Peter Alagos/Business Reporter
Technology firms and critical national infrastructure such as telecommunications networks are among the five major industries that invest heavily on security due to high risks of cyber attacks and threats, a senior official of Qatar-based global telecom company Ooredoo said.
Mustapha Huneyd, head of Corporate Information Security, made the statement during a lecture on “Cyber Security Risk Management & Governance in the Telecoms Industry” at the Cyber Security Summit – Middle East last week.
Huneyd said the 2014 Information Security Breaches Survey conducted by advisory firm PwC showed that both telecoms and technology sectors spend 13% of their IT budget on security. Other major sectors include services, 14%; health, 12%; and government, 11%.
The survey revealed that “Large organisations now spend on average 11% of their IT budget on security; small businesses spend even more of their IT budget on security than large ones with an average of almost 15% of their IT budget” – the highest level ever recorded.
It added that “15% of small businesses spend more than 25% of their overall IT budget on security, versus 10% of large organisations. The figures highlight the increasing recognition by businesses of all sizes of the importance of protection and defence against cyber security threats.”
Citing figures from the IBM Security Services 2014 Cyber Security Intelligence Index, Huneyd said 75% of global incidents in 2013 perennially target five industries: finance and insurance, 23.8%, manufacturing, 21.7%; Information and Communications Technology, 18.6%; retail and wholesale, 6.2%; and health and social services, 5.8%.
Last month, Huneyd said Deutsche Telekom (DT) reported that its daily rate of cyber attacks increased from 300,000 in the past two years to 1mn in 2014. A DT-commissioned survey also showed that nine out of 10 German companies reported external attacks this year, with 14% of them suffering attacks on a daily basis.
According to Huneyd, telecoms take a two-pronged strategy involving the internal organisation “and another that is national, regional, and global in nature.”
Another approach, he said, is the “Intelligence-driven incident response” – a cyber risk management with three pillars: Threat Intelligence, Security Monitoring, and Incident Response.
Mustapha Huneyd, Ooredoo's head of Corporate Information Security. PICTURE: Jayan Orma