June 21, 2015

Rapid MENA digitization leads to heightened exposure to cyber-attacks, says study

Regional digital markets to add US$820 billion and create 4.4 million jobs in 6 year
Increased digitization adds to cyber-threat vulnerability  
Strategy& outlines six steps to combat cyber-crime in MENA

MENA’s digital market value is expected to reach US$35 billion in 2015, and overall digitization initiatives could add $820 billion to regional GDP, creating 4.4 million jobs by 2020. However, this rapid digitization and the resources of the region make MENA an attractive target for a wide array of cyber-threats, according to a study by Strategy&.

The Strategy& study looks into national cyber-security efforts by the region’s governments, and outlines strategic reforms to improve cyber-security through a three-pronged framework, and offers six practical applications specific to the Middle East.  Acting immediately on these imperatives governments will ensure that their nations will reap the full rewards of digitization.

Governments and large organizations in almost every vital sector of the region have already sustained damage from cyber-attacks.  Every national government in the region is striving to create a secure digital environment, but often these efforts are fragmented, tactical and reactive. And they do not include the participation of all essential stakeholders. Consequently, government responses often lag behind the ever-evolving threat landscape, and defensive measures are circumvented or exploited.  

Dr. Walid Tohme, a partner at Strategy&, formerly Booz & Company said: “There is a growing gap between the capabilities of national stakeholders, both from the public and private sectors, and the capabilities of organizations and individuals sponsoring and executing cyberattacks. To close this gap, we believe that the governments of the Middle East need to take a strategic approach to rethink and revamp their national cyber-security efforts.”

‘CCC’ framework underpins an effective cyber-security program

The ‘CCC’ framework outlined by Strategy& bases its approach to an effective national cyber-security program on being comprehensive in nature, intentionally collaborative, and capability-driven.

To be comprehensive, the program should identify key private and public stakeholders and their roles, establish their needs, and create an elaborate integrative plan ensuring their participation.

Collaboration is based on shared responsibility that should be instilled at all levels. Citizens, communities, the private sector and governmental entities should participate in information transfer and awareness campaigns, sharing best practices and amending weaknesses.  

The program must be capability-driven, with an emphasis on both proactive and reactive capabilities. This includes nationwide adoption of information assurance standards, and planning for worst case scenarios to ensure optimal recovery from an attack.

Sevag Papazian, Principal with Strategy&, formerly Booz & Company said: “The internet is borderless, its greatest weakness and strength is that it defies state control. Adopting a national cyber-security program following our ‘CCC’ framework heightens the chances of preventing, adequately combatting, and quickly recovering from cyber-crimes. As our region’s digital markets flourish, equipping ourselves with appropriate safety measures is an absolute must to ensure consistent progress.”

A practical approach for the Middle East

Focusing on the MENA region, the Strategy& study suggests six key steps that governments should undertake in the adoption and implementation of their cyber-security programs.

A central national cyber-security body (CNCB) should be initially established, and in charge of defining the national cyber-security agenda. It is essential that this body remains independent to guarantee impartiality, as well as be empowered by the highest authorities to ensure credibility.

The CNCB should create a national cyber-security strategy (following the CCC framework) aligned with the country’s security priorities, and involving all key stakeholders.

Also, a national dialogue across key stakeholders should be established, in the form of a national cyber-security governance body chaired by the CNCB, through working groups or through regular conferences and events. This promotes communication and enhanced collaboration.

Preventive and reactive national cyber-security capabilities should be built. Preventive measures require the development of national cyber-security policies, and an efficient compliance body that ensures the implementation of these policies. Reactive measures call upon the empowerment of a Computer Emergency Readiness Team, working in alignment with the national cyber-security strategy.

Developing local talent pools is of utmost importance. Students should be incentivized to join the industry, experts should be attracted through collaboration programs with international organizations, and nations in the region should hold world-class forums to raise awareness and interest on the matter of cyber-security.

Imad Harb, a senior associate with Strategy&, formerly Booz & Company added: “Governments of the Middle East are the only stakeholders with the power, reach and resources necessary to develop and drive a truly national cyber-security agenda. It falls in their hands to define and establish a security program, assign ownership and responsibility at the highest level, and carry out all necessary efforts for implementation. Once these nations equip themselves with solid cyber-security, capitalizing the digital market becomes an inevitable and favorable step towards exponential growth.”