editor ’ s question
e can at least hope
W that 2022 is the year when we put the pandemic behind us . But where the notion of a COVID-free world may at least be possible , the thought of one without cyberthreat actors is , sadly , unrealistic . The Arab Gulf region will see many changes over the next 12 months as organisations continue the fight to secure their perimeters . Here are the highlights .
The decline of cyber insurance
A 2020 KPMG survey revealed 73 % of UAE businesses to be investing in cybersecurity to some degree as the result of a surge in incidents .
There are now strong indicators that some of this investment may go towards insurance , even as the quality of coverage declines . Citing the COVID- 19-related surge in cyberattacks across the country , international law firm Norton Rose Fulbright recently predicted a surge in UAE enterprises ’ interest in cyber-insurance and a corresponding change in policy design , with clauses on cybersecurity making their way into property and liability coverage throughout the following year .
But in 2022 , we can expect the customers of cyber-insurance providers to reevaluate the effectiveness of such clauses .
Integration rather than consolidation
When the region rushed towards the cloud in 2020 , the complexity of the hybrid environments that followed made ‘ consolidation ’ even more alluring . The truth is security tools specialise in different areas and comprehensive threat postures mean using multiple solutions . But there is still a need to integrate tools effectively to achieve a level of visibility that allows tight control over the digital environment . As research on this area progresses , we are discovering that the more tools that are deployed , the less effective a security team may become in detecting threats .
In 2022 , expect to see a greater emphasis on integration . CISOs will concentrate on the fundamentals by using the right tools to automate basic tasks , such as upgrades and patching , while freeing up security professionals for more strategic endeavors .
The unifying of OT and IT security
The risk to physical equipment has been apparent in the region for years . Not only have petrochemical companies here long been the targets of threat actors , but the Colonial Pipeline incident in the US served
HADI JAAFARAWI , MANAGING DIRECTOR – MIDDLE EAST , QUALYS as a stark lesson to organisations that use any solution that exposes physical machinery to the lawlessness of the public Internet . 2022 will be the year when a single CISO becomes responsible for OT and IT security .
OT security playing catch-up with IT security
The aforementioned merging of OT and IT security cannot come soon enough . OT infrastructure is notoriously behind other software-enabled business functions when it comes to security .
Between the less-than-optimal account polices and the slew of unpatched vulnerabilities in OT assets , the new umbrella CISO will have a lot of challenges to overcome to prepare physical infrastructure for the modern threat landscape . With the region being first to the plate on 5G , IoT solutions will soon be available that were previously inviable . Adopting such solutions will be key to competitive survival in 2022 and beyond , so air-gapping OT environments is not an option . u
The new umbrella CISO will have a lot of challenges to overcome to prepare physical infrastructure for the modern threat landscape .
30 www . intelligentciso . com