Security Middle East Conference: Chairperson Takeaways

Security Middle East Conference: Chairperson Takeaways

Dan Norman, Regional Director, EMEA, ISF and the Chairperson for the Security Middle East Conference 2023, looks back at the success of our first-ever conference and the messages coming through from our industry expert panels.

The inaugural Security Middle East Conference was a major success for the security community. Over 200 security leaders filled the conference in Riyadh on the 9th May to discuss a variety of security threats and opportunities, hearing from world-class keynotes and panellists; from cyber resilience to the skills gap in the region, to industry and regional collaboration, it is clear that Vision 2030 presents a plethora of unique, multidimensional challenges to overcome. As Chairperson, I found the insights and strategic initiatives compelling. Whilst there is a significant amount of work to overcome over the next 7-10 years, the community itself is strong, and energised and the desire to protect, defend and overcome these challenges is profound. Below are some of my key takeaways from the event itself:

Cyber Resilience: 

While physical security has traditionally received strong attention and investment in the Middle East, the perception of the importance and value of cybersecurity lagged somewhat behind. However, it is now clear that cyber resilience, the modern, more all-compassing term for effective cyber risk management and security, is a fundamental business driver for companies, governments and vendors in the region. All organisations, from multi-billion dollar GIGA projects to smaller government institutions, are experiencing cyber attacks from a variety of well-funded, intelligent cyber threat actors. Organisations need to take a holistic approach to improve their cyber resilience and remain steadfast in the face of these complex, demanding threats.

The key message from the presentations and the panel session was that cyber threats can manifest anywhere across the organisation, as well as the supply chain. Monitoring the threats that may impact the organisation internally and throughout the supply chain, maintaining a register of the organisation’s unique asset profile, combined with investment in a suite of robust, internationally accepted controls, are the hallmarks of a resilient enterprise. Partnered with effective risk management and mature business continuity, crisis management and disaster recovery strategies can keep organisations resilient in the face of an ever-changing and dynamic threat landscape.

Skills gap in the region:

With ambitious GIGA projects, emerging technologies and a maturing economy, the Middle East is struggling to find strong security candidates across cyber and physical domains. Coupled with the perception that the security profession is somewhat of an immature field, with unclear pathways, hiring the right people and incentivising them along their corporate journey is a real challenge for all organisations. Developing an enticing environment for university students to move into the security field, with a clear line of sight to senior management and beyond is a challenge that all organisations face globally. To push security matters into the boardroom, the message from the conference was that security needs to rebrand itself away from a cost-centre and more towards a value-add. By partnering the security tooling and capabilities with traditional value-add functions like marketing, communications and sales, security can become a multi-faceted department. For example, behavioural monitoring and analytics systems that security use for threat intelligence and protection can be re-used to understand buyer behaviour, trend analysis and predictive analytics.

Industry and Regional Collaboration:

It is clear that the Middle East trails slightly behind the global security community when it comes to regional and international collaboration and threat intelligence sharing. Governments, regulators and organisations alike are not building and maintaining strong associations or partnerships. This can bleed into weak and even conflicting regional and international regulations that can hinder progress and stunt development for ambitious organisations. Effective information sharing and diverse threat intelligence can add valuable insight into the threat landscape and potentially looming incidents. Partnerships, industry collaboration, government bodies and regulators can contribute information and foster meaningful relationships which can prepare organisations for future threats.

With the countdown to Vision 2030 looming, the security community has to take proactive steps to protect the region. Threat actors are biding their time to attack, compromise and steal from a resource-rich and abundant area of the planet. The threats are forever changing, dynamic and intelligent; security professionals must remain one step ahead, or face a continued, uphill battle to protect what the Middle East is fighting so hard to develop. The Security Middle East Conference will be back in 2024 to drive collaboration, information sharing and development of best practices to support the community and the region.