Abdulrahman Alshetwey, CEO, Innovative Solutions, explains how cybersecurity posture can be improved within enterprises.
The month of September was an interesting one, from a cybersecurity point of view. Global organisations such as Equifax, the Securities and Exchange Commission (SEC) and Deloitte all suffered large-scale security breaches.
What was interesting isn’t really the hack itself as we have seen showbiz-style hacks in the past such as the likes of Yahoo, Sony and NSA, to name a few. It is certainly true that no one can be a 100 percent secure or immune from such attacks. The most aggravating aspect is that these incidents keep happening and in some cases, we could have prevented it.
Cybersecurity as an industry has flourished dramatically because of the high-profile incidents that have started in 2010. This is obvious from the number of new cybersecurity vendors we see every day. The more we have, the more we complicate things, lose control, and priorities get randomised and alignments are mismatched and therefore, we end up getting compromised again, as we relentlessly focus on technologies as a panacea.
What can we do? The first and foremost element must be around Information Security Awareness. It is necessary to care about the people at all levels. Ensure, they are educated and understand the risks associated with using the Internet and online activities. It is not easy to keep yourself focused when faced with unprecedented technologies and ways to communicate with others, so repeatability is an important dimension. However, who can push us to do so in a continuous way?
Having worked in the regulatory side of the equation previously, I still believe that with the cost associated with implementing any compliance programme, it is important to ensure such overheads are managed right and utilised to the best interest of both, the regulator and the business. In Saudi, as an example, the financial industry regulator has issued a cybersecurity framework that is outlined as a maturity model and will be implemented along the way. Although, it is a bit of one-size-fits-all, it is a great expansion of what has been done for the banks before. The new framework is now available for all financial institutions. Having witnessed the improvement of cybersecurity in the banking sector, I believe other financial services will also benefit from implementing it.
The real issue is how to create an assurance framework to ensure constituents are adhering to the rules, fixing the issues and investing in their infrastructure, people and processes.
Regulations when done inaccurately can cripple businesses and tighten creativity and that’s why it is important to involve the industry, as a whole to figure out how to protect ourselves, our society, kids, business and governments. It is also important to listen to the other side as it is not always feasible or economical to replicate what has worked before.