Cyber Security – is the Middle East Safe?
Marked by cycles of instability followed by sporadic bursts of growth, the Middle East is an interesting case study for discussions on cyber security in the modern era. The Middle East faces unique challenges and the region’s experiences highlight some of what is most perplexing in the realm of cyber security today.
While companies are investing in security technology and protection such as cyber insurance, they are often not supported by the people, processes and governance required to provide real security creating a “false sense of security”, according to Mike Maddison, PwC Middle East partner, cyber services leader and head of risk assurance services.
According to a report by PWC, businesses in the Middle East suffered larger losses than other regions in the world last year due to cyber incidents, with 85% respondents in the region comparing to a global average of 79%. Around 18% of respondents in the region have experienced more than 5,000 attacks, compared to a global average of only 9% ranking the Middle East higher than any other region.
Many organisations in the Middle East approach cyber security solely as a technology problem and that is “simply not enough,” said Wael Fattouh, PwC Middle East Partner, Risk Assurance Services. “Security is an end-to-end issue and ignoring any part of the chain can compromise the effectiveness of the implemented measures,” he explains. “Another common misconception is when organisations think that compliance with security standards is the same thing as being secure, which is not accurate. Compliance helps an organisation implement good practices, but they need to fit into a frame that works for the unique nature of the organisation to be effective at securing it.”
Through increasing digitization, the international community is closer than ever before.
The Internet of Things (IOT) offers more possibilities for cyber criminals to compromise vital systems of information. Without measures in place to protect people’s privacy, cyber security threats can become difficult to manage. Latin America and Asia offer clear examples to the Middle East of the evolution of cyber security threats on the international level.
A window into the global problem and lessons learnt?
Latin America is fighting rising popularity in hacktivism, hacking done in support of political causes like presidential elections. Brazil, which boasts the largest number of Latin American Internet users, suffers from widespread threats due to infectious computer software like malware and ransomware, the latter of which holds a victim’s data hostage in exchange for money.
As places in Asia and elsewhere continue to employ NFC payment solutions, cyber theft, continues to affect more unsuspecting consumers. India, a country with massive populations of Internet citizens, has faced cycles of cyber terrorism and outright cyber warfare in past years. Due to this, cyber-espionage is an increasingly popular method for national governments to gain information about other countries under the banner of protecting their own security.
Cyber security is often a key issue from a business standpoint, as in the Sony hack of 2014, when self-proclaimed “Guardians of Peace” revealed the personal information of the company’s employees.
The Middle East – what is going on?
To make matters more urgent for the Middle East, a recent PwC survey reveals that Middle Eastern businesses are disproportionately more likely to suffer from cyber-attacks than their global counterparts. According to the report, Middle Eastern businesses often rely on quick fixes, rather than consistent cyber security awareness programs. Rather than cyber security management being a top down approach, the onus falls to IT departments to protect the company’s assets, instead of the entire digital community of the firm.
With this reliance on IT, businesses are often blind to the fact that cyber security must be woven into the company’s overall approach to information security. Dr. Walid Tohme, a Vice President and Partner at Strategy & revealed a similar national security climateas they warn that the growing risk of cyber-attacks from the recent trend of digitization must be met with a more holistic and proactive approach to national security.
Through legislature aimed to protect consumers and prosecute cyber criminals, as well as placing power into the hands of existing agencies to address cyber threats, Middle Eastern governments have tried to integrate cyber security into their national agendas. These things, in addition to national incident response protocols and public awareness campaigns, have laid a foundation for cyber security in the Middle East.
What can be done?
For impactful change to occur, Middle Eastern governments must have a process that fully covers the below:
1) Dedicates itself to serving the nation’s cyber security agenda.
2) Identifies strengths and weaknesses in their strategies to achieve secure digitization.
3) Ultimately takes ownership in times of widespread digital crisis.
Current reactive solutions to cyber threats will put the area in constant recovery mode. Information sharing and monitoring are key to reversing this vulnerability and creating a comprehensive strategy that will move the area from a state of mere defense to preventing and fighting back against attacks.
The wider and more far reaching question is one of how this effects all companies, people and everyday life within the region. What are you doing to protect your current business against cybercrime?
Follow MENA Solutions on Linked In and Twitter for more insight into the exciting progress being made in the industries we specialise in.
Article written by David Flemming, Director of MENA Solutions.