Breaching the firewall

We are all aware of the government’s Smart Dubai initiative, established to empower, deliver and promote an efficient, seamless, safe and impactful city experience for residents and visitors. It builds on a legacy of innovative programmes developed by the government to drive the emirate’s global competitiveness.

But with this increased digitisation comes increased vulnerability. While Dubai, and the greater region, has ambitious plans to leverage IoT, we will see an increased convergence of the digital and physical worlds, thus making the safety of the new world a primary concern of governments and enterprises.

But in these efforts to create smart cities, digital government, and a more diversified economy, it is paramount that cybersecurity be considered as a critical part of this transformation and not an afterthought.

Data and systems security is supremely critical because of the risk of exposure for billions of dollars-worth of information. But cybersecurity is more than just about running additional anti-virus software and building firewalls – it needs to become a state of mind for the business and be made a part of all business processes.

According to the latest Global Information Security Workforce Study, developed by the Centre for Cyber Safety and Education and Frost & Sullivan, more than 60 per cent of information security professionals in the Middle East are not confident in their company’s preparedness to cope with cybersecurity incidents.

And perhaps rightly so. Looking back, 2017 saw an inordinate number of cybersecurity meltdowns. These attacks crippled businesses and generated losses worth millions of dollars, impacting both the private and public sectors. And with the threats getting only more credible and the battlefield more aggressive, it’s only a matter of time before these attacks target critical infrastructure, bringing entire nations to their knees.

After all, if we are armouring up, it is understandable that the attackers too are broadening their approach in order to strengthen their impact.

The Middle East’s cybersecurity market will almost double in the next five years, up from $11.38bn in 2017 to $22.14bn by 2022, according to data published by Research and Markets.

P&S Market Research, a global market research and consulting company, pegs the global cybersecurity market to reach a size of $165.2bn by 2023, growing at a CAGR of 10.7 per cent.

Staggering numbers, but unsurprising given the increasing number of smartphone users, and the growing corporate culture of bring your own device (BYOD), which has made it imperative that not just large enterprises, but even small and mid-size organisations combat malicious attacks and strengthen security.

Furthermore, there is true concern in the fact that there is a massive shortage of cybersecurity talent globally. Thousands of unfilled cybersecurity roles remain open at present, according to CyberSeek, a project supported by the National Initiative for Cybersecurity Education (NICE), it is estimated in the US alone there are 350,000 jobs in the field that need to be filled.

Perhaps the shortage is linked to a mind-set gap rather than purely a skills issue, with the misguided belief that cybersecurity is only an IT function. The truth is that anyone who uses a smart device is responsible for cybersecurity and it is imperative that we start viewing it as a shared responsibility. Companies and governments need to invest much more in terms of time and budget towards doing a better job of assessing the risks.

This requires a deeper understanding of the issues at hand and a wider awareness amongst all agencies and enterprises. Accountability is a key factor and will require educating and sensitising every individual within the workforce, thus creating a greater need for security consciousness at all times. Only when this happens can we truly make a difference.

Adrian David is managing director for the EMEA region at (ISC)2