82% of IT decision-makers working in banks and financial service institutions (FSIs) in the United Arab Emirates are under pressure to level up their security protocols, according to new research from Citrix. This comes as 72% see IT security risks in the industry increasing since the start of the COVID-19 pandemic. Employees are most likely to be pressurizing their organization to increase security, with 67% of IT pros reporting pressure from this group, followed by customers (48%), then government (45%), and shareholders (31%).
Perhaps in response to these demands, 66% of respondents report that security has become a top priority in their organization over the past 18 months. They join the further 31% who report that it has been a top priority “for years”.
“It is no surprise that security has become an even greater priority since the pandemic began,” says Amir Sohrabi, Area Vice President for Emerging Markets at Citrix. “As remote work became ubiquitous overnight, and employees were more likely to be distracted by personal and professional stressors, cyberattacks have increased across the globe. This research highlights that both internal and external stakeholders have recognized the challenges, which are especially pertinent in a sector like finance.”
Technology maturity, namely Zero Trust and digital workspace, is driving confidence
However, despite the increase in cyber-attacks and the changing demands and pressures upon them; 95% of IT decision-makers claim they are comfortable with their IT security provisions, with 25% of those saying they are “very comfortable”. 86% also believe that the IT security teams in their organizations have “all the skills necessary” to handle today’s challenges.
This confidence may come, at least in part, from the fact that many organizations are replacing their traditional VPN solutions with Zero Trust, cloud-based services. 46% of respondents have already implemented this, with another 49% planning to do so in the next 12 months. A further 6% plan to follow suit in the longer term. The biggest drivers behind this decision are improving end-user experience (42%), having an agile and secure remote work strategy (39%), consolidating multiple point products (36%), and more on-premises solutions to the cloud (35%).
In addition, 90% of IT decision-makers report that they are satisfied with the digital workspace solutions their organization has used to support remote work, over the past 18 months. 54% of respondents implemented these digital workspace solutions in response to the mandate to work from home in March 2020, while a further 42% already had them in place prior to the pandemic. The remaining 4% plan to provide their teams with digital workspace solutions in the future.
Of the other technologies that organizations have in place to support remote working, the most popular are virtual desktops and apps (67%), video conferencing/streaming (62%), and emails (57%).
Skills and training gaps present potential vulnerabilities
Whilst the majority of IT decision-makers feel they have the right teams in place to support their organizations’ current security posture, there may be challenges on the horizon. 87% of respondents admit that they will need to hire externally to get the right skills in the future, and 87% feel that at some point, IT security teams in their organization “will need to be entirely reskilled”.
Additionally, the research uncovers some gaps in wider security training for employees of banks and FSIs. 31% of respondents say that security training for all employees at their organization is provided less than once a year, with 1% admitting it is provided every six years or less.
“The challenges caused by the pandemic and the pressures put on IT decision-makers by key stakeholder groups, have led to security soaring up the priority list for many financial organizations,” comments Amir Sohrabi. “The last 18 months have clearly been a time of great change, with new technologies being implemented, so it’s highly encouraging to see most IT managers in this sector adapt and accelerate, to ensure they have the correct security posture in place.”
“However, this is no time to get complacent and there is clearly an opportunity for businesses to future-proof their security by upskilling their IT teams and providing regular training for the wider employee group,” he adds. “There has been an alarming increase in cyber-attacks since the start of the pandemic, and many of these come as a result of human error. The importance of dedicated annual training, therefore, cannot be underestimated.”