+
EDITOR’S QUESTION
/////////////////
SAM OLYAEI,
PRINCIPAL RESEARCH
ANALYST AT GARTNER
T
his is a question that has honestly
been asked over the last 10 to
15 years. We’ve seen less of that
question asked over the last two to three
years because the impact of cybersecurity has
become so obvious to, not just consumers,
but the average employee of an enterprise.
Cybersecurity, as a result of public
awareness, media campaigns, the number
of incidents that have happened, and the
implications behind those incidents, has
really taken off as a concept and a field; as a
result it has become a boardroom issue.
In the Middle East where, in the GCC
specifically, we are a little bit behind the
curve in understanding how cybersecurity
impacts business initiatives, many
executives are still pleading cybersecurity as
an IT function.
What that essentially means is that business
strategies, business alignments and core
objectives are not being aligned back to
cybersecurity and they should be. And vice
versa; cybersecurity is not being aligned back
to these core initiatives.
As a result of this it’s becoming more and
more imperative that organisations stay
ahead of the curve, not only in terms of the
threat landscape but in terms of the risks
www.intelligentcio.com
they face internally in their own organisation
in order to protect what they feel is critical
to their business. In many cases that is the
information or the data that they own.
That’s just from a cybersecurity perspective.
Many aspects of the information or data
that they own also have privacy or safety
implications. There are privacy regulations
like GDPR coming out of the woodwork
and we also have privacy regulations being
drafted as we speak in the GCC.
Privacy regulations are becoming globally
critical as well as regionally critical, mainly
because we are not used to the idea that
we have to keep our employee information,
and information about the people we deal
with, private.
There are also safety implications related
to cybersecurity as well when it comes to
information or data.
Any organisations that have operational
technology aspects that are separate from
IT, such as power plants, electrical services,
critical infrastructure, manufacturing and
those types of environments, face safety
implications when it comes to data because
any type of breach related to the operational
technology could potentially result in injury
and even, in certain cases, death.
These are just some of the reasons why
cybersecurity awareness has increased.
IoT is interesting because there is a debate
in the industry going on about who owns
security for IoT. At Gartner we have our own
research and predictions that by 2030 we
expect there is going to be upwards of 25
billion IoT devices in the world. This is not
just in a consumer environment but also in
an organisational environment.
Ultimately organisations that acquire IoT
have a decision to make about who is
responsible for the security of IoT devices.
Is it the manufacturer of the devices or the
people that acquire them?
We are moving towards this concept that
the government has to start to regulate a lot
of these IoT devices in terms of developing a
standard practice so that the consumer can
actually protect them. Current IoT devices
still lack basic cybersecurity best practices
like password or access control.
We did some research and found that over
500,000 IoT devices could be accessed by
‘common passwords’ like ‘admin’ and ‘123’.
Could you imagine that if, by 2030, 25 billion
of these devices had passwords like these?
There’s a huge safety implication. n
INTELLIGENTCIO
37