According to a MarketsandMarkets report, the Middle East Cyber Security market is projected to value US$22 billion by 2022. With an increasing number of cybercrimes and cyberattacks on regional government entities and private organisations, there is a need for MENA-based public and private companies to invest in and establish a robust cyber security framework.
The recent ransomware attack that wreaked havoc in nearly 100 countries and majorly disrupted the UK’s National Health Service, highlights the potential financial and reputational damage of cyber crime to businesses.
A recent IBM report suggested that 60% of all such attacks were the result of insider activity, either through unintentional negligence or malicious intent.
Safeguard your Enterprise from within.
I spoke to Fatma Bazargan, who is the CISO at Injazat, about cyber security and the fact that it is not just about software, it’s about employees too, and how Enterprises should train their workforce to know what to look for before, during, and after work each day?
“Cyber security is a combination of people, process and technology, these components are inseparable. You need to ensure that you have a documented process in place which serves as a foundation to secure your Enterprise and that your employees live these processes daily whilst fulfilling their roles and responsibilities.”
“At Injazat, continuous information security awareness is embedded in the DNA of our people, we do this with an integrated program combining training and workshops with an active internal communications plan. We also have multiple data sources from International, Federal and Local entities who send us security alerts and advisories which we circulate internally and share with our clients advising them to take all necessary actions.”
Employee Training, a Critical Element of your Cyber Security Framework.
As employee training is a critical element to any Cyber Security Framework, I wanted to understand more about the training procedures at Injazat and the services they offer clients, so I spoke to Gary Hazel, Head of Learning and Development at the Injazat Institute.
“Cyber security is one of our key services and we have established a unique partnership with Kaspersky Lab where the Injazat Institute delivers a full suite of learning interventions for Injazat and our clients around cyber security.”
Injazat’s Cyber Security Program, a Change in Employee Attitude!
Looking in-depth at Injazat’s Cyber Security Program, I discovered that it is a multi-level, far-reaching approach, which goes beyond just meeting ADSIC and NESA requirements. It includes assessing an organization, raising awareness with employees, testing compliance and reporting.
Mr Hazel said “The aim of this unique program is to develop a culture change in attitudes towards cyber security, by raising employee awareness you reduce the potential for attack through your employees, that is traditionally seen by cyber criminals as the weakest link.”
1. Culture Assessment
First, they undertake a security culture assessment across an organization. This provides a benchmark in terms of the perception towards cyber security and the critical areas that need to be addressed.
2. Cyber Awareness
They run a half-day workshop for all employees using a unique ‘Gamification’ technique which engages employees and immerses them in cyber security.
They provide scenario based activities that criminals use to attack employees, for example, through emails with attachments or social media, and then employees discuss these areas as threats and the implications. This workshop raises awareness of the traditional threats hackers use to attack an organization and how their target is the untrained employee.
3. Management Simulation
They run a half day workshop for Managers and Executives where they assume the responsibility of an organization, be it a Government, Financial, Corporate or Industrial entity, and are responsible for the security of this business.
Injazat provides them with traditional tools to protect themselves and then limit their actions through time and budget. The executives need to develop a strategy that builds their security infrastructure, and whilst this is happening real attacks are simulated, attacks that impact the business in terms of reputation, financial loss, business loss and even environmental damage.
This workshop enables executives to understand that all organizations are at risk and that only by reducing the surface area of an attack, can you hope to protect yourself.
4. Online Learning
Finally, Injazat has an online learning platform that allows employees to go through structured modules in cyber security, continuing to raise awareness.
The platform includes testing which measures knowledge increase and also introduces simulated attacks on employees to see how they react. If they respond incorrectly to the attack, they will be taken to the relevant learning module to reinforce the learning. All the information is captured and available via reports which support compliance with ADSIC and NESA.
Cyber security is now one of the most critical areas for an Enterprise, particularly in the UAE which is the second most targeted country within the Middle East by cyber criminals. To protect your business, review your Cyber Security Framework, ask yourself, is it robust enough to withstand attacks and are your employees trained to protect and respond? By doing this you can reduce the surface area of an attack, making it more difficult, time consuming and costly for the cyber criminals to launch a targeted attack on your organisation.