Speaker:
Dr. Reem AIShammari, CISO, Kuwait Oil Company and Co-founder, Women in Cyber Security Middle East (WiCSME)

COVID-19 has resulted in increased digitization across sectors, with the enterprise cybersecurity leaders suddenly finding themselves tasked with securing a new hybrid workforce and defending their largest-ever attack surface. The trend has led to data proliferation, and organizations struggle to handle the sheer volume of data in this new regime. What are the threats to watch and technologies to embrace during the pandemic and beyond, particularly when the abundance of valuable information has captured subversive elements' attention? At the same time, cybercriminals have breached networks and compromised millions of records, not only causing revenue losses but impacting brand reputation

The new information security model is open and fuzzy because the systems that we want to protect also must be open to the outside world. So we need a new security model and new cyber defenses that can help enterprises get "future-ready" to fight the "unknown, unknown" threats the remote workplace has ushered in.

This exclusive keynote session describes:

• Changing threat landscape and lessons from the pandemic;
• Key priorities for 2021 - identity, cloud, data protection, and regulations;
• A collaborative approach to building skills and techniques to achieve "future-proof" enterprise security.

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

The need for enhanced business agility and secure remote access to support digital transformation has led to the adoption of the security access service edge, or SASE, model among enterprises.

Did you know that SASE helps bind the user's identity to the data context, the location, and the types of devices used to access the data to establish user authentication? Some say, CISOs now don't have to procure individual discrete security solutions and tie it into the network security layer; instead, they can source from one logical place using the SASE security model The adoption primarily is fuelled by the fact that SASE converges network capabilities and security functions by uniting "zero trust," SD-WAN, data loss prevention, cloud access security brokers, and more into a cohesive platform.

• Factors security teams need to evaluate when considering SASE adoption;
• Why SASE is the next evolution for network security;
• Why identity is paramount in the SASE model.

Speaker:
Keyur Shah, Senior Sales Engineer, Sophos

The challenges facing enterprises now are creating secure zones in data centers and cloud deployments, which allow companies to separate workloads and secure them individually while providing secure user access to the remote workforce.

Another task on hand for organizations is to advance the pace of innovation and embrace the latest security methodologies, as the business demands grow. How can you meet the business objectives by aligning your security strategy with a 'zero trust' model and how important the element of micro-segmentation is to provide secure access.

The session discusses:

• How organizations can take a 'zero trust' approach;
• How can 'zero trust' create process-level visibility?
• How has micro-segmentation helped in the COVID-19 environment?

Speaker:
Dr. Erdal Ozkaya, Regional CISO, Managing Director, Standard Chartered Bank

The biggest challenge for practitioners today is to enable greater flexibility for a remote workforce while being fully compliant and secure. The 'Zero Trust' model can play a critical role, but implementing it is a daunting task, and there's no "one size fits all" approach to making the transition to a 'Zero Trust' architecture. This session provides a practical approach to adopting 'zero trust', outlining the strategy, the possibilities for leveraging existing investments, and the need for new investments.

The session discusses:

• Improved privileged access management using 'Zero Trust';
• Limiting exposure of sensitive data in light of the remote workforce and targeted attacks and new cybercrime scams;
• Essential steps for implementing 'Zero Trust' and stakeholder engagement.

Speaker:
Sagar Sethi, SVP & Head of Identity Governance and BCM-Group Security, First Abu Dhabi Bank

COVID-19 poses various data privacy challenges in the Middle East, for instance, regarding cost-related issues of ensuring the protection of the personal data and the hiring privacy professionals during the economic crisis. In its new data protection law, the government emphasizes enterprises to embed privacy considerations into their business models, considering investing in security and privacy programs.

There is a need for enterprises to understand the country's specific requirements in which they are operating, with the enactment of data protection law in the region, whether there are established data protection laws and what standards of data protection should be applied.

The session discusses:

• Different aspects of data protection laws that impact businesses;
• Accountability for enterprises in hiring data protection officers;
• Data breach notification - challenges and implications.

Speaker:
Mustapha Huneyd, Director-Customer Security, Ericsson

Managing and securing identities while accessing systems remotely and in the distributed era is big for today's enterprises. The fully remote or hybrid workforce is ensuring the right access policies and entitlements for employees and customers. Organizations must ensure that the IAM strategy for remote workforce embraces contextual authentication for measuring user risk profiles and establish a multifactor authentication mechanism. Revisiting and redefining the IAM policies for the current environment, which is tightly integrated with the PAM strategy to establish secure communication between teams, is critical for enabling the users' right access.

This session addresses:

• How to apply a single sign-on strategy for better user access control;
• The importance of privacy to IAM;
• Improving identity governance and enhancing security posture with IAM.

Speaker:
Ziauddin Anees Ansari, Head of Cyber Security Defense Operations, in a Prominent Bank in UAE

COVID-19 has transformed the entire threat landscape as enterprises are exposed to various threats and unprecedented risks. Experts say the pandemic has led to a 238% surge in cyberattacks against the banks, with almost 86% of the data breaches being financially motivated. Phishing, botnets, and mobile malware are topmost on the radar of the enterprises' threats with the most significant impact on organizational security.

There is a need for enterprises to invest in cyber defense centers to challenge the status quo of organizational security infrastructure in fighting these threats.

The session discusses:

• Taking a holistic approach to building a cyber defense center to detect threats and anomalies;
• How to reduce the breach identification time by leveraging appropriate skills;
• Redefining the people, process, and technology components to build security resilience.

Speaker:
David Temoshok, Senior Policy Advisor - Applied Cybersecurity, NIST IT Laboratory

In this exclusive session, David Temoshok, Senior Policy Advisor at the National Institute of Standards and Technology, will outline the current status of online identity as an attack vector and identity theft, as well as NIST Guidelines for Digital Identity Management. Included in this talk:

• Multi-factor authentication - what it is, why we need it;
• Fast Identity Online (FIDO) Authenticators - strong authentication, easy to use;
• Biometric authenticators -- secure or vulnerable?

Speaker:
Jeff Greene, Director, National Cybersecurity Center of Excellence, NIST

The federal government has an entire agency dedicated to homeland security, but who is paying attention to the new, wide-open frontier - the home office? In this Q&A session, Jeff Greene of NIST talks about how to secure the work-from-home environment, including:

• How NIST approached remote deployment;
• Lessons learned about telework;
• How to secure virtual meetings.

Speaker:
Ahmad Mubarak, Sr Solutions Engineer, Shape Security (now part of F5)

While organizations and individuals continue to mobilize in an attempt to mitigate the global disruptions taking place around them, cybercriminals have wasted no time in exploiting the COVID-19 pandemic. Today, attackers and fraudsters call upon a sophisticated suite of tools, including human-powered click farms, social engineering, and malware - all designed to defeat traditional defenses such as WAFs & CAPTCHAs. This session will dive deeper into how organizations can keep pace with this precipitate shift and adjust their security postures accordingly, to more accurately reflect the realities of an ever-evolving threat landscape.

• Understand how organizations can keep pace with this precipitate shift and adjust their security postures accordingly;
• Navigate the automated application attack-roadmap from the commodification of Credential Stuffing and ATO schemes to some of the most cutting-edge examples of Manual Fraud capability;
• Evaluate how organizations can better protect their customers and brand without compromising user experience or collecting PII.

These cybersecurity threats are amplified by the ongoing pandemic in the Middle East region, increasing phishing attacks, targeted attacks, disruption, distortion, and deterioration. The emergence of technologies such as IoT, skill shortage, insider threats, and cloud movement has posed the most significant risks.

A panel of experts discuss:

• Risks posed by increased digitization and cloud disruption;
• Use of the right technologies and tools for enhanced security posture;
• Use of predictive analytics and active defense in detecting threats;
• Cybersecurity investments in 2021.