Corporate Information Security Comes Under Attack From Organised Crime as Risks and Vulnerabilities Continue to Grow

BBG IT Focus Group Meeting Debates Role of Information Security

DUBAI, UAE, December 8 - More than ever, information is regarded by business and corporations as a
highly valuable, tangible asset. Unfortunately, this value is also recognised
by sophisticated groups able to mount attacks at any time and from anywhere,
making organisations even more reliant on their information security team for
effective defence.

Until recently, the threats to corporate information security came from
individual hackers acting alone and largely for the peer prestige they earned
but this threat has now evolved into the domain of more effective, well
organised criminal groups who even fund their own research, with the aim of
financial gain.

This was the stark message delivered to members of the British Business
Group (Dubai & Northern Emirates) IT Focus Group, at a recent meeting which
attracted senior IT practitioners from across the BBG membership.

When it comes to data breaches, recent research (Source: Verizon
Business, Data Breach Report 2008) presented at the meeting showed that 66
per cent of victims did not even know the data was stored on the system
involved; 73 per cent of victims did not discover the breach themselves; and
87 per cent of breaches were considered 'avoidable' through reasonable
controls.

"The advantage clearly lies with the attackers who only have to find a
single vulnerable spot, as security defenders try to identify and then plug
every possible hole," said Dimitrios Petropoulos, Managing Director of
Dubai-based Encode Middle East, who presented and discussed the issues with
the group of IT professionals from the BBG.

"The Information security industry is responding to try to safeguard
access to data," he added, "but it is a fast changing world and even
compliance with current standards does not ensure protection or make you more
secure. The past does not allow us to predict the future in information
security and just because it hasn't happened yet does not mean it won't
happen in the future."

The meeting discussed the potential for conflict between the needs of
business and the need for security, and exchanged ideas on how information
security should be managed, and by whom.

"Information security is about risk management and is not an IT issue.
This means that there is an increasingly compelling argument for the security
department being independent from and based outside the IT organisation - it
should be a business enabler, be treated as a profit centre and be invisible
to the end user," said Petropoulos.

Alec Letzer, Head of IT Security, Lloyds TSB Middle East had another
view: "Our improvement in Dubai over the last 12 months has been dramatic.
This has come about by evaluating and upgrading existing security processes
and procedures with a soft but hands-on approach to reinforcing the need for
security awareness and good practice at every level of the organisation," he
said. "We have worked with all teams to ensure that security is embedded as a
personal responsibility for which everybody is accountable. In fact, this
approach has led to Lloyds TSB Middle East becoming an information security
model for other parts of Lloyds Banking Group."

The BBG IT Focus Group is a newly formed (July 2009) group of IT
professionals from BBG member organisations and beyond, chaired by Duncan
Adamson, Managing Director of Intergence Systems Middle East, who commented:
"This new IT Focus Group is successfully bringing together a mix of IT and
non-IT professionals from across an interesting range of industries within
the BBG membership, including legal, telecoms, software, recruitment and
financial services."

Issued on behalf of Intergence Systems by WPR.

Notes to the Editor:

Intergence Systems is a leading independent IT Optimisation Consultancy,
headquartered in Cambridge, UK, and with regional offices in the Middle East
and the Americas. The company was established in 2003 in response to clients'
growing requirements for high level impartial expertise in networks and IT.

British Business Group, Dubai and the Northern Emirates

The BBG was set up in 1987 to encourage the development of British
business in the UAE and undertakes a wide range of activities from
communicating with decision makers and testing British goods to sharing best
business practice. The group holds around 80 networking events, forums and
seminars each year, attracting high profile and influential business leaders
and speakers from around the world.

www.britbiz-uae.com

www.intergence.com

For further information contact: Rebecca Sageman, Events and PR Officer, British Business Group, t: +971(0)4-3970303, rebecca at britbiz-uae.com; Intergence Systems ME, Duncan Adamson, Tel: +971(0)4-434-5880, Email: contactuae at intergence.com; WPR, Jonathan Walsh, M: +971(0)50-4588610, E: jon at wprme.com