Anita Joseph caught up with Ned Baltagi, Managing Director – Middle East, Turkey, and Africa at SANS Institute, to find out more about cybersecurity in the region and how SANS is committed to equipping professionals with the required skills.
What role does the SANS Institute play as a leading and dynamic thought leader in the cybersecurity sector, and how does its influence shape the industry’s landscape?
At SANS, we are committed to developing the next generation of cyber leaders globally. With more than 85 training courses that cover a broad spectrum of topics, ranging from foundational courses to highly specialized areas such as DFIR, OSINT and ICS, we are well-positioned to help companies overcome digital security and privacy challenges. Our courses are taught by experienced practitioners who bring real-world experience to the classroom, and training materials are continually updated to reflect the latest threats and vulnerabilities. Research by our faculty members into emerging threats and trends is shared with the cybersecurity community through publications and events, including webcasts, conferences, and summits. We maintain a strong focus on community building and networking, which fosters collaboration and knowledge-sharing among cybersecurity professionals. We are active advocates for a strong cybersecurity culture within organisations and throughout the industry. Overall, our goal is to help organisations build more secure and resilient systems that can withstand the evolving threat landscape.
What are the current cybersecurity trends in the UAE and the broader META region?
All through 2023, the world has witnessed a revolution in Artificial Intelligence (AI) and Machine Learning (ML). Notably, the cybersecurity industry has been actively and significantly involved in adapting to and leveraging these transformative advancements. AI and ML now play a crucial role in enhancing cybersecurity measures within organizations in the UAE and Middle East, by automating tasks and eliminating manual processes across operations, enabling the prevention of potential risks evolving into security incidents and fundamentally reshaping how professionals address digital security. Moving forward, we can expect an even greater reliance on AI and ML to detect and mitigate threats in real-time.
Additionally, the shift to cloud environments in the META region is gaining momentum, and with this new frontier for cyber threats comes the need for a robust cloud security strategy. Businesses in the Middle East have invested in securing their assets, data, and operations in the cloud, deploying identity and access management, encryption, and multi-cloud security solutions. Moreover, cloud security professionals in the region have already recognised Zero Trust as the top priority in cloud security for 2024.
CISOs acknowledge that, despite significant investments in cybersecurity and cloud security solutions, the potential for human error, such as an employee accidentally opening a phishing link or providing unauthorised access, remains a significant vulnerability. This realisation underscores the heightened importance of adopting Zero Trust security models to mitigate the risk of both internal and external breaches.
The Middle East places heavy emphasis on cyber resilience. This extends beyond mere attack prevention, centering on how businesses can maintain seamless operations even in the event of a breach – minimising disruptions during the attack and facilitating prompt recovery afterward. The UAE’s implementation of comprehensive cybersecurity certifications, standards, and policies exemplifies the region’s commitment to maintaining robust cyber resilience across various sectors.
Tell us more about the Middle East threat landscape in 2023 & 2024. What specific skills do professionals in the region need to overcome threats and bridge the skills gap?
The Middle East’s cybersecurity threat landscape in 2023 and 2024 is characterised by its dynamic and challenging nature. Professionals in the region need to equip themselves with a range of specific skills to effectively navigate and mitigate these threats – everything from advanced threat detection to cyber resilience planning. We have been working closely with different government entities across many nations in the META region, as well as globally, on setting up programs that help narrow the cybersecurity skills gap. One of the largest training gaps in the region is in ICS cybersecurity. Critical infrastructure in Oil & Gas is a major part of operations in the Middle East, and IT security training, tools, practices, and processes do not always translate well into control systems. In many cases, it actually causes more problems. 38% of attacks in ICS critical infrastructure networks come from IT networks allowing the threats into the ICS. As such, there is an opportunity to connect with professionals, educate them on ICS threats, and offer training courses such as ICS515, ICS418, and ICS410.
Will there be more SANS META region training events in 2024? What can cybersecurity professionals look forward to?
Over the years, the number of training events we host in the region has grown by good measure, and we are excited that the META region in 2024 will be hosting more than 15 training events. We aim to organise as many training events per year as possible for the region, bringing our expert instructors over to upskill local cybersecurity practitioners where possible. We will be hosting training in the UAE, Saudi Arabia, Oman, Kuwait, Qatar, and Turkey with a variety of training courses covering the latest trends and techniques in cybersecurity, hands-on exercises and insights, and networking opportunities within the cybersecurity community, providing valuable experiences for professionals in the field.
The SANS META region training events in 2024 are not just educational opportunities; they are comprehensive experiences designed to elevate the skills and strategic thinking of cybersecurity professionals in the Middle East. These events represent our ongoing dedication to nurturing a knowledgeable, resilient, and collaborative cybersecurity community in the region.