Major gap remains between business and IT over cybersecurity

Dubai: The IT security landscape in the Middle East has started to show some signs of maturing as organisations in the region are taking gradual steps to improve their security posture, an industry expert said.

“There is a clear disconnect between IT decision makers and IT departments in terms of how to better manage security,” said Megha Kumar, research manager for software at International Data Corporation (IDC) Middle East, Africa, and Turkey.

She said that decision makers or CIOs see skills as the main hindrance, while IT managers state that there is a “lack of support” for their security solutions. Both CIOs and IT managers stated that there is a clear lack of IT security strategies. This shows that a “major gap still exists between business and IT when it comes to implementing more robust and dynamic security strategies,” she said.

According to the results of IDC latest “Middle East IT Security End-User Survey”, organisations in the Middle East are increasingly deploying advanced security solutions in order to proactively mitigate the security issues that may arise from lack of user awareness, network traffic, and hacktivism. In addition, organisations have been implementing more expansive training and awareness initiatives to address the security challenges that exist within their corporate IT environments.

Of the IT decision makers and CIOs surveyed, 57 per cent indicated that “maintaining a secure environment” was the biggest technology-related challenge/priority they faced in 2014.

Sustaining business performance

Approximately 50 per cent of the survey respondents listed “ensuring IT performance” as their second major concern, highlighting the fact that organisations in the region are concerned about sustaining business availability and performance. The responses also reflect the fact that the security landscape evolves at a faster rate than investments in IT security solutions. Furthermore, the results show that organisations in the Middle East are facing other serious challenges, such as “ensuring availability of systems and applications”, “improving the utilisation of IT assets”, and “managing connectivity”, to name just a few.

Unlike IT decision makers and CIOs, IT managers in the region identified “the increasing sophistication of attacks”, “the lack of executive management support”, and “the lack of an information security strategy” as their top three enterprise security challenges.

The survey results show that organisations in the region are investing in various security initiatives, albeit facing various security challenges. To this end, the major investment areas in 2014 were “Firewalls, intrusion detection, and prevention” and “anti-malware and data-loss prevention”. “It is worth noting that there is a growing emphasis on the deployment of next-generation firewalls that provide analytical insights on network traffic flow to better secure enterprise perimeters,” said Kumar.