$35 billion Mena digital market is prone to cyber-attacks

Digitisation initiatives to add $820 billion to regional economy.

By Issac John (associate Business Editor)

Published: Mon 22 Jun 2015, 11:43 PM

Last updated: Wed 8 Jul 2015, 3:18 PM

Dubai: The value of the digital market in the Middle East and North Africa region is expected to reach $35 billion in 2015, and overall digitisation initiatives could add $820 billion to regional economy, creating 4.4 million jobs by 2020, according to a study by Strategy&.

“However, this rapid digitisation and the resources of the region make the Mena an attractive target for a wide array of cyber-threats,” the study said.

The study noted that governments and large organisations in almost every vital sector of the region have already sustained damage from cyber-attacks. “Every national government in the region is striving to create a secure digital environment, but often these efforts are fragmented, tactical and reactive. And they do not include the participation of all essential stakeholders. Consequently, government responses often lag behind the ever-evolving threat landscape, and defensive measures are circumvented or exploited,” said Strategy&.

According to a 2014 report from the Centre of Strategic and International Studies, cyber-crime costs the global economy approximately $445 billion every year, with losses ranging between $375 billion and $575 billion.

In the Middle East, cybercrime is the second most common form of economic crime reported with total  losses varying between $1 million and $100 million annually, according to PricewaterhouseCoopers’ 2014 Global Economic Crime Survey. Cyber-security experts are of the view that with the shifting security landscape and the emergence of new cyber threats, countries in the Mena region must continue to formulate cyber-defence strategies and frameworks to adequately prepare individuals, organisations and governments against potential attacks and security concerns such as the Desert Falcons.

“Companies need to create a vibrant cyber ecosystem to detect, respond and recover from cybercrime and other types of online attacks,” experts said.

Dr Walid Tohme, a partner at Strategy& — formerly Booz & Company — said there is a growing gap between the capabilities of national stakeholders, both from the public and private sectors, and the capabilities of organisations and individuals sponsoring and executing cyber attacks. “To close this gap, we believe that the governments of the Middle East need to take a strategic approach to rethink and revamp their national cyber-security efforts.”

The Strategy& study looks into national cyber-security efforts by the region’s governments, and outlines strategic reforms to improve cyber-security through a three-pronged framework, and offers six practical applications specific to the Middle East. Acting immediately on these imperatives governments will ensure that their nations will reap the full rewards of digitisation.

The “CCC” framework outlined by Strategy& bases its approach to an effective national cyber-security program on being comprehensive in nature, intentionally collaborative and capability-driven.

To be comprehensive, the programme should identify key private and public stakeholders and their roles, establish their needs, and create an elaborate integrative plan ensuring their participation.

Collaboration is based on shared responsibility that should be instilled at all levels. Citizens, communities, the private sector and governmental entities should participate in information transfer and awareness campaigns, sharing best practices and amending weaknesses.

The programme must be capability-driven, with an emphasis on both proactive and reactive capabilities. This includes nationwide adoption of information assurance standards, and planning for worst case scenarios to ensure optimal recovery from an attack.

Sevag Papazian, principal with Strategy&, said the Internet is borderless, its greatest weakness and strength is that it defies state control. “Adopting a national cyber-security programme following our CCC framework heightens the chances of preventing, adequately combating, and quickly recovering from cyber-crimes. As our region’s digital markets flourish, equipping ourselves with appropriate safety measures is an absolute must to ensure consistent progress.”

The study suggests six key steps that governments in the Mena region should undertake in the adoption and implementation of their cyber-security programmes.

A central national cyber-security body, or CNCB, should be initially established, and in charge of defining the national cyber-security agenda. It is essential that this body remains independent to guarantee impartiality, as well as be empowered by the highest authorities to ensure credibility. The CNCB should create a national cyber-security strategy (following the CCC framework) aligned with the country’s security priorities, and involving all key stakeholders.

Also, a national dialogue across key stakeholders should be established, in the form of a national cyber-security governance body chaired by the CNCB, through working groups or through regular conferences and events. This promotes communication and enhanced collaboration.

Preventive and reactive national cyber-security capabilities should be built. Preventive measures require the development of national cyber-security policies, and an efficient compliance body that ensures the implementation of these policies. Reactive measures call upon the empowerment of a computer emergency readiness team, working in alignment with the national cyber-security strategy.

Developing local talent pools is of utmost importance. Students should be incentivised to join the industry, experts should be attracted through collaboration programmes with international organisations, and nations in the region should hold world-class forums to raise awareness and interest on the matter of cyber-security.

“Governments of the Middle East are the only stakeholders with the power, reach and resources necessary to develop and drive a truly national cyber-security agenda,” said Imad Harb, a senior associate with Strategy&.


More news from Local Business