The Middle East is at a crossroads in cybersecurity practices.
Home to more than half of the world’s natural gas and oil reserves, coupled with future megaevents such as Expo 2020 and 2022 FIFA World Cup, the Middle East is a magnet for high-profile cyberattacks (state-sponsored and others). At the same, expectations from governments that are embarking on digital business transformation are increasing. Check-box compliance is no longer (and never was) the solution to managing risk. NESA,ADSIC,SAMA are regulatory agencies that provide a baseline of controls for your information security program, not a mechanism for managing risk. Similarly, technology investments to be augmented with a combination of agile people, repeatable process– and most importantly a realistic security strategy plan that takes into account the preceding factors.
Additionally, per my past research on “Survey Analysis: The Security and Risk Management Leader’s Guide to the Digital Ecosystem”, CIOs in the region see talent (especially in security and risk) as significant barriers to achieving their objectives. A reset of focus is required and alternative practices need to be adopted in cybersecurity talent management. The Middle East is poised to be in a position to pump out the future generation of cybersecurity leaders through its urban adoption of emerging technologies that continue to shape up the future of cybersecurity. But money isn’t the solution. Commitment, persistence, and a digital collaboration platform is your ticket to the future (more research on this is planned at a later date).
For those who have access to Gartner, I present a deeper analysis of the challenges and set of recommendations for SRM leaders in my most recent contexts below: