CASE STUDY
am in touch with many CISOs in the Middle
East region, I can gladly say that all banks
are doing their best to offer their customers
the best security services, together with
innovative offerings around the core banking
products and services. For sure some do it
better then others.
What are some of the security
challenges when you got emerging
technologies like Internet of Things,
Artificial Intelligence, Machine
Learning, etc not very standardised
but big organisations in the Middle
East are adopting these technologies?
Every medallion has two sides. While
technologies like Internet of Things, Artificial
Intelligence and Machine Learning bring
many benefits for sure, the technologies that
are deployed in any enterprise environment
and are not properly secured can pose many
risks to an organisation. I am sure most people
in the regional IT industry will remember
the big Internet of Things DDOS attack that
happened just last year. Using the emerging
technologies or any other technology as is, not
taking care of cybersecurity can make you as
the CISO and your organisation pay a huge
bill like loosing credibility, customer trust and
of course money.
The role of a CISO is evolving
with more C-level and business
line executives getting involved
in making IT and technology
purchasing decisions and
formulating the overall IT strategy
for the business. How hard is it for
a CISO to get the correct support
from its peers?
Earlier I alluded to the fact that CISOs must
have skills to be able to explain security
for non techies, build and maintain critical
relationships, and communicate at both
senior and operational levels. Soft skills are
critical to evangelising the agenda and
celebrating wins, which need to be expressed
as business outcomes. The CISOs who can
develop those skills can ‘sell security’ to their
peers and other business line executives.
To be very honest, all those cyberattacks that
are happening regularly are making our job
a bit easier as well to get the right support.
It’s all about building the right cybersecurity
strategy for the whole organisation.
A cybersecurity strategy is a plan for
managing organisational security risk
according to a defined risk tolerance for
the organisation to meet the business and
organisational objectives and goals.
In addition, the cybersecurity strategy
shouldn’t be focusing being secure as
possible, but on being secure as necessary
and for that to happen, you must balance
security investments to keep security
assurances strong.
Once you do that then you also need
to understand the ‘threat actor factor’.
Sophisticated attackers will only choose
avenues that they can exploit successfully.
If you look for weakest links, know your
vulnerabilities and try to not have any
misconfigurations, minimise the human
error and have good vendors to trust you
should be okay and this will build even more
confidence on getting the right support from
the business as well as the IT teams.
How are enterprise organisations
building the next generation of IT
leaders in the Middle East?
There is a unique trend that is being
witnessed world over in the job market.
While the overall number of jobs in
different industries is rising, the technology
industry is seeing one of the highest
rates of job growth.
In some countries, it is expected that by
2020, the number of IT jobs will outweigh
the supply of people with skills to take them
up. It is evident that the world is leaning
more toward technology and that this is
opening up opportunities for those skilled in
different technologies. Therefore the future
is more promising for those that invest time
to learn IT skills today.
Human resources departments are
having to deal with the scarcity of tech
skills in the Middle East market. While this
is bad for recruiters, it is good news to
people that pick up essential tech skills.
There are many mitigating factors that
are making IT professionals become
quickly accepted into the market. I believe
there are different paths that someone can
take in their IT career. While most careers in
IT are good, there are some that are limited
or might face sudden death in the near
future as well. Therefore, caution must be
taken when choosing the right path in the
tech industry.
Senior IT managers such as CIOs and CISOs
need to focus on having the right talent
throughout their organisations, while having
the responsibility to build strong leaders
well-positioned for success now and in the
years ahead.
Effective IT leadership needs talent
that is upskilled and participation
from all in the Middle East tech
sector. How are you overcoming
the “what is in for me” problem,
especially in the cybersecurity space?
As members of a digital, networked society,
we shouldn’t simply be aware of our
problems. Rather, we should be fixing them.
We often fail to do that, though, choosing
instead to just accept bad outcomes rather
than addressing their root causes.
This is completely understandable when you
think about the fact that security problems
often seem insurmountable. What can we
as individuals do, even if it’s just to protect
our own personal information? There are too
IF WE WANT
EFFECTIVE
CYBERSECURITY,
WE ALL HAVE TO
PLAY A PART.
many points of failure, too many factors that
are out of one person’s hands.
So rather than struggle independently with
rudimentary tools and limited help from
others, the most logical choice is to shift our
focus and embrace a new standard: a culture
of cybersecurity. To put it another way, we
need a collective effort to share valuable
security knowledge, strategies, best practices
and more with our fellow digital citizens. If
we want effective cybersecurity, we all have
to play a part.
www.intelligentcio.com
INTELLIGENTCIO
61