Faisal Khan, Associate Director for Information Security and Compliance, Dubai World Trade Centre, discusses how organisations can stay ahead of the most significant cybersecurity challenges, ensure the security of their digital infrastructure during high-traffic periods and deal with the cybersecurity implications of AI.
What are the most significant cybersecurity challenges currently facing large organisations, particularly those hosting or managing large-scale digital infrastructures?
That’s a tricky question because the challenges we face are similar to those of any other large organisation, but the magnitude can vary depending on the organisation’s size and function. For instance, since we are involved in events and exhibitions, attracting people from all over the world, we need to tailor our cybersecurity controls to address those specific risks.
Like any other organisation, we are concerned about ransomware and phishing attacks. Phishing, in particular, is something that’s difficult to fully control, but having robust security awareness programmes in place helps mitigate the risk. Regular training ensures that our users are well-educated about recognising phishing attempts, suspicious emails, and other potential threats. Phishing is often the starting point for more severe attacks, such as man-in-the-middle attacks, where attackers can intercept communications, alter invoices and redirect funds to different accounts.
Ransomware is, of course, a major concern for everyone, including myself as the head of information security. Our focus is on maintaining a robust security environment with appropriate controls and measures. While I can’t promise 100% security, I strive to ensure that our defences are aligned with best practices to protect the personal and financial information we handle.
Remote work has also introduced additional risks, as it’s challenging to monitor what’s happening on the other side of a remote connection. People often use personal Internet connections, which can lead to data leakage. Fortunately, we have implemented robust controls that allow us to have eyes on glass, even when employees are working remotely.
In summary, the challenges we face are similar to those of other organisations, but we take them very seriously. We combine awareness, policies, procedures and defences against emerging threats to address the cybersecurity risks we encounter.
How can organisations ensure the security of their digital infrastructure during high-traffic periods or major events, and what protocols are essential for mitigating cyberthreats in real-time?
This question is particularly relevant to our environment, as we often experience high traffic during major events. To manage this, we employ a multi-layered security approach.
Firstly, we ensure scalability and redundancy, including geo-redundancy, to handle the high volume of traffic and to protect our reputation and brand. Our infrastructure must be highly available, not only in terms of the physical network but also in terms of the protocols we implement. We work closely with multiple telecom service providers in a load-balancing environment to maintain this availability.
Before each event, we conduct regular stress tests and security drills, drawing on the experiences from previous years. We review the lessons learned and make continuous improvements to our security landscape. This is an evolving process; while we may not be able to make sweeping changes, we can refine and enhance our approach based on past experiences.
In addition to these measures, we use essential technologies like encryption and regularly update security patches. These are fundamental components of our core infrastructure, crucial for ensuring high availability and mitigating cyberthreats during peak periods.
With the increasing use of IoT devices in various industries, how should organisations address the cybersecurity risks associated with these technologies?
This is a million-dollar question, and I’ll tell you why. Often, organisations focus heavily on securing their core infrastructure services while neglecting IoT and OT (Operational Technology) devices, even though they are just as critical.
To effectively address the risks associated with IoT and OT, organisations need a comprehensive approach. One key strategy is network segmentation. It’s crucial to ensure that IoT and OT devices operate in separate network segments. This way, if there’s an issue with these devices, it won’t affect the broader infrastructure or ongoing operations.
We also need to ensure that these devices are regularly patched and that strong authentication measures are in place. Regular risk assessments should be conducted, similar to those performed for core infrastructure services. We even carry out stress tests during off-peak periods when we’re not in the event cycle. This allows us to thoroughly assess and address any vulnerabilities in our IoT environment, ensuring that these segments do not negatively impact the overall network.
In a nutshell, proactively managing these potential risks is essential to maintaining a secure and resilient environment.
What strategies can organisations adopt to effectively collaborate with government agencies and private sector partners to enhance their cybersecurity posture?
We are required to adhere to the regulations set by the UAE information Security Regulation for governance and compliance information security. As part of these regulations, it’s essential for us to collaborate effectively with the regulatory authority and other entities, including those present at our events, particularly government bodies.
This collaboration is crucial for strengthening our cybersecurity posture. The partnerships we build, both during and outside of events, enable us to share intelligence, which significantly enhances our overall security environment. For example, recent incidents like ransomware attacks and adversaries targeting specific events have underscored the importance of these partnerships. By working closely with Service Providers and the Regulatory Authority, we can leverage shared intelligence platforms to better protect our infrastructure.
Real-time insights into emerging threats are vital, and maintaining open communication with all stakeholders, including regulatory authorities, is essential. While we may not achieve 100% security, this approach ensures a robust and effective collaboration that significantly bolsters our defences.
How can organisations stay ahead of emerging cybersecurity threats, and what role do advanced technologies like AI play in modern defence strategies?
AI is a buzz word right now, and everyone is concerned about the implications of AI in the cybersecurity space. The reality is that to counter AI-driven threats, we need to employ AI-enabled defensive tools that can manage and adapt our defence strategies using AI models.
With AI technology evolving so rapidly, it’s a challenge to keep up and protect your environment comprehensively. It’s not just about the speed at which AI is advancing but also about the simplicity with which adversaries can use AI to launch attacks. The emergence of AI-based tools, including services like ChatGPT, Co-Pilot and others, has made it easier for adversaries to generate malicious code or orchestrate attacks.
Given the rise of AI-as-a-Service, organisations are in a more complex situation than ever before. It’s essential to take the role of AI in cybersecurity seriously. We must stay ahead by identifying patterns and anomalies that could signal potential threats. Although this is a complex task, we approach it with determination.
Moreover, collaboration remains crucial in building a safer community. Sharing information with regulatory authorities, telecom service providers, and other stakeholders is key to enhancing our collective security, both during events and in our day-to-day operations.
What are the key trends shaping the future of cybersecurity across industries, and how should organisations prepare for these developments?
With the advent of AI, the cybersecurity landscape is evolving rapidly, and organisations must enhance their security postures accordingly. One of the significant concerns is data privacy, particularly for organisations like ours that host large-scale events with international attendees. We must adhere to local data protection laws, such as the EU’s GDPR, and this is becoming increasingly critical.
AI and Zero Trust are two key trends that are currently reshaping the industry. However, Zero Trust presents a unique challenge. While it’s essential for security, implementing a Zero Trust architecture can be complex and, if not handled carefully, it might hinder business productivity. This is why it’s crucial to assess organisational needs and strike a balance between robust security and operational efficiency.
Meeting regulatory requirements is vital, but we also need to ensure that our security measures don’t negatively impact our business operations. For instance, our organisation is highly dynamic, involving frequent communication and collaboration with stakeholders, partners and exhibitors. We share critical information for tasks like stand creation, billing and sales, which necessitates a balanced approach to security.
In a nutshell, while we strive to protect our systems as much as possible, we must avoid over-restricting our operations. It’s about finding the right balance between mitigating risks and maintaining business agility. This balance is key to ensuring that we can both protect our data and continue to function effectively as an organisation.