We continue to see year-over-year growth in usage of digital services throughout the Middle East and North Africa (MENA). While the region increases digitization, GDP per capita is estimated to rise by over 40 percent, as per a report by The World Bank. As a result, we expect online commerce to continue increasing across MENA.

Although online commerce has clear benefits to economies in the region, the digital shift also introduces new challenges and risks. According to Allianz Risk Barometer, cyber incidents will rank among the top three global business risks in 2022.

Even though cybersecurity problems and solutions may differ across enterprises, there are some overarching principles that can help us move towards a safer digital space, especially when it comes to protecting customer data.

1.    Prioritize Cybersecurity through Leadership and Business Decisions 
Company owners and leadership teams have a growing responsibility to understand emerging cyber threats and the need to build defenses against them. Executives in most regions and industries agree that the most important way to build a more secure digital society is by educating CEOs and boards to better understand cyber threats, supporting them in fulfilling their responsibilities on developing appropriate cybersecurity practices, according to research by PwC.

With increasing sophistication of cyberattacks, leading to incidents such as ransomware or supply chain disruptions, it’s important that a company’s overall risk mitigation strategy pay considerable attention to cybersecurity.

In addition to relying on their cybersecurity team, we recommend that CEOs and corporate leadership also educate themselves on the topic to make decisions associated with investments in new technology, processes, and skill development so that their business can be better protected. 

2.    Build a Strong First Line of Defense 
Although the methods used by hackers are constantly evolving, many attacks can be avoided through a strong first line of defense. 

Having antivirus and antimalware software installed on all your company devices is a good first step to take. This can prevent low-level attacks from having a devastating impact and, considering the affordable cost of digital security packages, should be a minimum requirement for all businesses planning to sell products or services online. 

3.    Engage Your Employees on Security Issues 
Many digital attacks can also be avoided by raising security awareness amongst employees. This is because various attacks require an employee to take an action, which may appear non-malicious to the unaware employee. With ongoing training and awareness sessions on social engineering and phishing, employees can identify and avoid opening suspicious emails and links from potentially harmful sources.  

In addition to this, regardless of where the employee is working from (home, office, client location, or an airport), their systems must be protected with the same cybersecurity and antimalware solutions as the corporate environment. Weak links, no matter how small they appear, can expose your entire network to cyberattacks.

4.    Build An Incidence Response Plan (IRP)
In order for your employees to know how to act when a cyber security attack occurs, having an incident response plan (IRP) in place is vital. This is a set of documented procedures detailing steps that should be taken if an incident occurs. The plan should cover multiple phases across various types of attacks, with appropriate steps that should be taken, along with clear guidelines about individual roles and responsibilities. As per SANS Incident Response Plan, the 6-steps of IRP are: preparation, identification, containment, eradication, recovery, and lessons learned. In addition, please ensure that appropriate communication plans are in place for internal stakeholders, business leadership, your customers, and if required, regulators.

You may also want to create an incident response team for implementing your IRP. This group of individuals within your organization, sometimes referred to as a cyber incident response team (CIRT) or a computer emergency response team (CERT), will be responsible for preventing, managing, and responding to security incidents as they happen.

5.    Recognize New Threats as They Emerge
New threats emerge as hackers continue to adapt their approach to penetrate defenses used by online businesses. If you remain static on your cybersecurity practice, the protections you have implemented could quickly become obsolete. While constantly remaining up-to-date can be frustrating, it is an unavoidable reality when operating online. Adapting your security approach to combat evolving threats is a cost all online companies must incur to grow their operations in a safe and secure way. 

We recommend regularly updating your software (and patches) to the latest versions, ensuring your security and anti-malware software are up-to-date, and regularly consulting with your payments service provider as well as your security consultant to explore steps towards optimizing the security of your online transactions. 

Your employees should be encouraged to identify potential threats and bring it to the attention of your cybersecurity team. Teams that manage your daily operations that are best placed to identify process gaps and can recognize where additional security oversight is required. 

6.    Continue Upskilling Security Knowledge
When it comes to digital data protection and online security, a gap in knowledge and internal skills is one of the biggest challenges the MENA region collectively faces. Some enterprises have employees who are trained in mitigating cyberthreats, while others simply don’t have resources for this. If you are able to, offer cybersecurity training to your internal staff (both technical and non-technical staff). Workshops and training programs are now widely available online and at an affordable cost.

In addition to the 6 practices mentioned above, you should also seek advice and guidance about securing your systems from external security partners and auditors. Along with your business partners, ensure that your payments service provider has a strong security practice in place as they process your transactions. For instance, our services at APS are designed to offer robust protection for our clients through ongoing compliance to the highest standards of PCI-DSS requirements as well as dedicated information security and risk management teams.