Intelligent CISO Issue 1 - Page 17

ciso profile While there is growing awareness, the region is still playing catch-up compared to the larger, global banks. invest in multiple data security tools by 2020, up from the estimated 35% today. This confirms that investment in information security is only set to intensify in coming years. But what do these figures imply for the region? According to Gamali, who has been in the financial services industry for nearly 13 years now, the growth prospects for the region are promising. “Over the last decade, regulators have become far stricter over the controls which financial service providers should have in place,” he said. “We’ve seen security get support in many ways; in the form of banks having to appoint CISOs and in the necessity for the board to be involved and aware of information security.” That being said, Gamali believes much needs to be done by regional institutions to reach international standards. “While there is growing awareness, the region is still playing catch-up compared to the larger, global banks,” he said. “Some of the main reasons are that these banks invest far more in ensuring world-class security systems, and that the talent pool here is more limited than it is in the West.” Digitisation in the financial sector Amid rising smartphone penetration in the Middle East (GCC countries are expected to account for over 150% of smartphone usage in 2018, according to the Arab Media Outlook report), and a | Issue 01 move towards mobile and online banking solutions. It comes as no surprise that banks are adopting a digitisation strategy, a development that presents a strategic opportunity for CISOs. “On the back of this digital strategy, there is an ideal opportunity to embed security into business systems, especially when you’re moving towards a greater dependency on technology,” said Gamali. “Of course, the threat spectrum does increase with the increase in dependency but, if addressed properly, it is a good opportunity for a well-positioned, business-aligned CISO to start ensuring that security issues are addressed. The result could be a win for both the business and the security department.” Impact of blockchain and future tech There is no doubt that blockchain technology is offering enhanced security and integrity in terms of its utilisation, says Gamali. “If we look at it from a banking perspective, we’re seeing a lot of emphasis on blockchain being used for payments for enhancing security and the cost and speed of transactions,” he said. “Additionally, companies are moving their IT systems into cloud and service-based platforms, and embracing innovations in artificial intelligence (AI) and robotics, which are radically changing the threat landscape in terms of volumes and types of risks that companies are facing. There is no doubt that blockchain technology is offering enhanced security and integrity in terms of its utilisation. “There are still incidents relating to cryptocurrencies from a security perspective – whether it is people stealing money from digital wallets, or whether it’s the cryptocurrency itself having a flaw – that are still being worked on and developed. “I believe we are heading in a direction where there will be an agreement of which cryptocurrency and blockchain technologies can be used and it would evolve from there.” Blockchain is a significant consideration for businesses across the UAE, with the recent announcement that more than 50% of government transactions will be conducted through the blockchain platform over the next three years, under the Emirates Blockchain Strategy 2021 initiative. The move is predicted to save approximately Dhs11 billion in document processing and transactions, as per recent media reports. The role of a CISO Considering major cybersecurity incidents that have resulted in billions of dollars worth in damages globally, the importance of experienced, well-versed security staff cannot be overstated. Findings from a recent (ISC) 2 Advisory Council CISO round table, moderated by Gamali at Infosecurity Middle East 2018, which focused on operational risk and the evolving role of a CISO, found that top security staff are increasingly requesting more visibility and an independent voice within the organisation. In view of briskly-paced technological evolution and adoption, Ga ͕) %M=́ѡ)хЁ́ɝͅѥ)ɽ́ѡɥ́ѡݽɱ+qQݕͥѥ %M<ݥͽ)ѡЁ)ѕ䁱̰ɕ͕)٥ɕхѡхɅѕ)ٕЁѡ䳊t)ͅqQݥѡݡݥ)ɥٔѡЁ݅ٔمѥt(