Education plays a crucial role in the fight against cybercrime, a growing concern especially at a time when the internet has become a breeding ground for hackers consistently prowling for victims, says the founder of Black Hat Briefings, an international IT security conference.
Speaking to Alrroya.com in line with the Black Hat Abu Dhabi 2010 briefings this week, Jeff Moss said there is a consistent need for IT professionals, both in the public and private sector, to understand and combat the threats lurking on cyberspace.
“If technical professionals do not know of the real risks then it is difficult to create a realistic threat model. Information security is essentially risk management, and if you do not understand the risks then decision makers are bound to make mistakes,” he said.
The
Black Hat Abu Dhabi 2010 Briefings (from the tech slang “black hat”, which means a computer hacker) originated in the United States in the late 1990s and has since conducted trainings for IT security professionals in Europe and Asia. Black Hat’s debut in the Middle East, through a four-day conference in the UAE capital, reflects the growing importance the region outs on information technology and cyber security.
According to a report by IDC – a market research firm that specialises in IT, telecom and consumer technology markets – IT spending in the Middle East and North Africa will jump by 12 per cent in 2010, considerably higher than the three per cent global average.
IT security spending in the region, meanwhile, is estimated to reach a significant $271 million (Dh994.6m) this year, reports Gartner, an IT research and advisory company.
IT security trends in the GCC
While concerns over web applications and browser security are some of the issues that companies worldwide are attempting to resolve, the proliferation of botnets and client-side malware is a trend that has become prevalent in the Gulf region, says Moss.
Quoting a recent Microsoft Security Intelligence report, the Black Hat founder said Saudi Arabia ranks 22nd out of the top 25 countries with the most botnet infections. Likewise, the region’s expanding mobile device market is starting to catch the attention of mobile security violators.
“Mobile security is hard for users because some phones come pre-loaded with software that cannot be removed and may contain security vulnerabilities. It is also hard for users to proactively protect themselves because much of the security mechanisms are outside [their] control. When your infrastructure is developed around cellular technology securing those systems requires attention from the phone companies and the national leaders,” Moss explained.
A former hacker himself, Moss added that all countries (even China with its “Great Firewall”) are vulnerable to “black hat” attacks, especially those they do not understand or know exists.
“This is why knowledge is so important. [Cyber] criminals spend a lot of time searching for vulnerabilities that will help them steal money and information. And they treat it as a business, complete with budgets, staff and specialisation. To defend against such adversaries requires training, experience, the right tools, and the right information,” he said.
Black Hat Briefings in the UAE
The international IT security conference will make its initial presentation in Abu Dhabi’s Emirates Palace from November 8 to 10, the first two days of the event will consist of intensive technical training courses and the last two will feature briefings from leading experts in the security industry.
Moss said the convention hopes to encourage regional IT professionals to enhance their skills, explore new areas to further their education, invent new technology or product, or make better informed risk decisions.
“Black hat is a sort of crystal ball that lets you see six months into the future. If security researchers are talking about something today, chances are it is going to be important in the near future and a head start in dealing with the issue can be very valuable to some organisations,” he said.
Your comments