2020 saw a sharp rise in cyberattacks throughout MEA. In the United Arab Emirates (UAE) alone, attacks increased by 250%, resulting in organizational downtime, data loss, financial cost and damage to brand reputations. According to research by PwC, 74% of MEA CEOs regard cyberattacks as an obstacle to growth in 2021; a further 43% said they intend to increase cybersecurity investment by at least 10% over the next three years, a significantly higher number than the global average of 31%.
What has changed? The mass shift to working from home (WFH) was clearly a factor, as workers without the usual support and expertise of the corporate IT department were targeted by malicious actors. Since the beginning of the pandemic, email scams targeting members of the public – homeworkers by default at that point – increased exponentially. To cite the UAE again, of 32 million cyber threats measured in 2020, 91% of them were email borne.
The smart city imperative
Smart city initiatives have been driving us towards a smarter, more connected future for all citizens in MEA. The disruptions of the past year or so have highlighted how important smart cities can be, using technology, data and innovation to deliver solutions to social, environmental and economic challenges. Recently, 65% of city leaders reported that the top lesson they learned from the pandemic was that smart city programs are crucial for their future.
As digital and physical infrastructure converge, powered by cloud and IoT, cities will inevitably present larger attack surfaces to malicious actors and become bigger targets for cyberattacks. The rapid growth of connected devices brings with it a consequent growth in attacks: 2019 saw a 300% increase in cyberattacks on IoT devices, a figure that is only likely to have increased since.
According to research by ESI ThoughtLab, cities need to do more to keep their systems and citizens secure. Some 60% said that they are currently well-prepared for cyberattacks, and just 29% said they believe they are well-prepared. It’s a significant area of concern. Smart cities are built on interoperability between legacy and new systems, and to function they must integrate disparate city services and enabling infrastructure. All this interconnectivity is the basis on which smart cities can deliver cutting-edge services to citizens, but it also presents the risk that a problem in one area could quickly spread into multiple others, creating an exponentially larger incident.
The smarter security approach
Traditional cybersecurity has long been a reactive process, where your systems and IT department would find a problem, evaluate it, and then solve it. However, that approach will not be sufficient in a smart city landscape with millions of connected objects presenting millions of potential entry points. Smart cities can no longer respond to cybersecurity threats after they have happened and potentially have already caused damage: it is now vital to counter threats by prevention rather than attempting to cure them when it is too late.
An intelligence-led approach to cybersecurity means you can take action before new threats become major problems. Vulnerabilities in your system can be identified more readily, and you can develop proactive and responsive strategies to maximize your resources.
What is intelligence-led security? It’s an approach to cybersecurity that centers around potential risk. It’s about building policies based on risk assessment and an understanding of threats and vulnerability generated from data analysis. Creating an intelligence-led cybersecurity approach, from a technical perspective, is about gathering up information on a mass scale from all your system and audit logs. This is then analyzed, both in real-time and in regular batch mode. This is how you can assess the risk from threats to your smart-city systems and understand those threats more clearly.
A secure, intelligence-led future
Orange Business has access to Orange Cyberdefense expertise, and that means we can offer our smart-city customers all the benefits of our world-class cybersecurity. That includes intelligence-led techniques built around your strategic, tactical and operational goals, that address the latest threat landscape. Our strategic approach to cybersecurity focuses on long-term trends and systemic changes to formulate and drive your security strategy. We use tactical methods that incorporate real-time intelligence from your network and assets to mitigate vulnerabilities, and on the operational side, we deploy preventive measures, precise detection tools and targeted remediation to support you 24/7.
The end result is an intelligence-led cybersecurity offering that helps you invest resources where they’ll have maximum impact on your operations, enable you to react faster and smarter to new threats, and make better-informed decisions for the overall benefit of your organization. PwC found that 41% of MEA CEOs are extremely concerned about cybersecurity, a number which, it seems to me, might be erring on the conservative side: with so much data now in play in so many smart-city initiatives throughout the MEA region, intelligence-led, real-time security has never been more vital.
If you would like to talk about next-generation, intelligence-led cybersecurity or anything else relating to digital transformation in MEA, please contact me on: sahem.azzam@orange.com
Sahem Azzam is VP Middle East & Africa at Orange Business. He is an experienced senior business leader with extensive experience in the Middle East region and emerging markets and a strong track record of achievement in the information technology and services industry. Sahem has developed special interest and expertise in business and sales management leadership, partner management, go-to-market strategy development, infrastructure services, IoT, Big Data, Smart Cities, Blockchain and IT service management.