The role of CIOs (chief information officers) needs to be redefined in the wake of organizations facing increased cyber attacks and almost all sites are unsafe, the fifth CIOMajlis was told in Dubai.
Addressing the fifth CIOMajlis in Dubai, Dr. Saif Al Ketbi, CIO at Abu Dhabi Airports said: “CIO is not an IT guy anymore, but a strategy man, as no corporate is 100 per cent secure. The CIO is the core of an organization.”
Giving an overview of cyber security, Dr. Saif said: “Cyberspace and its underlying infrastructure are vulnerable to a wide range of risk stemming from both physical and cyber threats and hazards. Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money to disrupt, destroy, or threaten the delivery of essential services.”
“There are only two choices: Using the technology or returning to the 19th century. There is no third one. With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information, as well as safeguard national security,” said Dr. Saif”
“Even the Etisalat website is hit by cyber attacks,” he said and added; “99.9 per cent of sites are easy to hack. They are more prone to attacks as everything is online, but we believe they are secure. The UAE is targeted and there is a spyware with every hardware coming into the country. Attacks are rising by the month, 60 per cent of which are through the hardware, not from apps.”
Dr. Saif’s opinion was echoed by Abdulqader Obaid Ali, Chief Executive Officer, Smartworld, who said that CIOs’ role in an organisation is evolving.
Abdulqader said: “CIOs need to be thinking differently. Today, whether we like it or not, technology is really defining the daily use. The CIOs’ role is evolving as they are not looking after information technology (IT) alone. They are judged by how they can actually enable IT to make businesses more competitive. There is a proliferation of devices. By 2020 there will be more than a billion devices that can be interconnected. Everything is going to talk to you through technology.
“So, there is a mandate on the CIOs. Security is a bigger issue today. For any organisation, information is important and if you lose it, you lose your competitive edge. That’s why we are asking for specialists in security. It is a special field. People usually spend 80 per cent on their equipment security, such as firewall, servers, etc. You need to educate people about security because they are very vital and important. The question today is how we can try and help our organisations become more secure. It’s not that the boards (management) do not understand the issue. They do. However, they need to listen more and support the CIOs, or the security officers. They should listen to the CIOs for the good of the organisations,” Abdulqader added.
“Most organisations do not have a clear strategy on security. If at all there are any, they are in a fragmented way. So, there is a need for a clear strategy across all organisations. Also we should ask if the regulation is for consumers or suppliers,” said Ahmed Al Mulla, Chairman of CIOMajlis, who is also Senior Vice President, Corporate Services at Emirates Global Aluminium.
“The role of CIOs has changed drastically in the past five to ten years. They used to look at CIO as a spender of money, but now the perception has changed. It will be easier to convince the board the need to make the organization more secure. As already said, 99.9 per cent of sites are not secure. That’s the issue today,” said Al Mulla
“Cyber security market today is valued at $450 billion to $1 trillion. The approach should be how we can ensure security in a collaborative way. Everyone should collaborate, that is, the organisation, the customer, the open community at large, the developers and also the government,” said Ahmed Al Ahmad, CIO, Nakheel.
In his presentation, Dr. Saif said: Global spending on cyber security is floating around $77 billion this year, according to market research firm Gartner estimates. By 2020, companies around the world are expected to spend around $170 billion, a growth rate of nearly 10 per cent in the next five years.
The big data and analytics market is expected to reach $125 billion by the end of 2015, according to research firm IDC. Global revenues for companies that offer digital forensics will total $2.7 billion this year and are estimated to reach $4.7 billion in 2020, ABI Research finds.
This is a direct result of the real, on ground practice of dealing with cybercriminals and hackers. Spending such amounts is much cheaper than the damages caused by ignoring the threats that are coming from the Internet and other modern technologies.
A range of traditional crimes are now being perpetrated through cyberspace. This includes the production and distribution of child pornography and child exploitation conspiracies, banking and financial fraud, intellectual property violations, and other crimes, all of which have substantial human and economic consequences.
Cyberspace is particularly difficult to secure due to a number of factors: the ability of malicious actors to operate from anywhere in the world, the linkages between cyberspace and physical systems, and the difficulty of reducing vulnerabilities and consequences in complex cyber networks. Of growing concern is the cyber threat to critical infrastructure, which is increasingly subject to sophisticated cyber intrusions that pose new risks. As information technology becomes increasingly integrated with physical infrastructure operations, there is increased risk for wide scale or high-consequence events that could cause harm or disrupt services upon which our economy and the daily lives of millions of Americans depend. In light of the risk and potential consequences of cyber events, strengthening the security and resilience of cyberspace has become an important homeland security mission.
Hackers steal billions
Cybercriminals do not steal just data. They also stole up to $1 billion from 100 different financial institutions across the U.S., Germany, Russia, Ukraine, and China over the past two years.
According to the FBI’s Internet Crime Complaint Center, ransomware–malicious programs that infect a computer or network and hold data hostage until a ransom is paid–has cost companies $18 million in the past 15 months.
Employees and their personal smartphones are two of the weakest links in security protocols. Last year, 16 million mobile devices worldwide were infected by malware, according to Alcatel-Lucent’s Motive Security Labs.
Hackers go after smartphones as an entry point; from an infected smartphone, they can jump into a network and wage denial-of-service attacks or commit corporate espionage.