26th e-Crime & Cybersecurity Middle East Summit
October 5 2021 - Online
Good news: the regulators are coming
Mandatory requirements on data privacy are yesterday’s news, but new cybersecurity regulations will finally force Boards to resource security appropriately for the long term
The lack of a formal set of regulations around cybersecurity has always been a challenge for CISOs. Unable to quantify cyber-risk, and lacking a mandatory set of standards, security budgets have tended to rise after incidents and then fall as the memory of problems recedes.
So, it matters that Saudi Arabia’s Communications and Information Technology Commission (CITC) has just announced the implementation of a regulatory framework for service providers in the communications, IT, and postal services sectors.
The framework, in the region’s largest economy, contains a comprehensive set of cybersecurity requirements and controls and seeks to ensure the implementation of adequate cybersecurity measures following the best international practices. It also requires the adoption of a risk management methodology and the fulfilment of all cybersecurity requirements by service providers to enable them to deal with cyber threats effectively.
This initiative mirrors other global developments. An updated EU Cybersecurity Act introduces an EU-wide cybersecurity certification framework for ICT products, services and processes. The UK has announced a new law to make sure virtually all smart devices meet new requirements. And banking regulators in the UK, Europe and US are targeting cybersecurity as part of the broader drive for operational resilience. Middle Eastern regulators are following suit.
This regulation is coming just in time. While many cyber attacks in the Middle East have been connected to political actors, digitalisation and the expansion of the IoT have opened up the region’s companies and public sector entities to a much broader range of potential attackers.
According to Mohamed al-Kuwaiti, head of UAE Government Cyber Security, the Middle East region is facing a “cyber pandemic” as hackers take advantage of Covid-related digital adoption.
Banks, universities and healthcare companies have seen huge increases in attacks, with ransomware and phishing attacks becoming ever more sophisticated. Companies and CISOs must act now.
The e-Crime & Cybersecurity Congress for the Middle East will take place online and will look at how accelerated digitalisation requires a new kind of security. Join our real-life case studies and in-depth technical sessions from the security and privacy teams at some of the world’s most admired brands