By This is Sponsored Content
While vulnerability to cyber-crime and sabotage has advanced, threats remain in everything from banking and municipal governance
Cyber threats are more evident than ever before.
On the one hand, data and communications technology have been embedded in everything from banking and municipal governance to cars, and in the process, they’ve sown the seeds for greater productivity and operational efficiency.
On the other hand, our vulnerability to cyber-crime and sabotage has advanced.
As cyber-threats escalate, the upcoming meeting of the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC) (Subcommittee SC) 27 in Abu Dhabi presents an opportunity for local firms and UAE regulators to offer a global voice in securing our digital economy.
For the first time since the working group was founded in 1990, a nation in the Middle East will host the international discussion on IT security standards, and ultimately shift the nexus of discussions on the delivery of resiliency in digital networks.
Historically, the same hubs that gave us some of our most popular technologies have had the job of remedying their exploitation. For instance, the World Economic Forum’s index of nations most prepared to battle cyber-attacks is filled with the usual suspects, with the United States, Canada and Australia topping the list.
This first meeting of ISO/IEC JTC SC 27 in a less well-established region from the perspective of active cyber security defence suggests that emerging markets will play an expanding role in cyber resiliency and security in the future.
Under the auspices of Emirates Authority for Standardisation & Metrology (ESMA), the UAE’s National Electronic Security Authority (NESA) and UAE-based, international cyber security firm DarkMatter, 350 plus international experts, regulators and standard editors in IT security will meet to set information security standards with global implications.
Together, in the presence of 52 voting members and 18 observing members of the ISO, they will deliberate over technical specifications, identity management, biometrics and conformance assessments required to meet the challenges confronting governments, businesses and consumers in a digital age.
Data security vulnerabilities threaten economies of all sizes. Inadequate governance, unethical or uninformed computer users, insufficient legislation, in addition to poor technical standards chip away at internet and IT security.
The ISO/IEC’s decision to convene the meeting in the UAE is a significant vote of confidence in the country’s proactive stance on the management of its cyber environment, not least as Dubai aspires to emerge as the ‘smartest city’ in the world by 2017.
In 2015, the International Telecommunication Union (ITU) ranked the UAE among the top-10 most dynamic countries in ICT development, and the first in ICT use and government efficiency. Government agencies, such as ESMA and NESA, have led the charge in implementing best practices in security and reinforcing IT infrastructure.
The UAE is also leading internet security in a region that has proven vulnerable to cyber-attack. Businesses in the Middle East report a higher frequency of incidents and a greater volume of losses per attack than any other region in the world.
The ISO/IEC JTC SC 27 in Abu Dhabi represents an opportunity for firms and regulators in the UAE, and indeed the region, to gain international recognition for what is being accomplished in the field. At the same time, participants from the UAE will network with their peers and exchange information from markets around the world.
Despite the significant strides made by the government, businesses also have a role to play in mitigating attack. Cyber incidents cost the Gulf region USD 1 billion (Dhs 3.67 billion) in 2015 according to organizers of the UAE Security Forum.
The problem is systemic. An IDC survey commissioned by RSA the security division of EMC, revealed that 52% of respondents report an inability to adopt new solutions around risk management, and 42% perceive that here is insufficient cyber security support across verticals.
At the same time, cyber-attacks take a variety of forms in the UAE. They include distributed denial of service attacks, phishing and spear-phishing e-mails, data theft, zero-day software assaults, web application exploits, and website defacement.
Yet it is the task of every business to stay vigilant and resilient to infrastructural gaps.
As with any other risk, meticulous planning and recovery activities must be undertaken before an incident occurs. The ISO/IEC SC 27 is not anticipating whether you will be attacked; but when.
About the author: Harshul Joshi, DarkMatter’s Senior Vice President of Cyber Governance, Risk & Compliance, and Global Standards Editor for SC 27