The Middle East has made impressive strides in its adoption of technology over recent years. These changes have highlighted the security risks inherent in digital transformation, among other things. Unfortunately, many organizations aren’t always prepared to address these challenges. For example, more than four in five large Gulf enterprises still use just usernames and passwords for authentication purposes, reported The National. Given these weak security measures, it’s no wonder 48 percent of Middle Eastern and African organizations that suffered a security incident ended up losing more than $500,000 in damages.
The costs of a security incident could become even greater under the new data protection regulations to which some organizations in the region are bound. These include well-known frameworks like the Payment Card Industry Data Security Standard (PCI DSS), with fines totaling as much as $100,000 for each month of noncompliance, and the European Union’s General Data Protection Regulation (GDPR), under which non-compliant organizations could incur a penalty of either 20 million euros or four percent of global annual turnover (whichever is higher). There are also local regulations like the Saudi Arabian Monetary Authority’s (SAMA) Cyber Security Framework, which includes guidance on how Saudi Arabian banking, insurance and financing companies can protect themselves against digital threats.
To avert the penalties discussed above, organizations in the Middle East and Africa should make sure they’ve achieved and can maintain compliance with all applicable data protection regulations. Sebastien Pavie, regional director of META, Enterprise & Cybersecurity at Gemalto, noted that companies can start by taking a data-centric approach to security. He explained that such an attitude involves implementing not only encryption but also the centralized and secure management of cryptographic keys. As quoted by SecurityMEA:
Securing cryptographic keys provides reliable protection for applications, transactions and information assets. With keys securely stored in hardware, organizations can ensure both high performance and the highest security available. With robust hardware security modules, encryption appliances, and key management solutions, organizations can maximize the security of encryption keys and policies, adding a critical line of defense for confidential information. This approach is also the easiest way for organizations to integrate application security in order to achieve regulatory compliance.
Gemalto is committed to helping Middle Eastern and African companies meet their compliance requirements. That’s why it will be in attendance at GITEX 2018 between October 13 and October 17 at the Dubai World Trade Center. Stop by stand SR-G5 in Sheikh Rashid Hall, to learn how Gemalto’s SafeNet Identity & Data Protection solutions can help your organization comply with several regulations on the market as well as protect its assets and reputation.
For more information on Gemalto’s participation at GITEX 2018, click here.
*** This is a Security Bloggers Network syndicated blog from Enterprise Security – Gemalto blog authored by Gemalto. Read the original post at: https://blog.gemalto.com/security/2018/10/03/data-protection-compliance-to-take-center-stage-at-gitex-2018/