Wednesday 02, May 2018 by Jessica Combes

Middle East businesses still at risk of cyberattack


Only 34 per cent have implemented a consistent data encryption strategy, according to a study by data security firm, Thales.

Cybersecurity and information systems firm, Thales, has announced the results of the Middle East edition of its 2018 Global Encryption Trends Study. The report, based on independent research by the Ponemon Institute and sponsored by Thales, explored encryption deployment trends in the Middle East, strategy and adoption of encryption to secure data within cloud applications, as well as threats, main drivers and priorities for the industry.

Only 34 per cent of respondents in the Middle East reported that their organisation has an encryption strategy applied consistently across their enterprise. This places the Middle East among the three lowest ranking countries, alongside Mexico (30 per cent) and Russia (31 per cent), and nine per cent below the global average of 43 per cent.  Nevertheless, the region is seeing growing adoption of encryption strategies, with an increase of seven per cent since 2016. IT operations are most influential in framing the direction of encryption strategy, at 32 per cent.

At 55 per cent and 51 per cent respectively, employee/HR data and financial records are the two most commonly encrypted data types in this region. Interestingly, customer information has shown the sharpest increase over the past three years, rising from 25 per cent two years ago to 41 per cent this year. Organisations in the region continue to demonstrate a preference for control over encryption in the cloud and are actively implementing hardware security modules (HSMs) to safeguard their data against increasing security threats. The report also highlights the Middle East as a leader for HSM deployment across new applications including IoT, Cloud Access Security Brokers (CASBs) and blockchain, with the region ranking higher than the global average.

Among the findings, 81 per cent of respondents either use the cloud for sensitive/non-sensitive applications and data today, or will do so in the next 12-24 months; 55 per cent of respondents are using more than one public cloud provider, and 74 per cent plan to do so in the next two years; the most significant threat to sensitive data is employee mistakes, topping the list at 55 per cent and significantly outweighing concerns over actual attacks by malicious insiders; businesses in the region view HSMs as increasingly important to an encryption and key management strategy – rated as either very important or important today by 56 per cent of respondents, and by 63 per cent of respondents over the next 12 months; and the majority of organisations (51 per cent) will only use keys for data-at-rest encryption that they control.

“The Middle East is one of the most highly digitised regions in the world, making it extremely vulnerable to cybersecurity threats. Despite a sharp increase in the migration of sensitive data to the cloud, still just 36 per cent of respondents in the Middle East had a consistent encryption strategy in place. Encryption strategy, coupled with hardware tools such as HSMs and proper key management, is vital to protecting sensitive data against cyber criminals and guarding against human error. Whilst we saw a marginal increase this year in its implementation, it’s clear there’s still a lot of improvement needed in this region to safeguard critical applications,” said Philip Schreiber, Regional Sales Director MEASA for Thales eSecurity.

Other key findings include: encryption use in the Middle East over the past 12 months has seen the most significant growth for private cloud infrastructure (up 17 per cent), docker containers and backups/archives both up by eight  per cent; 37 per cent of organisations are currently using or planning to use HSMs for public cloud encryption including Bring Your Own Key (BYOK), followed by application level encryption (35 per cent) and database encryption (32 per cent)

Once again, the primary drivers for encrypting data in the Middle East are intellectual property (IP) protection and protection of customer information.

For organisations in the Middle East the importance of encryption solutions that support both cloud and on premises deployments rose in importance by 18 per cent over last year, demonstrating how organisations are looking to simplify their encryption and key management deployments.


Features & Analyses