Have you made your 2022 cybersecurity ‘to do’ list yet?

To live, we must eat; to function, we must sleep; to succeed, we must learn. To solve problems, we must digitise. Business transformation is inexorably linked to data, applications, and connectivity. The change is everywhere. And yet our fourth industrial revolution, which has essentially spliced humans and their digital inventions, may only just be gathering steam.

A report by the Telecommunications and Digital Government Regulatory Authority on the UAE’s history of digital transformation was recently issued to coincide with the nation’s Golden Jubilee. It revealed a highly digitised society. Almost 98 per cent of the population have smartphones, 99 per cent are active on social media, and 530 million smart apps were downloaded in 2020. And that is just civil society. To support the business ecosystem, the UAE’s strategy for the fourth industrial revolution includes plans to skill the workforce in areas like nanotechnology, bioengineering, artificial intelligence, and even robotic healthcare.

But each problem we solve with digital technology, exposes us to malicious parties. A recent VMware report showed 80 per cent of security professionals had experienced increases in attack levels in their organisation because of remote work — a technology deployed (very effectively) to tackle a pressing problem. The pandemic did not cause a spike in cyber-incidents. It caused a spike in digital transformation, which expanded the opportunities for attackers to attack.

As we start to consider our ‘new normal’ as just ‘normal’, there are a few challenges we still must overcome.

The ‘what to do?’ list
Threat actors continue to evolve. The ‘latest thing’ from a year ago is rarely even a stopgap measure in the present, let alone a panacea for the entire threat landscape. As regulatory frameworks continue to loom over a growing number of business decisions, the collection, management, analysis and sharing of data will be more important than ever.

Drawing a line — even in an abstract sense — to represent your organisation’s digital perimeter is deeply problematic. Such perimeters are not expanding outward like a balloon filling up with air. Entirely new balloons, such as third-party networks and the private homes of employees, are joining the environment, as well as new factory — and field-based devices that make up the rapidly expanding Internet of Things (IoT).

Digital transformation is associated with value, whether it solves an immediate problem, improves a stale workflow, or enhances customer and employee experiences. Remote work, for example, is a necessary component of today’s world. Hybrid environments will remain, so CISOs must form a plan of action for managing them that retains the flexibility they have added while diluting the risk they pose.

And finally, security leaders must justify budget spends. They must target areas of improvement, balancing cost with value added. They must weigh issues such as talent shortages with the pressing concerns of discovering, auditing, and securing new digital assets, from field and factory machinery and traditional endpoints to cloud environments and containerised apps.

The ‘to do’ list
Automation is the standout quick win for today’s embattled CISO. Assuming regional technology stakeholders have been able to assemble a security team of any size, that team is likely to be overworked in the post-cloud rush era. Overwhelmed by false positives and preoccupied with firefighting, these professionals, recruited for their ability to add value, are instead succumbing to alert fatigue.

Automation can be applied to several areas that are traditionally labour-intensive. It can sift through telemetry in a fraction of the time it would take a human agent to do so. And it can be put to work in asset discovery, compiling a rich and accurate inventory that gives security teams a baseline from which to understand their new environment. Next, automation can get to work on auditing discovered assets and triaging them for action, whether that is further investigation by a human resource or immediate patching of a known vulnerability.

Visibility alone, gained by automated asset discovery, is priceless. Remote devices, cloud workloads, the activity within containers — all this and more should be transparent to CISOs and their teams. They will then be able to quickly spot suspicious processes, which is a vital capability when delivering security in today’s digital estates. Zero trust network architectures (ZTNA) are also becoming popular. Adopting a position where you are suspicious of everything and everyone is appropriate for an age in which identity theft is rife.

Other challenges, such as how to match the speed and ferocity of the attack landscape, can be met through advanced AI. Technologies like machine learning have proved themselves capable of drastically shrinking response times. They comb through lakes of data and flag threats in real time, reducing the number of false positives and further making the case for automation.

A list of your choosing
Tools are improving. Security vendors are starkly aware of the growing need for forward-looking digital strategies among their customers and have responded by raising their game once again to outwit bad actors. Cloud-oriented, container-sensitive security platforms are now capable of advanced prevention, detection, and response, including automatic asset discovery and inventory management, machine-controlled patching, and more streamlined compliance management.

All that is left is action — action by the region’s digital innovators. They would like to live in the memory as such, rather than becoming a cautionary footnote ripped from the GCC success story by a preventable ransomware incident or a disastrous data breach. You must choose to be the former. List your ‘what to dos’. Plan your ‘to dos’. And prosper.

Hadi Jaafarawi is the managing director – Middle East, Qualys