How to Combat Cybersecurity Talent Gap in the Middle East

The Global Issue

The rapid adoption of technologies and growth of digital data have created a high demand for cyber and information security professionals. However, nowadays we are witnessing a significant shortage of specialists in this sphere. According to the ISC2 global study, in 2024, the cybersecurity workforce gap reached a staggering 4,763,963 people. Meanwhile, the WEF states that the cybersecurity talent shortage could reach 8.5 million specialists by 2030.

As for the Middle East, the region is not an exception in terms of cybersecurity talent gap. A Cisco survey shows that 90% of companies in the UAE are facing security workforce shortage, when 51% of businesses report having more than 10 unfilled positions related to cybersecurity. The situation is similarly challenging in the KSA. In 2024, Saudi Arabia has a shortage of over 18,000 cybersecurity professionals.

The current circumstances are leading to total burnout among security specialists: in 2024, 69% of CISOs in the UAE admit to burnout. Besides, 83% of IT security professionals say that burnout has caused them to make errors leading to breaches.

A serious shortage of cybersecurity talent as well as employee burnout levels are weakening companies’ defenses, especially as insider threats – the most challenging ones – continue to grow.

Insider Risk: Threat is Rising

Insider threats originate from employees or company contractors having access to corporate data and infrastructure. They can either use sensitive information for their selfish purposes or violate data policies or country law due to negligence.

Last year, the UAE faced a 30% increase in insider threat incidents. In Saudi Arabia, 71% of companies experienced some form of cyber incident, 27% of which were caused by malicious employees. Their share is not the largest, but, as the 2023 Ponemon report shows, malicious insiders are the costliest to business. The risks that workers with malice pose vary from leaking to competitors sensitive information or know-hows to document forgery, industrial espionage, kickbacks, and much more. 

Non-malicious employees make up the majority of insiders. They usually fall prey to cybercriminals that exploit social engineering like phishing, BEC attacks, and other forms of deception, making victims expose confidential information unintentionally.

How to Ensure Data Protection in This Context

The very basic step in guarding against internal threats is using a combination of Data-Centric Audit and Protection (DCAP) and Data Loss Prevention (DLP) systems. These solutions audit and analyze all data stored on computers, clouds, and networks, along with monitoring popular data transmission channels, ensuring that no confidential information leaves the corporate perimeter.

However, the purchase of protective software licenses and required hardware costs quite a lot; not every company can afford to pay thousands of dollars at a time. Also, it should be noted that the DLP and DCAP systems’ work principle is not the same as, for example, antivirus software. Those must be administered by experienced IS officers. An IS professional is needed to configure the policies, monitor employees’ activity with confidential data, and conduct investigations. Given the current severe talent gap, hiring a qualified specialist turns into a serious challenge.

The situation is even more aggravated by the fact that experienced security professionals prefer to work for large companies, where they can deal with complex tasks and get higher salaries. SMBs, startups and some governmental agencies are often simply unable to compete for such specialists. As a result, these entities often remain poorly protected.

So, the question arises: what can be done to stay protected against insider threats in this context? A smart decision would be to delegate information security-related tasks to a Managed Security Service (MSS) provider. 

The service model makes security more accessible by addressing long-standing challenges like the high cost of software or hardware and the difficulty of hiring skilled information security professionals.

Through MSS, on a subscription basis, customers get access to both security software and a dedicated security analyst who deploys and configures a service, ensures monitoring, prevents incidents, provides the customer with detailed analytical reports, and solves specific tasks requested by the client. This analyst can function as a full-time security specialist or support existing in-house staff with routine tasks.

It is worth mentioning that MSS adoption shows a rising trend in the MENA region. According to the research, 70% of MENA companies are outsourcing or planning to outsource information security-related tasks in the near future.

Last Updated on 1 week by News Desk 1