Though cybersecurity has become a top priority for business leaders, governments, and law enforcement alike, the way it is addressed varies. The challenges differ massively based on industry verticals and specific regions.
According to reports, companies in the Middle East suffered larger losses than other regions last year, as a result of cyber incidents: 56% lost more than $500,000 compared to 33% globally.
With such rising concerns, we discussed the shifting paradigm of cybersecurity in the Middle East with our expert – Ibrahim Adedeji Adefila, Digital Transformation, and IT Operations Lead at the RAK Gas LLC, a state-owned gas utility based in the UAE.
In your opinion, what are the challenges that are leading to the failure of current cybersecurity measures?
Before the COVID-19 pandemic, cybersecurity was primarily considered a business support unit with limited resources and support from senior management, which impacted the level and effectiveness of the cybersecurity measures. The COVID-19 pandemic has caused a paradigm shift with cybersecurity now on board-level agendas to drive digital transformation and business resilience. However, these digital transformation drives, coupled with the explosion of users in cyberspace, increase the attack vectors on technology and people because the processes are not sufficiently risk-conscious. In addition, the cultures are not adequately security-aware to accommodate the sudden and drastic change.
How far has the Middle East been able to include cybersecurity as a business issue and not just an IT issue?
The maturity level of the Middle East has increased exponentially within the last year. However, there has been a gradual improvement in the region over the years, particularly in the United Arab Emirates, introducing the National Cybersecurity Strategy in 2019. In addition, leaders’ commitment to digital transformation and business resilience and the understanding of the impact of a data breach on business reputation has propelled the transitioning of cybersecurity from an IT issue to a business issue. Furthermore, the concept of security in design made it necessary to consider security in the drive for process automation and digital transformation and position the issue of cybersecurity as a topic to discuss in the boardroom.
Do you think that the strategy of ‘quick fix’ is creating a false sense of security amongst companies?
Indeed it does – the ‘quick fix’ strategy could be helpful to address issues of low-hanging fruits in the area of security. However, it is not an effective strategy to build and maintain a sustainable, resilient, and security-aware business environment. Creating a human ‘firewall’ with secure digital and cyberspace is painstaking and requires time and resources. Therefore, continuous improvement becomes necessary to continually measure and improve on the processes, procedures, and measures.
As you mentioned, there’s a paradigm shift with cybersecurity and we know the impact is broader now than ever before. How are companies in the Middle East working on the management needs of cybersecurity?
The investment in management needs of cybersecurity in the region has increased over the period, and organizations are becoming highly competitive at attracting and retaining talent from every part of the world. These efforts are also fully supported by government policies and programs. With the determination of the government and critical stakeholders to drive a sustainable economy with technology and innovation, cybersecurity becomes a crucial proponent of the many initiatives that propel more investment in cybersecurity into the future.
In the wake of the Dubai 2020 Expo, what’s your take on companies in the Middle East needing more training and education than technology? Statistically, they are still in the bottom 50 for education and training in this area.
Many organizations and government entities in the region have realized the need to upskill their workforce to create a cyber-aware culture and invariably a ‘human firewall’ to complement their investment in technology and process. The ongoing Cybersecurity Awareness Month, which coincides with the opening of the Dubai Expo has received high publicity with a plethora of cyber awareness campaigns than previous years, which indicates an improvement in this area and should be sustained into the following months. The impact of a cyber-aware culture towards safer cyberspace is not farfetched. For example, the State of Kuwait’s 2017 to 2020 National Cyber Security Strategy, which has the first of its three objectives focused on promoting a cyber-aware culture, contributed to the reduction in cyberattacks in the country in 2021 by 49%, as reported by the Check Point Research (CPR).
Thank you very much, Ibrahim, for the interview. We believe our readers will benefit from your knowledge and insights.
Undoubtedly, Middle East companies have been investing in security technology and cyber insurance over the years. Yet, if the reports are to be believed, in the Middle East a large proportion of the companies suffer bigger losses than their global counterparts. Organisations need to learn that it is not an IT issue, but a business issue capable of unfathomable impact and also understand how critical assets need to be protected.
As Ibrahim shared, many organizations are incorporating strategic initiatives to improve security and reduce risks. Yet, there’s scope to focus on the people, processes, and governance to build cyber resilience for 2022. Companies have to equip themselves for the increasing complexity, uncertainty, and scrutiny coming their way. The challenge here for Middle Eastern companies will be to ensure that cybersecurity is addressed on an end-to-end basis as companies are grappling with cybersecurity challenges every day.
