BUILDING DIGITAL TRUST | TahawulTech.com

GBM is the leader end-to-end solution provider, offering the region’s broadest digital solutions portfolio, including digital infrastructure, digital business solutions, security and services. In a detailed interview with Anita Joseph, Hani Nofal, Vice President of GBM Digital Infrastructure Solutions discusses the need for digital trust to underpin the security architecture of organisations. A Security Advisor exclusive.

In the context of today’s accelerated digital transformation, would you agree that security is the biggest challenge?

Yes, I’d say it is. Digital transformation does indeed bring in many security challenges, since data is growing exponentially, in both value and volume. In fact, data is the cornerstone of digital transformation, driving businesses to tap into its potential and use its power to compete in the changing marketplace. However, this process of digital transformation exposes data to greater security risks, and cyber criminals are keen to exploit its value through theft, fraud, ransomware and other kinds of cyber-attacks.

This is what gets organisations trapped in a “digital deadlock,” which keeps them from successfully transforming. So, organisations need to embrace opportunities for digital transformation, while keeping themselves, their data and their customers protected. How do they do it? The answer is, naturally, through effective cybersecurity.

However, designing and implementing a security strategy and architecture to meet the needs of data-driven organisations is easier said than done. Organisations in the region need to be fully equipped to meet the security challenges brought about by digital transformation.

It’s not just enough to transform, it’s important to transform securely-how is GBM helping companies in their digital transformation journey?

With the acceleration of digital transformation, organisations are leveraging technology to redesign customer and employee engagement, transform operations and adopt new business models to address rapidly changing industry dynamics and user needs. As organisations reshape themselves to adapt to the expanding digital economy, building resilience and trust into the digital experiences of customers, employees and partners is becoming increasingly critical.

There is a realisation now that security needs to be central to the digital architecture of the future enterprise to engender trust and resilience.

However, developing a digital strategy where security is “baked in” and not “bolted on” is challenging, and requires an understanding of risks across all facets of the enterprise and attention to building comprehensive security strategies to address them. At GBM, we help organisations build these security strategies.

In our annual security report last year, we found out that the top 5 focus areas for security initiatives were data security, secure remote access & connectivity, cloud security, identity & access management and endpoint device management. We have the capabilities and expertise to develop an integrated approach to all aspects of security for organisations: from creating a holistic data security outlook, simplifying cloud security, modernising network security, strengthening identity and access management, aiming for near-real time threat detection and response to securing the application lifecycle.

What is digital trust and what is security’s role in ensuring trust?

With work from home and hybrid business strategies gaining traction since the pandemic, the cost of a data breach increased by 9.4% during the past year in Saudi Arabia and the UAE. This resulted on average, a loss of $6.53 million per breach, in addition to business disruption and a negative brand image.

Digital trust is the confidence users have in the ability of people, businesses and governments to create a secure digital world. It creates a bond between customers and organisations that assures the customers that they will receive what they need for in a safe, secure and reliable manner. Organisations aim to gain digital trust from consumers and use this goal to digitally transform themselves and create greater confidence in security, safety, privacy and reliability among consumers.

Digital trust is built up over time based upon our actions, processes and, in the case of businesses, our ability to fully address the business risks that cyber threats bring with them.
Organisations need to include cybersecurity at the heart of the digital trust. This helps to ensure that the organisation is not avoiding security measures just to get their service or device on the market. By aligning the cyber security investments to the desired business outcome of trust-enabled commerce, we can more clearly understand the importance and value of our cybersecurity investments even if we have not experienced a hack.

It’s also important to highlight that the tools we invest in for security need to evolve from perimeter security, to one of distributed integrity, one component of which is the currently popular Zero Trust model – where we have a better understanding of high and low risk areas and can adjust our monitoring focus. Adopting the zero-trust model decreases the number of opportunities a hacker accesses secure content by limiting who has privileged access to different machines or segments of the network.

GBM’s Security Report 2022 which will be launched soon, dives deep into how security should be central to discussions on digital trust.

How does digital trust impact the wider society?

Digital Trust is the conversation that we need to be having across all levels of society, which includes individuals, businesses and governments.

There is a growing need to monitor critical assets and systems, better sense when unexpected activities take place and take the right type of action to respond to a full-scale breach before it can manifest itself. Achieving this trust requires a “partnership” between individuals, businesses and governments. In this cyberwar, the partners as a group are on one side, while the threat actors are on the other. We need to align the expectations of each partner and look carefully at what each of them require:

Individuals have the desire to have instant online secure access to their favourite products and services
Governments have the desire to protect their populations and commerce
Businesses have the desire to profitably serve customers

Now, all three groups have roles to play in the goal of engendering mutual online trust that benefits all of society, whilst reducing the opportunities for threat actors to negatively impact any of us.

Let’s begin at the individual level. The pandemic forced many people to work remotely and many people used telemedicine for the first time. Similarly, the use of video conferencing apps skyrocketed. These changes brought many security risks that most people weren’t aware of. So, now, individuals should -more than ever- be careful about what they share online, especially employees have an extra fiduciary responsibility to ensure they do not become the threat vector for their employers. According to the GBM Security Report 2020, 66% of organisations found that managing identities and access of end users were a challenge, especially in multi-hybrid cloud environments.

For business users, the implication of a breach is more significant. Aside from the data concerns, there are significant operational and even potential life-threatening concerns to take into consideration. Recent research suggests that that one third of all organisations in the Gulf are experiencing revenue slowdown, in which case the costs associated with a breach could have a more negative impact. That’s why the digital trust concept is now more crucial than ever because organisations cannot afford to lose customer trust or fall victim to a breach.

Now let’s move to governments. They play an important role as facilitators of how data is governed to protect the rights of businesses and individuals, while driving economic growth and social good. The digital-first mindset of businesses and governments in the Gulf has also increased awareness about the way data is collected, processed, stored, shared and maintained. Over the last decade, there have been a number of new laws passed in the region to regulate data governance, like the DIFC Data Protection Law in the UAE and the Personal Data protection Law in the Kingdom of Bahrain.

What will 2022 bring to the Gulf region in terms of cybersecurity challenges?

Organisations are now seriously considering how they will respond to a cyber-attack or breach, whilst maintaining the trust of their community. They have reprioritised risks post the pandemic. In our security report we identified 8 key risks that radically shifted in priority for Gulf organisations. The top risks include growing end-user security risks, risk of cloud security breaches, growing identity risks, risk of data and service availability in distributed environments, risk of internal delays to incident response and data and privacy risks due to unsecured applications. These concerns are the main drivers of security investment focus areas which we uncovered in our report. Organisations are now planning to focus on data security, secure remote access, cloud security, identity & access management and endpoint device management on their investment plans, which are clear reflections of the risks reprioritised.

Data security tops the list of concerns, and for a very good reason. Traditionally, data management has been the role of the storage team, however this group have never been formally tasked with responsibility for the security of data. Likewise, the cybersecurity team has traditionally been responsible for securing systems, network and applications. We are at a pivotal point in data management and cyber security where organisations must decide where this responsibility lies. Mature data management is a complicated issue; hot, warm and cold data of varying degrees of business and compliance importance exist both on and off-premise.

For cybersecurity professionals, the move to cloud has revealed the need to consider data security, as well as some new legislations, but until recently this was never a focal point. This needs to change.

Concerns about remote access are well-justified. With many working from home or in a hybrid model, the network perimeter has evaporated and IT teams in many markets are having to manage the security of home networks to secure their own corporate ones.

For many the focus on endpoint as well as identity and access management could address not only the remote working concerns, but also cloud access and data security issues.

Ensuring only the legitimate users and devices are access data, with integrity, can help to resolve many of the risks faced by security and data management professionals.

What about the cybersecurity skills gap? Is it a concern for organisations in the Gulf too?

Absolutely. Finding the skills to address cybersecurity has always been a key challenge. GBM’s Annual Security Report 2020 mentioned that 64% of organisations in the region currently face challenges in addressing skill gaps. In the early days of IT security, the demands were very network-centric, with firewalls, VPN, and network monitoring occupying centrestage. Today, however, this is a highly data-driven discipline and the need to have strong data analytic and interpersonal interrogative capabilities are higher.

With many organisations observing millions of potential threat alerts daily, the ability to program the tools to identify the “signal” of a possibly malicious event from the “noise” created by networks and underlying protocols is becoming the key differentiator of a successful cyber defender.

Organisations in the GCC should transcend this by implementing a more proactive monitoring and response mechanism to mitigate potential security risks and including a Security Operations Centre (SOC) and a Security Incident and Event Management (SIEM) platform to tackle these challenges. More importantly, having a skilled and experienced IT security team is important to implement and operate such platforms successfully.

Therefore, there is heightened advocacy for working with Managed Security Service Partners-organisations who make cybersecurity their business, as such organisations can invest more into cybersecurity since it is their business. Clearly, the risk is not outsourced, but there are many tasks within the cybersecurity arena that should be outsourced. Managed Security Services are becoming a priority across Gulf.

What advice would you give organisations to ensure digital trust in security?

The explosion of online economic activity that began in 2020 is not slowing down. At the same time, cyber-attacks will not be slowing down, either.

There are two sides to this ongoing cyberwar: cyber criminals vs the targets. Cyber criminals are a well-funded, highly motivated set of conglomerates and cooperatives that share intelligence, tools, processes and best practices. They use cryptocurrency to successfully get paid, but hide their identities, have cybercrime-as-a-service offerings and are generally, extremely financially successful. The pandemic brought to this group a fresh set of new opportunities to make more money.

The targets unfortunately do not work together to overcome the enemy and act as individuals in this war. Their governments do what they can to protect them and their customers, but ultimately extract fines when the targets get hacked.

There are certain steps that should be taken to improve this situation:

Government regulators should mandate the sharing of breach data – since we learn more from others mistakes then their best practices. Fines and regulation should focus on breach disclosure and adequate security controls being in place
Enterprises must realise they are fighting a war against experts and need expertise to help – it cannot be won alone.
Technology and service providers need to work with both groups as technical advisors, to help identify how best to implement and apply regulations, and how best to comply with said regulations.

Achieving these goals will be a journey, but if enterprises and governments don’t all agree on the direction we are to be heading, we will not be able to succeed.

As we can all imagine, cybercrime may never be eradicated, but we should be able to reduce the impact and burden to enterprises and individuals if we work together more effectively.

Zooming into the enterprise perspective, enterprise trust needs to embrace customers, employees and business partners.

The customer relationship is often more keenly focused upon, and clearly adhering to customer expectation towards data privacy and online security is more critical than simply complying with legislation – customers expect more than this.

Employees, who are the front line in any customer engagement, need to feel safe and secure in their working environments, which must translate into secure devices, identities, systems, and a simple way to ensure this remains so. Arduous security processes will create friction at an employee level which can leak into customer interactions.

Business partners are becoming more digitally connected and so ensuring an enterprise’s integrity within the industry supply chain is becoming a requirement these days.

All areas demand a robust risk management capability: understanding the risks to the enterprise and its connected ecosystem, understanding that not all risks are the same and applying the appropriate level of control for the identified risk.

Cybersecurity is rapidly evolving into a highly targeted, risk-based, practice that is also agile enough to respond to the changes in risk profile of an enterprise. Only by doing so can an organisation become capable of improving its scores in the cyberwarfare we are all engaged in today.

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Bybit opens global headquarters in Dubai on the heels of 50% increase in user base

DIFC Courts reinforces its commitment to sustainability following expansion of its digital infrastructure

NETSCOUT adds new data centre presence in Dubai with added Arbor Cloud Capabilities

Dubai ranks as the second most crypto-ready city in the world

LinkShadow reinforces its commitment to Saudi Arabia

Huawei Cloud’s Riyadh launch boosts Saudi tech advancement

Cisco unveils new data centre to enhance security services in Saudi Arabia

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Google Cloud announce significant new collaboration with Saudi Pharmaceuticals giant

KROHNE delivers insights to inspire the next generation of engineers in Oman

Oracle supports major project to accelerate Oman digital economy

Ooredoo accelerates cybersecurity in Oman with new deal

Omantel selects Ericsson to manage its nationwide multi-vendor networks

Oman TRA shares plans to accelerate 5G deployment

BDB launches “tijara” platform for SMEs

Bahrain achieves full nationwide 5G coverage

Batelco, SonicWall launch integrated security solutions for SMEs in Bahrain

Bahrain to offer COVID-19 test results on WhatsApp, Facebook Messenger

Infor supports Bahrain’s digital transformation

Infopercept opens its first Middle East office in Kuwait

Microsoft Compliance Manager now available in Kuwait

Commercial Bank of Kuwait gets mobile payments moving with Thales Digital Solutions

Ooredoo chooses Fortinet to deliver secure SD-WAN managed services in Kuwait

Zain rolls out first-ever 5G roaming service in MENA

Looking for the best label solutions in South Africa? Go OKI!

OKI is only going bigger in the South African market!

Huawei honours Women in Tech at Apps UP 2022

Amazon payment services launches in the MENA region

Egypt turns to AI to deliver COVID-19 diagnosis service to People of Determination

Vertiv extends partnership with MDS SI Group to enhance digital infrastructure solutions

Bosch sees 21% sales surge in the Middle East

“AI has been in Google’s DNA from the beginning – we are an AI-first company” – Tarek Khalil, Google Cloud

How companies can future-proof their business with Web3

“Diversity, equity and inclusion are a core part of our culture and values at AWS” – Yasmine Afifi

Gender Lens investing vital to economic recovery

Virgin Hyperloop unveils location for Hyperloop certification centre

TikTok taps Oracle as secure cloud provider

Zoom gets security boost with Keybase acquisition

Why collaboration is the answer to the successful roll-out of 5G

OPSWAT invests $10 Million in scholarship learning program to help close cybersecurity skills gap

Alef Education showcases the Alef Metaverse to improve climate education at COP28

Bybit and AUS unveil the tech talents of tomorrow

How digital education solutions can help students achieve their full learning potential

Seeds for the Future 2023: Huawei gathers ME & CA’s brightest ICT talent in Qatar

Huawei launches ground-breaking solar inverter at World Future Energy Summit

Middle East Energy to further boost their sustainability agenda

EDF UK selects Dynatrace to keep the power flowing

KROHNE harnessing the power of analytics to drive energy transformation

“All of us are pulling in the right direction for a better tomorrow” – Frank Janssens, VP at KROHNE

Above and ‘Beyon’ – New Money SuperApp launched in the UAE

New cross-border payments platform Digit9 launches in the UAE

Hub71 partners with global economic transformation specialist on MENA start-up ecosystem

Spheroid Universe coin to be listed on MEXC exchange

DIFC Innovation Hub launches AccelerateHER program

Innovating Finance: UAE’s Pioneering Role in the Blockchain and Crypto Landscape

Pioneering Sharjah’s Digital Revolution

Interview: Shaping a Secure World

Dubai Chamber of Digital Economy scouts Asia for tech start-ups

Government leaders from IT sector honoured at GovTech Innovation Awards

Dubai Science Park study backs R&D localisation amid projected surge in UAE healthcare spending

MarkiTech expands GCC footprint

MoHAP Launches Health Sector’s First National Centre of Excellence for AI

Korian Benelux future-proofs residential Care with AI-driven solutions

SAS accelerates responsible innovation efforts with new collaborations

Digitalisation key to accelerating construction development in Middle East, says Trimble

R&M Introduces First Single Pair Ethernet System to Support Middle East Smart Building Trend

To ‘upsmart’ your building, start with the elevator

Renters searching for homes online surge amid coronavirus fears

Emirati tech entrepreneur launches new app to ease Dubai’s rental woes

Brands Beware: The Application Generation Demands Seamless Digital Experiences

Opinion: Brands must respond to meet heightened customer expectations

Thriwe: Enhancing the Omni-channel experience

Navigating the Festive Cyber Landscape: Ensuring Online Safety during Holiday Shopping

Celebrate the Dubai Shopping Festival with Eros Electronics’ exclusive deals

AVEVA launches CONNECT, the world’s leading industrial intelligence platform, at Hannover Messe

Infopercept launches Invinsense 5.0- – A cybersecurity platform completely made in India

Interview: Building Cyber Resilience

Kaspersky Thin Client 2.0: Cyber Immune protection with enhanced connectivity, performance and design

xCube launches the UAE’s first fully automated SLB service for retail investors