Corporate security is a critical aspect of any organisation’s overall strategy. In an ever-evolving digital landscape, businesses face numerous challenges to their security infrastructure, which require effective strategies and solutions. Industry experts are of the view that the Middle East encounters unique obstacles that demand specific attention. We spoke to a leading expert to gain insights into the challenges faced by organisations in the Middle East, notable cyber incidents in the region, the strategies employed to address them, and the role of government legislation in shaping cybersecurity measures.
According to Harish Chib, Vice President, Middle East and Africa, at Sophos, the Middle East faces distinctive cybersecurity challenges compared to other parts of the world. One such challenge is the complex geopolitical landscape, which hinders regional collaboration in addressing common cyberthreats. The intricate political dynamics make it difficult to establish effective cooperation and information-sharing mechanisms among countries. Resource constraints also pose significant obstacles in implementing robust cybersecurity measures.
“The Middle East encounters challenges in implementing robust cybersecurity measures due to a combination of resource constraints, including limited budgets and skill shortages. These factors hinder organisations from effectively addressing cyberthreats and investing in comprehensive cybersecurity strategies,” says Chib. This issue emphasises the need for innovative approaches and partnerships to overcome these limitations.
Chib highlighted two recent cyber incidents that had an impact in the Middle East that involved two leading banks that experienced website outages. These were attributed to a cyberattack by a mysterious entity. Such incidents serve as a reminder of the constant threats organisations here face and the necessity of robust cybersecurity measures to prevent disruptions and financial losses.
The Sophos executive is of the opinion that government legislation and regulation have a crucial role to play in shaping cybersecurity measures in the Middle East. Chib emphasised that regulatory compliance in the region is continually strengthening and evolving to align with global cybersecurity standards. He delineated the following key cybersecurity regulations in the Middle East:
● Saudi Arabia: The National Cybersecurity Authority (NCA) oversees the development and implementation of cybersecurity regulations, including the Essential Cybersecurity Controls (ECC) framework for public and private sector organisations.
● United Arab Emirates: The UAE has enacted the Cybercrime Law, which criminalises various cyber activities. The Telecommunications Regulatory Authority (TRA) also issues guidelines and standards to ensure cybersecurity across government and critical infrastructure sectors.
● Qatar: The State of Qatar’s National Information Security Policy (NISP) sets the strategic direction for cybersecurity in the country, focusing on governance, information sharing, and incident response capabilities.
● Oman: Oman’s Information Technology Authority (ITA) formulates and implements cybersecurity regulations, including the Information Security Regulation, which mandates specific security controls, risk assessments, and incident reporting.
● Kuwait: Kuwait has developed a National Cybersecurity Strategy to address cyberthreats and enhance the country’s cybersecurity posture. This strategy includes measures for raising awareness, developing cybersecurity skills, securing critical infrastructure, and fostering collaboration among stakeholders.
The challenges to corporate security in the Middle East demand a proactive and multifaceted approach. Organisations must navigate the complex geopolitical landscape, and address resource constraints. Collaboration among regional stakeholders and adherence to evolving government regulations are crucial for building robust cybersecurity strategies.
By incorporating advanced technologies, fostering skilled talent, and implementing comprehensive security measures, organisations can enhance their resilience against cyberthreats and protect their valuable assets in the ever-changing digital landscape.