New research reveals extent of Middle East IT security woes
Studies by Cisco and Trend Micro show an infection rate of ‘100 per cent’ – and BYOD is a key issue.
October 24, 2013 9:59 by Steven Bond
The ‘Bring Your Own Device’ (BYOD) trend is apparently hitting Middle East IT departments hard, forcing execs to implement ‘mobility systems’ in an attempt to deal with the vulnerabilities that smart devices bring to company networks.
There are currently 13 billion connected devices, approximately two per person globally, and Cisco predicts that the number will increase to 50 billion by 2020.
Cisco’s Visual Networking Index Global Mobile Data Traffic Forecast estimates that the MEA region will contain nearly 850,000,000 mobile users by 2017 and the IT networking specialist believes that all business networks are moving toward being a much more mobile experience.
According to the report, 85 per cent of respondents say they were allowed to use company issued computers for personal reasons, with only half of the companies surveyed having implemented specific security restrictions on devices and communicated the importance of ICT security to their employees.
“Currently, 90 per cent of all organisations allow personal devices to be used at work,” says Osama Rasoul, sales manager at Cisco’s network architectures division in the UAE.
“A couple of years back, IT managers were like the policemen in the company, restricting resources and access to networks, and any non-approved applications. This has changed. Now CXOs wave their tablets in front of the IT managers and demand to be connected to the company networks,” he told reporters at a round-table event at GITEX Technology Week in Dubai.
The research highlights that almost half (46 per cent) of all employees in the region are bringing at least one unsecured device to work. More worrying, however, is that only 55 per cent of companies surveyed have a plan in place to manage the use of these devices when used for work purposes.
“People feel more productive when they use their own tools and smart devices. But IT is struggling. Not just with scalability issues and figuring out how to accommodate all of these new devices on company networks, but they are struggling to keep visibility and keep an eye on what is going on. This is a big challenge that every single IT department has today,” adds Rasoul.
Trend Micro sees big problems
Security specialists Trend Micro have simultaneously published a report which claims 100 per cent of businesses in the region have been impacted by some kind of cyber attack.
The regional survey was conducted over a period of six months and looks at different industry verticals including government, IT, engineering, FMCG, construction, automotive, oil and gas, manufacturing and education. It reveals that the region has a 100 per cent infection rate, with more than 20 per cent of businesses experiencing an average of three security breaches in the past 12 months alone. And ten per cent of businesses are worried about insider attacks here in the region.
Data loss tops the list, with 26 per cent citing this as the main security concern, followed closely by infections from emails, at 25 per cent. However, worries regarding threats from hackers were only at eight per cent.
The UAE has one of the highest infection rates in the region, at 34 per cent, followed by Saudi Arabia at 18 per cent.
Trend Micro’s vice-president for the Mediterranean and Middle East regions, and Africa, Ihab Moawad, agrees that businesses are allowing users to bring in their own devices, in spite of the dangers, because it vastly improves the work environment. But he believes that the missing ingredient, once businesses have installed the appropriate safeguarding software, is education.
“Policies are key. We think things are getting better in that area, because of increased awareness, but education is still needed,” he says. “We are putting some initiatives in places with government bodies in the region, for security awareness and training.
“We are also working in universities and other ministries to educate employees about the risks and importance of understanding network security. Education is one of the most important security measures – we are carrying bombs in our pockets,” he adds.