CASE STUDY
There’s some truth in saying that laziness is a
key element of human nature, but that excuse
is too simplistic and dismissive. It’s not that we
can’t be bothered to exercise due diligence,
it’s that we haven’t been properly motivated.
“What’s in it for me?” is a fundamental
unspoken question of cybersecurity – one that
demands our attention.
When we cast blame on average users
for failing to regularly change their many
passwords across many different sites and
systems, we seem averse to understanding
why they’ve failed to do so. Only when it
is too late, when users’ own identities are
stolen, do they acknowledge the importance
of such a security practice.
What impetus did they have to incorporate
this practice sooner, though? Too often,
they’ve simply been told what to do without
truly understanding why they need to do it.
If you can leverage a multiple challenge
approach to distribute a customised,
consistent content and engage your
customers, you will be in a strong position
to not only make them feel good, but you
can be rest assured that they will come back
because they have liked the experience.
How has the COVID-19 pandemic
raised the whole issue of security
as most companies have been
forced to have their employees work
remotely exposing their company IT
infrastructure to vulnerabilities and
possible cyberattacks?
I am sure most people saw the awesome
caricature which was shared everywhere
on various social media platforms. In the
caricature, there was a question asked “Who
is leading your Digital Transformation?”
In a multiple choice answer format, the
• Exercise caution when opening messages,
attachments or clicking on links from
unknown senders
• Be wary of any requests for personal
details, passwords or bank details,
particularly if the message conveys a
sense of urgency
• If in any doubt of the communicator’s
identity, delay any immediate action.
Re-establish communication later
using contact methods that you have
sourced yourself
Let me repeat, cybersecurity is everyone’s
job, but as a CISO, it’s your job to monitor
and enforce your employees’ cyber hygiene,
implement multi-factor authentication,
keep your software and operating systems
updated, keep up your data loss prevention
controls, use a Virtual Private Network (VPN),
put your security operations on guard, keep
employees informed about threats, use
The key to fostering this culture is
substance. One of the most substantive
ways to inspire others to be proactive is to
get them to relate to the situation. People
often fall into the trap of thinking about
their computer use too abstractly, as if
what they do online is far removed from
the actual real-world consequences. To get
them to understand the gravity of their
digital actions, we need to get them to shed
this outdated mode of thinking.
How should big organisations in the
Middle East be guiding customers
on their journeys of providing
smart, innovative and dynamic
online services in various industry
verticals as they rollout their Digital
Transformation strategies?
There are so many innovations happening,
especially in the last decade. These
innovations, digital services and operations
are raising the competitive bar in every
sector. It is the leader’s job to capture the
opportunity by embracing a new operating
model that dramatically improves the digital
customer experience.
I will refer here back to the word strategy.
While a cybersecurity strategy can help
your organisation to stay secure, having a
Digital Transformation strategy will help your
company to empower end-user customers.
WHILE A CYBERSECURITY STRATEGY
CAN HELP YOUR ORGANISATION TO
STAY SECURE, HAVING A DIGITAL
TRANSFORMATION STRATEGY WILL
HELP YOUR COMPANY TO EMPOWER
END-USER CUSTOMERS.
following were listed as possible options:
CEO, CIO, CISO and COVID-19. Of course
the correct answer was COVID-19. The point
of the caricature was that because of the
COVID-19 pandemic, the whole question
of IT security has been put back into the
spotlight at corporation and individual level.
As most people and organisations are aware,
the COVID-19 pandemic is and will be used
by cybercriminals to try to scam people out
of their money, data and to gain access to
IT systems and networks of organisations.
While companies have had to embrace
working from home, here is what everyone
should be doing:
• Exercise critical thinking and vigilance
when you receive phone calls, messages
and emails
strong and unique passphrases and of course
being aware and creating a community that
can speak up.
How do you see the role of CISO
evolving in the next two to five years
in the Middle East?
As pointed out earlier the CISO role has
changed a lot in the last decade and I am
sure it will evolve in the near future. As
organisations move to the cloud business
model, some services are outsourced to
managed services providers (MSPs) and
channel partners. With technologies like
Machine Learning and Artificial Intelligence
getting broader enterprise wide adoption
and acceptance, the impact of this
technology maturity will also see the CISO
role adjust in the Middle East market. •
62 INTELLIGENTCIO www.intelligentcio.com