Growing digitalisation across industries is increasingly altering the business landscape. While there are opportunities galore, several new challenges, too, have emerged. This is particularly true within the cybersecurity domain, which currently applies to businesses of all sizes in any industry. The increased incidence of cyberattacks has been a cause for concern, requiring security teams to revisit their existing strategies and formulate new approaches with sufficient technological fortifications. In the Middle East, where digital transformation is underway at an accelerated rate, institutionalising best security practices has become paramount.
With technological advances, cyber attackers have refined their modus operandi in spotting vulnerabilities in organisational security postures. On a positive note, the Middle East cybersecurity market is set to grow from $20.3 billion in 2022 to $44.7 billion by 2027, at a compound annual growth rate (CAGR) of 17.1%. The major driver behind this estimation is the uptake of cybersecurity solutions that can contend with sophisticated attack vectors and bad actors.
Approximately ten million Distributed Denial of Service (DDoS) cyber-attacks occurred globally in 2020 — a 183% increase in the UAE alone. Threats such as ransomware, spyware, spam, phishing emails, trojan horse, SQL injection, crypto-jacking, and adware have risen considerably in recent months as customers and organisations embraced digitalisation without effective cybersecurity practices in place.
What causes and abets cyberattacks?
The biggest challenge that Middle Eastern organisations and others face is the lack of cybersecurity expertise. Also, most businesses have limited their cybersecurity strategies to reactive approaches, short-term fixes, and band-aid solutions. For starters, there is an apparent shortage of skills required to effectively combat the epidemic of cyberattacks. The following challenges need time-bound actions:
- A lack of emphasis on upskilling
- The increase in burnout among SecOps teams because of increasing workload
- The increase in human errors because of a lack of adoption of automation and cybersecurity tech
- Inadequate awareness of the evolving nature of attacks and vectors
- Silos between organisational departments
- Archaic security practices and models
Implementing best cybersecurity practices
There are numerous examples of organisations losing valuations, investor confidence, and reputations due to cyberattacks. Organisations have vast repositories of sensitive customer data today. So, any compromise has a direct impact on business outcomes. In fact, effective cybersecurity strategies and track records are a competitive edge in the present-day business ecosystem. This is to say, the case for adopting best cybersecurity practices is as compelling as it is obligatory.
Raise cyber awareness among employees
When it comes to cybersecurity, an organisation is only as strong as its weakest link, which can be an employee or a certain practice. This notion is particularly relevant in light of rising remote and hybrid working. At times, bad actors and transgressions can emerge internally. Accessing internal servers from their homes on unsecured public networks, employees can intentionally or unintentionally expose sensitive information to cyber attackers. With the right training, employees can be made aware of the consequences of their actions or inactions. They need to be educated about phishing emails, seemingly normal pop-ups, the need for strong passwords, etc.
Develop a comprehensive cyber strategy with c-suite involvement
First and foremost, business leaders should take the initiative to develop and implement effective cybersecurity practices across all organisational levels. By factoring in business-specific risks and susceptibility to cyberattacks, they need to define a roadmap and assign specific roles and responsibilities to everyone involved. Business leaders must ensure compliance with GDPR and other regulations.
Encourage the use of VPN, antivirus, and MFA
Without proper security guidelines in place, bring-your-own-device (BYOD) policies could become unsafe for the organisation. Businesses need to invest in corporate-owned personally enabled (COPE) devices and licensed, latest antivirus packages for their employees — whether they are working remotely or in the office. Contrary to popular belief, VPNs are allowed in the Middle East for professional use. Organisations should encourage employees to use multi-factor authentication (MFA) and VPN when working remotely or connected to unknown networks.
Employ world-class cybersecurity professionals
Organisations cannot expect a few IT professionals to handle sophisticated cyberattacks. They need to hire more specialists with expertise in detecting back-door codes, developing effective disaster recovery plans, analysing and detecting malware, mitigating risks, and programming languages. If needed, even white-hat hackers can be employed to spot vulnerabilities in the security infrastructure, so that proactive redressal action can be initiated.
Implement zero-trust security
A “never trust, always verify” approach can help businesses detect even the slightest anomaly in the workflows and take immediate action. Zero-trust Architecture (ZTA) limits the users through least privileged access based on their roles and responsibilities, minimising any potential cyber threat. On top of limiting access and constantly validating devices, the zero-trust model fragments data into several micro-segments to prevent broad-based impact across all networks and connected devices in the event of a breach.
Thanks to the high rate of technology adoption in the Middle East — 58% of organisations are increasing their cyber budget in 2022 — the business ecosystem characterises greater awareness of threats and readiness to address them. However, the increasing proficiency of attackers and their methods means that businesses must continue investing in advanced cybersecurity solutions and adopting best practices.
Most importantly, best cybersecurity practices must be institutionalised, with everyone in the organisation geared towards learning and adopting them. It is hard to achieve foolproof security postures if best practices are not embedded into organisational culture. As the famous saying goes, “culture eats strategy for breakfast.” There is no reason to believe that it does not apply to cybersecurity.
