ENTERPRISE TECHNOLOGY
Adding the support of a Security
Operations Centre is also now a key
priority for the region, for all sizes of
organisations. “Whether you are small
or big, somehow you need to have this
operational security capability in the core
to understand how to respond,” Nofal
stresses. For larger end user organisations
having the Security Operations Centre
inhouse or onsite is the preferred option.
Recommendations
1. Business services need to be assessed
for weaknesses from a people, process
and technology perspective. Adopt
cloud security technologies which
provide visibility, data security,
compliance and malware protection.
2. Build and deploy a security strategy
for SCADA networks, which is
focused on prevention, detection and
response. Deploy security operation
centres for SCADA networks to
provide them with visibility to take
appropriate actions.
3. Most breaches occur by compromising
the identity of a user and accessing
their confidential data. Engage in a
holistic approach for data security
as well as identity and access
management for users and customers.
4. It is not enough to adopt a silo
approach without data classification.
Use Identity Management as an
enabler for business with a seamless
experience for customers to add value
to your business teams.
5. You cannot fix something you
cannot see or are not even aware of.
Organisations need the intelligence
that they can gather from internal or
extern al sources to take quick and
effective decisions for responding to
incidents or attacks.
6. Integrate security solutions from
different vendors to gain maximum
insights into your threat dashboards.
7. There is a pressing need for
organisations to share their
experiences, good or bad, to help each
entity prepare better in this constant
race against time.
8. Security is a collective responsibility;
hence, focus on creating an
organisational culture incorporating
security, where users are your strength,
not your weakest link.
9. Follow a holistic and integrated
approach to security. Do not deploy
security solutions in silos.
10. Understand all risks associated
whether it is people, data or
application security. Choose solutions
that can integrate with each
other to provide maximum visibility
at all levels.
11. Organisations need to balance their
investment into prevention, detection
and response to ensure an effective
security strategy execution.
12. A detailed risk assessment should be
carried out for cloud as well as legacy
SCADA applications. Each brings
different dimensions of threats and
increases your attack surface.
Source: 7th Edition GBM annual cybersecurity study.
17