Malware and ransomware are becoming more prevalent in the region. How do you convince firms they need a proactive cyber security strategy in place?

We continue to see a massive increase in malware, phishing and ransomware attacks globally, and the Gulf is no different. One of the reasons is the bad guys see the Gulf as high value, but low maturity when it comes to cyber and information security. The worrying thing is many firms fail to anticipate the potential threat, and only address cyber and information security once an attack has occurred – if not to them, a company similar to themselves. At IOActive, we encourage thinking like the bad guy.

What is the greatest area of vulnerability among Middle East firms in terms of cyber security?

Raising awareness among employees is crucial

The greatest area of vulnerability in any security programme is the human factor. You can spend millions of dollars on systems, but if one person circumvents the controls or mis-configures, then you might as well have not invested. Raising awareness and education among your employees is crucial. Embed cyber and information security into your company’s culture.

Cyber security experts are in short supply everywhere, but more so in the region. What options are available for businesses and consumers?

The problem anywhere is security is seen as an afterthought, so you are trying to retrofit security around your processes, company and people. Security should be one of the first things you plan for. At IOActive, we see the Gulf as a huge market, both in business opportunity and talent. Globally, we focus on the younger generation of cyber engineers. Likewise, the region has huge potential for talent. IOActive has invested heavily in creating a permanent presence in the region, to not only support our business clients but also to provide support and thought leadership.

Market Talk was produced in partnership with IOActive. To appear in Market Talk, contact: richard.thompson@meed.com