Cybersecurity breach on Gulf-based companies increased from 28% to 41% in two years, says GBM study

DUBAI, As many as 41 percent of Gulf-based enterprises admitted to being breached at least once in the last 12 months, in comparison to 28 percent in 2016. Interestingly, only 31 percent of regional organisations were concerned about detection and response to attacks, according to findings of the 7th edition of its annual cybersecurity study revealed by Gulf Business Machines (GBM), the region’s number one provider of IT solutions, today at the 2018 Gulf Information Security Expo & Conference (GISEC) in Dubai.

This year’s survey focused on cybersecurity in the business environment, and revealed how regional companies are implementing their cybersecurity strategy.

This finding underscores the necessity of a change in mindset, especially among management when it comes to budgeting for the right technologies needed to deal with a breach once discovered. Meanwhile, 62 percent of respondents stated that they were likely to utilise Artificial Intelligence (AI) for securing their organisations, which showed willingness in deploying new technologies.

“We have seen a large number of high-profile cyber-attacks this past year and this is a trend that isn’t looking to slow down. Despite the constant stream of security updates and patches, attacks are growing increasingly common. In today’s context, it is crucial for organisations to understand that preparation against a security breach should not be purely focused on preventative tactics, but rather it is important to invest in resources that aid in detection and response. This will test the resilience of an organization’s security against breaches,” said Hani Nofal, Vice President of Intelligent Network Solutions, Security and Mobility at GBM.

The security survey also revealed that up to 79 percent of respondents believed their company currently has an effective security strategy program in place. The majority of respondents also reported their company had not experienced a security incident in the last 12 months. However, the survey indicated that 32 percent of Gulf organisations do not have a Security Operations Center (SOC) and that there could be an intrusion within their system that they are unaware of, considering how long intrusions are able to remain undetected, particularly when there is no proper detection and response program in place. Moreover, 81 percent of respondents preferred having their security operations on premise.

A significant issue the survey highlighted was the risk around the Operating Technology (OT) with 31 percent of Gulf organisations experiencing attacks to their OT environments. However, Gulf organizations have started taking action by deploying security controls for OT and developing a security strategy for prevention, detection and response. A few organizations are also leading the way in setting up a SOC dedicated to computer-based supervisory control and data acquisition (SCADA) systems isolated from the IT environment.

“Security is a shared responsibility, not just within companies but across the region and worldwide. There is a pressing need for organisations to share their experiences, good and bad, in order to help others prepare better in this constant race. Together, the battle against adversaries would be considerably easier”, added Nofal.

Source: Emirates News Agency