Cybersecurity experts warn ‘everything is vulnerable’ to hackers… including your ‘camels’ during day two of Black Hat MEA

As the world becomes increasingly reliant on Internet of Things (IoT) and digital services, so too must steps be taken to minimize the vulnerabilities that allow hackers to take advantage, visitors to day two of Black Hat MEA were told.
The world is rapidly shifting towards a digital future as everything from banking to health services, agriculture and vehicles become more reliant on the Cloud and other IoT services. This brings a variety of benefits including convenience, flexibility and ease of use. However, this also provides cybercriminals with far more vulnerabilities they can exploit to steal sensitive data, commit fraud and more.
The second day of Black Hat MEA took the attendance since the start of the event to 20,000 and saw experts highlight threats while providing solutions that can be implemented to protect organizations and individuals from harm.
Defending against cyber threats
Dr. Alissa ‘Dr Jay’ Abdullah, Deputy Chief Security Officer at Mastercard highlighted the key areas of risk during a session related to mitigating cyber risks, focusing on technology, tactics and talent. She mentioned, “Evolution is key, and we need to keep up with the pace of technology and evolve our infrastructure.” She also noted key tactics used by adversaries such as MFA (Multi-factor authentication) fatigue and the mimicking of user voice patterns, while highlighting the importance of upscaling talent, to build a more robust organization.
Caleb Sima, Chief Security Officer, Robinhood, hosted a session titled ‘Assume Breach’, with a key focus on a company’s crown jewels and how to protect them from hacking threats. “Crown jewels are anything that an attacker can take with them, including customer or employee data, tokens and keys or even systems to modify financial transactions without repercussions.” He highlighted that much like our physical health; safety hygiene is key for any company.
During a panel discussion focused on the global laws related to the regulation, collection, use, retention, and disposal of personal information, Zaki Abbas, Chief Information Security Officer, Brookfield Asset Management said: “While it’s not exciting, data regulations play an important part and helps security programs mature. 70 percent of the world has some sort of data security regulation or legislation implemented.” Vikas Yadav, Chief Security Officer, Nyka, continued: “On a global scale a unified framework for compliance and fundamentals of privacy is the key to data protection. However, it should be implemented with customer trust at the heart of it all.” The panel also included Flavio Aggio, and Jon Staniforth, the Chief Information Security Officers of World Health Organization (WHO) and Royal Mail respectively and was moderated by Jaya Baloo, Chief Information Security Officer, Avast.
Hacking ‘camels’
Taking a unique spin on things, Chris Roberts, Chief Information Security Officer, Boom Supersonic, showcased how connected livestock management and tracking platforms can be hijacked, referring to a previous experiment he had conducted. The session showed how data can be manipulated on platforms that use GPS trackers to show a completely different location, which in this case ‘relocated’ the camels from Riyadh’s deserts to snow-capped regions in Mongolia. “Our digital and physical worlds are colliding, and what you see isn’t always what you get. It is important to have a physical presence and not always depend on the digital,” said Roberts.
Eye-catching demonstrations
During the event, hacking experts showcased vulnerabilities in today’s connected environment where we are surrounded by connected devices including electric cars such as a Tesla. The demonstration showed that is possible to exploit system vulnerabilities where the car’s functions could be controlled remotely including lights, doors and even the on-board infotainment systems.
The three-day conference concludes on 17 November at the Riyadh Front Exhibition Center and features more than 250 exhibitors and over 200 speakers this year. It features international tech giants such as Cisco, IBM, Spire, Infoblox and others have a significant presence showcasing new technology and services.
The event was organized as part of a strategic partnership between Informa Markets, the largest events company in the world, and the Saudi Federation for Cybersecurity, Programming and Drones (SAFCSP) to highlights the Kingdom’s investments and growth in cybersecurity and the digital space.