Over the past several years, the pace of IT development has accelerated and cyber threats have multiplied. Unfortunately, many security functions have failed to match that pace and meet those threats, according to a new white paper The Future of Security: Evolve or Die from Deloitte’s Center for Security and Privacy Solutions.
“The survival of any business in the Middle East is linked to its ability to manage and mitigate critical risks, including technology related risks. Today data has become more valuable to businesses, while they in turn have become more dependent on their IT systems. Yet, the multiplication of cyber threats – with cybercrime now one of the fastest growing categories of crime – poses a risk for which many security functions within are ill prepared,” said Tariq Ajmal, Partner in Charge of Information and Technology Risk Services at Deloitte in the Middle East. “Because of the dynamic changes underway, it is time for a new approach to information security.”
An effective security program needs to address the most significant risks that organizations in the Middle East. Unfortunately, few senior executives understand the real challenges their IT security professionals have to handle. The future of security depends on senior executives and chief information officers (CIOs) urging and enabling organizations to evolve as the environment evolves. The Deloitte white paper presents a compelling discussion of key security issues and challenges that organizations face, along with steps to consider in response.
“Social media sites and blogs open new avenues of attack. Organizations need to be educated about limitations and risks, and create governing policies, and train and educate their workforce,” the report said.
“Mobile devices multiply potential avenues of attack; organizations must monitor usage, confirm secure configurations, and employ dynamic policies.
Cloud computing adoption comes with associated risks. Organizations need to understand determine the opportunities and also the potential business and financial risks of public and private cloud environments,” it added.
“Software vulnerabilities are increasing with the growing number of application releases. The approach to consider is anticipate and defend, define normal to identify abnormal, and exercise vigilance. Access management is still primitive. The approach can be to master the basics, analyze your needs, and adapt as you go.”
“Breaches of IT security take place far more frequently than is realized throughout the Middle East, mainly because most businesses are not equipped to even detect them. It is important for management to remain updated on and aware of the real security threats their organizations face and to make appropriate, proactive investments to address those threats. There is no better time to start doing that than now,” added Ajmal.