Traditional ways of looking at cyber security from a pure IT lens is no longer going to yield desired benefits. TRENDS talks to Raj Mehta, Partner, Deal Advisory, KPMG, on why this calls for an organizational shift in moving the cyber security function to a wider level in the organization.
Mehta will be participating in the upcoming Top CEO Conference & Awards, which will be held at the King Abdullah Economic City, Saudi Arabia, on April 10 and 11.
Excerpts from the interview:
Businesses are evolving at a rapid pace in the region and it is making many traditional jobs and corporations redundant. How you look at this ongoing transition?
Businesses and jobs have been evolving and transitioning since 300 years. We have gone through broadly four major transitions since the 1800’s starting from the age of manufacturing, to the age of distribution, to age of information and now the age of the customer. The key difference in the current transition is the pace and quantum of change. We know that in the next five years, one-third of the Fortune 500 won’t exist or won’t exist in the current form.
The consumer centric transition is predominantly driven by major technological forces and disruptive technologies which are significantly empowering the customers and the businesses have no choice but to transform themselves to be able to adapt to today’s customer needs and have the ability and agility to keep evolving at a rate that the customer wants. From our perspective the transition is the Middle East will be even faster as there are limited legacy constrains to overcome. This also gives our region to be a leader in this transition. Yes traditional jobs will be redundant but new jobs will and are emerging. This is the same displacement and replacement which we have seen in every transition.
What role Fourth Industrial Revolution and concepts like blockchain, augmented reality and other new technologies could play in the transformation of public services sector?
The fourth industrial revolution could lead to a more effective, leaner and cheaper government. Governments may be able to provide more and better services for less. It will lead to improved policy-making, policies and thus better programs and services for citizens. As an example in transportation, autonomous vehicles could reduce congestion in cities, make transportation more efficient and accessible to a greater number of people and improve safety standards.
In healthcare, robo-care could provide remote robotic medical services and personalized medicine. Connected care could provide intelligent healthcare interventions through wearable and implantable technologies. Smart homes will closely monitor and track the health of patients, provide efficient and quick emergency services and use of robots as nurses or companions. In the Energy sector intelligent grids will enable decentralized energy generation, sustainable consumption, and intelligent asset management. We are seeing Dubai take the lead in this across the Middle East. The recently announced initiatives under the Dubai 10 X program is a great example of how the public sector can and should leverage the advancements of the fourth industrial revolution.
Do you feel restructuring businesses in the Gulf and the Middle East has always been a challenge?
Restructuring a business is a challenge in any market but there are certain specific challenges in the Middle East not least the infancy of the recent UAE bankruptcy framework issued in 2016 and the lack of precedents to fully understand how the process would work in practice. This means that creditors have limited fall back options when things go wrong. Furthermore, a very large proportion of businesses in the Middle East are family owned which has its own unique characteristics.
Creditors often have personal guarantees and pledges to personal assets which are difficult to enforce. When it comes to the ‘softer’ side of restructuring and re-organizing businesses, the Middle East has been seen as a high cost market for many years. However, today, in the aftermath of the Arab Spring, falling oil and gas prices, and the recent introduction of VAT to the UAE, business top lines are under significant pressure. This has naturally pointed to taking a closer look at organizational structures and ways of optimizing and re-basing an organization’s cost base. This is top of every board agenda and will give rise to setting the new norm on how to run efficient and successful companies. Those that succeed will survive!
Are GCC’s public and private enterprises prepared enough to defend them against any probable cyber attack or will they be the weak link that falls first?
Countries in the Middle East are increasingly investing in technology for smart living and working. This emphasizes the need for the development of effective cybersecurity at a national and regional level. At the same time, the recent high profile attacks such as the Bangladesh Central Bank, Panama Papers, Ukraine power grid, Aramco, Tasnee, Qatar National Bank among others, have resulted in heightened cyber risk awareness in the region.
This is prompting more organizations to assess their own internal cyber security frameworks. Organizations are realizing that compliance-oriented risk assessment and “tick in the box” defense mechanisms are no longer going to keep hackers at bay.
At national and regional level, governments need to stress on the need for cyber-related legislations, cyber security education at school and university level, national and regional information sharing platform for cyber threats and a broader governance mechanism to evaluate the effectiveness of cyber security effort. In this regard, the UAE set up the National Electronic Security Authority (NESA), to develop, monitor and supervise the implementation of cyber security standards across the UAE’s critical information infrastructure. NESA is instrumental in setting up a robust collaboration platform for organizations to share their risk and incident data without any confidential attribution.
Saudi Arabia also recently announced its plans to establish a cyber-security authority called Presidency of State Security – the new state security agency responsible for counter-terrorism, domestic intelligence efforts, and cybersecurity – is seeking to enhance the country’s cyber-readiness by developing and formalizing a national cyber-security framework and strategy.
On similar level, Qatar’s Q-CERT is established to play a pivotal role in driving countries cyber security strategy and Bahrain recently announced establishment of a specialized team called Central Agency for Information (CAI) in order to prepare a national plan of integrated electronic security strategy. At organization level, cyber security need to be embedded into the culture of business with board level commitment and business processes should be designed to be cyber secure.
Traditional ways of looking at cyber security from a pure IT lens is no longer going to yield desired benefits. This calls for an organizational shift in moving the cyber security function to a wider level in the organization. Many organizations and governments are looking at how they can use AI and machine learning technologies to improve trust and security in its business transactions. This will be very critical moving forward, especially as the Middle East nations actively seeks to drive its smart city agenda.