Ayad (Ed) Sleiman: Balancing Security, Regulation and Innovation Will Enhance Cyber Resilience in the Middle East

Ayad (Ed) Sleiman, cybersecurity veteran and KAUST’s special projects head, talks to a&s Middle East about fortifying cyber defenses in the ME without stifling technological progress amidst the shifting tides of security

By Hatidža Lazović

Ayad (Ed) Sleiman, a seasoned expert with over 38 years of experience in the IT industry, shares insights into the evolving field of cybersecurity. As Head of Special Projects and former Head of Information Security at King Abdullah University of Science and Technology (KAUST), he discusses the pressing issues in IT safety and protection, emphasizing the growing importance of cybersecurity and its role in addressing emerging threats in the Middle East.

a&s Middle East: As an expert with significant experience in the area of safety and protection, can you describe what challenges or pressing issues in the field of safety, specifically cybersecurity, you believe should be addressed and discussed at Intersec?

Sleiman: The technological revolution of this century has positively impacted every facet of our lives, safety and security included. Especially cybersecurity has become crucial. The reason is the ubiquitous connectivity we enjoy can be used against us to do us harm. For example, the legacy safety and protection problems dictated that we focus on physical security aspects, especially the safety of individuals.  These days, criminals and terrorists have employed cyber mechanisms that can cause damage, injury, and sometimes casualties without risking their own lives or even being in proximity to their target. Derailing a train, opening a dam to flood a city, or even using drones to attack a civilian entity all do not require the criminal/terrorist to even be physically present near the target site. So, while Intersec’s focus has been on the physical aspect of security, safety, and protection and it is still needed, more focus should be placed on cybersecurity due to the ever-evolving threat landscape.

a&s Middle East: How do you see your role as a speaker at Intersec in influencing and shaping the discourse on cybersecurity, and what contributions do you hope to make?

Sleiman: My experience in security started in the intersection of physical and digital space over 20 years ago with a focus on biometric security which attempts to identify and verify individuals based on their biological attributes like face, iris, and fingerprint among other biometrics.  Then, I moved into the cybersecurity space where my focus shifted to protecting organizations in cyberspace.  This richexperience affords to draw parallels between the physical and digital (cyber) aspects of security and inspiring other individuals about to embark on the same journey and bridging the gap between the two disciplines thus being able to effectively communicate with both ends of the spectrum.

a&s Middle East: Speaking of the global impact of Intersec, how do you envision the exchange of knowledge and ideas among attendees shaping the future of safety practices worldwide?

Sleiman: By bringing together experts, policymakers, and industry leaders from around the globe, Intersec can help in promoting and harmonizing global standards for safety and protection. Also, the exchange of ideas can lead to innovative solutions to pressing safety and security challenges where attendees can learn about the latest advances in technology and methodologies employed across different regions and industries. Intersec provides a platform for establishing cross-border collaborations which can lead to joint initiatives, research projects, etc. It also helps in raising awareness and educating attendees on crucial issues. Finally, discussions and insights discussed at the event can inform policy development and advocacy efforts which creates a conducive regulatory environment for enhancing security and safety. Ultimately, the knowledge and ideas exchanged at Intersec can contribute to building global resilience against a wide range of threats, from cyber-attacks to natural disasters.

Our approach should be synergetic by establishing cross-sector forums and working groups, developing common standards and frameworks, and promoting public-private partnerships

a&s Middle East: As an expert in cybersecurity, could you describe your perspective on the current state and trends in the cybersecurity and safety industry within the Middle East? How do you see the Middle East region’s opportunities and challenges, and what can be done better?

Sleiman: This seems like a full SWOT analysis of the region, which could fill pages if not books of text. But if we were to conduct a mini-SWOT analysis, it would involve strengths that can be summarized with the quickly adapting regulatory landscape, the adoption of advanced technology, and the cybersecurity investments being made at all levels of society. Next are weaknesses such as skills shortage, complex threat landscape due to the geo-political aspect, and rapid technological changes. These are followed by opportunities, including capacity building, technology development, international collaboration, and public-private partnerships (PPPs). Finally, we have threats that reflect rapid digital transformations and geopolitical dynamics. I highly recommend investment in cybersecurity infrastructure, people, processes, and technology, specifically, education and training of people. Also, strengthening regulatory frameworks, promoting R&D, and enhancing regional and international collaboration to share threat intelligence, best practices, and resources.

a&s Middle East: In the rapidly evolving landscape of cybersecurity threats, what emerging technologies or strategies do you see as particularly promising for enhancing safety and protection measures, and how might they be integrated into existing systems in the Middle East?

Sleiman: The rapidly evolving threat landscape highlights the need for more innovative and out-of-the-box approaches to securing our systems. We need to adopt solutions and strategies that enhance our protection measures such as AI/ML which can significantly enhance threat detection and response identifying malicious activities and anomalies. Zero Trust Architecture (ZTA) is becoming the ABC of securitybased on the “Assume nothing, believe no one, and check everything” principle. There are also threat intelligence platforms that involve the collection and analysis of data from various sources to provide actionable insights on potential threats. Integrating AI/ML involves deploying advanced analytics solutions and training them with historical data that is relevant to the region, the kingdom, and our organizations. Integrating ZTA requires a complete mindset shift and deployment of technologies such as micro-segmentation, multi-factor authentication (MFA), and continuous monitoring. Integrating threat intelligence platforms should be done with existing Security Information and Event Management (SIEM) systems to provide a holistic view of the threat landscape.

a&s Middle East: Cybersecurity often intersects with other sectors like critical infrastructure, healthcare, and finance. How can interdisciplinary collaboration and information sharing be fostered to address the growing complexity of cyber threats?

Sleiman: Common to all of these domains is the cybersecurity triad: confidentiality, integrity, and availability. So, it’s natural they would intersect.  We need to maintain the availability of CNI at all times as well as the confidentiality and integrity of healthcare and finance. Bad actors pose threats to all of these edges of the triangle thus impacting all of the industries mentioned above.  So, our approach should be synergetic by establishing cross-sector forums and working groups, developing common standards and frameworks, promoting public-private partnerships (PPPs), and investing in interdisciplinary education and training. In addition, conducting joint exercises and simulations and developing legal and regulatory frameworks that support information sharing will foster collaboration and encourage parties to share their experiences and solutions to common problems.

a&s Middle East: As cybersecurity concerns continue to grow in the Middle East, what are your thoughts on the role of government regulations and international standards in ensuring a higher level of safety and protection in cyberspace? How can these regulations strike a balance between security and innovation in the region?

Sleiman: This is an excellent question and one that is challenging to answer at the same time.  We really need to strike a balance between regulating the industry and checking a box and promoting innovation that sometimes can be stifled by strict regulations. The role of government regulations and international standards added to the key role played by the National Cybersecurity Authority specifically in Saudi Arabia and other authorities within the Middle East can enhance the position of cybersecurity in the Middle East. As a matter of fact, the Kingdom holds the second position in the world within the cybersecurity Index because it provides a clear framework for organizations to follow ensuring a baseline level of cybersecurity. This can help reduce the risk of cyber-attacks and data breaches. Regulators though have to make it easy for organizations to implement such a framework allowing for a maturity-based approach as opposed to a check-box one. For example, having one stick to measure all organizations would be doing a disservice to these organizations instead of helping them out. The regulator should implement a risk-based framework that can be applied to all organizational profiles and industries. Based on the organizational risk tolerance, they will then have the room to innovate while staying within their risk appetite, but at the same time complying with regulations.  Industry-specific frameworks can also be developed to address specific threats with the respective domains such as healthcare, Critical National Infrastructure (CNI), and the like.

We really need to strike a balance between regulating the industry and checking a box and promoting innovation that sometimes can be stifled by strict regulations

a&s Middle East: Cybersecurity incidents can have far-reaching consequences, both economically and in terms of personal privacy. How can businesses and individuals in the Middle East be better educated and prepared to mitigate cyber risks, and what role should the industry play in this education?

Sleiman: Educating and preparing businesses and individuals to mitigate cyber risks is a collective effort that involves various stakeholders including the government, the private sector, educational institutions, and industry associations. Some strategies to use in the Middle East to enhance cybersecurity awareness and preparedness include but are not limited to awareness campaigns like the Cybersecurity Awareness Month of October which is a worldwide event where organizations engage in awareness activities for their employees for a whole month. A country-wide awareness campaign can be run by the authorities to educate the public too. Such campaign ads can be run on TV and social media outlets. The Human Firewall Program is another awareness program that can be utilized by the government and private sector alike. It uses a risk-based approach to training and awareness by including some fun activities and keeping a score of all participating individuals by which you can objectively measure awareness.  This concept was invented by me in 2014 and has been successfully used at KAUST and other organizations. The Human Firewall Program 2.0 calls for a national awareness score for each and every citizen that can be used in conjunction with their financial score when conducting business or engaging with government entities. Incident reporting platforms can also help in gathering data on common threats and provide an opportunity for educating the public on how to respond to such incidents.

a&s Middle East: Intersec serves as a platform for networking and knowledge exchange. What advice do you have for professionals looking to stay at the forefront of cybersecurity advancements and foster valuable connections in the field?

Sleiman: My favorite quote is: “It is what learn after you know it all that counts”. I can’t stop learning and it’s a lifelong experience.  Intersec is a great platform for exchanging ideas and continuous learning by attending workshops and staying updated with the latest security trends, technologies, and best practices by previewing some of the exhibitors’ solutions.  I advise security professionals to attend the conference and actively network with other professionals in the field and discuss the latest topics with peers, experts, and industry leaders.  This is the best way to learn and grow.

Human Firewall Program 2.0 calls for a national awareness score for every citizen that can be used in conjunction with their financial score when conducting business or engaging with government entities

Proactive Strategies for Cybersecurity: Sleiman’s Recommendations

a&s Middle East: Given the evolving nature of cybersecurity, what strategies do you recommend for organizations to develop proactive rather than reactive approaches to safeguarding their digital assets and sensitive information?

Sleiman: Developing a proactive approach to cybersecurity is crucial for organizations to stay ahead of potential threats and safeguard their digital assets and sensitive information. There are several strategies that organizations can employ to shift from a reactive to a proactive cybersecurity stance. Risk Assessment and Management means that one should conduct regular risk assessments to identify vulnerabilities, threats, and potential impacts on the organization, develop a risk management plan to address identified risks and prioritize actions based on the level of risk. Next, you need to implement continuous monitoring solutions to detect and alert suspicious activities and anomalies in real time. This will allow for quicker identification and response to potential threats. Leverage threat intelligence feeds and platforms to stay informed about the latest threats and vulnerabilities. Utilize this intelligence to anticipate potential attacks and prepare accordingly.  Develop and maintain an incident response plan to ensure a coordinated and effective response to cybersecurity incidents. Conduct regular drills and exercises to test and refine the plan. Provide ongoing security awareness training to employees to help them recognize potential threats such as phishing and social engineering. A well-informed staff can act as a first line of defense. Establish a robust patch management process to ensure that software and systems are updated promptly to address known vulnerabilities. You also need to invest in advanced security technologies i.e. utilize advanced security technologies such as machine learning and artificial intelligence to detect and respond to threats proactively. Next, implement strict access control policies and use encryption to protect sensitive data both in transit and at rest. Conduct regular security audits and penetration testing to identify and fix security weaknesses before they can be exploited. Deploy Data Loss Prevention (DLP) technologies to monitor and control data transfer across the organization’s network. Engage with the Security Communityby participating in industry groups, forums, and information-sharing platforms to exchange knowledge and learn from the experiences of others. Ensure compliance with relevant cybersecurity standards and regulations to maintain a strong security posture. Secure Development Lifecycle by integrating security into the development lifecycle of applications and systems to ensure that security is considered at every stage. Adopt a Zero Trust Architecture approach, which assumes that threats can come from anywhere, even within the organization, and requires verification at every step. Next, consider outsourcing certain cybersecurity functions to specialized firms or managed security service providers to benefit from their expertise and advanced tools. Finally, explore cybersecurity insurance options to mitigate financial risks associated with cyber incidents and be proactive about reactiveness.  No matter how proactive you are, it’s not a matter of if, it’s a matter of when. So, proactively prepare a reactive plan to be executed when a major incident occurs.