Naveen Bharadwaj, a distinguished figure in the cybersecurity domain, offers a profound analysis of the cybersecurity landscape in the Middle East. He currently holds the position of CEO at Trescon. Drawing from his extensive experience and expertise, Naveen delves into the 5 critical challenges confronting CIOs and CISOs in the region. In this article, let’s explore these challenges and uncover Naveen’s insights to bolster your cybersecurity defences.
In a world where everything can be connected, from intelligent fridges to driverless cars, technology plays a prominent role in all our personal and professional lives. But this offers multiple platforms for cyber attackers.
Given that the number of devices with internet and communication protocol addresses is growing incredibly fast, cyber security has never been more challenging and of such paramount importance.
The past year has been tedious for the Middle East, given the surge in homeland and cyber threats. Local governments have increased their investment to strengthen cyber security capabilities, and private sector spending has grown manifold. Cyber security demand in the region has risen sharply, with Saudi Arabia representing more than half of it. Saudi Arabia alone is projected to spend over USD 7bn on cyber security.
“Having spoken to several Middle Eastern CIOs and CISOs during and after the 6th Cyber Defence Summit my team and I hosted on 1st and 2nd March in Riyadh, the following were the top 5 cyber security challenges often mentioned, along with a few others depending from one company to another.”
1. Cyber-espionage, state-funded, targeted attacks, advanced persistent threats (APT) and DDoS: Until recently thought to be an expensive exercise mainly targeting governments, oil & gas companies and banks, espionage and APTs are now a big challenge for several other industry verticals and companies of all sizes. State-funded, business/competition-driven, script kiddies, pure pleasure, the reasons for these attacks are many. Imagine waking up one morning to such an attack! Nightmare mode activated!
2. Changing threat vectors: Well‐known programs, websites, networks, and servers may be highly secured, but there still are other vectors, such as embedded systems, infected media, supply chain compromise and social engineering, which can efficiently serve as malicious entry points. Integrating the Internet into several devices has widened the game field for attackers. They aren’t wasting time and swiftly striking at as many exploit chances as possible. Do you have the same street smartness and presence of mind as the offenders?
3. Cloud and data centre security: They are a fan of the cloud. Thanks to global trends and the region’s surplus budget, the ME region is becoming increasingly virtual with its tech and storage options. Cloud computing, credited as a boon, is also becoming a nightmare as managing and securing the data on the cloud is becoming very difficult. No technique has guaranteed cloud is impenetrable. Scepticism on cloud security has increased at almost the same pace as its popularity, perhaps faster.
4. Internal / insider threats – the human factor: Humans are the weakest link in the security cycle. It may not be the case where your present or former employee attacks your systems and network. Still, simply, they made you vulnerable due to a lack of awareness, even without any knowledge or intent. Simple things such as sharing work systems-related information publicly, not locking workstations when used in public places, not minding eavesdropping and more can have devastating impacts. Imagine the amount of information they share online and offline, internally and externally.
5. Risk management and business continuity: Past attacks have proven that most organisations had poor or ineffective management practices. Organisations must integrate cyber risk management into day-to-day operations and be prepared to respond to the unforeseen. In the unfortunate event of an attack, restoring normal operations and ensuring that the organisation’s assets and reputation are protected is highly crucial.
We all keep speaking about how threats and attacks are increasing and changing daily, but who talks about solutions? We all should. The issue of cyber security needs to be addressed collectively. Cyber threats and attacks can be mitigated through education and awareness, practical knowledge and information sharing, capacity building and collaboration.