Click on the @Hack website and you might think you’ve stumbled into the domain of a heavy metal band. Beyond the ragged, blood-red graphics, though, is a deadly serious intent. “We can all agree that our future is digital,” says Mohamad Hashem, head of enterprise for Saudi Arabia at the cybersecurity juggernaut Kaspersky, one of the key participants at the event. “The equation here is easy: the more digital we become, the more we’re exposed to online threats.”
Co-organised by the Saudi Federation of Cybersecurity, Programming, and Drones (SAFCSP), @Hack will run from November 28-30 in Riyadh, weaving another strand into Saudi Arabia’s cybersecurity blanket, a sweeping programme that accounts for a significant portion of the $27.2 billion (£19.8bn) Saudi Arabia allocated in 2020 for security and regional administration. The effort’s governing body, the National Cybersecurity Authority, is seen as a vital factor in not only protecting the country’s booming tech industry, but in achieving the economic ambitions outlined in the kingdom’s Vision 2030 reform plan.
“As everything moves online, everything becomes interconnected, so businesses cannot afford to operate without this sort of protection,” says Andrew Morfill, the chief information security officer at digital asset custodian Komainu. “It effects every part of society, from national critical infrastructure to transportation to day-to-day interactions with individual customers. We don’t have the option not to protect businesses from the technological security perspective.”
Accordingly, @Hack has been launched in association with Black Hat – the world’s top hacking-training event – and is set to be the largest cybersecurity event in the region at its launch. Speakers, too, have impressive credentials and include former US marine Bryan Seely, the only person to wiretap the US Security Service and FBI; security guru Bruce Schneier; Avast chief information security officer Jaya Baloo; plus a roster of security executives from Netflix, Amazon, Halliburton, Kraft Heinz and many more.
For Morfill – who will be leading a workshop on the strategies, functions and potential pitfalls of threat intelligence – the presence of so many luminaries under one roof is reason enough to attend @Hack. “People are made to interact,” he says. “There is efficiency in remote communication, but it cannot compete with face-to-face discourse. Personal interaction is the best way to share ideas, to create trust, and generate interest.”
As the conference’s website suggests, though, @Hack promises to provide style as well as substance. Alongside presentations and workshops on offensive security, penetration testing, mobile application security, cryptography and data security, there will be interactive hacking demonstrations, allowing visitors to learn the “tricks and trends” of the trade. Attendees will also get the opportunity to mingle with hackers, receive hands-on training and even sign up for a Capture the Flag hacking tournament (with winners gaining both bragging rights and cash prizes).
“The type of people attracted to this industry are perceived to be nonconformist, people who live outside the mainstream,” says Morfill, referring to the event’s edgier activities. “You do need nonconformists at the conceptual level, people who are disruptive and think outside the box. But it’s also about good policy, running a tight business. If you don’t have a strong foundation, you’re not going to have an effective response.”
Naturally, the conference has this side covered, too. For more business-minded attendees, @Hack will host 250-plus cybersecurity brands, ranging from global players to breakthrough startups, all of them brimming with bright ideas and business cards. Among the solutions being showcased by Kaspersky are technologies that further the company’s aim to provide what Hashem calls “continuous threat hunting” – or, in more prosaic terms, advanced detection and rapid response. “Our threat intelligence gives us unmatched visibility on the threat evolution and landscape,” he says. “This information is then factored into our products and services, making them well equipped to prevent the most sophisticated attacks.”
Such issues have taken on heightened significance since the onset of the pandemic, says Hashem, with attacks on remote networks and email scams on the rise (bogus home deliveries being at the top of the list). “In 2020, Saudi Arabia saw more than 22.5 million brute force attacks on remote desktop protocols,” he adds. “When Saudi Arabia announced restrictions in March 2020, the total number of brute force attacks against RDPs jumped to two million – an increase of 104 per cent from the previous month.”
As might be expected of someone in his position, Hashem sees threats at every turn. “We have identified more than 5,000 pandemic-related phishing websites so far,” he says. “We’re also seeing an increase in targeted ransomware attacks, which grew nearly eightfold from 2019 to 2020. This malware is used to extort money from high-profile targets, such as corporations, government agencies, and health-care organisations. A cyberattack on a clinic or hospital is literally a matter of life or death.”
Hashem is also concerned about attacks on industrial control systems, the Internet of Things and the growing scourge of advanced persistent threats (APTs). These “use continuous, clandestine, sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences,” he says. “Because of the level of effort needed to carry out such an attack, APTs are usually levelled at high-value targets, such as nation states and large corporations. Our global research and analysis team is currently investigating more than 12 APT groups targeting institutions in Saudi Arabia.”
As the Saudi government has made clear, it is intent on combining its own efforts with those from the private sector, including ethical hackers, who are able to match the cunning, agility and speed of those whose motives range from financial gain to political sabotage. Conferences such as @Hack are seen as a vital component in helping to stave off such attacks, particularly in a region that, as Morfill points out, has been “underrepresented” when it comes to such events in the past.
“The cybersecurity innovations coming out of the Middle East need to be represented,” he says. “But it also goes back to the interdependent nature of global business – geography isn’t a barrier to attackers, so it shouldn’t be to those involved in working against them.”
Register now athack.com
This article was originally published by WIRED UK
