RSA Conference goes to the Middle East for the first time with RSA Conference 2015 Abu Dhabi. Shafik Ur Rehman, cyber-lead technologist at Booz Allen Hamilton, provided the following report. 

This morning, when I was getting ready for the RSA Conference 2015, I was thinking less of the Conference but more about few pending tasks at office and how I could complete them during the day at the conference. With these thoughts, I took my business laptop and left for the conference expecting a typical vendor-centric cybersecurity conference.

It would be unjust not to appreciate RSA Conference on choosing Emirates Palace, one of the best places in Abu Dhabi for the conference. Thumbs up RSA Conference. The sign-in process at reception was very well organized and with no time I was waiting in an auditorium for the keynotes to start.

Saif Al Nuaimi, Chief of Regulatory and Strategic Affairs of the UAE NESA (National Electronic Security Authority) started the session by sharing NESA’s mandate and how they are establishing a cyber secure environment that will supports the development of UAE. He took the audience on an interesting journey in early times of UAE and how they have achieved tremendous growth in short period of time and now UAE is global transportation hub both in air and sea, global financial hub, and its leaders are using instant messaging technology to communicate important decisions and announcements to nationals and residents.

Al Nuaimi recognized the importance of information technology behind these achievements and mentioned that reliance on information technology comes with its own risks which can be exploited by attackers and no one is immune to those attacks. He emphasized on the idea that information security is joint responsibility and everyone needs to build information security resilience into their processes and systems. I fully support his idea of information security as a joint responsibility and I believe this is the only way forward to a secure future.

By the end of Al Nuaimi’s session, it was very clear that this was not going to be a typical vendor-driven conference and I was excited and looking forward to next keynote.

“Information security industry is at its core fundamentally broken” was the first strong message given by President of RSA, Amit Yoran, in his session. He explained that industry is trying to protect from the known (i.e. signatures) whereas current landscape is “unknown”. He was absolutely right in mentioning that technologies such as firewall, IDS, Antivirus that have protected organizations for decades are no more effective against todays advance threat actors.  I think, his claim is supported by the fact that the majority of the breaches happened in the last few years, where in the organizations which were already using advance protections but yet they fell victim to attacks.

“All the vendor claims in the world, can’t keep you from becoming victim to significant breach” was second important message by Yoran. He gave example of SIEM tools which detected less than one percent of the advanced threats but still organizations are buying them.

As a way forward, Yoran emphasized proactive approach to information security by not believing blindly in advance protection tools, gaining visibility on the environment, monitor actions of the trusted user accounts, and by knowing what matters in your environment. His concluded his speech with a thought provoking message that Information security is not a technology problem but a mindset problem.

Yoran and Al Nuaimi both shared great insights on information security. For my point of view, if organizations adopt the culture of shared information security responsibly and start considering Information security as a non IT issues, perhaps most of the information security issues will vanish immediately.

With this wonder start, I am excited and looking forward to the rest of the day and tomorrow and of course without my business laptop.