The United Arab Emirates (UAE) is increasing its cybersecurity efforts, having formed the UAE Cyber Security Council earlier this year and recently announcing the adoption of cybersecurity standards for government agencies as it revealed the budget for the next five years. The announcement was made by Sheikh Mohammed bin Rashid Al Maktoum, Ruler of Dubai and Vice President of the UAE, who stressed that cybersecurity is a sovereign priority, noting that cyberspace needs protection and updates.
With 2021 already shaping up to be one of the most challenging for cybersecurity, this could not be more timely. Ever more sophisticated attackers are plumbing the dark corners of our systems and networks, seeking — and finding — vulnerabilities. The consequences for an attack rise as our systems’ interdependencies are becoming increasingly complex. Critical infrastructures are especially vulnerable. And yet, many of the breaches we’re seeing are still preventable with sound cyber practices and strong controls.
Three cyber questions you need to ask
Are you securing against the most important risks today and tomorrow?
Data is the asset attackers covet most. However companies can minimise that risk by minimising the target and a whole 46% of the UAE respondents (compared to 35% globally) have already mapped all their data, meaning they know where it comes from and where it goes. 41% also have the ability to share data securely with third-parties, business partners and suppliers, compared to only 34% globally. And overall more than a third report having mature, fully implemented data-trust processes. Organisations should govern, discover, and protect only the data they need — and eliminate the rest. Low-value data not only creates unnecessary risk, it also crowds out or buries high-value data.
When making decisions about cyber investments and responding to cyber risks, more than a third of the UAE respondents say that they have integrated analytics and business tools into their operating model.
For example, real-time threat intelligence is integral to 36% of respondents for smart cybersecurity decisions. Threat modeling, scenario building, and predictive analysis are relatively widely used technologies in the UAE (36% vs. 26% globally) and even more when it comes to cyber risk quantification (41% vs. 26 globally)
Real time monitoring can help shed light on new risks and help the organisation secure against the most important ones. And when it comes to using real-time view of key cybersecurity controls, this is being used by almost half of the UAE respondents already.
Is your organisation too complex to secure?
In an overly complex organisation, it’s common for the left hand not to know what the right hand is doing — and the consequences for cybersecurity and privacy can be disastrous.
Nearly three quarters of all respondents say their companies are too complex and that the complexity of their organisation poses “concerning” cyber and privacy risks. While globally data infrastructure (77%) ranked highest among the areas of unnecessary and avoidable complexity, for UAE the highest ranked area was supply chain (85%).
And when asked to name the top consequences of operational complexity, our UAE respondents named:
Inability to innovate as quickly as the market opportunities allow.
Lack of operational resilience, or the ability to recover from a cyber attack or technology failure.
However businesses are aware of the risks of complexity and are taking action by streamlining. 46% of our UAE respondents (compared to only 33% globally) have reorganised functions and ways of working, and 44% (compared to 30% globally) have defined or re-aligned the mix of in-house resources and managed services.
How well do you know the risks posed by your third parties and supply chain?
Less than half of the UAE respondents say they thoroughly understand their third-party cyber and privacy risks.
You can’t secure what you can’t see, and most respondents to the PwC 2022 Global Digital Trust Insights Survey seem to have trouble seeing their third-party risks — risks obscured by the complexities of their business partnerships and vendor/supplier networks.
Among all UAE respondents, 59% expect an increase in reportable incidents in 2022 from attacks on the software supply chain, but only 44% have formally assessed their enterprise’s exposure to this specific risk.
But the UAE respondents have started taken action to minimise third-party or supplier risk:
refining their criteria for onboarding and ongoing assessments of third parties (62%)
rewriting contracts with certain third parties to mitigate their risks (56%)
providing knowledge-sharing or assistance to third parties shore up their cybersecurity postures (51%).
An organisation could be vulnerable to a supply chain attack even when its own cyber defences are good, with attackers simply finding new pathways into the organisation through its suppliers. Detecting and stopping a software based attack can be very difficult, and complex to unravel. That’s because every component of any given software depends on other components such as code libraries, packages and modules that integrate into the software and are necessary for its operation.
However the more complex the connection, the harder it becomes to see the risks buried within.
Consider the four Ps
The four Ps can help an organisation realise its full cyber potential by highlighting the key action items to consider.
This is exemplified by the most advanced and most improved organisations, who employ them all.
By focusing on having your organisation working as a unified whole, from the tech stack to the board room, results can be achieved faster and risks can be minimised. Cybersecurity is a concern for the entire business, in every function and for every employee.
Related content
Contact us
