In 2023, organisations in the Middle East paid an average of $8.07 million per breach, surpassing the global average of $4.45 million per breach. Insufficient network visibility is a significant factor, as over 68 per cent of IT heads in Saudi Arabia perceive achieving comprehensive end-to-end visibility as a major challenge. The average breach resolution lifecycle in the Middle East spans 393 days, surpassing the global average by 40 per cent.
It’s a universally observed phenomenon that businesses are making the quintessential move to digitise their operations and are adopting modern ways to be online, stay connected and be always available.
The perimeters of an organisation’s network now extend to wherever employees take their work. Cyber adversaries, whether hackers, threat actors, or hacktivists, find themselves amidst an ever-expanding hunting ground ripe with opportunities to pursue their many disruptive intentions.
While this is a global challenge, the Middle East appears to bear a disproportionate brunt. After all, the average cost of a cyberattack in Saudi Arabia and the United Arab Emirates is 69 per cent more than the global average.
Being one of the major economic hotspots amidst various geopolitical tensions, it has become an irresistible magnet for cyberattacks and cyber espionage missions, and it is no surprise that the amount of malware targeting industrial control systems in this region is one of the highest in the world.
Another alarming fact is that 83 per cent of successful cyberattacks executed in the Middle East last year were targeted attacks by APT groups.
This means groups of highly skilled, financially, or politically motivated actors with sophisticated tech at their disposal are studying the environment, lurking on it for months or even years, evading detection, installing backdoors for continuous access, and executing multiple phases of their planned attacks. Regular perimeter defences and reactive security approaches cannot withstand these attacks.
To further exacerbate this issue, the interconnected nature of modern businesses with digital supply chains, while enhancing efficiency and collaboration, introduces weak links that act as gateways for compromising chains of businesses.
Tracking back to the basics
The cybersecurity market in the Middle East has grown significantly, from $5.92 billion in 2021 to $13.98 billion in 2023. Despite the increasing awareness and adoption of new-generation detection systems, identifying, investigating, and resolving data breaches takes more than three-quarters of the time.
This can only be fixed from the root by fixing poor network visibility and jarring blind spots left by the rapid evolution from traditional environments to hybrid networks. The ripple effects of incomplete network visibility stretch the breach lifecycle to such an extent that Forbes emphasizes network visibility should be seen as the foundation of security.
Fixing fragmented visibility
What should organizations focus on to improve network visibility for critical impact?
Know Your Infrastructure: Conduct thorough assessments to understand the organization’s network infrastructure and extended ecosystem, including cloud services, remote endpoints, and third-party connections.
Maintain Inventory: Maintain an updated inventory of all network assets and devices, including hardware, software, and IoT devices. Implement an automated asset management system integrated with network scanning tools to achieve this.
Utilize Network Monitoring Tools: Implement robust network monitoring tools, such as intrusion detection systems (IDS), security information and event management (SIEM) platforms, and packet analyzers, to continuously monitor network traffic and detect suspicious activities.
Collaboration Between Teams: Promote collaboration between network and security teams to exchange insights, coordinate responses, and align strategies. According to a Forrester study involving Saudi Arabian IT leaders, a significant security concern arises from perceived misalignment and lack of shared focus between IT and security teams.
Address Shadow IT: Identify and address shadow IT practices within the organization to minimize unauthorized use of technology and enhance visibility into all network activities.
Leveraging end-to-end network visibility to fuel a comprehensive security approach for what’s to come in 2024 and beyond
Achieving end-to-end visibility implies an organization has continuous real-time access to all events occurring in their environment. It’s an overwhelming load of information that needs to be streamlined for accurate insights.
Organisations should start with layering insights gained from network monitoring tools with contextual analytics, which should become the basic lens through which network events are filtered and presented to make quicker decisions.
The continuous inflow of events should be utilised to establish the baseline behaviour of network entities through ML-based tools like UEBA. Unify and integrate such risk assessment capabilities into a single centralized console to facilitate guided investigation and reduce the complexity of disparate tools.
This was addressed in a recent cybersecurity user conference at The Ritz-Carlton, Dubai International Financial Centre in the United Arab Emirates, where ManageEngine launched an exclusive analytical workbench in their SIEM solution for breach resolution.
In addition to these methods, it’s the need of the hour to incorporate proactive tactics such as staying vigilant about emerging attack vectors and hunting down threats with open-source frameworks like MITRE ATT&CK.
Lastly, prioritise the development, testing, and automation of incident response protocols to promptly mitigate the effects of security breaches.
