COVER STORY
constantly face and recommends what preventive and corrective actions we can take to mitigate those threats .
How important is having a Disaster Recovery plan in place when managing the security of a major Middle East enterprise ?
Extremely important . There ’ s an old saying in security , ‘ it ’ s not a question of if , but when ’. So , it ’ s necessary that we ’ re able to identify and protect our critical assets and prepare for any eventuality .
This is achieved by conducting business impact analysis and having agreements in place with business stakeholders about recovery time and point objectives . Any recovery strategy requires the support of the wider
We ’ re a large manufacturing organisation and the dissemination of security comms is vital . business – they need to be involved in the process . It ’ s reached the point that even cyber insurers are looking for Disaster Recovery plans to demonstrate how resilient your organisation is against threats , particularly considering the rise in ransomware threats .
How do you ensure you equally and successfully manage the cybersecurity of IFFCO ’ s various global locations ?
A key priority for me is to ensure that security priorities are aligned with business priorities . Security should no longer be treated as an IT issue , it ’ s a business issue . That ’ s why I invest time talking to the business about security to help them understand that it ’ s a benefit , not a burden . Technology alone cannot solve the problem . You need the people and process to go along with it . I can bring in the likes of Secureworks to bolster our security posture but a change in culture is equally important . That ’ s when the experience of running a global enterprise comes into play .
Finding the right governance model and risk security approach are also key when it comes to managing security equally across so many different countries . We ’ re a large manufacturing organisation and the dissemination of security comms is vital . When it comes to management issues , we converse in English , but we also provide comms in Hindi and Arabic for workers on the shop floor .
What are some of the cybersecurity trends taking place across the Middle East and how are you adapting and evolving alongside them ?
Key trends include data digitalisation , data privacy and consumer protection . The processing of personal data and the importance of securing data is a top government priority and we ’ re seeing the introduction of new regulations to address this . This year , we ’ ve seen a significant increase in phishing attacks across the region . This is , in part , due to so many people working remotely because of the pandemic . The shift to remote working placed a lot of emphasis
Secureworks provides us with total visibility to the threats we constantly face and recommends what preventive and corrective actions we can take to mitigate those threats .
on security awareness . Employees are in a more relaxed environment and more prone to clicking on links and downloading attachments . It ’ s important we address this as an industry .
What would you say is the silver bullet to success when managing the security of a Middle Eastern organisation ?
There is no ‘ silver bullet ’ as such when it comes to security . A successful cybersecurity programme is based on a combination of technologies , people and policies , all working in harmony together . However , a step in the right direction is helping to move away from a mindset of security monitoring to cyberrisk monitoring . That ’ s because looking at security events individually without understanding the business impact isn ’ t viable anymore . For example , you shouldn ’ t ignore a security alert on your website log without realising the potential impact it can cause in your loyalty programmes . The business impact of security events should be considered and dealt with accordingly . Security is so embedded into business these days that the responsibility can ’ t be left solely on the shoulders of the IT department . It ’ s a collective responsibility . The business needs to move forward together to define the risks and drive the security agenda . u www . intelligentciso . com
53