Information security spending in the Middle East is set to hit $1.8 billion in 2017 but there is "a false sense of security" pervading the region as is evident from a laxity in investing in people and process, experts warned.

"Improving security is not just about spending on new technologies. As seen in the recent spate of global security incidents, doing the basics right has never been more important," said Sam Olyaei, senior research analyst at Gartner.

Speaking on the sidelines of Gartner Security and Risk Management Summit, Olyaei said security services will continue to be the fastest growing segment in line with global trends, especially IT outsourcing, consulting and implementation services. The growth for security services will be driven by ongoing skills shortages in the information security domain as well as increased awareness of threats.

He said organisations can improve their security posture significantly just by addressing basic security and risk-related hygiene processes such as patch management, regular and scalable vulnerability scanning, centralised log management, internal network segmentation, backups and system hardening. "Do not buy a tool just because a tool exists, invest in people and process to maintain and operate these tools," said Olyaei.

In a region where the oil and gas industry is critical to many local economies converging of operational technology (OT), Internet of Things (IoT), and IT is pushing many organisations to start considering how to handle the potential new security vulnerabilities created, he said.

"This will result in additional interest to invest in security products and services to mitigate these new risks that traditional information security practices are not accustomed to," said Olyaei.

According to Gartner, Middle East and North Africa spending on information security technology and services is on pace to reach $1.8 billion in 2017, an increase of 11 per cent over 2016.

"The region is also fixated on check box compliance - a hallmark of immaturity when it comes to security," Olyaei said. "Digital business is transforming the region and it is all about managing risk; managing risk is about understanding the major perils a business will face, and prioritising controls and investments in security to achieve business outcomes."

- issacjohn@khaleejtimes.com

Issac John

Associate Business Editor of Khaleej Times, is a well-connected Indian journalist and an economic and financial commentator. He has been in the UAE's mainstream journalism for 35 years, including 23 years with Khaleej Times. A post-graduate in English and graduate in economics, he has won over two dozen awards. Acclaimed for his authentic and insightful analysis of global and regional businesses and economic trends, he is respected for his astute understanding of the local business scene.

Copyright 2017 Khaleej Times. All Rights Reserved. Provided by SyndiGate Media Inc. (Syndigate.info).