Scott Manson, Cybersecurity lead, MEA at Cisco discusses the threats that enterprises face, the state of preparedness and what steps they can take to build a robust security framework.

While there is a lot of awareness amongst enterprises about a robust network security framework, what is the actual scenario when it comes to implementing these measures?

Every organization needs to make cybersecurity a business-level priority. Leadership must own and evangelize cybersecurity, instilling and driving its importance and the proper defence techniques throughout the organization. Cybersecurity can’t be “an IT challenge;” its effects are too broad and costly. We can no longer just throw more money, people or technology at the problem. In this complex landscape of fast and frequent evolution, it’s not enough to rely on human expertise and point solutions. We need a simple, integrated security architecture that provides near-real-time insight into threats, with automated detection and automatic defence.

Are enterprises reluctant to adapt threat protection measures? What are the likely reasons? 

So, what’s holding security professionals back? As per Cisco’s Annual Cybersecurity Report, the top constraints cited were budget (35%), compatibility (28%), certification (25%), and talent (25%). Lack of budget is a perennial challenge for security teams, as is disparate systems that don’t integrate – where security is “bolted on” rather than embedded. These non-integrated defence systems can allow for gaps of time and space where cybercriminals can launch attacks. Security professionals stretch budgets by adopting outsourced expertise and relying on cloud solutions and automation to make the most of limited personnel. A well-resourced and expert IT security team, paired with the right tools, policies and processes, can work together to achieve better security outcomes. Think simple, integrated, and automated. Remember, security has always been a collective community, and a “go it alone” approach is practically impossible in today’s environment.

What impact will GDPR have on cyber security and data privacy/integrity?

A7. In a globalized economy, the General Data Protection Regulation (GDPR) will have a significant impact on the technical and organizational measures of many non-European companies. Any organization that collects and processes information belonging to EU citizens will have to comply with provisions specified under the new convention.  For this reason, corporations of all sizes are scrambling to meet the requirements as the final implementation date of the law quickly approaches.Data privacy and IT security are not only regulatory requirements, but also customer demands. It is becoming more frequent for companies to get questions from their customers about how they are handling their data. There is a relationship of trust, an assumption that the company receiving their data will take good care of it. The law is just there to ensure that companies are doing all they can to honour that trust. The GDPR can become a catalyst for change. The hefty fines and sanctions associated to GDPR are perhaps the “health scare” that will prompt organisations to implement and nurture healthier security postures. It could have the same awareness effect that a cyberattack has, but hopefully without any financial damage.

What are the challenges an enterprise faces when trying to address security issues?

While all the usual security challenges will remain, the one that is really set to trouble the industry is having the right expertise to tackle the continuing and new security threats we will see in the future. Even though technology evolves rapidly, it would be safe to say that security would be the single practice that demands the maximum dexterity and expertise by businesses. Cybercrime is estimated to cost business $2.1T globally by 2019 which is four times more than the estimated cost in 2015, making security a top concern for most businesses, which has now proved its seriousness by becoming a boardroom issue. Security experts feel that the rise of IoT and its billions of connected devices will offer an enormous playing field for hackers. What becomes important, in such a scenario, is to ensure security solution providers have the proper experts on board to handle it. In 2018, hackers will target IoT devices – from home cameras and smart watches to new devices that are flooding the market.

Adding to these challenges is the lack of in-house technology skills necessary to maintain a strong security status (posture) to keep up with rapidly developing and evolving threats. Cisco has predicted that the world-wide shortage of security professionals is estimated at more than a million, increasing to 1.5 million by 2019, which indicates how much demand there is for security talent. Multi-vendor security environments mean organizations will require a huge range of skills to manage those environments. Since the demand for talent is greater than the supply, many organizations struggle to attract and retain security professionals and, consequently, this further constrains security teams. Our Cisco Networking Academy is also at the forefront of our strategy, which has trained more than 1 million students in 165 countries, operating in partnership with educational institutions, government agencies, and community-based organizations. We have more than 870 Networking Academies in the Middle East with over 257,532 students trained since inception.