Since the beginning of the Covid-19 pandemic, IT professionals in various industries have encountered the task of supporting hybrid and remote working environments. Even as we see the situation in the Middle East easing, digital transformation and distributed working trends are continuing to grow. Unless organisations have appropriate cybersecurity solutions, this will result in vulnerabilities and increased risks. Hence regional governments are striving to create a safe and secure digital environment.
A strategic approach
In the United Arab Emirates, the government has launched the National Cybersecurity Strategy, which aims to establish a safe and solid cyber infrastructure that empowers businesses to thrive. The strategy is based on five pillars and 60 initiatives, aiming to mobilise the whole cybersecurity ecosystem across the country.
In Saudi Arabia, the government has established the National Cybersecurity Authority (NCA) to be the entity in charge of cybersecurity. The NCA has both regulatory and operational functions related to cybersecurity. It works closely with public and private entities to improve the country’s cybersecurity posture to safeguard its vital interests, high-priority sectors, and government services and activities in alignment with Vision 2030.
Recently, the kingdom also launched a series of technology initiatives worth over $1.2bn to improve the digital skills of 100,000 Saudi youngsters by 2030. Among the initiatives was @HACK, the cybersecurity event organised by the Saudi Federation of Cybersecurity, Programming, and Drones (SAFCSP) and Informa Markets, in association with Black Hat. The three-day event, which took place from November 28-30, 2021 was aimed at redefining the future of cybersecurity in the region. During the event, cybersecurity experts, ethical hackers, risk and IT professionals, government policymakers, researchers and academics, and other stakeholders in the security sphere discussed the emerging security risks, cybersecurity best practices and new solutions to address the wide-ranging issues facing the global sector today. Other highlights of the show included a SAR1m hacking contest, participation from ICT companies and 600 hours of advanced training in cybersecurity.
Over 200 expert speakers presented briefings on the latest developments in security. “What Riyadh has accomplished in one year would take 15 years anywhere else,” said Steve Wylie, vice president, Cybersecurity Market at Informa Tech, in a statement. Moving to Oman, one of the government’s initiatives, the Oman National Computer Readiness Team (OCERT), was launched to create a secured cyber environment for the country. This initiative is considered the focal point for cybersecurity incidents in the sultanate. It also aims to develop security information strategies to preserve governmental and private entities’ online existence.
A collaborative approach
In line with the region’s robust cybersecurity foundation, private sectors are also helping organisations safeguard their sensitive data. According to research by cybersecurity company Proofpoint, chief information security officers (CISO) in the UAE and Saudi Arabia have seen increased targeted attacks in the past year. With cybercrime growing, the role played by cybersecurity companies has become even more vital, the company stressed.
Andrew Schumer, technical director at Axon Technologies, says: “Earlier organisations focused on digital transformation, but now they heavily focus on what happens post transformation. As a result, we are witnessing large amounts of phishing, malware and ransomware attacks.” Schumer believes that effective cyber defence is a mixture of right people, processes and technologies. “We provide end-to-end services to help organisations predict, prevent, detect and respond to attackers before, during and after an incident,” he adds.
Mahmoud Samy, vice president – regional sales EMEA at Forcepoint says that IT and security teams have had the unenviable job of ensuring business continuity throughout the rapid digital transformation phase. “Today’s reality is that people are working from everywhere, which means the boundaries of enterprises are no longer physical boundaries. In this perimetre-less networking environment, organisations must protect their sensitive data with a 360-degree approach.
Experts urge organisations to deploy a holistic approach by making sure that they understand all the risks and team up with companies that can support them. Cybersecurity company Tenable advises CISOs to take a risk-based view of the organisation’s entire attack surface to identify, investigate and prioritise vulnerabilities quickly. “You cannot protect what you cannot see. To reduce the risk of being attacked, a specialised third party check is a must. Also, businesses can never have one silver bullet to reduce the risk of a cyberattack. It’s about an equal partnership, which means an organisation might need multiple technology partners to work hand in hand and address the cybersecurity breaches and risks,” says Maher Jadallah, senior director – Middle East and North Africa at Tenable.
The digital world is changing on a daily basis with technological advances in cloud computing and 5G networks, thereby forcing hackers to adopt new attack methods. While digital transformation has many benefits, cybersecurity needs to be of utmost priority. Cybersecurity should not only concern the IT and security departments but the entire organisation. Business leaders should take the time to identify the cyber risks that their companies face. To proactively manage risks, in the long run, businesses also need to create a robust foundation for cybersecurity. Organisations can achieve this by identifying the potential risks, having complete visibility of networks and ensuring the continuous monitoring of connected devices.