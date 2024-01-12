CIO Middle East discuss with Muath AlHomoud, Director of Cybersecurity about how organisations should learn from the hacking activities performed on them so they can implement more effective cyber defences and plan against similar or more sophisticated attacks.

Q. From a cybersecurity perspective, how has 2023 been?

A. The year has been marked by a general increase in state-sponsored attacks due to geopolitical conflicts. The rise of AI has also been increasing and has greatly affected the way cybersecurity could be enhanced while allowing cyber criminals well-versed with AI to launch more sophisticated attacks against their victims and make themselves harder to detect and/or defend against. The Internet of Things (IoT) vulnerabilities have also been increasing. According to Statista, the number of IoT devices exceeded 15 billion in 2023. Ransomware attacks have also increased in 2023 probably due to their perceived profitability. The cloud is also increasing exponentially with many developments happening in the cloud. This continued emergence of cloud environments has greatly affected application development and their associated security architectures. Cloud environments by their nature often consist of rapid DevOps cycles eliminating the need for application developers to adequately maintain secure applications. The cloud has also enabled containerization allowing for the movement of applications between on-premises and cloud environments thus increasing security exposures.

Q. Can you highlight the top challenges you’ve encountered?

A. Legislative changes on a global scale have been a daily challenge faced and often exacerbated by the need to instantly change course and work towards compliance to avoid the often-hefty fines and penalties, legal liabilities and reputational damage associated with non-compliance. For example, here in Saudi Arabia, we have witnessed regulations such as the Saudi Arabia Monetary Authority (SAMA) Cybersecurity Framework undergoing several changes which organisations are supposed to comply with such as the integration of cyber threat intelligence principles as one of its integral components.

Q. What are the top three challenges security leaders will face in 2024?