Arab Gulf nations’ reputations for technological prowess are well deserved. From cloud to mixed reality and AI to IoT, GCC governments and businesses have been early adopters, unafraid of trying out new things.
For example, the United Arab Emirates (UAE) ranks tenth out of 64 nations in the IMD’s World Digital Competitiveness Index for 2021.
But GCC governments know they must protect their digital innovation communities against those who would leverage expanded attack surfaces for their gain. This has led to regional governments leading the world in cybersecurity. Saudi Arabia was ranked third and the UAE fifth in the International Telecommunication Union’s (ITU) Global Cybersecurity Index (GCI) of 2021, which monitored the commitments of 194 countries throughout the previous year and gauged their maturity in legal, technical and organisational issues, as well as their focus on capacity building and collaboration between stakeholders.
But even with GCI scores in the high 90s, both countries continue to experience a surge in threat actor activity that dates back to the emergence of the pandemic and the following lockdowns. Even the most cyber-mature nations are still plagued by digital assaults. In other words, no matter how secure your digital estate is, there is always room for improvement.
The 9 Cs of Cybersecurity Value
Vendors and their partners and the human actors involved in the procurement, deployment, configuration, and management of security solutions must work together in this improvement story. To move security forward means to ensure that technology products and services can deliver the value envisioned when they were procured. To do this, we must ask ourselves if we are devoting enough of our thinking to risk-based approaches. We must ask if our work is enhancing the efficiency of people and processes. And we must ask if we are building more resilience against cyberattacks within our organisations.
The modern business security chain comprises three basic types of professionals — leader, builder, and user — each of whom has a specific role in collaborating with vendors and their partners to build better security environments. To ensure they are moving in the right direction, each player can check themselves against three different measures of value for a total of nine Cs that can move threat postures forward.
Security leaders
Controls
Leaders — C-level executives, including the CISO and other security chiefs such as the head of the SOC — must concentrate on which decisions will move their security posture forward and provide visibility and controls that reduce business risk. Any solution must provide comprehensive coverage of the MITRE ATT&CK techniques and include as many MITRE D3FEND countermeasures as possible.
Compliance
Leadership teams will discover that the right security decisions will make meeting customer, regulatory, and industry standards easier. The easier tightest compliance comes from being able to see as many threats as possible, and leaders should work towards this idyll.
Continuity
The leader is responsible for the employees and business operations. Continuity not only means keeping customer and partner data safe from prying eyes; it includes the ability to recover and move on quickly from any breach.
Security builders
Coverage
The cloud and security architects and engineers who construct the business’s digital infrastructure must find ways to leverage the tools at their disposal to close the gaps in the ever-expanding attack surface. Where the complexity of modern IT stacks threatens to obscure threats from technologists, security builders must advocate strongly for unified, high-coverage threat visibility across all attack surfaces.
Complexity
With the addition of multi-cloud and home networks to the tech mix, security builders must ensure that they have the means to consolidate and integrate existing technology, reducing costs and time to value and guaranteeing any security solution’s complexity at a minimum.
Competency
Architects must be able to handle new kinds of architectures such as hybrid and multi-cloud, and the right security platform will have built-in intelligence to bridge any competency gaps that may emerge as organisations move to alien environments, thereby increasing resilience.
Security users
Certainty
The analysts, threat hunters, and security team members who do daily battle on the threat landscape must have the capability to concentrate on the threats that matter most to the business. When confronted with an alert, security teams must have a high degree of certainty that it is not a false positive. This means an end to anomaly-based analysis and the adoption of more advanced threat intelligence to make accurate assessments in real-time.
Context
In further advancement towards eliminating alert fatigue, security teams must have access to more advanced alert triage and to advanced AI sensitive to attacker TTPs (tactics, techniques, and procedures). Providing the proper context to an alert can greatly reduce the time taken to mitigate a threat.
Community
Security users must share their insights with partners and peers. Experience is everything, and threat intelligence from a wide array of sources has a greater chance of adding value to a security ecosystem.
From C to C
Applying the Cs is the fastest way to the next level of cybersecurity readiness. Threat actors have their methods, so we must employ our own risk-based measures to make their lives as difficult as possible.
If you liked reading this, you might like our other stories
Women Cybersecurity Influencers To Watch
Is AI Shifting The Human-In-The-Loop Model In Cybersecurity?