ENTERPRISE TECHNOLOGY
Being proactive new regional
cybersecurity mantra
The 7th edition of GBM’s annual cybersecurity study
indicates that regional end users will need to spend much
more to become proactive on remediating threats rather
than just detecting them.
I
t has been a turbulent few years
for cybersecurity experts. Despite
the constant threat of attack there
appears to a swing in momentum back
to organisations as newer technology is
developed, becomes readily available,
and progresses from being based on
prevention to include prediction, detection
and response.
Although a large majority appears to
have not suffered a security incident over
the past 12 months, statistics indicate
that there could be an intrusion within
their system that they are unaware of
considering how long it can take for
intrusions to remain undetected. This is
further evidence that Gulf organisations
need to explore how to shift their focus to
a detection and response.
In its latest annual cybersecurity
study, GBM has focused on the shift in
the security industry from traditional
spending and attention on prevention
technologies and building a secure
datacentre, towards detection and
response. While end users in the region
are seeing more targeted attacks, only
31% of organisations have detection and
response as key priority.
“I do not think prevention is going to go
away but there is now attention to ensure
you are able to detect proactively, using
machine learning and artificial intelligence
and sharing threat intelligence using cloud
platforms,” says Hani Nofal, Vice President,
Intelligent Network Solutions, Security and
Mobility, Gulf Business Machines.
With governing bodies and legislation
including the EU’s GDPR taking a much
16
Hani Nofal, Vice President, Intelligent
Network Solutions, Security and Mobility,
Gulf Business Machines.
stronger stance on how companies handle
data breaches, it is even more vital that
organisations in the region ensure their
security is covered on all basis to avoid both
the reputational and financial implications
that come with any data breach.
Security is going to continue its shift
from prevention, and it is crucial that end
users take advantage of the technology
available to further strengthen their
defenses against a cyberattack that in
today’s digital world is a matter of when,
and not if.
There is a pressing need for
organisations to share their experiences
– good or bad – to help others better
prepare in this constant race. Security is
a collective responsibility, hence focus
on creating an organisation culture
incorporating security where users are a
strength and not the weakest link. New
business models like cloud, mobile and
IoT are increasing the attack surface,
hence a risk-based approach towards new
technology adoption is required.
Looking at cybersecurity from an end-
user perspective, there is no vendor solution
or technology that is 100% fool-proof and
that cannot be compromised. For end-users
it is therefore imperative to minimise the
impact of the attack or intrusion and control
its impact on rest of the organisation. Post
the remediation of the event, end-users
need to identify the root cause of the attack
using forensic techniques. And if it was a
targeted attack they also need to initiate a
criminal investigation.
“There is a lot of attention now on the
proactive approach. There will be a point
where hopefully if we are doing a good job,
we can minimise the impact of this attack.
The question is what are you going to do
afterwards,” elaborates Nofal.
There is no
vendor solution
or technology
that is 100%
fool-proof and
that cannot be
compromised.
Issue 17
INTELLIGENT TECH CHANNELS