A Holistic Approach to Cybersecurity
Given the underdeveloped nature of this area, moving into cybersecurity can be included as part of a long-term strategic plan, not just to protect critical infrastructure, but also as a way to increase revenue. Recognising the long-term value it could provide, corporations in telecommunications, manufacturing, and oil and gas industries in particular have been making deliberate moves into cybersecurity. At the same time, countries such as UK and Israel use cybersecurity as a competitive advantage – robust cybersecurity measures on a national level can potentially be an added value to foreign investors and businesses.
On the regional, national, and organizational level, leaders can draw on a wealth of expertise through partnerships or alliances, as well as established global practices and standards such as the NIST Cybersecurity Framework and ISO 27001. A risk-centric approach to cybersecurity can also allow governments and organizations to identify emerging threats while also anticipating, and using, disruption to their advantage.
All in all, cybersecurity needs to be addressed in relation to governance, strategy, culture, and operations. While the establishment of policy and regulation is vital, those alone will not foster the effective implementation of cybersecurity strategies across the region. The reality of digital is already here, and cybersecurity can no longer be just an afterthought.
The current underinvestment in cybersecurity has been attributed to a lack of awareness as well as a lack of talent and resources. Government-led initiatives to develop the next generation of cybersecurity professionals, R&D programs for innovative technologies, and deliberate moves to leverage on existing global expertise and knowledge are required not just to keep up with the current landscape, but to promote future growth.
The IERP® Monthly Newsletter July 2018 14