Businesses boost cybersecurity spending
By Sandhya D’Mello
The prime concern of any business is its data protection and companies are developing new strategies to adopt to new normal as working from home gets rampant. So how do you begin your journey of ‘zero trust access’ and secure your data, both at individual and corporate level? UAE businesses are boosting their IT budgets and some of the industry experts revealed that a steady and gradual increase of IT security budget was already in vogue and the pandemic has just accelerated that trend.
“Enabling remote work and adequately securing corporate assets and information are two top priorities for every IT team and most of them realise they should be approached with a long term view and can’t be patched for short term.” said Rajesh Ganesan, vice-president, ManageEngine.
With most employees and corporate devices working outside a company’s secured network, the scenario has flipped the traditional operational and security models. Companies are exploring new models like zero trust access, continuous and adaptive threat analytics and hybrid identity management to not only allow secure remote access for their employees but also to ensure strong levels of overall cybersecurity.
This will call for investment in technologies like identity and access management, privileged access management and cloud access security broker for securing user accounts and their entitlements. Equally important is the investment in securing the variety of endpoints with technologies like EDR (end point detection and response), which brings a good deal of self-detection and self-healing capabilities for corporate devices as a first level response to targeted attacks. Companies understand this change is not temporary as we all are going through a phase of transformation leading to a new normal. And cybersecurity gets top billing as companies try to rebuild and get to a position from where they can compete and lead.
Meanwhile, cybercriminals are taking advantage of the uncertainty, new system dependencies and work-from-home disruption to accelerate their phishing, impersonation and ransomware attacks on employees.
Richard Botley, cyber resilience strategist, Mimecast, said: “Cybersecurity budgets are being carefully re-prioritised to add more security layers to these cloud services and defend organisations from the risks of data breach, invoice fraud and downtime.” IT budgets are shrinking globally yet technology leaders are being told to do more with less. This consolidation agenda is pushing more companies, including those here in the GCC, to simplify their IT investments with cloud services such as Microsoft 365, G Suite and Zoom.
Mohamed Abdallah, regional director, Middle East, Turkey and Africa, SonicWall, said: “As businesses gradually return to what is a ‘new normal’ I believe the remote working culture will continue. Businesses have recognised this and are increasing their cyber security investments to especially secure their distributed workforce. We are seeing increased investment from academic institutions that are aware that remote learning is likely here to stay for the foreseeable future.”
On Wednesday, IBM Security revealed that the financial impact of data breaches on organisations in Saudi Arabia and the UAE.
Based on the in-depth analysis, the cost of a data breach in KSA and UAE has risen by 9.4 per cent over the past year. These incidents cost companies studied in the region $6.53 million per breach on average, which is higher than the global average of $3.86 million per breach and is the second highest average breach cost amongst the 17 regions studied. In KSA and UAE, breaches cost companies $188 per lost or stolen record on average, which represents an increase of 8.5 per cent from 2019. Healthcare was found to incur the highest per record cost of a data breach, followed by Financial Services and then Technology.
The study found that malicious attacks were the root cause for 59 per cent of data breaches in KSA and UAE, followed by system glitches at 24 per cent and human error at 17 per cent. Data breaches which originated from a malicious attack were not only the most common root cause of a breach, but also the most expensive, costing companies in KSA and UAE an average total cost per data breach of $6.86 million. Sponsored by IBM Security and conducted by the Ponemon Institute, the 2020 Cost of a Data Breach Report is based on in-depth interviews with more than 3,200 security professional in organisations that suffered a data breach over the past year. “IBM has been in the region for more than 70 years. Over the decades, we have been playing a vital role in shaping the region’s technology landscape and accelerating the digital transformation journeys of our customers,” Hossam Seif El-Din, vice-president, Enterprise & Commercial, IBM Middle East and Africa.
“Cybersecurity has become overly complex. Through our deep understanding of the region’s security environment and challenges, we are always ready to help equip governments and businesses with the solutions and skills to be prepared against inevitable cyber threats. With 8,000 professionals around the world, IBM today has industry’s largest, dedicated security services team.” While organisations in the region are at various stages of sending employees back to traditional office environments, it seems as though remote work will continue to play a significant role in business through 2020 and beyond. The shift to remote work as a result of Covid-19 have forced new learnings in business agility, and has paved the way for a new wave of advanced cybersecurity threats.
Alain Penel, regional vice president – Middle East, Fortinet, said: “Cybercriminals have become more sophisticated, using tools such as machine learning and AI to take advantage of the expanding attack surface and bypass traditional safeguards. Faced with endless alerts and a flood of data being collected from endpoints, network and IoT devices, cloud environments, and other areas, IT teams are struggling to keep pace, let alone stay ahead of threats.” Board and/or the C-Suite Executives want to know what risks the organisation is exposed to and what is being done to reduce/address them. In response, CISOs/security teams need to accurately assess, quantifiably, the level of risk in terms that the Board and/or the C-Suite Executives can understand. By demonstrating the business impact if any mission-critical areas are exposed, compared to the cost to implement controls that reduce the risk, business leaders can make an informed decision on whether additional budget should be invested.
Adam Palmer, chief cybersecurity strategist, Tenable, said: “CISOs might be tempted to purchase additional tools, hoping that a single purchase order can solve all of their problems. Unfortunately, a magic bullet simply does not exist. What is more meaningful is to better understand the risk environment and demonstrate risk reduction based on the prioritisation of vulnerabilities.” Palmer says that CISOs could also consider using managed service providers to reduce their day-to-day overheads of monitoring risks and vulnerabilities.