Rarely does a day pass without news of a new cyberattack or threat. And while many of these transcend country or regional borders, there are some trends and nuances that can be found in certain parts of the world. As GITEX draws nearer, we put the spotlight on the Middle East and hear from industry experts about some of the main cyber-risks to the region’s organisations, with advice on how these can be mitigated.
CISOs the world over are facing an unprecedented challenge. The cyberthreat landscape is constantly evolving as attackers adopt savvy new tricks and tools to bypass even the most sophisticated defences in order to wreak havoc – often for financial gain.
No global region is spared; the world now a sprawl of connected devices, rendering country borders invisible in the digital world.
However, there are some trends and nuances that can be observed in different parts of the world – based on cultural, political and financial variances.
Intelligent CISO spoke to experts at a number of leading cybersecurity vendors about some of the key regional threats and how these can be addressed.
Their responses are all based around the question ‘are there any region-specific challenges to manage cyber-risk?’.
Here’s what they had to say:
Yazan A. Hammoudah, Senior Manager, Systems Engineering MEA, FireEye
In the Middle East, the volatile political situation and rapid adoption of technology puts the region at risk when it comes to cyberattacks. In the first quarter of 2019 alone, FireEye identified large volumes of Iranian state-sponsored attacks targeting organisations in the Middle East, including the Kingdom of Saudi Arabia (KSA), UAE, Bahrain, Lebanon and Kuwait, and as well as other financially motivated advanced persistent threat (APT) groups. These nation-state groups are looking at a large-scale espionage across some key sectors in the Middle East such as government, aerospace, energy and utilities.
Recently, we have noticed breaches against the education sector in the region, especially when it comes to universities specialised in research. The education sector has the least investment when it comes to cybersecurity for many reasons – one such reason is that it’s important for students to have an open environment and freedom to use devices. Since these devices are not controlled or monitored like a closed enterprise, they are an easy target for cybercriminals.
The attackers are more evolved, well-organised and using highly targeted techniques that leave technology-only security strategies exposed. To identify and stop attackers, organisations need to understand how they think, how they work and what they want. Adopting strategic security intelligence solutions will allow organisations to move from reactive measures to proactive threat hunting.
Jawad Toukna, Director Regional Sales Emerging Markets, Forcepoint
There is no doubt that the Middle East has made strides in technology adoption, but the region is still vulnerable to cyberattacks. According to Trend Micro, there were 1.7 billion ransomware attacks detected globally in 2018. Out of these, 2.4 million were in the UAE, followed by Kuwait and Bahrain with 1.9 million and 1.2 million respectively.
Ransomware is a great example of how cybersecurity affects us all here in the Middle East, from the boardroom right down to employee level. Ransomware is not a new threat, but understanding how companies can fall victim to this and other ‘traditional’ threats demonstrates how cybersecurity must be an integral part of a company’s strategy and how firms need to understand and protect against human behaviour (clicking on a link) which may unwittingly open an organisation up to risks.
Recently, Forcepoint conducted a survey across the Middle East and found that while 69% of IT leaders within organisations have high levels of trust in their employees, 50% also acknowledge that human behaviour is most damaging to trust.
Forcepoint believes that by taking a ‘human-centric’ approach to cyberthreats, organisations can prevent breaches. Part of this approach means adopting behavioural analytics technologies, something that our survey showed is not happening in more than 50%of organisations in the Middle East (despite 90% of them saying this is a crucial step to effectively stop breaches).
The cyberthreat landscape is evolving rapidly and companies need a different approach, as the security challenges posed by Digital Transformation projects need addressing. One such approach is a dynamic, risk-adaptive product such as Forcepoint’s Dynamic Data Protection.
Hassan El-Banna, Business Development Manager, META, Genetec
In the Middle East, organsations are most susceptible to attacks. According to a study by McAfee which reported that the UAE is the second most targeted country in the world for cybercrime, costing the Emirates an estimated US$1.4bn per year.
Evidently, there is a strong need for organisations to implement risk assessment. Risk assessment tests should be conducted on a recurring basis in order to catch vulnerabilities, inefficiencies and non-compliances with standards for security policies. If an organisation does not assess and manage risks, they are vulnerable to attacks.
Today, technologies are continuously evolving so your organisation must assume that cyberattacks will evolve too. Taking time to implement a cybersecurity risk assessment to educate your workforce and prevent malicious attacks is vital.
Cyberattacks are no longer simply a technology issue. They affect the entire business and can have a huge financial impact on an organisation. The costs can include cleaning up and restoring a network as well as re-establishing trust with partners and customers alike. According to a 2017 research study conducted by the Ponemon Institute, the average cost of a data breach in the Middle East alone has reached US$4.94 million.
In addition, cyberattacks are now targeting IOT devices such asvideo surveillance, access control, alarms and communications.According to industry analyst firm, Gartner, by 2020 more than 25% of cyberattacks in enterprises will involve IoT devices. And yes, that includes the very devices that are supposed to help keep us safe. That alone could give businesses a false sense of security.
Rajesh Ganesan, Vice President – ManageEngine
Of course, every region has its own set of cybersecurity threats and challenges and hence has to formulate a specific plan to manage cyber-risks based on their financial, political and cultural demographics.
For example, the relatively high concentration of oil and gas companies in the GCC region makes them an exclusive target for hackers like organised ransomware groups.
Due to the enormity of the financial and operational impact it can make, such groups work with high levels of motivation to leverage the same type of attacks across multiple companies. To combat this, companies must get their act together and learn from each other to build strong layers of security.
Similarly, the GCC countries are also some of the pioneers of having digitisation as an important government policy which is driving the entire region to become one of the most digitally connected. In the same vein, while the states are trying to bring about legislative measures to counter cyberthreats, arriving at a common technical and legal framework and implementing it across the region has been a challenge. This has a profound impact on the companies of the region too.
And the cultural aspect plays a critical role too as the GCC region has been most welcoming to a many expats, who in fact outnumber the locals in some states. The multiculturalism brings many advantages but also paves way to multiple threats in the form of residents who are either temporary or have their own jurisdiction. It has been well-established that while the number of incidents because of insiders is always typically low, the consequence of any insider attack has always been enormous and catastrophic. Bringing together people of varied culture and approach to handling sensitive business information is a top challenge in any company’s list.
While technologies evolve very fast, the adoption is caught up globally, fairly easily, and the application of technology is getting to be standardised. In addition to standard information security procedures, CISOs should also focus on the strong regional factors that could pose strong cybersecurity threats.