As October marks Cybersecurity Awareness Month, businesses and individuals alike are urged to consider the importance of safeguarding their digital assets with the urgency of addressing cyber threats never been clearer.

Talking to BT, Khaled Fawzy, Senior Country Manager for Egypt, Libya, and Sudan at Fortinet, sheds light on how cybersecurity providers can elevate awareness and protect against the escalating tide of cyber threats.

With recent attacks emphasizing the vulnerabilities present across sectors, Fawzy discusses the critical role of partnerships, proactive measures, and the skills gap in shaping a resilient cybersecurity landscape in Egypt.

October is cybersecurity awareness month. How do you believe cybersecurity providers like Fortinet can play a pivotal role in raising awareness about cybersecurity threats and best practices among businesses and the general public?

Khaled Fawzy - Senior Country Manager for Egypt, Libya, and Sudan at Fortinet

Cybercrime impacts everyone, from individuals to corporations to governments, and the consequences of experiencing a breach are often far-reaching. One of the most effective—and often overlooked—actions we can take as an industry to address these pressing issues is by building partnerships. Cultivating relationships and sharing information creates trust, and greater trust among public and private organizations opens the door for more intelligence sharing to stay ahead of cybercrime.

Because of Fortinet’s commitment to rigorous auditing, nearly 80% of all Fortinet vulnerabilities discovered in 2023 were identified internally by Fortinet. This proactive approach to seeking out and finding potential vulnerabilities enables us to develop and implement fixes before malicious exploitation can occur. All vendors should engage in similar proactive analysis and disclosure practices. Such an approach will not only help the customer to enhance its cyber posture, it also significantly enhances the safety of the entire cybersecurity ecosystem.

Many collaborative efforts are also underway today that strive to share knowledge and best practices across industries and organizations to disrupt cyber-criminal operations. Fortinet invests meaningful resources in global partnerships, including the MITRE Engenuity Center for Threat Informed Defense, and is also a long-standing member of the NATO Industry Cyber Partnership, a partner of NIST’s National Cybersecurity Excellence Partnership (NCEP) program, an active member of INTERPOL Gateway. Fortinet is also one of the founding partners of the World Economic Forum's Centre for Cybersecurity – with Fortinet CEO Ken Xie serving as a member of the Centre’s Advisory Board.

Can you provide insights into the current cybersecurity landscape in Egypt, especially in light of recent attacks? What trends are you observing?

Recent attacks have been reported across different sectors around the globe, particularly in high-stakes industries such as financial services and Oil & Gas.

In alignment with Egypt Vision 2030, and with Egypt’s digital transformation strategy having taken hold in recent years, we are seeing growing awareness from government and organizations across different industries and sectors to adopt and invest in cybersecurity measures, which is a great step.

However, the threat landscape is continuously evolving, so organizations need to continue taking this even further, and considering how they can maintain and develop their cybersecurity roadmap and vision for the future. How will they protect their people, technology, and processes in the coming weeks, months, and years? This is what they need to consider.

With increasing cyber threats, how can the government and organizations in Egypt ensure they are not just reactive but also proactive in their cybersecurity strategies?

Cyberthreats aren’t going anywhere. As technology continues to evolve and grow, so will the tactics and techniques used by threat actors.

Organizations can take several proactive preparatory steps to ensure incident response (IR) readiness, including evaluating the existing threat landscape of your environment. These steps include conducting regular risk assessments, implementing comprehensive security policies, and providing continuous monitoring and threat intelligence gathering.

Organizations can enhance their IR capabilities by investing in training programs and simulation exercises, enabling a swift and effective reaction to cyber incidents.

Readiness assessments conducted by an external third party provide a critical perspective on your organization’s current state of readiness. Such assessments should include evaluating processes, procedures, personnel, documentation, and technology to gauge the maturity of your organization’s overall IR readiness.

Unlike an audit, these assessments are designed to pinpoint potential weaknesses that could undermine your ability to respond effectively to an incident.

Organizations can also proactively address deficiencies outside active engagement by identifying people (capacity and skill gaps), processes, or technology.

This proactive approach identifies opportunities to strengthen resilience against cyberthreats and enhances readiness. Ultimately, such assessments empower organizations to fortify their defenses and better protect themselves in an increasingly complex and challenging cybersecurity landscape.

Fortinet has emphasized the importance of bridging the cybersecurity skills gap for a long time. Can you elaborate on the specific initiatives Fortinet is undertaking in Egypt to address the gap?

As the cybersecurity landscape grows increasingly complex, Fortinet’s 2024 Global Cybersecurity Skills Gap Report reveals that 70% of organizations believe the shortage of skilled cybersecurity professionals is increasing risks to their security.

Fortinet is at the forefront of working to address the skills gap by providing award-winning training and certification curriculum designed to equip individuals with the necessary skills and knowledge to better mitigate cyber risks.

Fortinet’s Academic Partner Program collaborates with higher education institutions and schools around the world to help learners become part of an elite group of skilled cybersecurity professionals. As part of this program in Egypt, we work with the Arab Academy For Science Technology and Maritime Transport (AAST), Information Technology Institute (ITI), Nile University, and NTI, among others. We also collaborate on many local educational initiatives, working alongside MCIT on Digital Egypt Builders (DEBI) and Digital Egypt Cubs (DECI) Initiatives.

Addressing the cyber skills gap is vital to enhancing our society’s collective cyber resiliency and we are committed to developing the current and future cyber workforce through the Fortinet Training Institute.

As part of this effort, we remain focused on our pledge to train 1 million individuals in cyber by 2026, with more than half a million people having been trained since the pledge was announced.

Let’s put a spotlight on your most recent initiative, the Flag the Hack competition. Could you explain its purpose and how it can impact Egypt’s cybersecurity capabilities?

The Flag the Hack competition was born out of our mission to improve cyber skills among local security professionals, enabling them to tackle the latest cybersecurity challenges, experience state of the art cybersecurity solutions, and give them hands-on cybersecurity tools experience. It also gives them an opportunity to ask questions of our Fortinet Network Security Experts.

The competition is a unique team exercise in which participants, working together in groups, are responsible for detecting cyber-attacks carried out by experienced Fortinet team members. This detection process is conducted “just like in real life” under time pressure. 

The attack scenarios that are simulated are based on Fortinet’s own global forensic analysis work. These attacks are performed on typical enterprise infrastructures secured with modern and well-configured security tools, such as EDR, SIEM, and SOAR.

As the participants are experienced security professionals, we ensure a high level of expertise and knowledge sharing in the areas of SOC and incident response. Each team is also guided by an experienced Fortinet engineer.

Events like this play a pivotal role in not only upskilling local talent and sharing awareness about the latest attack methods, but also in sharing in the fun and love of cybersecurity for anyone looking to evolve their career in the field.

In your opinion, what key components should cybersecurity training programs for organizations include to effectively prepare their teams for current and emerging threats?

This month, as Cybersecurity Awareness Month, serves as a reminder to organizations that cybersecurity is everyone’s job, not just the security teams, and your employees play a part in safeguarding your organization. When equipped with the proper knowledge, employees can serve as a solid first line of defense against cybercrime.

Every cybersecurity awareness training program should be unique and include content tailored to the business needs. Yet there are core pieces of cybersecurity knowledge that every individual should possess regardless of their industry or organization. Essential topics to cover in training include:

Passwords: Training should cover tips on how to create passwords that are difficult to crack, as well as how and why to use a password manager.

Multi-factor authentication (MFA): MFA offers individuals another layer of protection against cybercrime. If your security team has already deployed MFA, employees should understand why it’s effective and how to use it.Social engineering attacks, including phishing:

Phishing is the top tactic bad actors use to infiltrate corporate networks and launch attacks involving ransomware and malware. All employees should understand how to recognize social engineering attempts and the steps to take if they think they’re a target.

Software updates: One of the easiest ways to reduce the risk of falling victim to cybercrime is to keep software and applications updated. Employees should know why it’s important to patch quickly and the organization's policy on software updates.

Looking ahead, what do you envision as the biggest challenges and opportunities for cybersecurity in Egypt over the next few years? How is Fortinet preparing to meet those challenges?

In a January 2024 report, the World Economic Forum ranked cybersecurity threats (“cyber insecurity”) in the top 10 risks that threaten the world over the next decade—alongside key issues like climate change, social inequality, and public health crises.

In Egypt, the government is responding to the new cyber regulations, including the Egypt Telecommunication Regulation law, Egyptian National Security Strategy, Financial Regulatory Authority (FRA) supervising and regulating non-banking financial markets and instruments, and the Central Bank of Egypt security regulations for the banking sector.

Increasingly, those in leadership roles are also being held responsible for their organization’s cybersecurity.

Because of this, boardroom discussions are frequently around the topic of resiliency and how the organization should adapt and learn from cybersecurity incidents.

The explosion in data volumes, the increased speed of innovation, and the growth of the interconnectivity of digital applications and ecosystems, are also having their impacts on the world of cybersecurity.

As a result of interconnectivity, a cyberattack can now have a huge impact on an organization’s entire ecosystem, including the final customer. The chain of events could be dictated by changes in regulations, geopolitical situations, and cyber warfare.

For this reason, in 2025 and beyond, CISOs and the rest of their organization’s leadership must balance technological innovation and business strategy, and create resiliency plans to respond to a broad range of cybersecurity threats via a policy supported by the three essential pillars of people, process, and technology.