Industry Thought Leadership

Recognizing Cybersecurity as an Organizational Issue, Not an IT Play

February, 2020
AbdulGhaffar Setareh
Chief Risk Officer

Zain Group

Cybersecurity, and more significantly cyber resilience, is a central issue in the digital age we currently exist in. Cyber resilience within organizations refers to their ability to take a hard look at their business practices and make significant investments in their resources, structures and policies to ensure that they are able to prevent, detect, respond, and quickly recover from attempts to compromise their digital systems.

The responsibility on telecom and other types of technology companies to maintain the integrity of their own as well as third-party digital assets is even more onerous. For its part, Zain Group has been proactive in raising awareness of the importance of cyber resilience within the organization, while also being an active investor in cutting-edge technology and solutions geared at cyber securing its digital data.

As digitization gains pace and the integration of systems becomes commonplace, it has become clear that cybersecurity is not just an IT issue, it is an organizational one. As such, it needs to be addressed strategically within the company rather than just tactically. Starting with senior management, organizations need to adopt a culture of raising awareness of the importance of cybersecurity and resilience, and then oversee its implementation across business functions and operations.

Zain’s Group Risk Management is at the forefront of raising and implementing cybersecurity initiatives within the organization. For example, it has developed material for a year-long cybersecurity awareness program and shared it with all operating companies. The program, with a slogan of PAUSE, THINK, ACT, has developed into an on-going initiative throughout the year, and is updated regularly with the latest trends in cybersecurity risks.

Program content extends to topics such as malware/ransomware; two-factor authentication; password security; mobile/laptop security, and is disseminated throughout the organization via six distinct channels (e-newsletters, posters, rollups, SMS, banners, screensavers). Additionally, ‘train the trainer’ sessions are conducted for subject matter experts from Zain operating companies, while advanced cybersecurity content has been developed for technical staff.

Sharing information is fundamental to improving cybersecurity posture, and having successfully hosted the first Risk Synergy Forum in 2018, Zain’s Group Risk Management organized the second edition of the event in Bahrain in October 2019. The two-day conference was inaugurated by Board Risk Committee Chairperson, Dr. Saud Al Nahari.

Risk management professionals from across Zain’s operations shared their best practices across enterprise risk management, business continuity, and cybersecurity management. New trends in cybersecurity and risk management were presented to ensure all operations are aligned, work to enhance synergistic opportunities, and establish a strategic direction for risk management.

There are many aspects to establishing a robust cybersecurity posture within an organization, and certification is a way of ensuring internal processes and technologies are up to standard, while also giving a level of confidence to third-party stakeholders that the organization takes this aspect of its business seriously.

Given the growing importance of the government and enterprise (B2B) segments to Zain, it comes as no surprise that the telecom operator has invested significantly in tailoring solutions for customers in this area, where the protection of digital assets is arguably at its most critical.

Pursuing its desire to adhere to industry best practices, operations across Zain’s footprint continue to maintain their ISO 27001 Information Security Management System Certifications. In 2019, Zain Kuwait went as far as achieving the ISO 22301 Business Continuity Management System Certification and was first telco in Kuwait and third in the region to receive M&O Data Center Certification from Uptime Institute recognizing the high international standards in its data center.

In Kuwait and Bahrain, Zain is providing its corporate customers secured and protected environments by providing wide range of services, including a DDOS (Distributed Denial of Service), a cloud-based service that proactively monitors customer traffic behavior and patterns to provide a 24/7 remote detection, and risk mitigation against DDoS attacks. Zain has multiple DDoS detection servers across the globe that detect and push necessary policies to redirect the attacking traffic to scrubber devices that clean the traffic and send it back to the customer.

Zain is helping the corporate customer in providing and building fully managed services to manage their SOCs by providing them risk assessment and penetration tests, as well as defining the process and policies for their SOCs, including the tools and resources.

Zain Jordan has developed a state-of-the-art facility with a highly modernized communications network and solid UT infrastructure that qualifies as a TIER 3 Disaster-Recovery Center. Coined ‘The Bunker’, the facility is situated at the King Hussein Business Park in Amman, and is a certified data center that gives local, regional and international organizations the opportunity to host their IT infrastructure and DR offices, while also offering clients a secure environment to enhance their ICT business processes.

In the Kingdom of Saudi Arabia, Zain has partnered with Samsung to launch a cloud-based Enterprise Mobile Management (EMM) solution to manage a fleet of devices, increasing business efficiency and securing corporate data. The solution can manage any Android, iOS or Windows 10 device, but is most secure on Samsung Galaxy devices integrated with the Knox platform.

In conclusion, all cybersecurity conscious corporations need to ensure their employees PAUSE, THINK, ACT.