It’s no surprise that the way organisations work in the GCC today is rapidly changing. Many corporate policies are already drastically different from what they were a decade ago—even a year ago. In the UAE, for example, approximately 90 percent of full-time employees want to work either in a hybrid or a fully-remote working model in the future, according to a recent Cisco Global Hybrid Work Study.
As organisations revisit their workforce policies, cybersecurity must continue to be at the forefront of the decision-making process. Our latest GBM Annual Security Report found that 84 percent of organisations surveyed in the Gulf alone are reprioritising data security investments this year. In particular, nearly three in four (71 percent) are already planning investments in more secure remote access and connectivity. Yet this can remain an elusive gap for companies that are still playing catch up to meet their employees’ expectations for hybrid work.
Based on our own conversations with customers across the region, we can see that the path to a secure and resilient hybrid workforce appears to hinge on four key considerations.
Establishing a more unified communications infrastructure
Many organisations are still communicating via a fragmented mix of IP telephony, messaging apps, and video conferencing. When you unify these communications in an integrated collaboration solution, you can not only reduce costs, but simplify management—including cyber threat mitigation. The strategy starts with a clear articulation of your workforce’s needs, then deploying and supporting end-to-end solutions. By doing so, employees are able to communicate more securely inside and outside the organisation as they can use a single suite of tools with security protocols baked in. They can then rely less on external, unsecured connections and applications to stay connected with their colleagues and customers. For IT leaders, deploying software-driven security updates through a single unified infrastructure is also infinitely easier than working across a multitude of platforms.
Catering to different categories of full-time and freelance workers
Across almost every sector, more distributed workforces are now a reality. Remote working is one factor, but distributed workforces are also seen in the form of freelance and part-time staff. In this scenario, an organisation’s ability to govern employees’ access and management of data is different than the approach to an in-office, full-time employee. Depending on where these individuals are based geographically, often another level of cybersecurity considerations is required. Organisations must ultimately consider how—not if—a more diverse workforce is being reflected in their short and mid-term cybersecurity strategies.Â
Risks of regulatory complexity and non-compliance
Today’s data sovereignty and privacy regulations are trying to catch up with the rapid digitisation of society as a whole. The complexity of regulations has grown. For many organisations, a lack of clarity on its components is hampering compliance. In fact, we’ve found that around 40 percent of organisations in the Gulf are concerned about ensuring compliance with regulations. These concerns can be compounded by a swell of new digital workplaces and collaboration tools if they are not deployed in a unified manner, and with clear guidance on data management expectations.
Empowering the frontline ‘human layer’ of cyber defence
Bearing all of these points in mind, organisations today are being challenged to find the skills to address their unique cybersecurity needs. We have found that 64 percent of organisations in the Gulf state that they are facing challenges in tackling this skill gap. A recent global IDC study further shows that 79 percent of organisations worldwide have shifted to a digital-first strategy, yet 50 percent are still trying to figure out exactly what it means for them, or are only now starting to execute their strategy. One reason for this skills gap could be that in the early days of cybersecurity, the demands were very network centric. Firewalls, VPNs, and network monitoring were often the focus. However, today this is a highly data-driven discipline. The need to have strong data analytics and interpersonal, interrogative capabilities is higher. Periodic analysis of cybersecurity training needs, realistic training environments, and a combination of Managed Security Services (MSS) are proving essential to help organisations upskill the human layer of their cybersecurity chain.
