What are the main challenges CISOs are facing in the Middle East?
Q. How are we making security a part of everyone’s job?
A. Awareness programs integrated into daily work practices are key as well as including security in employees’ job descriptions. Adding security duties to job responsibilities makes it everyone’s duty to ensure the security of company assets as well as colleagues’ safety. Security awareness is also critical as it enables employees to stay alert and report suspicious activities. Security reporting processes should also be enhanced to make them easily accessible and user-friendly with no victimisation involved. Put briefly, a security culture should be inculcated into everyone emphasizing the notion that security is everyone’s responsibility.
Q. What cybersecurity questions should every CEO ask?
A. There are several questions of interest to every CEO. The first one is: Do we have the necessary skills to defend ourselves against cyber-attacks? This is key; if there are no skills efforts should be made to ensure that people are trained, or additional skilled resources are recruited. Cyber skills resident in the organisation should always be higher than the skills of the attackers. The other question is: Are we complying with a plethora of cybersecurity laws, regulations, and standards to reduce incidences of fines and other penalties? This is very crucial for example in the payments industry where failure to comply with requirements such as PCI-DSS could force an organisation out of business. The last question has to do with resources; Are security budgets adequate to cater for the various security solutions required? Cybersecurity is an expensive process, and resources must be available and appropriately budgeted.
Q. From the perspective of a cybersecurity leader, what do you believe is the most valuable asset?
A. The human resource base is very key both for cybersecurity professionals and the general employee. In cybersecurity, precedence is always provided for the protection of human life before anything else. It is therefore important to ensure that people are equipped with adequate and relevant knowledge about how to identify indicators of attacks and remain alert for such attacks,