenting on the opportunity, Matt O’Neil, former U.S. Secret Service Agent, said: “I’ was delighted sharing more of my experience as a former U.S. Secret Service Agent and my involvement in investigating cybercrime. Sharing findings on what criminals are actually doing – and how they’re doing it – provided a tremendous amount of value to cybersecurity professionals tasked with protecting networks.”

Taking to the stage with Mr. Matt O’Neill was an historic moment for me, and I was very excited to share more around my new-found passion for fostering an empowered community of cybersecurity professionals around the world.”

Hieu Minh Ngo added: “From educating young kids, to addressing the rise of artificial intelligence and machine learning, the cybersecurity industry is complex and demands collaboration that extends beyond country and company borders – and I believe GISEC will provided the platform needed to achieve this.”

Book time with me: https://calendly.com/matt-5oh/30min

Watch our exclusive pod cast Interview with Matt O’Neill:

Hieu Minh Ngo, Cybersecurity Specialist and former convicted hacker, said: “My journey from being involved in cybercrime to becoming an advocate for cybersecurity signifies the potential for broader redemption across the industry.

Locking out cyber threats to secure your business.

With AI & Digital Trust.

The world’s most complete cyber threat intelligence and aggregation platform.

Zero Day Live prevents cyber threats before they weaponise and cause damage to organsation’s, providing a 150 - 500% uplift in threat protection.

What makes Zero Day Live the best investment in threat intelligence?

Zero Day Live (ZDL) is the force multiplier desperately needed within today’s government and private sector environments. ZDL procures unique threat intelligence (TI) via specialised tradecraft and proprietary machine learning technology ZDL automatically integrates its intelligence directly into an organisation’s existing security infrastructure, without the need for human intervention. We operate at the pace of the adversary. Visit us at the UK Pavilion, GISEC (next to the CISO Lounge) www.blackwired.com

UK CYBER AND TECH COMPANIES RETURN TO GISEC FOR THE FIRST TIME SINCE 2018, UK PAVILION GISEC 2024.

Not since the advent of Lock Down has there been an official UK Pavilion at GISEC in UAE, building on the success of the UK Pavilion at the Arab International Cybersecurity Conference (AICS) in Bahrain 2022 and 2023 was it time to return to GISEC.

Supported by the UK Business for Business and Trade, lead by the Cyber Security Ambassador Juliette Wilcox CMG and the entire UAE UK Embassy team, the UK Pavilion company hosts were made to feel as important as the multinational companies that attended this annual gathering of mighty Cyber and Tech leaders.

An exceptionally busy program was established for every company that attended, opportunities to engage with established UK brands that had a presence in the region with a geopolitical understanding of what it takes to gain traction in this exciting and dynamic marketplace.

An action packed event ensured that there were plenty of opportunities for the UK companies present to meet with potential clients, explore exciting partnerships with regional partners and also understand what challenges the region has, Simon Rycroft CEO from Cyber Risk Management Group (CRMG) stated “ Since travelling to the GCC region, GISEC has provided more genuine opportunities and enquires than any event we have attended in this region to date” I would highly recommend this event to any UK company looking to expand into this region.

Impacted by some of the worst weather that the UAE had witnessed for over 75 years, there was an uneasy anticipation with many company leaders that the deluge of unprecedented rain fall may have discouraged visitors, the reverse seemed to have happened.

In less than seven days from the unbelievable pictures seen on the world news, Dubai and GISEC were very much open for business.

Irene Coyle, Chief Operating Officer from UK Cyber Security Training provider OSP Cyber Academy said “ I was completely overwhelmed by the many inquiries and conversations I have had at GISEC this year, there is a significant increase on the level of genuine interest for enquiries for all things UK plc, companies and people have such a trust in what UK companies can offer when ever I met with anyone interested in training services being a part of the UK delegation made such a difference.

Whilst some of the companies attending the UK Pavilion had experience in the region, many had attended for the first time, there was a positive buzz within the pavilion which pulled strangers together for the first time allowing each company to understand possible collaborations with each other when back in the UK.

Speaking to Director of Exhibitions at Dubai world Trade Center’s Nawaz Ali, he said “GISEC 2025 already promises to be bigger and better, it was a welcome return to the UK Pavilion, we were excited to see a UK Pavilion back here and look forward to working with Cyber News Global to build on the success of 2024, we look forward to welcome UK companies back in May 2025”

In addition to the UK companies that attended and the support from UK Embassy team and DBT we were delighted to have the Chief operating Officer from the only Cyber Security Cluster in Scotland that makes a difference for its members and creates so many International opportunities like GISEC, ScotlandIS COO Nicola Taylor joined as a VIP guest of the event organizers to see for herself what GISEC was really all about.

Here is what Nicola Taylor had to say, “It is safe to say that GISEC lived up to its reputation as Africa and the Middle East’s biggest cyber conference. GISEC exemplifies the epitome of industry gatherings for esteemed leaders and innovators alike. For Scottish cyber companies, GISEC not only signifies a platform for expansion but also underscores the substantial potential and strategic imperative of collaborative ventures in advancing the cyber security landscape across the Middle East and beyond. The region clearly takes cyber security seriously as was evidenced by the calibre of discussions, networking opportunities, and insights shared during the conference.

UK CYBER AND TECH COMPANIES

RETURN TO GISEC FOR THE FIRST TIME SINCE 2018, UK PAVILION GISEC 2024.

CONTINUE...

It offers Scottish cyber companies a gateway to the thriving landscape of the Middle East. Amidst the dynamic environment of innovation and collaboration, GISEC presents unparalleled opportunities for Scottish firms to showcase their expertise, forge strategic partnerships, and pioneer cutting-edge solutions in the region’s cyber security ecosystem.

Irene Coyle Chief Operating Officer

OSP Cyber Academy AND Nicola Taylor Chief Operating Officer ScotlandIS

But don’t take our word for it, please reach out to the companies that joined us this year, we hope to welcome many more in 2025 in the UK Pavilion, for information on GISEC 2025 please email ceo@cybernewsglobal.com.

UK Pavilion companies GISEC 2024. TAAP LTD https://ontaap.com/

XpertDPO, https://xpertdpo.com/

With its forward-thinking approach and burgeoning digital infrastructure, the region provides a fertile ground for innovation and expansion, there is a real opportunity for Scottish firms to position themselves as leaders in cyber security, driving impactful change and creating a safer digital future for businesses and individuals alike on a global scale.”

Blackwired Limited https://blackwired.com/

Cyber Risk Management Group Limited, (CRMG) https://crmg-consult.com/

OTIFYD Limited, https://otifyd.com/

Siker Limited https://sikercyber.com/

Red Maple Technologies Limited, https://redmaple.tech/

Onca Technologies Limited, https://oncatech.com/

Goaco Group Ltd (trading as https://goaco.com/

The Caldwell Partners International Europe Ltd, https://www.caldwell.com/

Veracity Trust Network https://veracitytrustnetwork.com/

Athenian Tech Limited, https://www.atheniantech.com/

BRIDGING COMPLIANCE FORGING TRUE SECURITY THROUGH UNITY

Ultimately, it’s about bringing these separate groups together with a shared goal and method of working. By unifying them, you ensure that everyone is working towards the same end result in the same way.

When I work with organizations, especially with teams like security and engineering, they often struggle to collaborate effectively. Instead of addressing problems thoroughly, they often opt for quick fixes. But what I’ve noticed is that when these teams align and work as one, everything becomes smoother. UNIFIED TEAM

So, how do you make them a unified team instead of competitors? When everyone is on the same page, it’s easier to create a secure environment that goes beyond just meeting compliance standards. With a unified approach, you can build security measures into the job itself, moving away from just ticking boxes.

This unity not only streamlines processes but also makes audits less daunting. When teams are aligned, there’s less fear of surprises during audits. But when teams work separately or only focus on compliance, problems can slip through the cracks.

SECURITY, IT AND BUSINESS STRATEGIES

Being compliant is crucial to demonstrate that your organization meets its obligations to customers and regulatory bodies. What strategies can organizations use to encourage collaboration between compliance and security teams? In simpler terms, how can they ensure everyone is following the rules correctly?

There are many strategies to consider.

First, it’s important to align the strategic plans of security and business operations. This means addressing emerging threats like hacking and phishing while also ensuring business goals are met. One way to do this is by showing how security measures can generate revenue rather than just being a cost. By integrating security tasks into employees’ job responsibilities, compliance becomes a natural part of everyday operations. This fusion of security and business objectives allows compliance to drive business goals while ensuring security needs are met effectively.

Organizations should understand the business requirements which also creates and identifies key security risks that the organizations need to address. Once alignment and communication gaps are handled, teams can truly implement the proper security protocols to ensure company assets and business investments are secure.

RISK MANAGEMENT – DO YOU SPEAK THE SAME LANGUAGE

Let’s break it down. Unified collaboration between compliance and security teams greatly enhances the risk management process. How does this collaboration improve risk management, you ask? Well, let me share my perspective.

In today’s world, the significance of risk management cannot be overstated. Previously, security risks were often overlooked or dismissed as hypothetical. However, recent events, such as the breach at UnitedHealthcare in the US, underscore the real and immediate impact these risks can have on organizations and their customers.

The question arises: why weren’t these risks identified earlier? The answer lies in the lack of alignment between different departments within organizations. The language spoken by the Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) differs from that of the Chief Financial Officers (CFOs) and Chief Operating Officers (COOs). While security is crucial for protecting the company, it’s often viewed as an overhead cost by the CFO. Meanwhile, the COO and sales teams are focused on driving revenue and expanding into new markets, sometimes overlooking security considerations.

However, by integrating security risks into overall business risks and emphasizing its role in revenue generation, a shift in perception occurs. Suddenly, security is no longer seen as a mere cost but as a crucial aspect of maintaining profitability. This alignment with business objectives garners attention from the board and secures the resources needed to address security concerns effectively

By recognizing security as a revenue-generating tool and embracing it as part of the business strategy, organizations can proactively mitigate risks, secure additional budget allocation, and ultimately reduce their exposure to threats.

So, what’s the key takeaway here? It’s time for organizations to integrate security seamlessly into their business strategies, viewing it not just as a cost but as a means to drive revenue and ensure longterm success.

Let’s simplify it. The crucial call to action here is to integrate security tasks into individual roles within the organization. CALL TO ACTION

When these tasks become part of someone’s job, they take ownership and pride in their work. This approach also gives them a voice in aligning security efforts with the organization’s goals and financial impact. It’s about showing employees how their contributions generate revenue and are vital to the company’s success.

By making security a natural part of their responsibilities, employees no longer see it as a burdensome checkbox exercise or something to dread when audits approach. Instead, they feel empowered and motivated to contribute positively to the organization’s security posture.

Ultimately, this approach enables employees to demonstrate the value of their security efforts, proving that it’s not just about compliance but about enhancing the organization’s overall resilience and success.

CYBER SECURITY: TECHNOLOGY VERSUS BUSINESS RISK?

De-risk your business with a specialised and inclusive approach to talent acquisition

The pace of digitalization, accelerated by a global pandemic and evolving geopolitical stress factors, has intensified cyber risk for organizations and created higher demand for experienced cyber security professionals.

Organizations across all industries and geographies are facing a global talent deficit. Rapidly evolving regulation, the increasing sophistication of cybercrime affecting critical infrastructure, adoption of AI and lack of specialist boardroom expertise are just some of the challenges that business leaders are facing around the world. With all of these challenges, it’s crucial to have the right talent in place. Caldwell’s world-class cyber security practice has in-depth functional knowledge, extensive technical expertise, and global access to diverse cyber security talent. With unparalleled dedication to your success, Caldwell holds the key to engaging with industry visionaries and best-in-class international talent in the Chief Information Security Officer, Chief Technical Officer and Chief Digital Officer functions, complemented by a broad selection of technology, information security and digital transformation experts. Visit us in the UK Pavilion, by the CISO Lounge.

sdeferranti@caldwell.com

CISO Versus vCISO: Navigating Cybersecurity Leadership

In the ever-evolving landscape of cybersecurity, the distinction between roles becomes increasingly crucial. Today, I’ve been asked to invite you to explore the world of cybersecurity leadership through my lens, from a biologist to an IT enthusiast to a Chief Information Security Officer (CISO) and beyond. This article will uncover the key differences between a CISO and a virtual CISO (vCISO), highlighting the distinct advantages each role offers and when it may be beneficial for a company to utilise one or both.

My Path to Cybersecurity Leadership

My journey into the realm of cybersecurity began unexpectedly, spurred by a transition from biology to IT over a decade ago. While my academic background may have been rooted in the sciences, it was a practical encounter with technology in an oil and gas servicing company that ignited my passion for IT.

As I immersed myself further into data analytics and IT, my scientific background proved advantageous. It allowed me to approach technological challenges with analytical rigor and attention to detail, as well as a large amount of trial and error.

The evolving landscape of cybersecurity drew me in as it felt similar to evolutionary game theory in biology. If plants and animals can evolve defences to predator attacks and environmental dangers over generations, we should be able to do the same at least digitally. Recognising the need to protect digital assets from constant threats, I shifted my focus towards cybersecurity strategy and implementation.

Project management and further education, including a second master’s degree in IT and cybersecurity, Certified Information Systems Security Professional (CISSP), GDPR Data Practitioner, ISO 27001 Lead Implementor and many others along the way, assisted in helping me to feel more equipped to navigate the complexities of the cybersecurity field.

Establishing Onca Technologies Ltd then provided a platform to assist more organisations in enhancing their cyber resilience, in turn leading to greater involvement in cybersecurity leadership.

Understanding the CISO Role

The CISO, or Chief Information Security Officer, occupies a pivotal position within an organisation’s cybersecurity hierarchy. Charged with overseeing cybersecurity strategy and risk management full time, the CISO plays a central role in safeguarding the company’s digital assets. However, it’s essential to recognise that the CISO’s responsibilities extend far beyond IT, encompassing data protection and overall security posture, strategy and implementation.

The Emergence of the vCISOthe CISO Role

Enter the vCISO, a flexible alternative or addition to the traditional CISO role. As a virtual counterpart, the vCISO offers on-demand expertise tailored to specific projects or organisational needs. This arrangement allows companies to access top-tier cybersecurity guidance without the commitment of a full-time hire, making it an attractive option for businesses of all sizes.

Scenarios and Use Cases

In my experience, the need to utilise a vCISO often becomes evident in real-world scenarios. Take, for instance, the case of a media company ensnared in a cyber fraud scheme. Despite their initial hesitation to invest in cybersecurity measures, due to resources and other priorities, the company ultimately suffered significant financial losses due to a sophisticated email hijacking scheme. Engaging a vCISO helped to strengthen their security posture, prevent recurrence and helped them to address many of the impacts of the incident itself.

Similarly, another company faced a ransomware attack that paralysed their operations. With the guidance of a vCISO, they were able to navigate the crisis, mitigate the damage, and implement robust security measures to prevent future incidents.

Additionally, full time CISOs may benefit from engaging with a vCISO as a sounding board for their own strategy, or to pull in additional resource for particularly complex projects. These are just some of the use cases that underscore the value of having access to specialised cybersecurity expertise when it matters most.

Weighing the Costs and Benefits

When considering the cost implications of cybersecurity leadership, it’s essential to weigh the benefits of each approach. Employing a full-time CISO offers a sense of stability, although the financial commitment can be prohibitive for smaller organisations. In contrast, leveraging a vCISO allows for cost-effective access to specialised expertise, tailored to fit evolving business needs.

Furthermore, the scalability of a vCISO model enables organisations to adjust their cybersecurity resources in response to changing threats and priorities.

Whether facing a sudden surge in cyberattacks or embarking on a new digital initiative, companies can tap into the expertise of a vCISO to navigate challenges effectively.

Closing Thoughts

As the cybersecurity landscape continues to evolve, both the roles of CISO and vCISO will remain indispensable in navigating the complex web of digital threats. Whether leading an in-house team or providing external guidance, the ultimate goal remains the same: to safeguard organisations against cyber risks and ensure a secure digital future for all.

In conclusion, the choice between a CISO and a vCISO hinges on the unique needs and resources of each organisation. By understanding the distinctions between these roles and leveraging their respective benefits, companies can chart a course towards robust cybersecurity resilience in an ever-changing digital landscape. With the right strategy, we can navigate the challenges ahead and ensure that we have strong cyber resilience that consistently keeps abreast of the evolutionary arms race that is cyber security.

BUILD CUSTOM CYBERSECURITY AUDITS WITH TAAP

Digitally Transform Any Process with TAAP’s Agile Applications Platform

Are you struggling to perform cybersecurity audits with Excel or a legacy audit application? Use TAAP’s No-Code technology to rapidly create an app tailored to your requirements and accelerate your cybersecurity audits.

Accelerated App Development

Create personalised audit applications in hours, not months. Dive into Cyber Essentials, NIST, and more with ease.

Extensible Tech

Pivot quickly with applications that adapt to evolving cyber standards, keeping you perpetually audit-ready.

100% Secure

Deploy to the Cloud, your own instance, not Saas, Self Host in your own data centre, or even Air Gapped for super secure deployments.

No-Code Capability

Slash development time with TAAP’s no-code technology. Tailor to any cyber standard.

Enterprise Scale

From startups to enterprises, TAAP scales with you, ensuring your audit tools always fit perfectly.

Scan here to find out more.

Technical and Organisational Measures (TOMS) are they just a GDPR thing?

TOMS. Are they just a GDPR thing? Is that right? Is it just a GDPR thing, TOMS?

The GDPR became enforceable in 2018 and technical and organisational measures relate directly back to Article 32 of the GDPR. However, within the GCC region, we’ve seen a lot of new laws that are being updated or introduced that come on the back of GDPR being implemented in 2018.

So, for example, We’ve got the Bahrain PDPL and that states explicitly that data controllers must ensure the safety of data by applying adequate levels of security and technical measures to protect the data.

Saudi Arabia, PDPL updated and amended as recently as 2023, in particular relation to transfers of data, states that data controllers must take the necessary organizational, administrative, and technical measures to ensure the security of personal data.

If you go to the UAE, which is relevant for GISEC, Dubai International Financial Center has its own data protection law. It states controllers must implement appropriate technical and organizational measures to protect personal data against data loss or unauthorized access and must only engage data processors providing sufficient guarantees in respect of technical security and organizational measures.

In Europe, since 2018 567 fines have been imposed for Non-compliance with general data processing principles at a total of €2,081,126,159 and 362 fines imposed for insufficient technical and organisational measures at a total of €391,263,875. It is evident therefore that Statutory Authorities are focussing efforts on security.

Can we fulfill the regulatory requirements by implementing just technical measures? So from my point of view, are we satisfying the regulators if all we do is implement just technical measures or solutions?

I’ve got to say no to that. There are two sets of requirements. We’ve got the technical requirements and under GDPR. We have anonymization and pseudonymization explicitly called out in the GDPR as just two of the technical measures. There are lots of other technical measures. Have you got antivirus? Have you got MFA? Do you have firewalls? Do you patch? I

I’ve got to say no to that. There are two sets of requirements. We’ve got the technical requirements and under GDPR. We have anonymization and pseudonymization explicitly called out in the GDPR as just two of the technical measures. There are lots of other technical measures. Have you got antivirus? Have you got MFA? Do you have firewalls? Do you patch?

All of the above are technical measures, but in terms of organizational measures, that’s where we work a lot with our clients and XpertDPO.

I’m going to give you an analogy. You can spend millions of dollars on the latest security system. So let’s take a CCTV system, for example. And there is your technical measure. But the human factor has let you down because doors are left unlocked, and windows are left open.

There’s a lack of understanding around the importance of governance. You have a technical control, but you must also have the governance piece that sits alongside that your policy environment (we call them house rules).

What’s the policy environment around the camera?

What’s the policy environment around physical security?

Where can I start? How do I approach this whole Tom’s piece as an organization that’s had no, nothing in place, not putting anything in place? How on earth do I start to approach this?

Any organization, whether they’re in GCC, UAE, Europe, needs to approach their framework by defining the governance measures first. The majority of security issues that we’ve seen as an organization stem from a lack of governance.

We take a lot of time understanding the organization that we’re going to be working with. We take a lot of time to understand their strategy. What are the plans for growth?

Lots of organizations don’t have that plan. So you’ve got to work with what you have. It all generally starts changing the way the organisation treats data. We help them to understand that data is an asset.

If you don’t treat data as an asset, you’re not going to protect it. You protect your assets. You protect what you’ve invested in.

The first step is to understand what data you’re processing. If you don’t understand what data is flowing through your organization any data loss prevention tools will be rendered ineffective.

Data loss prevention cannot work without classification. If you don’t know what data you have, you can’t classify it. So this is how we approach these. So you’ve got to know what you have. You’ve got to classify it. And if you’ve not classified it and you don’t know what you have, how do?

Data mapping is really important. Some updated regulations stipulate that you have to keep a record of processing. And the record of processing must, in a general manner, detail how you’re approaching technical and organizational measures.

What is your call to action?

Organisations have to start by treating data as an asset. Understand that it is the live blood of your organization. Understand that losing access to it can represent a real danger to your business in terms of risk.

The key is that security measures must be implemented appropriate to the risk. associated with that data and appropriate to the organization.

Advanced Cyber Bot Protection

Veracity Web Threat Protection: AI-powered bot detection and prevention.

Add it to your security stack today, risk-free, and protect your website and reputation in under 5 minutes.

AI-Powered Bot Detection

Veracity detects bots visiting websites.

47% of all website visitors are non-humans (bots) and 30% are malicious bots intent on harm (stealing data, setting up fake accounts, planting ransomware, etc). Veracity protects your website and data against even the new generation of AI driven malicious bots.

Friction-Free Bot Prevention

Veracity protects organisations from malicious bot attacks, using our friction-free deep tech machine-learning solutions to accurately differentiate humans from bots.

No more selecting pictures or clicking on boxes. Sophisticated, accurate, rapid bot protection with no negative user experience.

Our AI-powered technology detects Automated Bot Attacks and Supply Chain Attacks (OWASP class 7-10 and 12-13) accurately, quickly and before they can cause you damage.

veracitytrustnetwork.com

Email: hello@vtn.live.

London, Singapore, UAE.

Veracity Trust Network, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, UK. Find us at GISEC in the UK Pavilion.

First Official Guinness World Record FOR A CYBER AWARENESS

ONLINE COURSE

DELIVERED BY UK COMPANY

On behalf of the Kingdom of Bahrain

Scotland’s OSP Cyber Academy and the Arab International Cyber Security Conference & Exhibition (AICS) unite to achieve a cyber Guinness World Record – 1550 complete Internet Safety lesson in 24 hours.

OSP Cyber Academy and the AICS announce they have set a new Guinness World Record for the ‘Most People to Take an Online Internet Cyber Safety Lesson in 24 hours’.

The record was set during the AICS in Bahrain, where 1550 people from 44 countries completed the lesson in 24 hours, turning the day into the world’s largest cybersecurity training event.

AICS is Bahrain’s largest cyber security conference, bringing together government regulators, industry professionals, and solution providers to discuss and develop plans to secure their cyber and IT infrastructure. The event took place on 5th & 6th December and had a space dedicated to the Guinness World Record attempt, which was opened by Shaikh Salman bin Mohammed bin Abdulla Al Khalifa, CEO, National Cybersecurity Centre, Bahrain.

“We are absolutely thrilled to have achieved a place in the prestigious Guinness World Records. Our achievement has helped educate 1550 people on internet safety, arming them with the knowledge and skills to spot malicious activity online. Digital is the backbone of every industry worldwide, but criminals see this as an opportunity to launch cyberattacks and harm people. Only through education and awareness can we deter these threat actors.”

The Internet Safety lesson was created by OSP Cyber Academy, one of Scotland’s leading providers of cybersecurity training.

The lesson provided participants with valuable insight into the techniques cybercriminals use to exploit internet users and organisations, as well as providing advice on how to recognise scams and protect against them.

“Cybercrime affects everyone today. It’s not just an issue for businesses, if you are on the internet, then you are a target. By achieving this Guinness World Record we have helped to educate more internet users on online safety – but in the most fun and imaginative way possible.

We need to do more of these engaging tournaments to get more people thinking about their safety online. I am delighted that we have managed to achieve this Guinness World Record. We only needed to train 500 individuals to achieve the title, but we tripled our target. What a success,” said Thomas McCarthy, CEO of OSP Cyber Academy.

The World Record attempt began at 11.12am (AST) on Tuesday 5th December 2023. Evidence was shown to GWR Adjudicator Pravin Patel and Expert Independent Witness Isabelle Meyer that the leaderboard was wiped clean of any test users right before the attempt began. The course was then freely accessible for anyone from anywhere in the world for exactly 24 hours.

The World Record attempt ended at precisely 11.12am (AST) on Wednesday 6th December 2023 and in the presence of Pravin and Isabelle, the leaderboard presented the current total course completions: 1,550.

A few ‘completed’ users were selected at random to prove authenticity of the result. It was found that these users in fact spent more than one-hour on the course; re-attempting knowledge checks and demonstrating a clear path of real time eLearning.

This was a key requirement for this Guinness World Record Attempt, and reflected the success of awareness training.

In support of the global effort to improve Cyber Awareness, OSP continued to welcome users onto the platform after the 24 hour period. Course access remained open to be accessed freely worldwide for the entirety of the conference.

A further 552 people completed the course, even after the official record attempt was over. This not only re-enforce the success of the Guinness World Record Attempt, but shows that people are keen to learn, and that they understand the importance of good cyber awareness.

OFFICIAL GUINNESS WORLD RECORD: 1550

TOTAL COURSE COMPLETIONS:2102

TOTAL COUNTRIES PARTICIPATED: 44

GWR Course

THE QR CODE

For more than 30 years, leadership and technology have combined at ScotSoft.

The day is jam packed with more than 40 speakers across our Developer Conference and Leadership Forum, and topped off with our Young Software Engineer of the Year Awards dinner in the evening.

More than 1000 guests join us from around the country not just to learn during the day, but celebrate our incredible young talent emerging from Scotland’s universities.

The day is packed full of visionaries, technologists, business leaders and managers working in digital companies and end user businesses. Join us and get inspired by our great line up of speakers at the longest running tech focussed conference in Scotland.