[ad_1]
Organizations in the UAE and Saudi Arabia remain ill-equipped to address cyber threats despite continued increases in cybersecurity spending in the region, a report says.
According to a global report published by Trellix, a cybersecurity company that provides the future of extended detection and response, the GCC cybersecurity market has seen an upwardly revised decade-end compound annual growth rate, from 5.9% in 2017 to 7.6% last year (XDR).
While this clearly demonstrates the heightened focus on security at the board level, Trellix’s “Mind of the CISO” report reveals that two-thirds (66%) of CISOs in the UAE and Saudi Arabia still believe their Organizations lack the right people and processes to be cyber resilient, with nearly three-quarters (74%) feeling their current technology setup is insufficient.
The study, conducted by Vanson Bourne in nine countries, surveyed 500 CISOs at companies with more than 1,000 employees and found that when it came to people-related %) condemns the lack of skilled talent and their inability to recruit and retain them. More than one in five (22%) are concerned about the lack of support from their board, and 30% cited a lack of support from the rest of the organization.
From a process perspective, some 38 percent of CISOs in the UAE and Saudi Arabia said they lack the freedom to communicate with outside the organization for learning purposes. Another 38 percent expressed frustration with their inability to respond quickly to changing regulatory frameworks, and 18 percent said their processes were poorly designed or they were fed too many sources of information to adequately control their environment.
“The United Arab Emirates and Saudi Arabia consistently rank high in the Global Cybersecurity Maturity Index,” said Khaled Alateeq, Head of Trellix Middle East.
“This is because government entities have done a good job of developing cybersecurity guidelines and regulations and introducing broad skills schemes and incentives to attract top talent to the region. It is now the onus on organizations to answer the call and support their CISOs. Our most recent CISO Research is very clear on what can make life easier for CISOs in the UAE and Saudi Arabia.”
When asked for advice on how senior leaders in the business can help them overcome challenges, half of CISOs in the UAE and Saudi Arabia said better engagement of such stakeholders would be a good start. Thirty-eight percent said it would be helpful for other members of the organization to have a better understanding of cybersecurity issues, and 32 percent called for a strong support team to assist in their defense efforts.
But predictably, technology remains the biggest stumbling block between regional CISOs and their ideal threat posture. While two-thirds (66%) say people and processes are hindering their cyber resilience, nearly three-quarters (74%) say technology does the same — 25 percentage points higher than the global average.
The report further proves that the strategy of multipoint solutions is outdated. When asked about their experience with current security tools and platforms, 38 percent said they were outdated, 30 percent said too many, and 34 percent said they didn’t work well together. Nearly all (92%) of those surveyed in the two Gulf countries said their organizations were using between 11 and 35 different tools.
“What was found most in this study was not a lack of investment,” Alateeq added. “There are many signs that commitment to this is increasing, including budget and resource challenges cited by only 36% of respondents. What emerges here is more of a misguided investment. We have to make sure the right people and processes are in place. But the concern is that, with all the budget increases, we haven’t seen the right technology in place.”
Alateeq continued: “CISOs have clearly told us that ‘more solutions’ is not the answer. They need an open platform approach that can learn and adapt to build proactive defenses. CISOs and their teams must be able to see, protect and solve problems .They must be able to maximize visibility and peek into every corner of the enterprise.
“They must be able to cover every asset with unmatched speed of discovery when potential threats are identified. They must be able to automate responses across this connected security ecosystem to prevent their organization from becoming the latest victim of the threat landscape. “- trade arab news agency
[ad_2]
Source link