Paladion Networks has highlighted the top 10 cyber security trends that will impact global digital security in 2015, and beyond. These trends can have long-term impact on the enterprises in Middle East and Africa.
Amit Roy, VP & Regional Sales Head-ME & Africa at Paladion Networks stated that: “After rigorously analysing the ever-increasing data flow regionally and globally, we have identified the top 10 cyber security trends that the enterprises in the Middle East and Africa need to be cautious of.
According to Roy, organisations in the region need to follow these trends closely to ensure protection against the rising tide of cyber threats:
1. Focus on Regulatory and Compliance Requirements – Regions will see a surge of compliance and regulatory requirements to maintain a solid foundation of security controls toward people, process and technology levels for National Banking/Government/Oil & Gas, Retail and Critical infrastructure sectors. Each country will be introducing compliance standards in line with best practices like ISO 27001. Some standards already making a huge impact are ISR, NESA, ADSIC in UAE, ICT-Qatar standard, etc.
2. Automation of Security GRC Will Surge – As organisations are compelled to follow various compliance and regulatory standards and frameworks, CISOs face increasing challenges to maintain and manage the GRC Security framework that is both sustainable and flexible enough to meet compliance audits. This will increase demand for automated solutions to manage compliance and audit requirements to meet or exceed Security Governance, Risk and Compliance.
3. Focus on an Holistic Program-Based Foundation for Greater Security – The threat landscape is changing rapidly, in particular, security attacks, which grow more sophisticated with each passing day. CISOs will be hard-pressed to remain vigilant. They will need to develop flexible strategies that identify and mitigate vulnerabilities in their IT Infrastructure. Paladion sees the need to have a program-based, holistic and continuous approach towards vulnerability management at both network and applications layers that work in tandem with automated alerting and incident management programs.
4. Promoting Risk-Based Security Behaviour in Organisations, Not Just Awareness – Instead of only conducting employee awareness workshops, organisations must focus their employee workshops on the do’s and don’ts of Information Security. This is necessary to instill their employees with positive, risk-based security behaviour so they evaluate the risks of their actions, changing them from the weakest link to the strongest link in the chain.
5. Automated Detection and Alerting – With cutting edge SIEM technologies and fully fledged Security Operations Centers, corporate networks will have complete 360 degree visibility to provide real time, meaningful and actionable alerts.
6. Automated Incident Response – Automated detection and alerting is no longer enough. Automated incident response against the highly sophisticated cyber breaches is now required with the objective to minimise the impact of an attack by reducing the time from detection to remediation.
7. Proactively Managing Security –‘Round the Clock’ – Roy believes the trend towards automated detection, alerting, incident response and analytics is picking up speed. Predictive security, the need for having a 24/7 Security Intelligence center, is surging in the region. Banks, Government, Retail and Critical Infrastructure companies are adopting a complete outsource, internal or hybrid model to achieve this objective – theses models differ from organisation to organisation based on risk factor, overall cost and level of measurement by using an SLA model particular to each organisation. We will see an increase in Managed Security outsourcing based for a proactive and measurable security defense in the region.
8. No Single Silver Bullet for All – Integration is the key to get proper defense against the high profile cyber attacks. This will require different niche security technologies to work cohesively under a common security framework. This Integration of different technologies combined with deeper analytics is the need of the hour. In addition, this trend will impact the vendor eco-system with more M&A to be seen from vendors offering best in class integration technologies in a common out of the box approach.
9. Securing Embedded Platforms – The recent attacks on the Oil/Gas and Retail Sectors demonstrate clearly that embedded platforms or devices like SCADA systems/Telecom infrastructure/POS terminals/Hand held devices are no longer immune from Cyberattacks. CISOs will need to collaborate closely with their colleagues from Engineering and Telecom businesses to better develop a security strategy foundation and implement stronger security controls for the ‘crown jewels’ of these organisations.
10. Mobile Malware is on the Rise – No longer are attacks aimed solely at the traditional desktop. We see a surge in Malware attacks on mobile devices, making these devices extremely vulnerable. It has become a huge concern for consumers and an even greater concern for enterprises that are moving rapidly to adopt widespread enterprise awareness BYOD security. Paladion sees an increase of attention toward BYOD Security as CISOs adopt baseline security controls for mobile devices.