A large number of cyber-incidences claimed spotlight last year. Attacks varied from high-profile DDoS using hijacked internet-facing security cameras to data breaches in organizations across the region. There is no indication that the spread of cyber threats and attacks is going to slowdown anywhere in the near future. Over the last few years, the evolving threat climate has led to an increase in security spending, with Gartner estimating that the regional market is expected to spend more than $2 billion on IT security solutions in 2017. Another study by Markets and Markets indicates that the Middle East cyber security market size is expected to grow from USD 11.38 Billion in 2017 to USD 22.14 Billion by 2022, at an estimated Compound Annual Growth Rate (CAGR) of 14.2%.
The manner and speed at which the IT landscape is changing may contribute to this aggressive rise in cyber-crime. As social media, digital transformation and IoT become more and more intertwined in our lives, what should we expect will happen in the cyber security space? Will the increased awareness and connectivity help us be better prepared or will this simply provide easier access to the cyber-criminal? It is also interesting to discuss whether cyber threats, attacks and incidences are same everywhere or whether regional differences affect the way intrusions and breaches happen. To gain better understanding about the regional (and global) threat landscape, we talked to some industry experts on the changing state of cyber security and if any trends are unique to the region.
Commenting on the key cyber security trends in the region, Thomas Fischer, Global Security Advocate at Digital Guardian said, “I see the key trends in the Middle East being a primary focus on governance and working on the people and process aspects of security. We are starting to see the implementation and enforcement of governance policies such as NESA that will impact trends on spending and employee awareness.”
Fischer feels that as cloud is becoming a reality in the Middle East as well, its significant role needs to be considered because greater adoption will bring greater security challenges. In addition to this he considers data protection to have a huge impact as well. “Companies and government offices will need to consider how to deal with data leakage and protecting data from both insiders and outsiders,” he added.
“Advanced cyberattacks and malware infection rates, specifically ransomware and ICS attacks are soaring. Organisations are starting to evolve from fire-fighting mode to developing cyber security strategies aimed at detection and recovery. Unfortunately, the attackers are often one step ahead and in today’s busy world they have time to target specific organisations and attack with no or very little warning,” added Roland Daccache, Senior Systems Engineer at Fidelis Cybersecurity.
Elaborating on how the region is different and yet similar to other parts of the world when it comes to the cyber security issue, Dr. Mike Lloyd, Chief Technology Officer at Red Seal said, “Organizations across the Middle East have long understood the heightened risk of destructive cyber-attacks. Many of the most well-known destructive network attacks were aimed at targets in the Middle East. The shift of mindset, away from the elusive goal of perfect defense, towards digital resilience, happened first in the Middle East due to the unique circumstances there, but has now spread globally as organizations realize that perfect defense is impossible.”
According to Mazen A. Dohaji, Regional Director of Middle East, Turkey & Africa at LogRhythm, the main concern today is that while the Middle East IT security market remains robust and solid from a solutions and vendors’ perspective, the market itself has continued to attract threats largely due to the wealth that’s in the region.
As business in the Middle East is evolving and becoming more digitalised, combined with the changing geopolitical landscape, the real risk of cyber threats is increasing.
According to Nicolai Solling, CTO at Help AG there are some factors that may impact the kind of attack that happens and while this region is in many ways driven by the same overall security discussions as the rest of the world we do have our unique differences.
“There are a number of challenges that impact how we work as a result of the user base being very different. One very important challenge in the Middle East is that it is a very multi-cultural region – one of the most important elements of cyber- as well as other types of security is the human element, and here culture has a huge impact. Finally, cyber is the new frontier of political conflicts. I reckon anyone opening any newspaper will see that we have our fair share of political and armed conflicts, which of course also means that we are more exposed to warfare in the cyber domain as well,” explained Solling.
Expressing his concern on the increase in cyber-attacks from sources that not only include traditional hackers and hacktivists but even state sponsored cyber threats and organized criminals, Amit Roy, Executive Vice President and Regional Head for EMEA at Paladion added that the attacks have been much more financially and politically motivated in the region, experiencing sophisticated hacks on mainstream IT networks as well as Industrial Control Systems (ICS). “Recent attacks have rendered several critical infrastructure assets vulnerable in Saudi Arabia. Today, Saudi Arabia is among the most targeted countries in the Middle East. The recent return of Shamoon also left a trail of destruction in the kingdom that has put authorities in the country on alert and has pushed for further strengthening of cyber defences.”
While a region’s political scenario and cultural environment may influence the type of cyber incidence, in general, the threats and attacks do not vary region to region. It is safe (and sad) to admit that attacks and breaches are happening everywhere regardless of region, industry vertical and even strength of security measures already employed and in conclusion, we can say that ‘cyber’ does not really know any bounds.