Security’s newest and boldest event, The Security Middle East Conference, will be shaping the security landscape in alignment with Saudi Vision 2030
Built on a foundation of Trust Integrity and Professionalism,we always fulfill technological desires.
Our mission is to give customers the best experience through 24/7 support make it a pleasure to work with us.
EDITORIAL
Publisher Barry Bebbington +44 1708 229354 Barry@pubint.co.uk
Editor
Cora Lydon +44 7834 244613 cora.lydon@securitymiddleeastonline.com
ADVERTISING
Worldwide Mike Dingle +44 1752 267330 mike@securitymiddleeastonline.com
Gareth Driscoll +44 1752 260603 gareth@securitymiddleeastonline.com
Ryan Bickerton +44 1752 265802 ryan@securitymiddleeastonline.com
Rahul Vara +44 1752 604352 rahul@securitymiddleeastonline.com
Kyle Kennedy +44 7867 641955 kyle@securitymiddleeastonline.com
Marketing Manager
Paul Riglar +44 7496 377630 paul@securitymiddleeastonline.com
PUBLISHED BY Publications International Ltd
1708 229354
There’s just a matter of weeks to go before the inaugural Security Middle East Conference, and we’re busy here in the office ensuring the first instalment of this exciting event is ready to make a big impact on the current security landscape.
We have an impressive line-up of speakers and panellists who are leading the charge in shaping the future of security; those who are already ahead of the curve and who are willing and able to share their decades of experience, knowledge and expertise to ensure that our delegates have everything they need to help inform their own companies’ security.
Discussions and keynotes will be centred around Saudi Vision 2030: an ambitious, forward-looking transformational project that will unlock its full potential as a world-leader.
But of course, with change comes risk and at the Security Middle East Conference we’ll be breaking down those risks and challenges and offering up innovative solutions.
We’ll be joined by representatives from our sponsors; Genetec, Darktrace, Eagle Eye Networks, Obvious Technologies and the ISF – whose Regional Director, EMEA, Dan Norman, will be chairing the whole event. Our security partner
SAFE will be providing VIP security to our delegates, who will be flying in from across the Middle East from companies such as Public Investment Fund (PIF), NEOM, Saudi Aramco, Royal Commission for Al Ula, Jeddah Central Development Company and many more. In addition, SAFE’s Turki Matooq Al-Thonayan will give an opening address.
On page 20 you can find out more about the topics we’ll be putting under the spotlight, while details of our keynote speakers can be found on page 18.
We look forward to seeing some of you there and of course, in our next issue of Security Middle East we’ll be bringing you all the highlights. Don’t forget to follow our social channels (below) to get real-time updates from the security sector’s newest and boldest landscape-shaping event.
Cora Lydon Editor cora.lydon@securitymiddleeastonline.comsmemag
Security Middle East MagazineMaxxess
ISSUE 131 MARCH/APRIL 2023
MONITOR
03 Up front Foreword from the Editor
07 News Monitor
The latest regional and international security news
11 Market Monitor
A roundup of the latest security products and solutions
18 Security Middle East Conference
Find out where we’ll be, who we’ll be hearing from and all the finer details
20 The topics to get you talking
Learn more about the topics up for discussion at the event and who will be debating them
22 Meet the sponsors
Find out who our sponsors are, who we’ve partnered with and everyone involved with the event
28 Building cybersecurity capabilities
Khalid Saad Al Medbel, one of the panellists at the conference, looks at how a holistic strategy is needed to strengthen cybersecurity
46 Saudi Vision 2030
Dan Norman, Security Middle East Conference event Chair, looks at the digital challenges and opportunities of Saudi Vision 2030
48 Industry interview
Security Middle East Conference advisory board member Meshal Aljohani speaks to Abdullah Alshehri, Security Duty Manager at King Abdullah University of Science and Technology (KAUST)
24 Elevating trust
HID Global looks at the concept of Fast Identity Online, a cryptographic passwordless authentication
30 Time for evolution of biometrics
Michel Roig, Fingerprint Cards, explores the biggest trends and developments in biometric technology
34 Adding analytics to AI
IDIS’ Dennis Choi explains how high value applications for AI video analytics are rapidly taking hold
38 Preventing social engineering
Seed Ahmad from Callsign, looks at the benefits of using contextual fraud messages to help prevent social engineering efforts
40 Governing cybersecurity from the top
C-suite execs would do well to take cybersecurity more seriously, cautions Patrick Evans of SLVA CyberSecurity
42 Cybersecurity mesh
According to Abhay Pandey, from MAST Consulting, a cybersecurity mesh could be the missing piece of the cybercrime puzzle
49 Utilising physical security data
SPA member, Arif Almalik from Moro Hub looks at the importance of physical security data and how to use it
50 Events
Diary dates for forthcoming security exhibitions, conferences and events
Bell Textron has handed over three Bell 505 Jet Ranger X five-seated light helicopters to the Royal Bahrain Air Force. The delivery marks the first time that Jet Ranger Xs of this type have been integrated into Bahrain’s military.
INTERNATIONAL
A report from HID Global suggests that biometrics for access management will become more mainstream methods for securing hybrid workplaces. Its 2023 State of Security and Identity report polled more than 2,700 people, and determined that faster adoption of contactless biometrics as well as digital IDs are two key trends impacting the security industry. In addition, the report found:
n 43% of government agencies intend to use IDaaS in the near future.
n 59% of organisations are planning to be using, or at least testing biometrics in the next five years.
n Two-thirds of respondents said multifactor authentication or passwordless authentication is the most important technology for the transition to the future of work.
At this year’s High Security Printing EMEA Conference in Abu Dhabi, the United Arab Emirates was a joint winner for the Best New National ID Card award. The panel of renowned international experts in the field of ID and security documents were judging entries for their outstanding
achievements and technical excellence, to promote examples of best practice in the EMEA region.
The Emirati ID card is a highly secure ID card that allows its citizens access to several online services and uses biometrics. It was jointly awarded the honour alongside the national identity card from Slovenia.
A collaboration between Mastercard and Google has seen Google Pay launch into Kuwait, shoring up digital payment capabilities within the country. In addition, the Central Bank of Kuwait has recently granted licenses to activate Google Wallet in the country, to several banks. Google Wallet can be used to store cards for Google Pay.
Qatar has become the first country in the MENA region to issue information security certificates for electronic devices and programmes. Qatar joined the Common Criteria Recognition Arrangement (CCRA) this year. The Common Criteria is a set of internationally-recognised guidelines that define frameworks for IT security evaluation and certification.
In 2022 the Security Department of the Ports, Customs and Free Zone Corporation in Dubai issued around three million security passes, allowing individuals and corporations to enter the ports and free zones.
Oman has advanced in the Prosperity Index, bringing it in line with other Middle Eastern countries like the UAE, Qatar, Kuwait and Bahrain. It ranked particularly well for the security and safety sub-index at a respectable 40th place.
Safety-related technologies are moving quickly. Antonio Pereira from MSA Safety (www.msasafety.com) takes at look at the trends he thinks will help organisations develop a next-level safety programme.
1: Integrated connectivity and cuttingedge wearables
To keep people safer no matter where they, or their supervisors, are located, organisations need to be able to connect workers to safety teams in real-time. Combining cloud-connected safety solutions
with smart devices can do just that.
The most advanced wearables feature built-in CAT-M LTE cellular connectivity and deploy right out of the box in seconds. Even better, cutting-edge wearables designed with fully integrated connectivity give off-site safety managers real-time visibility into critical data points to keep on-site workers safe.
2: Connectivity that provides data and analytics
Data analytics is important to a safety programme because it defines how data is gathered, evaluated and even presented
to drive awareness and inspire action.
Gathering insights will help improve safety outcomes. It not only helps you ensure compliance, but it also helps you spot behaviours and trends that can directly impact safety outcomes.
3: A behavioural-based, data-informed safety culture
Every world-class safety programme is marked by the need to continuously improve and maintain a focus on safety. This can be done by building and supporting a proactive, accountabilitybased, data-informed safety culture.
The UAE’s naval fleet is to gain a new 21.25m multi-mission unmanned surface vessel (MMUSV), developed by Marakeb Technologies.
The Golden Unit MMUSV is a cabin-less unmanned vessel equipped with Marakeb’s advanced MAP Pro autonomous system and integrated with a suite of sensors and defense systems in order to carry out numerous
missions.
Unmanned multi-mission navy vessels can be integrated with other unmanned systems and manned platforms to become a force multiplier, which can enhance the overall operational effectiveness of the missions. With the increasing demand for cost-effective solutions, unmanned multi-mission navy vessels are becoming an increasingly important tool for naval forces around the world.
Tenable’s 2022 Threat Landscape Report has revealed that risks for which patches have already been made available are the main vehicle for cyber attacks.
“The data highlights that long-known vulnerabilities frequently cause more destruction than the shiny new ones,”
said Bob Huber, Chief Security Officer and Head of Research, Tenable.
“Cyberattackers repeatedly find success exploiting these overlooked vulnerabilities to obtain access to sensitive information. Numbers like these conclusively demonstrate that reactive post-event cybersecurity measures aren’t effective at mitigating risk. The only way
to turn the tide is to shift to preventive security and exposure management.”
According to the report, the mostfrequently exploited vulnerabilities, represents a large pool of known vulnerabilities. Some of these known risks were disclosed as far back as 2017 and by failing to apply vendor patches organisations are raising their risk of attack.
The uniqueness of our solutions & services stems from a better understanding of technology requirements and the know-how to integrate this technology into di erent types of projects, bridging the gap between IT, Missioncritical and buildings facilities.
Our range of solutions and services include:
/ Turnkey Data Centre Solutions
/ Data Centre Project Management
/ Audit & Certification Services
/ Data Centre Support & Maintenance
MVP Tech was recently acquired by Convergint, a global leader in service-based systems integration that designs, installs, and services electronic security, cybersecurity, fire and life safety, building automation, and audio-visual systems.
Being a Convergint company, it enables us to expand MVP Tech’s contracting capabilities across the EMEA region whilst developing innovative forward-thinking o erings to existing and new clients.
Scan the QR code to learn more about the unparalleled turnkey data centre solutions portfolio.BeyondTrust has released its 2023 Microsoft Vulnerabilities Report, covering a decade of vulnerability insights.
In 2022, the total number of Microsoft vulnerabilities rose to 1,292 – the highest number ever since the report began 10 years ago. The report also revealed:
n Microsoft Edge experienced 311 vulnerabilities last year, but none were critical.
n Microsoft Office experienced a five-year low of just 36 vulnerabilities.
Research from Furniture At Work has revealed how the office may look in 2050 – and unsurprisingly high-tech security features dominate.
It predicts that contactless, facescanning entry systems will become common place to ensure only those who have access are able to enter a building. Another innovation we could soon welcome is biometrics being incorporated to the office kitchen space, with fingerprint-access fridges.
As well as these security measures,
many of the anticipated features of the office of 2050 are highly technical and will require robust cybersecurity measures. The features highlighted by Furniture at Work include tea-delivering drones, holographic receptionists, VR/AR glasses, and anti-distraction technology.
According to research from Kaspersky, 70% of users in the UAE were hit by crypto cybercrimes, with 55% of crypto owners believing current protection systems are failing to provide effective cover.
Threats such as virtual theft and scams were the most commonly cited worries
over using cryptocurrency, with 34% and 24% respectively highlighting them as top concerns.
The major concerns in the United Arab Emirates and Saudi Arabia are crypto-investment fraud (70% and 73%, respectively), and fake crypto-currency apps in the UAE (71%), as well as fake crypto-exchanges (86%) in Saudi Arabia.
n Elevation of Privilege is the #1 vulnerability category for the third year running, accounting for 55% of the total Microsoft vulnerabilities in 2022.
n Microsoft Azure and Dynamics 365 generate the biggest financial gains for Microsoft, as well as the biggest gain in number of vulnerabilities.
n In 2022, 6.9% of Microsoft’s vulnerabilities were rated as ‘critical,’ while in 2013, 44% of all Microsoft vulnerabilities were classified as ‘critical.’
n Azure and Dynamics 365 vulnerabilities skyrocketed by 159%, from 44 in 2021 to 114 in 2022.
Last year, Kaspersky experts uncovered nearly 200,000 new mobile banking Trojans – a two-fold increase from the previous year’s figures. It also marks the highest-ever number reported in the past six years, according to Kaspersky’s Mobile Threats in 2022 report. To ensure protection against such threats, Kaspersky recommends:
n Only download mobile apps through official stores like Apple App Store, Google Play or Amazon Appstore.
n Check an app’s permissions carefully, especially high-risk permissions like Accessibility Services.
n Ensure you keep your operating system and apps up-to-date as many security issues can be solved by installing updated versions of software.
At Passenger Terminal EXPO 2023, Rohde & Schwarz exhibited its portfolio of static and walk-through security scanners designed to meet the exacting standards of airport security. Amongst them were the new and revolutionary QPS Walk2000 walk-through millimeterwave scanner. It’s capable of screening at the highest standards but without stopping the flow of passengers. Using safe millimeterwave radio frequency technology, the scanners can automatically detect potential dangerous threats and contraband.
The system operates with extremely low output power in the ultra-wide-band frequency range for excellent penetration of multiple layers of clothing, making the time-consuming removal of shoes and clothing unnecessary. AI-based detection software automatically identifies any material. The results are displayed in realtime on a gender-neutral avatar and with LED stripes.
www.rohde-schwarz.com
Two new Bridges have been launched by Eagle Eye Networks, which can connect up to 300 cameras to the cloud from a single location.
The 901 and 701 products connect customers’ existing or newly-installed cameras to the Eagle Eye Cloud, delivering a full SaaS service for video surveillance.
Thanks to powerful processing, the 901 and 701 Bridges can perform video analytics, AI and license plate recognition. Both can significantly reduce the number of components needed for large deployments.
“Many of our large customers
now routinely deploy high camera counts, and use LPR and a variety of AI-powered video analytics to increase security and help them run their operations,” said Dean Drako, CEO and Founder of Eagle Eye Networks. “The 901 and 701 Bridges deliver powerful solutions for our large system and enterprise customers that are easy-todeploy and manage.”
The 901 solution supports up to 300 4MP IP cameras, with 10 LPR streams. The 701 supports up to 150 4MP IP cameras and 10 LPR streams.
www.een.com
LUMINAIRE SYSTEMS
Olympic Electronics has added two new models of Tablet control panels to its family of wireless safety luminaire systems. With Phos.4.0 software pre-installed they offer both monitoring and adjustment of luminaires in normal operation such as dimming level, zoning etc, and monitoring and control of all wireless safety luminaires.
www.olympia-electronics.com
SAAS OFFERING
A10 Networks has launched A10 Defence, a pilot software-as-aservice offering with threat insights combining network traffic knowhow and analyses of indicators of compromise used to carry out attacks.
www.a10networks.com
SightLogix has announced the launch of the SightTracker PTZ, a smart camera with Edge AI that automatically zooms and follows outdoor intruders with fast, on-target responsiveness.
The tracking capability features no latency or network delays that are inherent in other PTZ solutions, meaning it delivers unmatched situational awareness.
“SightTracker PTZ solves a big outdoor security challenge, which is keeping eyes on an intruder without manually steering a PTZ – instead, it’s all automatic,” explained John Romanowich, SightLogix President and CEO. “With the SightTracker PTZ’s Edge AI, operators are unburdened from the critical task of tracking so they can focus on mitigating the threat, and achieve the highest levels of security.”
The product features AI-based classi cation analytics, IR illumination, 33x optical zoom, 360degree pan and a 5MP imager with excellent low-light performance.
www.sightlogix.com
Cloudflare is democratising post-quantum cryptography by delivering it for free to all its customers to help secure their websites, APIs, cloud tools and remote employees against future threats.
Cloudflare is making this commitment in support of a more responsive and resilient internet. It will also publish vendor-neutral roadmaps based on NIST standards to help businesses secure connections that are not protected by Cloudflare.
“There are companies out there that want to charge CISOs exorbitant amounts to prepare for future attacks from quantum computers. At Cloudflare, we believe that privacy should be a human right and that post-quantum security should be the new baseline for the Internet – not an exploitative expense for businesses.
“That’s why we are promising today to help equip businesses as well as non-pro ts and users with the most advanced cryptography available and to never charge for it,” said Matthew Prince, Co-Founder and CEO of Cloudflare. www.cloudflare.com
Evanssion has announced a partnership which will see its customers and partners be able to leverage the cuttingedge network detection and response (NDR) solutions from ExtraHop.
NDR solutions are being increasingly deployed across the Middle East in response to the rise in cyberattacks. When used in conjunction with EDR and SIEM solutions, NDR can ll in the gaps that other tools may miss, eliminating blind spots and inspecting east-west tra c for threats and anomalies.
Fouad Tawk, Area Vice President for META at ExtraHop, said: “ExtraHop can help enterprises stop breaches 84% faster with cloud-scale machine learning across cloud, hybrid, and distributed environments. With ExtraHop Reveal(x), Evanssion can deliver an enterprise-class NDR solution for the modern SOC, so security teams can unlock complete 360-degree visibility, real-time detection, and intelligent response to act with con dence and speed.”
www.evanssion.com | www.extrahop.com
Introducing the new Vue Consoles. Seeing consoles in a brand new light. Configurable. Connectable. Adjustable. Just plain more than able. And able to accommodate multi-operator solutions. Static or height adjustable. Horizontal / vertical adjustable monitor mounts offer complete ergonomic viewing. Or should we say Vue-ing? Because everything allowing a mission critical room to operate with 100% focus went into every design detail. This is productivity by design.
Begin the mission at winsted.com
winsted.com
e-con Systems has launched the DepthVista_MIPI_IRD – a 3D Time of Flight camera. Key features include:
■ 940 nm/850nm: Precise 3D imaging in both outdoor and indoor lighting conditions.
■ Depth scalability: Scalable depth range up to 12m (6m by default). Comes with <1% accuracy.
■ Multicamera without interference: A proprietary technique is used to operate multiple ToF cameras without interference noise to provide reliable depth data.
■ Compatibility with NVIDIA Jetson: Ready to deploy with NVIDIA Jetson platforms for easy and quick prototyping.
■ On-camera depth processing: Avoids complications like running depth matching algorithms on the host platform.
www.e-consystems.com
The Gulf Information Security Expo & Conference (GISEC) 2023, saw a groundbreaking security data lake be launched, as part of an ongoing strategic alliance between CPX and Huawei.
The new o ering is powered by advanced analytics and machine learning garnered from each partner’s industry-speci c expertise. It aims to protect valuable critical infrastructure in the UAE, and allows customers unparalleled visibility into their operations and the ability to rapidly respond to mission-critical cyber incidents.
Khaled Al Melhi, Chief Executive O cer of CPX, said: “Through our collaboration
with Huawei, we’re now bringing the cloud security data lake to create a fully secure ecosystem of analytics and free data flow across any industry. This will also strengthen our commitment to the UAE’s vision of becoming the leading digital economy.”
The service is provided from a secure, government-approved cloud o ering in the UAE and is designed to protect the most vital sectors including oil and gas, transportation, healthcare, nance and banking, amongst others.
www.cpx.net
At the Dubai World Police Summit, Abu Dhabi-based tech company Tatweer unveiled a revolutionary undercover police vehicle. The car is tted with facial recognition cameras plus sensors that are capable of detecting a driver’s speed, wanted vehicles and even people.
Anas Al Zghoul, Head of Researchand Development at Tatweer MEA, said: “This is an undercover car where we have mounted a technology device in the front that is an integrated solution customised to assist and enhance surveillance, road security, law enforcement, and crime prevention.”
The technology can be moulded to
t any size and shape on the bumper of a car. It incorporates automatic number plate recognition cameras, surveillance CCTV capabilities, speed detection function and a law enforcement mobile app and web application.
www.tatweer-co.ae
Bastien Castets: Identity management has become a real-life challenge with the exploding numbers of cybercrime and identity theft. In an organisation, our identity is used among a variety of systems, such as Identity Management Systems, Access Control Systems, Corporate Directories and Human Resource Information Systems. Ensuring data protection is of great importance when deploying systems that rely on the identity of employees, contractors and visitors, like access control applications. STid is committed to effectively providing building access to the right people at the right time, while protecting customer’s data and ensuring advanced identity authentication.
Bastien Castets: Solutions like STid Mobile ID®, that are based on contactless technologies, offer a real solution for effective data protection. With STid Mobile ID®, you simplify managing and issuing cards by using virtual cards on smartphones, whether or not in combination with conventional physical access cards.
The solution supports six intuitive modes of identification and user interaction (tap-tap, hands-free mode, voice command, slide mode, remote mode, badge mode). STid Mobile ID® can easily be adapted to various use cases without any compromise on usability or security. We understand data security is a key theme for organisations.
STid Mobile ID® protects of data
stored in the phone by using the latest encryption and authentication methods. The system interconnects all peripheral devices while using impeccable end-toend security (similar to MIFARE® DESFire® security), specifically with OSDP™ and SSCP® Protocols.
These standards help protect the communication between physical and digital access control devices and provide the ability to set up a secure connection between the reader and the controllers or
software of the management system. This guarantees, particularly when SSCP® is deployed, the highest levels of security.
Bastien Castets: STid Mobile ID® helps our customers to stay in full control of their security thanks to our powerful administrative portal. The STid Mobile ID® portal allows customer to deploy hundreds of cards with just one mouse-click!
This portal, reliably hosted by STid, is license free to our customers. Many organisations of substantial size struggle to simplify their organisational processes and procedures. These organisations typically will enjoy the benefits of our portal. They can even issue and revoke mobile credentials directly from their own systems. How? Thanks to our free web Application Programming Interface (API), that enables simple and transparent integration of the STid Mobile ID® platform into their identity management/access control software, they do not even need to use and manage an additional security system.
Thanks to this kind of integration, credential management does not only become easier, but also safer and faster. Moreover, for more security, STid Mobile ID® can even be hosted “On Premise” by organisations that would prefer that.
To experience a live demonstration or training, feel free to contact our team in the Middle East: Rajesh Sasidhar, Vishal Khullar and Mohamad Hamad at support.mena@stid.com
In addition to the highest levels of security, STid is known for offering solutions that allow users to stay in control of their security. Can you tell us more about that?
“How does your solution ensure data protection?” is a question often we get asked a lot nowadays. Data protection is clearly one of the current hot topics in our industry. We discuss the key role of security in STid Mobile ID® with Bastien Castets, Regional Sales Director Middle East
As the market-leading and longest-standing resource for the Middle East’s security sector we are well placed to launch this event, which will be bringing together leading lights, thought leaders and influencers across the region to discuss and debate where the sector is heading.
This highly interactive conference will unite security leaders of Saudi Arabia and the wider Middle East together under one roof. We’ll be exploring the future of the security landscape, opening up dialogue surrounding some of the biggest challenges of our generation, and looking at how security systems can be implemented amongst the projects and developments working towards Saudi Vision 2030.
Our audience will be made up of influential and high-level attendees who will be joining us from across the Middle East. We will have representatives attending from a number of leading organisations, including:
■ Public Investment Fund (PIF)
■ Neom
■ Saudi Air Navigation Services (SANS)
■ Saudi Aramco
■ Saudi National Bank
■ Royal Commission for Al Ula
Our partners
09.30am: Arrival, check-in and co ee reception
09.45am: Welcome and introduction to our speakers and panellists by Dan Norman
09.55am: Opening speech from Turki Matooq AlThonayan, Chief Executive O cer, SAFE
10.10am: Keynote and Q&A with Abdulrahman Al-Fadhel, former Saudi Aramco Riyadh Re nery Manager
10.45am: Panel discussion: Addressing the talent gap in Saudi Arabia’s security sector
11.30am: Co ee break
12.00pm: Keynote and Q&A with Mr Tawfeeq Alsadoon, Executive Director, Red Sea Global
12.40pm: Panel discussion: Securing Saudi Vision 2030 – smart city development and navigating the threat landscape
1.30pm: Lunch break
2.30pm: Panel discussion: Cybersecurity – resiliency in the age of digitisation
3.30pm: Keynote and Q&A with Tannya Jajal, Network and Security Development Manager, VMware
4.15pm: Final comments and thanks, followed by co ee networking reception
Former Saudi Aramco Riyadh Re nery Manager
Abdulrahman Al-Fadhel served within Saudi Aramco for 40 years, during which he worked in all departments of the re neries, including operations, maintenance, engineering and planning.
Over the course of his career Mr AlFadhel spent 33 years working within the Riyadh re nery – one of Aramco’s most complex re neries. He also spent seven years in the Saudi Aramco Ras Tanura Re nery, which is the largest re nery in the Kingdom.
For his keynote speech Mr Al-Fadhel will be sharing his fascinating insights into the challenges faced at the Riyadh Aramco re nery. He’ll be focusing on the Collaboration between the re neries and the security services during the maintenance shut-down period – which lasts for several months and can cost tens of millions of dollars. With decades of experience in this exciting industry, our audience will gain a deeper understanding of how re neries and security teams can work successfully together.
Executive Director, Red Sea Global
Mr Alsadoon will be delivering his keynote speech on Secure Journeys: building tourism security in KSA
As Executive Director at Red Sea Global, Mr Alsadoon is helping to create exciting opportunities for young Saudi talent with ambitious developments across multiple sectors. Red Sea Global is a multi-project developer who is seeking to lead the world towards a more sustainable future. It is also playing a key role in transforming Saudi Arabia as part of the Saudi Vision 2030 ambition to diversify its economy.
Previously Mr Alsadoon held the role of Director at Saudi Chemical Company, and was also Director General for Economic Cities and Special Zones Authority, where he led the security and safety teams.
Mr Alsadoon will be presenting to our audience on the topic of tourism security, sharing his experience and knowledge on the topic to help attendees better understand how vital this area of security is.
We will be working with the University of South Florida for this one-day event, who will be our education partner.
The University of South Florida (USF) features 13 graduate programmes ranked in the top 50 among all private and public institutions. In addition, USF is ranked 11th among American public research universities, making it America’s fastest-rising university.
The priority for USF is high-quality teaching and learning – as a result, accreditation will be given out to participants of the Security Middle East Conference. Individuals who arrive on the day will gain access to a digital badge and certi cate which proves their dedication to furthering the industry of cybersecurity.
Working with our education partner, means we can ensure that all information given out at the conference is validated, and our attendees can be certain our solutions and methodologies are of the highest possible quality and relevance for our audience.
Writer, public speaker and technologist, Tannya Jajal has a passion for exploring the intersection of technology, society and philosophy and is fascinated by the potential of AI to transform the way we live, work and interact with each other.
“The Security Middle East Conference will be one of its kind in the region, providing an opportunity for all stakeholders in the eld of security to have nuanced, futuristic and productive discussions about the bene ts, threats, and functions of cybersecurity within the region,” she said. “I am honored and excited to be able to contribute to this important and prevalent conversation that is absolutely vital during the current era of rapid technological change.”
Jajal will be using her keynote speech to talk about Deepfakes and the future of trust: challenges and solutions for a modern problem. As deepfake technology continues to evolve, the risks posed by fake audio and video content are becoming more signi cant. In this keynote, we will explore the challenges and potential solutions for addressing the threat of deepfakes in the digital age. We will discuss the role of technology in detecting and preventing deepfakes, and explore the potential for using blockchain or other technologies to verify the authenticity of audio and video content.
By discussing the challenges and potential solutions for deepfakes, this keynote provides valuable insights for security leaders in Saudi Arabia and the wider Middle East. Attendees will leave with a deeper understanding of the risks posed by deepfakes, as well as practical advice for detecting and preventing the spread of fake audio and video content.
Our panel discussions will cover three key topics which we believe to be critical to the industry right now: addressing Saudi Arabia’s talent gap within the security sector; securing Saudi Vision 2030; and resiliency in the age of digitisation.
The over-arching aim for Saudi Vision 2030 is to diversify Saudi Arabia’s economy away from oil and gas and instead establish it as a digital leader. With a massive $1 trillion worth of new projects, some 555,000 new jobs have been realised.
A five-year strategic roadmap was set to create 1.8 million new jobs, following a minimum investment of $40bn a year between 2020 and 2025.
Riyadh has been marked as a leading business and start-up hub in the MENA region, helping to attract multinational corporations and global businesses to establish regional HQs in the area.
Key to Saudi Vision 2030 is the development of a number of GIGA projects. This includes Neom, a Public Investment Fund (PIF) project. The ambitious plan is for Neom to offer exceptional liveability, thriving business opportunities and to reinvent conservation. Another PIF-project is Quiddya, which aims to establish itself as a leading global tourist destination.
Data is integral to Saudi Vision 2030 and with the efforts being made in smart city developments the threat landscape is constantly evolving.
Our panellists for discussions on securing Saudi Vision 2030 are Craig Ross, Senior Safety & Security Manager, Diriyah Gate Development Authority; Dr. Mohammad Alketbi, Founder, Forceis Security and Advisory Board Member for Intersec Dubai; Dr. Mohammed Aladalah, Tech Security Expert; and Wissam Accra, Middle East Sales Director, Genetec. They’ll be debating how to navigate this threat landscape successfully, sharing insights gained from their decades of experience. Professor Borhen Marzougui, who has led multiple programmes to develop smart cities vision, will be moderating.
While Saudi Vision 2030 initiatives and GIGA projects along with other PIF-funded projects are helping to create a growing number of opportunities within the Saudi Arabia job market, there is still a significant talent gap within the security sector that needs to be addressed.
The Kingdom is doing its part to make sure the local workforce can compete on a global scale with a forward-looking approach designed to create a human resources strategy to address this talent gap and build skills – particularly those needed for the thriving digital economy.
Skills development is a key part of Saudi Vision 2030 planning. It focuses on improving professional capacities, with a particular focus on young talent: the future of Saudi Arabia. Through broadening knowledge and encouraging skills growth, it aims to prepare younger generations for the future and ensure they’re suitably equipped to spot and act on emerging opportunities.
Cultivating a pipeline of talent will require both investment in the local workforce to ensure they’re well equipped with skills and knowledge, as well as attracting and retaining employees from a worldwide pool of top talent.
A survey from KPMG underlined the challenges in finding candidates with both the business expertise and the technical expertise for key roles – such as those in the security industry. Forty one per cent of the survey respondents said that a shortage of talent was a key challenge when it came to integrating emerging technologies into business plans.
Our panel discussion on Saudi Arabia’s talent gap will be moderated by Luke Bencie of Security Management International and will include contributions from Nadeem Iqbal, Middle East Regional Director for the International Federation for Protection Officers; Khalid Al Ghamdi, CEO – NOMD Security Solutions; and Ahmed Al Shammari, Security Operations Lead – Royal Commission for Al Ula.
We’ll be looking at how the talent gap can be addressed, how top talent can be retained and the importance of upskilling the workforce to align with the Saudi Vision 2030 programme.
In today’s digital world of massive computing capacity, fastevolving arti cial intelligence and machine learning and big data, we’re seeing more and more service disruptions and cyber attacks as companies look to expand their digital capabilities. The need for resiliency in the age of digitisation has never been greater.
Saudi’s digital transformation has been swi and worldleading, supported by Saudi Vision 2030. For example, the Global Cybersecurity Index of the International Telecommunication Union ranked Saudi Arabia as sixth among the G20 nations: the Kingdom expanded connectivity to 3.5 million homes by 2020 –up from 1.2m homes in 2017.
Digital transformation is set to be an ongoing national priority beyond what is set out in Saudi Vision 2030. According to research from Oxford Economics and Huawei, the digital economy will account for approximately 24% of global GDP and Saudi is
www.securitymiddleeastconference.com
determined to be at the heart of this transition.
Already we see government services being transformed by harnessing digital technology, the country is embracing new technologies like AI and a National Government Digital Academy has been established. Technology is being seamlessly blended into the country at all levels, and now it’s time to ensure the country is forward-thinking, resilient and agile in its response to threats.
We know that resilience will become a fundamental driver for businesses’ digital transformation and vital in the cybersecurity arena, but how can we ensure resiliency is embedded at every level of an organisation?
Led and moderated by Daniel Norman from the Information Security Forum, our cybersecurity panel will be discussing how to achieve resiliency. We’ll be joined by Ibrahim Al-Asaker, Saudi Chapter Lead – Cloud Security Alliance; Dr. Faisal Abdulaziz Alfouzan, Assistant Professor in Cybersecurity & Networks; Khalid Saad Al Medbel, General Director Information Security, Ministry of Health; and James Connolly, Middle East Director, Darktrace.
Wissam Acra Khalid Al Ghamdi Dr Mohammad Alketbi Dr Mohammed Aladalah Dan Norman Borhen Marzougui Nadeem Iqbal James Connolly Dr Faisal Abdulaziz Alfouzan Ahmed Al Shammari Craig Ross Ibrahim Al-Asaker Luke Bencie Khalid Saad Al MedbelThe Security Middle East Conference has already gained support from leading companies within the security sphere. We have a number of high profile companies who are joining us as sponsors, as well as our partner companies too. For our first event we’re delighted to have Genetec, Darktrace, Eagle Eye Networks, Obvious Technologies and the ISF as our sponsors
Leading the way in cloud video surveillance, Eagle Eye Networks delivers cyber-secure, cloud-based video which uses artificial intelligence and analytics to make businesses more efficient and secure. Thanks to its security and realtime business intelligence it is able to help organisations of all sizes and across industries to optimise their operations.
The company was founded in 2012, and offers 100% cloud-managed solutions that are smart, simple and secure.
The global leader provides an open API for easy integration with applications that complement and extend the offering in ways that are both innovative and useful.
The API platform uses the Eagle Eye Big Data Video Framework, with time-based data structures used for indexing, search, retrieval and analysis of the live and archived video.
Using artificial intelligence, Eagle Eye Networks provides a simply smarter platform, that is purpose-built to help businesses improve safety, security, operations and reduce costs.
Obvious Technologies is a spin-off of Axone Systems and part of Neostone Group. The French start-up specialises in 3D data visualisation, digital twin and machine learning. Its solutions are relevant to all mission critical markets, but it has a strong background in security. Currently, it is expanding its presence in the GCC to support current and future commitments to regional customers and partners.
The company bridges both technological innovation and operational experience in order to solve customers’ pain points. It brings together a unique concentration of experts in software development, 3D graphics design, system integration, data science, electronic security and law enforcement operations management.
OODA is its comprehensive software suite that provides a command and control platform where responders in each mission can access the information they need in the most appropriate manner for their role, location and operational situation.
www.securitymiddleeastconference.com
SPONSOR
Leading cybersecurity rm Darktrace was founded by cyber defence experts and mathematicians at the top of their eld, in 2013. In just a decade the company has forged a reputation as a global leader in delivering complete AI-powered solutions in a bid to free the world of cyber disruption.
Darktrace aims to be at the frontline of defence across the web, keeping companies secure from ransomware attacks, hackers, malicious so ware and whatever else is out there.
The Darktrace AI Research Centre in Cambridge, UK, has conducted research to establish new thresholds in cybersecurity. It also has technology innovations backed by over 125 patents and pending applications.
The company is world-renowned for its innovative Cyber AI Loop that detects, prevents, responds and heals, helping to keep businesses safeguarded against all types of cyberthreats.
SPONSOR SPONSOR
Not only is the company teaming up with the Security Middle East Conference but it will also have a presence on the panel. Regional Director of Darktrace, James Connolly, will be sharing his insights, experience and knowledge into successfully navigating the security landscape and how businesses can keep up with the ever-evolving risks that malware represents. Connolly will be joining our cybersecurity panel discussion which will be covering resiliency in the age of digitisation.
Industry heavyweight Genetec has over 25 years’ experience of using technology to solve security problems. It is a pioneer in the physical security and public safety industry and a global provider of world-class IP license plate recognition (LPR), video surveillance and access control solutions.
Genetec’s mission is to listen to its customers to ensure that everything it creates is designed to address the needs of what businesses need for today and the future. It takes a truly collaborative approach to answering its customers’ needs, welcoming ideas that their engineers can act on. It strives to create resilient, connected solutions that deliver customers an in-depth view of their environments to allow them to respond to and recover from incidents quickly.
The leading authority on information security and risk management, the ISF, is a not-for-pro t organisation that provides independent opinion and guidance on all aspects of information security.
It delivers practical solutions to overcome the wide-ranging information security and risk management challenges that impact business. The ISF o ers awardwinning consultancy services that can provide organisations across the globe with tailored and pragmatic support.
Its members include some of the world’s leading organisations that are featured on the Fortune 500 and Forbes 2000 lists, as well public sector bodies and government departments. For more than 30 years the ISF has been helping organisations develop their cyber resilience, through extensive research, practical tools and expert guidance. Combined, this helps them to cover the wide-ranging information security challenges that impact businesses around the world.
Genetec’s Sales Director, Wissam Acra, will also be joining us at the Security Middle East Conference, bringing with him extensive knowledge of automated security and management solutions, access control implementation, proximity readers, re alarms systems, IT infrastructure management and more. Acra will be taking his place as a panelist on our discussions on Securing Saudi Vision 2030: smart city development and navigating the threat landscape.
Dan Norman is Regional Director, EMEA for the ISF, where he helps members to maximise the value of the ISF tools, research, methodologies and frameworks by tailoring bespoke consultancy engagements to help them reach their goals. Dan has been pivotal to the Security Middle East Conference, serving on the advisory board to help shape the event’s direction. He will also have dual roles on the day – rstly as the Chair of the entire event, and secondly as moderator to the cybersecurity panel discussions.
Stephen Allen, Senior Product Manager for HID IAMS’ Authentication portfolio, looks at Fast Identity Online, a form of cryptographic, passwordless authentication
How can we be sure that people are who they say they are? The search for a secure, scalable and convenient way to authenticate users has been a constant in the digital age. Passwords clearly don’t cut it, in spite of their ubiquity – in fact, more than 80% of data breaches involve weak or stolen passwords. Enter FIDO, a set of authentication standards based on public key cryptography that replaces passwords with fast, secure logins powered by cryptographic credentials that never leave the user’s device.
FIDO, which stands for Fast Identity Online, originates with a group of leading tech companies, who banded together to make authentication easier and more secure. The FIDO standards, established
by the FIDO Alliance can be built directly into almost any device – as opposed to proprietary, device-specific security.
In short, FIDO is an open standard for multifactor-authentication (MFA) used to enable secure passwordless login and access granting. It leverages public key cryptography to authenticate users on websites and applications.
FIDO essentially works like a lock and key. First, a user registers a device and chooses any authentication option provided locally by this device (either a biometric, like a fingerprint, or password or smart card). During this registration, a public/private key pair is created. The private key stays on the local device and
is used to authenticate the device to the service. Access to this key is protected by the local authentication chosen.
In addition, a second authentication factor can be registered (like a FIDO token or a smart card supporting FIDO U2F specification).
When the user needs to access the service, they confirm their identity on their device with their authenticator. That information is sent to the service. Essentially, the device acts as a translator between the authenticator’s security and the service’s security. This combination of layered protocols provides extremely robust access control.
By storing the private keys on the device and not on a server, FIDO prevents the keys being breached through a single attack on the corporate network or cloud service, unlike password manager
Did you know
90% of users have more than 90 online accounts. US$70 is the average help desk labour cost for a single password reset.
Up to 51% of passwords are reused.
Security Keys are comprised of two components:
n Contactless card readers, which are connected over USB to, or embedded, in the device.
n NFC smart cards, which may only serve as FIDO authenticators or may be multifunctional. Cards can be used in combination with an integrated RFID antenna for building access, cashless payment, elevator access or secure printing. With their integrated crypto-processor, they offer FIDO U2F functionality as well as digital signature and data encryption.
solutions where a single security breach can expose millions of credentials.
No wonder Apple, Google and Microsoft committed to expand their support for FIDO across their devices and ecosystem in 2022 and gave organisations the ability to offer an endto-end passwordless experience. As of January 2023, Apple added the ability to use physical security keys to login to your AppleID account – enabling even stronger protection of Apple users’ accounts.
FIDO enables organisations to secure log-ins and digital assets via passwordless authentication – a method that’s convenient for users, cuts down on expensive reset requests and cannot be intercepted or cracked by attackers. But passwordless login is not the only use case. In the realm of consumer authentication, organisations can use FIDO to:
n Prove their customer’s identity prior to authorising a high-value transaction
n Provide additional verification when requesting a high-risk transaction
n Enable users with intuitive selfmanaged recovery of old accounts on an active device. Alternatively, help them get fast and secure access to their active accounts from a new device, all while keeping device enrollment and user verification costs down.
At the enterprise level, FIDO greatly reduces the risk of social engineering attacks, which are involved in up to 98% of cyber attacks and 90% of data breaches. Other use cases for workforce authentication include:
n Self-service recovery of user account credentials on enterprise applications
n Gaining fast passwordless access to corporate resources from anywhere, at any time
n Enhancing security on more sensitive applications by requiring users to authenticate with FIDO before unlocking access – eliminating the risk for man-in-the-middle or phishing attacks.
According to Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA): “FIDO is the gold standard for MFA and the only widely available phishing resistant authentication.”
In a FIDO-enabled world, people can forget about memorising complicated passwords and keep their data private. Organisations can reduce the financial and reputation hit of all-too-common security breaches caused by weak or exposed passwords.
As cyber attacks continue to break records in terms of both volume and cost, that makes it a wise investment.
www.hidglobal.com
www.fidoalliance.org
With security threats becoming ever-more sophisticated and frequent, organisations in the Middle East need to take a proactive stand in order to protect both their data and their systems. Key to this is building the right knowledge and skills to develop strong, stable cybersecurity capabilities.
Innovative cybersecurity technologies are emerging all the time and investment in this industry has increased dramatically due to the global need to counter the cyber risks organisations face. However, these investments in such a vital and dynamic area require more than acquiring new and up-to-date technologies. It is vitally important to incorporate a holistic
strategy that deals with multiple aspects and where human resources should be the cornerstone.
For those leading the charge in building cybersecurity capabilities, one of the key considerations is creating an environment in which the human factor is accounted for. This includes recruiting highly-trained individuals, who have the right skills to recognise and react to emerging trends in cybersecurity, as well as ensuring all sta have access to and are supported to develop their skills set and knowledge base.
Management teams must concern themselves with maintaining these
cybersecurity capabilities in such a way that incorporates both the technologies and skills, as well as sustaining proper development within the organisational culture.
Despite technology transforming usual business processes to be more e cient and them enhancing the overall productivity, the ability to respond e ectively to cyber risks is a signi cant part of information technology and business values. Therefore, increasing the coordination and controls related to cybersecurity within the organisation should be recognised
Khalid Saad Al Medbel, General Director, Information Security, Ministry of Health, takes a closer look at how cybersecurity capabilities can be strengthened with a holistic strategy that puts people at its heart
as the main enabler for advantages in performance, agility and productivity.
The organisation’s capabilities can be viewed as a construction in many dimensions, these dimensions include building and maintaining robust, coste ective IT services to support business strategies, in parallel with protecting and securing all types of assets that are needed for maintaining business strategies and overall objectives.
Developing a competitive advantage in the very aggressive eld of cyberspace, is highly dependent on human capabilities. It should be addressed and targeted by investment decisions, along with boosting innovation and e ective risk management. Eventually, it will allow new business opportunities and valuable use of information capabilities to help secure a business’ future.
On the other hand, any strategy should consider the organisational structure and liability for entities that are involved in cybersecurity, synchronise the e orts and allocate the resources based on the designed flow and actions of the strategy. The wide collaboration with national involved parties is signi cant, and requires e ective contributions with concerned national organisations and gathering global support and cooperation if needed.
International practices analysis suggests that a cybersecurity strategy should be developed on a country level for better positioning, based on the future vision, addressing the national risks and missioncritical infrastructure, as well as national ICT services in a world of sophisticated and integrated systems.
Saudi Vision 2030 is considered a pioneer in developing cyber resiliency. Along with furthering the country’s growth and economic diversity, the plan calls for cybersecurity capacity building to ensure businesses are protected from malicious threat actors and remain one step ahead of threats.
It presents an advanced model of a national strategy, focused on developing the human resources to face cyber
attacks. It promotes educational and awareness programmes, in order to use technology safely, build su cient skilled and experienced competencies and increase the capabilities to defend and counter cyber threats.
The programmes and strategies incorporate all the stakeholders at di erent levels in society to support direct and indirect governmental e orts and encourage potential cooperation. Furthermore, building the knowledge base helps them to reach a su cient level of accepted risk and standardise the industry allowing it to be adopted by organisations and businesses. In addition, sharing the vulnerabilities, threats, experiences and establishing an environment of collaboration helps promote the discussion around cybersecurity. By doing so the regulations can be used as a fundamental instrument to build proper capabilities, mandates and compliance.
There are a number of cyber resiliency challenges, such as increased attack surface, lack of e ectiveness of security policies and awarenesses, plus limited skills to respond e ciently. These acknowledge the breakdown and complexity of security tools and processes. The challenges would require collaborative e orts and a national strategy – such as Saudi Vision 2030 which is considered to be one of the leading models and recognised globally.
Saudi Vision 2030 empowers national cyber resiliency strategies, where those strategies are considered one of the important enablers for the Saudi Vision 2030 mission.
In 2020 the strategy stated a key part of its purpose was: “towards enhancing its regional and international standing, and growing its economic power. It has also strived and will continue to strive to empower safety and security as it considers them the foundation for its structure, development, and prosperity to bring about a bright future. It will also help achieve its ambitious vision (Saudi Vision 2030) and preserve its
developmental, social, and economic gains, thus improving the e orts of their national organisations in raising the level of cybersecurity.”
In addition, the HRH Mohammed bin Salman initiative to empower Saudi women in cybersecurity, introduced in February 2020, aims to encourage and support women in cybersecurity, ensuring they have access to proper educational programmes for better and e ective collaboration to build solid cybersecurity resilience in the country and take a leadership position in the eld. It also aims to bridge the gaps in cybersecurity skills globally. As a result, the Kingdom is highly ranked in the Global Cybersecurity Indexes which are conducted by global and credible entities, and recognised worldwide.
The outcomes of such strategies and initiatives are signi cant. The criteria that enables successful models to be put in place over a short period of time include the focus on human aspects and building the capabilities to sustain a su cient position in the country’s vision.
At the heart of any successful security strategy lies people and knowledge. As threats continue to evolve and proliferate, developing cybersecurity capabilities must remain a priority.
SPEAKER PROFILE
Khalid Saad Al Medbel is an expert in the latest advances in cybersecurity & ICT infrastructure and technology trends, including cloud systems and computing technologies. He is a thought leader with a deep knowledge of best-practices in threats management and governance and emerging areas of critical importance such as business intelligence, IoT security and vulnerability assessments. He will be one of the speakers at the Security Middle East Conference, being held in Riyadh in May.
Biometrics have well and truly embedded themselves into the world of security as 2022 proved to be an exciting year as the use of biometric technology expanded rapidly across the globe.
In the payments ecosystem, major commercial banks continued to roll out innovative biometric cards and momentum increased steadily as users experienced the heightened convenience, hygiene and security of contactless biometric payments.
Payments security represents only a portion of the growth in biometrics, though. New use cases for secure access solutions fuelled innovations, raised consumer awareness and created further demand.
It’s not surprising that cards now beat cash as the most popular method for in-store purchases. According to Fingerprints’ research, globally, 73% of in-store payments are made using cards, with 50% of these being contactless.
The boom in contactless payments comes at a price, however, as the lack of authentication threatens to widen the gap between security and convenience.
At the same time, evolving banking regulations are working to enhance security for digital transactions. Strong
Customer Authentication (SCA), required by the Second Payment Services Directive (PSD2), is pushing the contactless payments market to enhance authentication.
For in-store contactless card payments, SCA requirements are met through PIN input when reaching spending limits. This is clunky and confusing for users. As are spending caps. Additionally, Fingerprints’ research found that half of regular contactless users are worried about the lack of security if their card is lost or stolen. With biometric payment cards, consumers experience both security and convenience for in-store contactless transactions as only the authorised user can make purchases. Plus, it eliminates the need for a spending cap.
In the coming months, keep an eye out for more banks rolling out biometric payment card solutions to meet growing consumer demand and embracing biometric technology as a means of offering greater security, and differentiating themselves from the competition.
The numbers indicate that this might be a good strategy: over half of consumers report they are willing to pay extra for a biometric payment card. In addition, 56% of issuers have also said
they could bundle biometric cards with other value-added services, creating new differentiation in the market and compelling propositions for current and potential cardholders.
Besides supporting customer acquisition and retention, biometric technology can help drive revenue by reducing fraud while increasing transaction volumes.
Several global players are championing efforts to meet this spike in demand for biometric security.
Infineon Technologies is collaborating with Fingerprints on the development of a plug-and-play turnkey solution for biometric payment smart cards.
Infineon’s goal is to make biometric smart card production as simple and easy as producing a standard dual interface payment card. In parallel, FEITIAN unveiled a new solution, using our technology, that enables biometric authentication to be executed entirely within Infineon’s newly approved secure element.
Tag Systems has also launched an advanced biometric payment card solution with us so that banks and fintech companies can offer their cardholders the enhanced convenience and security.
Together, Technical Equipment
Michel Roig, President of Payment & Access at Fingerprint Cards, takes a look at some of the trends, developments and players responsible for making 2022 a big year for biometrics and ensuring the foundations are in place for a transformative 2023
& Supplies Company (Tesco) and Fingerprints are supporting the adoption of contactless biometric payment cards in the Middle East and North Africa (MENA). Meanwhile, the launch of two more biometric payment card solutions in Morocco underscores the widespread demand for the adoption of biometric security solutions across MENA.
In Asia, the Beautiful Card Corporation (BCC), a leading card manufacturer based in Taiwan, is collaborating with us on the development and launch of cards with biometric authentication for payment transactions as well as for physical and logical access applications.
Consumers are increasingly relying on biometrics to authenticate payments, but traditional finance is not the only sector benefiting.
Cryptocurrencies represent a new frontier for biometric security applications as Decentralised Finance (DeFi) proliferates. Security is always a concern, but particularly for the high volume and value transactions made by the bulk of cryptocurrency users. Introducing biometric authentication to improve secure storage and access to cryptocurrency makes sense because it can provide an additional layer of security to cryptocurrency storage and authentication.
The proliferation of biometric solutions for access control has sparked innovative new solutions to support the design needs of this dynamic market. At the same time, the rise in remote work has created new challenges for biometric physical and logical access control solutions and enterprise cybersecurity teams have been forced to rethink access control while
confronting highly sophisticated threats. New biometric technology, such as sensor innovations, offer new levels of security functionality that support many different applications and use cases. Components with improved power consumption, smaller profiles, and interoperable designs are enabling the creation of new access control solutions, like Freevolt’s S-Key, that aim to bridge the gap between physical and logical access and provide a unified access security solution.
The Internet of Things (IoT) revolution means many people now lead increasingly connected lives, demanding a new level of functionality from common household items. The drawback to connected living is the need for users to constantly authenticate themselves when doing routine tasks. Today’s consumers need a seamless way to access and authenticate across a growing list of devices found in smart homes and buildings.
Biometrics can be the gateway to smarter living, replacing vulnerable physical keys, passwords and PINs and making people the keys to smart homes and buildings. Biometrics can help users to seamlessly enter their homes, manage smart alarm and entertainment systems, access personal preferences and set parental controls. In a single motion, users can secure valuables like bikes, suitcases and safes or restrict access to hazardous areas such as medicine cabinets and cleaning cupboards.
Nuki is one of the companies using biometric technology to make homes smarter. This European leader of smart access solutions has launched a new smart keypad that uses fingerprint sensors to ensure faster, more secure and convenient unlocking of smart doors.
Homes are not the only place getting smarter and more secure with biometric access control solutions. Modern, digital-first workplaces are integrating biometric technology into employee workflows in accordance with zero-trust security frameworks. For logical access, biometrics can be viewed as the first step in zero-trust strategies creating secure unified authentication for the hybrid work environment.
Passwordless authentication for access control provides hybrid workforces with additional, robust protection that a modern-day business requires. With the help of biometric technology, passwords will soon become a relic of the past. One example of this is SmartDisplayer’s FIDO2 biometric card, working to bring trust to a wide range of logical access applications.
Fingerprints is proud of the role it plays in driving innovation and moving the biometric technology industry forward. In 2022 we hit a number of key milestones, including achieving 500 registered global patents, ranging from sensors and hardware packaging technology to algorithms and biometric image processing; the T-Shape sensor module and software platform achieving compliance with Mastercard’s new Fingerprint Sensor Evaluation process; and shipping 1.5 billion sensors worldwide since 2014.
As biometric technology continues to be deployed across new applications and use cases, Fingerprints will remain at the forefront of research and development, ensuring that the highest level of innovation is possible across all verticals and sectors – enabling greater privacy, security, and stronger authentication for consumers around the world.
www.fingerprints.com
“Passwordless authentication for access control provides hybrid workforces with additional, robust protection that a modern-day business requires”
When maintenance work needs to occur in hazardous environments, Traka key cabinets and lockout solutions ensure that all areas are powered down and stay powered down until staff are safely out of the site. Traka’s innovative, intelligent key cabinets provide a fully automated process to ensure that all keys needed to reactivate or re-energise the equipment are secured during maintenance and cannot be accessed until all maintenance staff have signed off on the lockout.
Dramatically reduces the risk of injuries related to energising of hazardous energies during planned and unplanned maintenance.
Significant decrease in time-lapse during lockout creation.
Electromechanical interlocks, prevent removal of keys that unlock lockout padlocks when there are maintenance tasks being performed, keeping valuable maintenance staff safe during the execution of maintenance duty.
Augments current procedures regarding permits to work and their associated planned start and completion dates.
Maintain compliance with company and global policies and procedures.
Significant reduction in lost lockout padlocks and missing maintenance staff associated with lockouts,
The unique key retention padlocks are permanently attached to the patented Traka iFobs and kept in the Traka electronic key cabinets. The lockout process is divided into two sections:
Mechanical lockouts: the valve is locked in a closed position
Electrical lockouts: the isolator is locked in the OFF position.
Allows fast and effective “Hand over” of permitted lockouts to multiple shifts.
User interface with an easy to use Touch screen application that guides the users and hierarchy of the responsible role players in any lockout situation.
Simple and easy record keeping in compliance with procedures.
Easy search function for anybody to view active lockouts, permits and permitted users bound to any number of lockouts.
Whether your business wants to improve its lockout procedures or must meet the pressing demands of the Safety, Health and Environmental Department, our automated solution will minimise the risk of human error, increase efficiency and improve your overall operation.
High value applications for AI video analytics are emerging at an increasing rate, and are not limited to security alone,
writes Dennis Choi, General Manager, IDIS Middle East & Africa
Video analytics, powered by AI, have been transforming security operations with ever more reliable tools for detection and veri cation, automating many of the system monitoring and review functions that previously required manual input from security sta .
The trend towards increased reliability, power, and a ordability is continuing, with a growing range of add-on analytics tools making AI video easier and more a ordable to adopt.
Alongside this, we are seeing the emergence of applications beyond security. These new uses are adding further value to surveillance systems, and underscoring business cases for upgrades and new installations.
One sign that the video analytics market is really maturing is that end-users themselves are nding new applications and discovering new uses. From logistics and retail to banking, hospitality and critical infrastructure, the more AI video becomes embedded in operations, the more useful it is proving to be. The bene ts are potentially far reaching.
Wider and more ambitious deployment of AI video, targeting surveillance for novel purposes, involves security leaders in alliance-building across their organisations. Through these projects they are engaging with the priorities and pain-points of di erent departments that can potentially bene t from AI – for example, the customer service directors who want to reduce queuing and waiting times; the operations directors who want to speed up deliveries or optimise sta deployment; or the marketing directors who want a better understanding of customer movements around merchandising and special promotions.
This trend aligns with a more general drive to digitisation, a pattern that we are seeing across economies as organisations look to achieve e ciency gains by automating and adding AI-capabilities to systems from payroll to helplines, from delivery processing to marketing.
As this continues, it is bringing the bene ts of greater stakeholder engagement and advocacy, raising the pro le of security departments, and
unlocking bigger budgets. We are seeing increased focus on health and safety across many sectors. Intelligent video analytics tools such as line-cross detection linked to automated PA reminders, can provide an extra layer of protection in a wide range of settings. They are being used to enhance surveillance in locations where people are known to stray and where they are at greater risk, despite warning signs and other measures – leaning over safety barriers for example, standing close to rail platform edges, or crossing into restricted zones where heavy machinery operates.
The same automated detection capability can underpin more e ective and rapid intervention by sta , including security o cers, if people disregard warnings –and there are several reasons why they might, from complacency, and lack of due attention, a physical disability or mental vulnerability.
We see many applications for AI-video in sterile environments: in food processing, drug manufacturing, healthcare settings, laboratories, and research facilities. In these settings tools such as mask-wearing detection that proved their value widely during the pandemic, are now nding routine use helping to enforce hygiene protocols.
The region’s banking landscape has been shi ing up a gear, with both retail and corporate banks recognising the need to invest in digitisation and analytics, and to embrace the opportunities of ntech in order to remain competitive. Banks are also responding to wider changes, including the diversi cation of the region’s economies away from oil, and are looking for new opportunities, for example with extended personal loan portfolios putting more emphasis on mortgages and lending to SMEs; and with e ciency savings through a continuing reduction in the number of branches and exponential increased use of ATMs. Retail banks have been leading the way, and corporate banking is not far behind. Both are breaking new ground in their use of video analytics functions including queue management tools, heatmapping, and occupancy monitoring.
Similarly, they are using AI for car park management, with authorised lists for staff parking, and line-cross safety demarcation around non-parking zones and driver blind-spots, both improving safety. Analytics are enhancing protection against theft of and from vehicles; and they are enabling greater vigilance when pedestrians enter parking areas, for example allowing anti-social behaviour to be spotted more reliably. AI video has flexibility built-in, so the different risk profiles of branches in different locations can be accounted for. So, a line-cross event that triggers a priority alert at a remote or higher risk location, will only set off a routine notification at a lower risk site, or a city centre location where pedestrians are expected to be as a matter of routine.
In logistics settings, and manufacturing, companies face continuing pressures on supply chains, and there is much greater awareness of the need to design-in operational resilience. Digitisation, including video analytics, is one of the key enablers. And we are seeing new value being gained from existing surveillance infrastructure through affordable analytics upgrades and add-ons, as well as investment in completely new systems. Cameras that are already in place, for security and safety surveillance, are being enhanced with AI so that they can now do new jobs and deliver additional, high value benefits.
Examples include heatmapping being used to identify and monitor bottlenecks and cold spots, and to measure areas of activity against minute-by-minute process and production schedules. This is enabling both more efficient management of operations in-the-moment, and better planning longer term as processes and resourcing are refined.
Analytics are increasingly being trusted
with compliance monitoring, for example preventing fire risks from going unnoticed – fire extinguishers being removed, objects blocking exits or escape routes, or doors being propped open.
And object detection can spot when essential equipment is not in its correct place – an endless list of potential breaches that can reduce efficiency, or present safety risks. If the presence of something is critical, analytics can be used to monitor it – a fact that is increasingly understood, and is leading to new applications.
In warehouses and industrial settings where safety adherence is critical, some of the most useful recent advances in video analytics include tools for fall detection. These are helping to mitigate one of the biggest risks in these settings globally: slips, trips, and falls.
Finally, the retail sector across the Middle East is a significant growth area of AI deep learning tools. Retailers are keen to leverage greater value from their existing, surveillance investments, and
want to take advantage of the business intelligence that systems can deliver when upgraded with analytics functions –insights around customer behaviour, staff interactions, point of sale efficiency etc.
In Turkey for example, where we opened our new Ankara office last year, we are working with two major fashion brands to upgrade over 70 stores, adding in exactly this kind of retail analytics functionality. This is a significant potential growth market, with European and U.S. brands continuing to expand into the Middle East and diversify manufacturing and distribution operations away from China and Bangladesh to countries such as Turkey and Jordan, as they look to reduce supply chain risks.
The security sector is well placed to help these markets develop, with tools that reduce risks, that improve efficiency and that deliver valuable data to drive competitiveness. The icing on the cake is that very often, these tools come at little additional cost because they leverage new value from existing investments.
www.idisglobal.com
“Analytics are increasingly being trusted with compliance monitoring, for example preventing fire risks from going unnoticed”
Many of the world’s most iconic buildings choose Fastlane turnstiles to secure their people and assets. Our market-leading entrance control products include the very latest integrations with both facial and biometric recognition systems. The latest updates to our popular Glassgate 150 and 300 models now include increased lane widths and our Sidegate Detection® technology.
According to Callsign’s latest study, at least 30% of MEA respondents have experienced online fraud. Various governments and regulatory agencies have implemented anti-fraud legislation and enforced stiffer penalties for criminals. Numerous regional banking and financial institutions, such as the Central Bank of the UAE, place an emphasis on educating businesses and end-users on best practices and alerting the public to emerging fraudulent schemes. Many regional organisations have also adopted proactive fraud-prevention strategies.
While large banks and businesses can spend billions on security and put protocols and procedures in place to limit fraud, the general public is largely unaware of the risks lurking in the shadows. And the dangers are becoming increasingly complex and refined.
The Covid-19 pandemic compelled users to access services digitally to continue
living their daily lives, whether that was shopping, making payments or accessing services. This increased digitisation has resulted in more online transactions taking place than ever before, and securing the digital journeys has become more difficult. Fraudsters are always on the lookout for new opportunities, and the volume of online transactions during the pandemic delivered more opportunities for fraud.
Fraud hides in volume, and scammers always focus on the weakest point in the chain, which is often human behaviour. Scammers have progressed from simple phishing techniques (acquiring credentials) to make an unauthorised transaction themselves, to Authorised Push Payments (APP) fraud utilising more complex forms of social engineering convincing the consumers themselves to make a payment. Fraudsters are targeting this type of transfer more often because real-time payment (RTP) transactions are instantaneous and irreversible and,
because it’s the genuine user themselves making the payment, it can be hard to spot the fraud until it’s too late.
Current methods to combat APP scams involve educating customers to spot fraudulent behaviour, and also bombarding users with fraud warning messages, but the messages aren’t particularly effective.
Customer alert fatigue is one challenge with a blanket approach of fraud warning messages. Users are frequently overwhelmed with warning messages during their online journey, many delivered at login or moments when they aren’t under threat, causing them to ignore messages altogether. Callsign’s research has found that a quarter of people did not notice fraud warnings presented to them by banks and retailers, and 58% of those who did notice the fraud warnings did not change their actions as a result.
In today’s hyper digital world, fraudsters are constantly finding new ways to target consumers, so it’s more important than ever for businesses to protect their customers online, explains Saeed Ahmad, Managing Director, Middle East, and North Africa, Callsign
Psychologists have established ‘cold’ and ‘hot’ states of behaviour; in a ‘cold’ state, people aren’t under stress, but in a ‘hot’ state they are stressed, perhaps panicking and anxious, and this is when users are more susceptible to fraudsters because all the education and rational thought is overwhelmed with emotion. Fraudsters know this and employ social engineering techniques where they imitate a user’s bank or other services, suggesting that their accounts have been compromised and they need to move all their money (to a fraudster’s account).
Fraudsters cause panic and push people into a ‘hot’ state, at which point, any recollection about fraud warnings they saw in their calm ‘cool’ state are forgotten. And because the majority of fraud warning messages are static and pop up at the same time in the user journey, scammers anticipate and coach victims through them. As fraud has continued to evolve, so must the prevention strategies that organisations
deploy. To tackle APP fraud, dynamic fraud warning messages are required alongside continued customer education.
Turning off the autopilot Businesses require agile technologies that alert users at the exact moment of danger, jolting them back to their ‘cold’ state and their ability to recall the education about fraud that they have received. Like a warning sign on a vehicle’s dashboard, organisations need something to discourage people from thinking in autopilot mode.
Therefore, organisations require realtime solutions for APP fraud protection, such as dynamic fraud warnings and next-generation behavioural biometrics. Behavioural biometrics and machine learning can be used to detect if a user is acting on their own or if they may be under duress. One example could be that behavioural signals show a user is typing with one hand, this might signal that they are on the phone to a fraudster.
This is where contextual dynamic messages come in, and organisations can send relevant message at that moment in time ‘are you on the phone to your bank?’ or ‘are you expecting to make this payment today?’. These messages can cognitively jolt customers, prompting them to pause and return to their ‘cold’ state, allowing them time to consider who they are paying. Crucially, for genuine users performing recognised activity, these messages won’t be presented. Businesses can intervene if a user is at risk and can even stop a payment if they think the risk of fraud is high.
Scams like APP are a digital fraud problem requiring a digital solution. Static warning messages are no longer a robust fraud prevention method, and as scams continue to rapidly evolve, dynamic technology must be used to keep up. www.callsign.com
“Customer alert fatigue is one challenge with a blanket approach of fraud warning messages”
Cyber threats are increasing at a rate far greater than the industry is able to cope with. Despite this, C-suite executives still don’t take cybersecurity seriously enough while boards are not nearly as engaged in cybersecurity as they are in other areas of oversight, says
Patrick Evans, CEO of SLVA CyberSecurity
Cybersecurity breaches pose a major business risk and can no longer be viewed as a technology concern. Business leaders agree on this point according to Gartner’s 2022 Board of Directors Survey, which found 88% of respondents viewed cybersecurity as a business risk. However, only 13% of boards have responded by instituting cybersecurityspecific board committees overseen by a dedicated director. In some instances, it may be the case that directors are not always completely aware of their duties and liabilities concerning cybersecurity oversight. It is also the case that many industries have been slow to adopt a security-first approach to their operations.
In the same way that boards are tasked with ensuring appropriate financial governance and due diligence, cybersecurity is part and parcel of carrying out fiduciary responsibility to shareholders and managing business risk. Cyberattacks do not simply take down a website. They can completely shut down business processes and, worse still, hold a company’s entire IP or customer database to ransom.
According to the World Economic Forum’s (WEF) 2022 Global Cybersecurity Outlook report, the average cost to a business from a cybersecurity breach is around US$3.6 million. The same report also found that over and above the financial implications, a breach can affect the average share price of a hacked organisation up to six months after the event.
For years, cybersecurity professionals have understood that a sound cybersecurity strategy is simply good business strategy. Now, the cybersecurity gap between operating managers and C-suite executives may finally be closing. In March of 2022, the United States Security and Exchange Commission (SEC) proposed
a set of new rules that could significantly increase public companies’ reporting of both cybersecurity breaches and the steps executive management and boards have in place to mitigate cyber risk. The SEC’s proposals raise important considerations for businesses across the globe regarding management reporting, and even how boards should be structured and organised in the very near future.
At a minimum, in the aftermath of a breach top management should be able to address the following:
1 Are they confident that the incident is fully contained?
2 Do they know how attackers got in? What was exploited?
3 Do they have adequate controls (preventative and detective) to ensure it won’t happen again?
With the massive increase in the number of threats facing organisations and the uptick in ransomware, cyber risks need to be managed strategically. Research bears out the fact that it doesn’t pay to pay ransomware attackers. A 2022 survey of cybersecurity professionals across multiple sectors found organisations that paid ransomware were targeted again, sometimes less than a month later, for an even higher sum. This means C-suite executives and boards should focus their efforts on solid detection and prevention measures to contain attacks before data and critical systems are in serious jeopardy. Of course, it is impossible to eliminate risk entirely, but organisations can significantly decrease their chances of becoming repeat victims by executing the right strategies before an attack happens or remediating it right the first time before another one strikes.
It’s evident that people and organisations want to engage with businesses that are secure and that the pendulum of purchasing power will land in favour of businesses that take the ever-present threat of being compromised seriously. In a digitally connected world, organisations are now making sure companies are secure by design before signing the dotted line. The other side of the same coin is that businesses that are secure by design now have a built-in sales and marketing advantage that will win them contracts in new markets and the lion’s share of contracts in existing markets –placing cybersecurity firmly in the territory as a business enabler and well beyond the current, reluctant view of it being a necessary cost.
While regulation may force the hand of boards and executive directors, it would be unwise to wait for such an eventuality – especially when there are steps that can be taken today to ensure organisations become more effective, resilient, and forward-looking. The last straw for complacency in the form of a breach or attack is really only a matter of time.
The most crucial step for executivelevel management is to view cybersecurity as a strategic business enabler. This shift in approach can empower a business to achieve long-term sustainability and the confidence to pursue innovation and new areas of growth. With an understanding of the economic drivers and impact of cyber risk, executives can better and more carefully align cyber risk management with business needs. And, by incorporating cybersecurity expertise into board governance, businesses can ensure organisational design supports cybersecurity.
www.slva-cs.com
“With an understanding of the economic drivers and impact of cyber risk, executives can better and more carefully align cyber risk management with business needs”
In the developing world, people perceive digitalisation as a synonym for opportunities and possibilities. So, forward-thinking nations such as the UAE are receptive to disruptive technologies and innovations. However, the promise of digitalisation does not apply only to those who seek to put it to good use; the opportunities extend to bad actors and hackers.
The Emirates knows this only too well. Check Point research found that while the global average increase in cyberattacks was 50% in 2021, the UAE experienced a 71% increase in cyberattacks per week on corporate networks.
It is not hard to correlate the increase in cyberattacks with the pandemicinduced hurried digitalisation. Moreover, cyberattacks increased not only in volume
but also in sophistication. As corporates hurriedly and haphazardly formulated business continuity plans and migrated to multi-cloud environments, neglecting critical security considerations, they invited trouble. Today, the applications and data of many businesses are hosted in multiple data centres run by cloud providers with different cybersecurity standards. The multi-vendor digital environment means that technologies and security tools largely function exclusively without much interoperability. No single vendor is equipped with security controls that are all fool-proof, sophisticated, and interoperable with other solutions. The interoperability gaps translate to siloed security postures, playing right into the hands of hackers. And because hackers tend to move horizontally
across networks, working in tandem, they can capitalise on loopholes in a single access point. Therefore, businesses are increasingly witnessing a combination of attacks, such as phishing, DDoS, unauthorised access, etc.
An approach proposed by Gartner, cybersecurity mesh involves a foundational support layer that enables distinct security tools and technologies to work in unison. The integration of security tools on a scalable and dynamic cybersecurity mesh will enhance a business’ agility and readiness against breaches and attacks. Gartner believes by 2024, organisations adopting a cybersecurity mesh architecture (CSMA)
and integrating security tools to create a collaborative ecosystem will reduce the financial impact of individual cyberattack incidents by 90% on average.
Such possibilities have profound implications for UAE companies, which, according to Cybereason, have paid a hefty price following ransomware attacks. About 84% of the UAE companies that faced such attacks paid the ransom — about 20% higher than the global average. Among the companies that paid, about 90% of them experienced a second ransomware attack, while 59% found their data maligned. The recurrence underscores fundamental issues in the security postures — such as silos — requiring more than stop-gap solutions: A consolidated approach.
“Periodically, SecOps teams must be upskilled and trained to ensure that the cybersecurity mesh remains future-ready at any given time”
The core essence of CSMA is the consolidated approach. It is achieved through holistic policies and posture management. A cybersecurity mesh can effectively relay a central policy to individual security tools through native configuration translations. The entire posture can be centralised and viewed, enabling SecOps teams to take proactive actions in the event of an anomaly or alert. Consolidated dashboards also enable round-the-clock, single-window monitoring, increasing a business’ ability to respond to security events in real-time.
CSMA also provides directory services, adaptive access, decentralised identity and entitlement management, and identity proofing — capabilities that are conducive to a ‘never-trust-alwaysverify’ cybersecurity culture. In such architectures, SecOps can seamlessly add analytics and automation tools to orchestrate and automate responses to specific events. Analytics tools consolidate security data and provide insights that can be leveraged to identify future threats and formulate appropriate responses beforehand. Such proactiveness is a prerequisite to secure business operations in today’s hyperdigital world.
The technicalities aside, CSMA is nothing but a structural shift in how cybersecurity is perceived by digital businesses. So, developing a zero-trust attitude towards cybersecurity is among the first steps required to adopt CSMA. Though a seemingly tedious process of constant network validation and cynicism, a zerotrust approach is vital, as the stakes are high today. Fortunately, automated threat detection and analytics-led decisionmaking in a consolidated environment such as CSMA simplify the tasks.
Another key component of a cybersecurity mesh is well-trained SecOps professionals. As every business faces unique security challenges, the need for dedicated teams that can effectively reconcile organisational priorities with CSMA is paramount. When fostered early on, such teams can ensure that businesses can scale and expand seamlessly without fretting over interoperability or vendor gaps in security postures. Periodically, SecOps teams must be upskilled and trained to ensure that the cybersecurity mesh remains future-ready at any given time.
In the UAE, the Cybersecurity Council is constantly striving to thwart future attacks and build resilience and readiness. Among its options to achieve those objectives is mandatory reporting. In view
of such probabilities, the case for the adoption of CSMA is compelling. Through consolidated dashboards, CSMA can help businesses churn out accurate reports and comply with imminent regulatory requirements. Gartner believes that, by 2026, about 30% of large organisations will publicly share environmental, social and governance (ESG) goals focused on cybersecurity — up from less than 2% in 2021. It is safe to say that the cybersecurity imperative is not lost on those businesses geared towards reporting and compliance. They stand to differentiate themselves and create more value because of fool-proof cybersecurity measures in place. www.mastcgroup.com
“In the UAE, the Cybersecurity Council is constantly striving to thwart future attacks and build resilience and readiness”
Saudi Arabia’s Vision 2030 is arguably one of the most ambitious and innovative long-term transformational projects ever undertaken by a country; launched in 2016, the Saudi Arabian government’s plan is to invest vast sums of wealth to diversify its economy. By expanding and developing a portfolio of sectors, and creating entirely new industries and services, the goal is to diversify away from oil and gas and unlock the Kingdom’s potential. It has been eight years since the launch of the project and tremendous progress has been made, with smart cities like Neom, Red Sea Global and Al Ula creating new jobs, investment opportunities and value to citizens and beyond. The next seven years will be exciting – digitally progressive and technologically advanced. As the nation transforms, the risk landscape changes –none more so than the cyber threats that will target new infrastructure, immature sectors and citizens alike.
One of the tremendous opportunities that Saudi Vision 2030 presents is that many new projects, including the GIGA projects, do not have to navigate the challenge of overcoming or integrating old, legacy systems with the new; this is one of the main issues developed nations like the USA, UK, France and Germany have to deal with – from weaving old systems with dated code into emerging technical infrastructure, to designing new architecture that doesn’t break or
overwhelm technology, Saudi Vision 2030 can focus on developing solutions that are progressive, powerful, scalable and secure. Essentially the GIGA projects and beyond are full of opportunity and less historical challenges to overcome.
The opportunity to develop a rich and meaningful set of progressive governance, risk and compliance solutions to secure the enterprise against a range of threats should be leveraged and nurtured – senior management leading these projects have a unique chance to build security solutions into technical and physical infrastructure from the start – something that western leaders can only dream of.
With that said, this greenfield site presents a variety of challenges that organisations will have to overcome quickly. As the GIGA projects digitise and expand, and new sectors receive billions in investment, cyber criminals and nation states alike will turn their attention to disrupting systems, performing espionage, stealing intellectual property, or conducting ransomware attacks. Essentially, GIGA projects, and beyond become the new target. Why? Because Saudi Arabia is cash-rich, will likely experience ‘growing pains’ associated with digital transformation, and will have a number of vulnerabilities that attackers will aim to compromise or exploit.
One such challenge will be threats across the supply chain. Integrating
a range of international companies’ infrastructure together in a homogenous environment is a challenge for organisations globally, but when you are essentially weaving systems together for the first time, whilst maintaining a holistic perspective of the threats associated with suppliers, the level of risk will grow.
Organisations must use this unique opportunity to develop a robust vendor risk management system, building security requirements into contracts from the start and not doing business with organisations that may not fit into the risk appetite of the business. Western nations are struggling significantly with this challenge, having to readdress old contracts, finding it difficult to continuously monitor suppliers over time, and providing a risk-based perspective to senior management.
The next challenge will be to identify and maintain a strong security workforce. It is no secret that the cybersecurity industry is struggling to fill jobs associated with cyber risk management, technical security, and beyond. From CISOs, to risk managers, to incident response analysts and security architects, the workforce gap is widening and could potentially pose a short and even long-term dilemma for organisations across Saudi Arabia. Organisations must make their pay packages and opportunities attractive for individuals in the cybersecurity industry, with ample training and development. This is key to attract and secure top talent.
One additional challenge that is becoming evidently clear as organisations in Saudi Arabia mature is aligning their information security management systems (ISMS), and wider governance approaches with international standards. Many Saudi companies, like western nations, see certi cations and aligning with standards as a unique selling point –something to base their cybersecurity on, and an attraction for suppliers and clients to do business. However, identifying the right standard to leverage is a challenge. ISO typically lends itself to European companies, whereas NIST lends itself to North American companies. A strong, global alternative is the Standard of Good Practice for Information Security, which has comprehensive, holistic coverage of all requirements across international standards such as NIST, ISO, PCI-DSS, CSA, CIS, etc. Many Saudi Arabian companies are choosing to leverage this standard to build their ISMS instead of individual standards, meaning they can
demonstrate compliance to all standards rather than just one.
Saudi Arabia desires to be a beacon for the Arab world and beyond – a bold and audacious nation that hits and exceeds all expectations, using its vast wealth to push humanity forwards in its pursuit of excellence. Technologically innovative; full of opportunity to become a world leader in business, sustainability, tourism, hospitality, healthcare and domestic quality of life. This unique opportunity presents a variety of rare opportunities to avoid historical challenges faced by western nations – but as the nation itself innovates, develops and matures, the threat landscape will diversify, rapidly scale and could potentially overwhelm.
About the author
Dan Norman is the Regional Director, EMEA for the ISF. The ISF is a leading authority on cyber, information security and risk management. Its members comprise some of the world’s leading organisations featured on the Fortune 500 and Forbes 2000 lists. For more information visit www.securityforum.org
www.securitymiddleeastconference.com
The ISF’s Daniel Norman is the chair of the Security Middle East Conference, and will be pulling together the various strands we’ll be covering over the course of the day. He is also moderating the Cybersecurity Panel Discussion: Resiliency in the age of digitisation, where speakers Ibrahim Al-Asaker, Saudi Chapter Lead – Cloud Security Alliance; Dr. Faisal Abdulaziz
Alfouzan, Assistant Professor in Cybersecurity & Networks; Khalid Saad Al Medbel, General Director Information Security – Ministry of Health; and James Connolly, Middle East Director – Darktrace will be engaging in discussions on the region’s resiliency to digitisation.
“Saudi Arabia desires to be a beacon for the Arab world and beyond – a bold and audacious nation that hits and exceeds all expectations”
Coming from a military background, in 2009 I joined KAUST as a Security Supervisor. Despite the bene ts my military experience brought, the military philosophy prevailed in my behaviour and logic, and I found myself sometimes moving against the grain. I believed that protecting assets was the ultimate goal. However, I realised that this narrow view did not serve the organisation well, especially when security practices needlessly hamper its operations.
I was fortunate to work with a number of security experts who helped me develop a new view of the security primary mission. Becoming a member of several professional organisations, and attaining professional certi cations have helped me grow professionally, allowing me to progress through the KAUST Security Department. I realised that security should be a business enabler not hindrance, and that the primary role of security is to serve the organisation to achieve its vision and goals. By wearing both security expert hat, and business leader hat, a security expert is able to set the right balance and achieve security objectives within the context of the organisation’s strategic goals.
Globalisation, convergence, advanced technology, ever-changing threats, and growing regulatory requirements have made businesses that operate locally and internationally tackle a wide range of physical, digital, operational, supply chain, and compliance risks. Businesses o en have several separate functions such as physical security, cybersecurity,
risk management, business continuity operating in silos, though they all aim to protect the business from all kinds of risks and ensure continuity of operations during interruptions. This is one of the big challenges facing security professionals and businesses alike. Structuring security and risk functions separately leads to confusion, wasted resources, and duplicated work streams. Perhaps the most e ective approach is to establish a converged security program that brings all of these functions under a single security executive such as a CSO. Bringing leaders of these multidisciplinary functions under the CSO helps to establish a holistic approach to manage risks, reduce cost, improve decision making, enhance intelligence sharing, and optimise use of resources.
In 2011 I met a number of CPP-certi ed security experts who told me about it, and the certi cations it o ers. Immediately, I did my research about it and I was amazed at the strong reputation it has and what its certi cations o er security practitioners in terms of exclusivity, recognition, growth and branding. I made ASIS International Certi cations my main goal to obtain a er ful lling their requirements. Eight years later, I earned the Triple Crown (CPP, PCI, and PSP). In 2021, ASIS Professional Certi cation Board recognised me for my signi cant contributions to the enhancement and advancement of its certi cations. ASIS certi cations have given me recognition, credibility, competitive advantage, and career and income enhancements. I consider ASIS International as my indispensable empowerment entity because
of the many bene ts it o ers in terms of networking, security standards, intelligence and trends in threats, educational courses, the latest security technology, and conferences and exhibitions.
Technology is evolving rapidly and will have a major impact on the security landscape in the years to come. We will see more physical security systems that are faster, more e cient, more agile, and smarter. For example, many manufacturers already use some form of arti cial intelligence (AI), machine learning (ML) and deep learning (DL) in many security systems, including video surveillance, access control, drones, robots, and biometrics and facial recognition. These technologies help to intelligently correlate data, and independently and automatically draw conclusions and predict potential risks. Hence, AI, ML, and DL technologies are the future, and they will revolutionise the physical security landscape in the coming years, enabling proactive and e ective security responses to security threats.
Meshal Aljohani is on the Advisory Board for the Security Middle East ConferenceAs technology advances, physical security systems are becoming increasingly important due to the rising threats, technological advancement, regulatory compliance, and the need for remote monitoring, says SPA member, Arif Almalik, Chief Digital Products Officer, Moro Hub
The protection of personnel, hardware, so ware, networks and data from physical actions and events that could cause serious loss or damage to an organisation, is a vital part of an organisation’s security. And so companies deploy a wide range of tactics to protect them, including access cameras, video surveillance, burglar alarms, re alarms, and others.
The data or information derived from these key components in the form of log les, video footage, sensor readings, and other forms of structured and unstructured data is called physical security system data. These physical security elements not only generate information on illicit attacks, but also help protect and prevent security delusions.
According to Rational Stat’s analysis, the Middle East & North Africa (MENA) physical security market is expected to reach US$3 billion by 2028, growing at a CAGR of around 7% from 2022 to 2028. Another survey showed that two-thirds (69%) of enterprises described physical security and related data as “mission-critical”. Larger organisations are increasingly seeing value in the data gathered by their physical security systems with over 46% saying they use their security systems to “improve overall business e ciency, productivity and asset optimisation”.
There are several reasons why utilising
physical security systems data can be bene cial such as:
■ Improved security: physical security data can help identify vulnerabilities in security systems which will help in preventing breaches and unauthorised access.
■ Incident investigation: physical security systems data can provide valuable information on how the incident happened, when it happened, and who was involved.
■ Compliance: physical security systems data can help ensure compliance within these physical security requirements and proper security measures are in place.
■ Risk management: by analysing the physical security systems data organisations can identify areas of risk and take proactive measures to mitigate those risks before they become security incidents.
To build e ective use cases for physical security systems data, organisations need to follow a structured approach that involves the following steps:
■ Identify key business objectives that the organisation wants to achieve.
■ Evaluate the data generated by physical security systems to determine what information is relevant to the
business objectives.
■ Analyse the data once it has been identi ed. It is important to analyse and identify patterns, trends, and insights that can be leveraged to achieve business objectives.
■ Develop use cases that are based on the insights gained from the data analysed.
■ The nal step is to implement the use cases and monitor their e ectiveness.
An integrated physical security platform o ers a range of bene ts that can help organisations improve their security, increase e ciency and save money. With the ability to integrate multiple security systems into a single platform and utilise physical security systems data, organisations can have a comprehensive view of their security landscape, respond to incidents quickly, reduce risks, ensure compliance, and manage security operations more e ectively.
Find out more about SPA at the website: www.sira.gov.ae
APRIL MAY
16-18 May
Please check the event websites for the most upto-date details as dates can change all the time.
JULY
IFSEC International London, UK
ifsecglobal.com
25-27 April
7-9 May
JUNE
The Security Event NEC Birmingham, UK
thesecurityevent.co.uk
26-28 April
Secutech 4F, Taipei Nangang Exhibition Center, Hall 1, Taiwan
secutech.tw. messefrankfurt.com
SEDEC Congresium, Ankara, Turkey sedecturkey.com/en
9 May
Security Middle East Conference securitymiddleeast conference.com
9-11 May
Securex West Africa Landmark Centre, Lagos, Nigeria
securexwestafrica.com
9-12 May
IDEF’23
TÜYAP Fair Convention and Congress Center, Istanbul, Turkey idef.com.tr
10-12 May
Future Urbanism
Smart City Summit & Expo
Dubai World Trade Centre, Dubai, UAE
futureurbanism.ae
OCTOBER
19-21 July
Secutech Vietnam
Friendship Cultural Palace, Hanoi, Vietnam
secutechvietnam.tw. messefrankfurt.com
6-8 June
Securex South Africa Gallagher Convention Centre, Johannesburg, South Africa
securex.co.za
AUGUST
3-5 October
Intersec Saudi Arabia
Riyadh International Convention and Exhibition Center (RICEC), Riyadh, Saudi Arabia intersec-ksa.ae. messefrankfurt.com
9-10 October
7th edition OFSEC
Oman Convention & Exhibition Centre, Muscat, Oman ofsecevent.com
15-17 August
CyberDSA 2023
Kuala Lumpur Convention Centre, Malaysia
cyberdsa.com
