The Middle East is at a crossroads in cybersecurity practices.
Home to more than half of the world’s natural gas and oil reserves, coupled with future megaevents such as Expo 2020 and 2022 FIFA World Cup, the Middle East is a magnet for high-profile cyberattacks (state-sponsored and others). At the same, expectations from governments that are embarking on digital business transformation are increasing. Check-box compliance is no longer (and never was) the solution to managing risk. NESA,ADSIC,SAMA are regulatory agencies that provide a baseline of controls for your information security program, not a mechanism for managing risk. Similarly, technology investments to be augmented with a combination of agile people, repeatable process– and most importantly a realistic security strategy plan that takes into account the preceding factors.
Additionally, per my past research on “Survey Analysis: The Security and Risk Management Leader’s Guide to the Digital Ecosystem”, CIOs in the region see talent (especially in security and risk) as significant barriers to achieving their objectives. A reset of focus is required and alternative practices need to be adopted in cybersecurity talent management. The Middle East is poised to be in a position to pump out the future generation of cybersecurity leaders through its urban adoption of emerging technologies that continue to shape up the future of cybersecurity. But money isn’t the solution. Commitment, persistence, and a digital collaboration platform is your ticket to the future (more research on this is planned at a later date).
For those who have access to Gartner, I present a deeper analysis of the challenges and set of recommendations for SRM leaders in my most recent contexts below:
Category: security security-of-applications-and-data
Tags: cybersecurity digital-business digital-ecosystem digital-security gcc information-security middle-east risk-management security security-talent talent
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.