Given the rising frequency and sophistication of cyber-attacks on IT [Information Technology] and OT [Operational Technology] systems, it is now more crucial than ever to remain vigilant and take proactive measures to safeguard critical infrastructure, whether it is oil and gas installations or utilities.

The region’s cybersecurity spending is expected to reach $5 billion in 2023 with a compound annual growth rate of 7-8 per cent, said Jyoti Lalchandani, Group Vice President and Regional Managing Director for the META region, IDC.

“Cyber-attacks against oil and gas installations and utilities have been on the rise, intending to cripple the economic interests of the target countries,” Lalchandani told Zawya Projects.

He pointed out that AI technology will be integrated into more cybersecurity systems, enabling predictive analytics to anticipate and prevent future attacks.

Jyoti Lalchandani, Group Vice President and Regional Managing Director for the META region, IDC
Jyoti Lalchandani, Group Vice President and Regional Managing Director for the META region, IDC
Jyoti Lalchandani, Group Vice President and Regional Managing Director for the META region, IDC

Excerpts from the interview

How has the cyber threat landscape evolved over the past few years?

Organisations have significantly increased their technology investments, particularly in the cloud. As a result, there are concerns about data storage and cybersecurity posture in a cloud environment.

The second broad area driving cybersecurity is the rise of remote and hybrid work models, which have led to infrastructure applications in a distributed environment, creating a critical need for cybersecurity investments.

In the region, we expect cybersecurity spending to reach $5 billion in 2023, including hardware, security software, and professional services, with a compound annual growth rate of 7-8 per cent.

Cloud security and end-to-end visibility of IT, OT, and IoT devices across the network are top-of-mind areas for investment for organisations. Additionally, organisations are increasingly focusing on AI-enabled security products and services for automated threat detection and predictive security to pre-empt attacks.

Which sectors in the region are the biggest spenders on cybersecurity?

If we look at the UAE or the wider region, the public sector is the number one spender on cybersecurity. This includes federal and local governments, defence and utility sectors, and state-owned organisations. Following closely behind is the banking and financial services sector, which has already made a significant shift to mobile banking and other platform-based services. The third biggest spenders are sectors such as telecommunications and retail, where the rise of e-commerce and digital business models have increased the amount of data and information being distributed, leading to increased investment in cybersecurity measures.

What cyber threats or attacks should these entities be aware of? 

Cyber threats come in various forms, ranging from state-sponsored attacks involving governments to commercially motivated attacks like phishing, malware, and ransomware aimed at extorting money and bringing down businesses. These attacks have cost businesses worldwide billions of dollars.

In the past, attacks were not politically motivated, but now the focus has shifted to how an attack can impact a nation, utility, or critical service, leading to greater anxiety and stress within the public sector.

Cyber-attacks against oil and gas installations and utilities have been on the rise, intending to cripple the economic interests of the target countries. This has led to increased government investments to enhance responsiveness and security.

Private-sector consortia now operate many power, water, and renewable energy plants in the region, given the trend toward privatisation and public-private partnerships. How does this affect their cyber-security posture?

Regarding critical sub-sectors within the economy, like utilities, the government has laid down regulations and compliance requirements, including security protocols, to ensure that the services are maintained. Even though the utilities may be private companies, they must follow these requirements.

On the one hand, AI can be used for committing cyberattacks, while on the other, it can be harnessed for protection against such attacks. In your view, what will be AI technology's impact on cybersecurity?

AI will be integrated into more cyber security systems in terms of predictive analytics to anticipate and prevent future attacks. This will also provide greater visibility across the enterprise IT, OT, and IoT systems, which will be a major game-changer in cybersecurity.

In 2023, what should be the cybersecurity priorities for critical infrastructure like oil & gas and utilities?

Each sector has its sector-specific priorities. If I talk about broad-level priorities, the number one priority, for organisations, given the economic context and the headwinds, is efficiency. This will require hardware to become more efficient and agile in order to improve productivity. Technology, such as automation and cloud solutions, will play a vital role in achieving this goal.

The second priority is data and analytics, and data monetisation, so to speak. Organisations will need to focus on making sense of the vast amount of data they have and how to leverage it to make better business decisions and create new revenue streams.

The third area, given the headwinds, will be cost rationalisation because budgets will not increase dramatically. This means asking tough questions about whether the money is being spent on the right technologies and whether there is overspending in certain areas, such as the cloud. Organisations will also seek to ensure they have full visibility of their costs. To optimise spending without compromising security, it is crucial for organisations to evaluate their current technology spending and identify areas where they can reduce costs. They will need to prioritise programs and projects across the organisation, and any savings achieved can be reinvested in innovative initiatives.

(Reporting by Anoop Menon; Editing by Bhaskar Raj)

(anoop.menon@lseg.com)