Cyber-crime is not a new phenomenon and it has gained momentum in recent years leading to more cyber-attacks on businesses, government establishments and other entities, leaving a trail of destruction in its wake. Over the last few years, the evolving threat climate has led to an increase in security spending. Enterprises are also transforming their security spending strategy in 2017, moving away from prevention-only approaches to focus more on detection and response. According to Gartner, spending on enhancing detection and response capabilities is expected to be a key priority for security buyers through 2020.
“The shift of mind-set, away from the elusive goal of perfect defense, towards digital resilience, happened first in the Middle East due to the unique circumstances there, but has now spread globally as organizations realize that perfect defense is impossible,” Dr. Mike Lloyd, Chief Technology Officer at Red Seal.
A number of factors, like digitization, mobility, cloud adoption and the changing geopolitical landscape are contributing to the greater security challenges.
“Cloud and data protection will also have an impact as companies and government offices will need to consider how to deal with data leakage and protecting data from both insiders and outsiders,” Thomas Fischer, Global Security Advocate at Digital Guardian.
While the security concerns around the world are mostly the same, some regional differences do stand out. Hacktivism and politically motivated attacks are also major concerns for government and public sector entities. The Chief Technology Officer at Help AG, Nicolai Solling said, “Cyber is the new frontier of political conflicts. I reckon anyone opening any newspaper will see that we have our fair share of political and armed conflicts, which of course also means that we are more exposed to warfare in the cyber domain as well,” added Nicolai.
It was found in a study conducted by PwC last year that companies in the Middle East suffered larger losses than other regions, as a result of cyber incidents and the trend seems to have continued, if not accelerated, this year. The Middle East is an aggressive adopter of emerging technologies and it is important for organisations to benefit from the positive potential of digital technology. On the downside, the threat of cyber-attacks will continue to increase if organisations intensify their digital presence with employing the right security practices.
“Identity theft has become a favoured tactic of choice for cyber criminals, overtaking theft of payment and financial data from previous years. This trend also demonstrates that Middle East organisations are still putting their encrypted data at risk, and highlights the need for increased cyber security,” Sebastien Pavie, Regional Director, MEA, Identity and Data Protection at Gemalto.
Current security landscape eliminates the question whether a company will be breached or not. Getting breached is inevitable and now it is only a matter of measuring the responsiveness of their threat management detection and response components. “Finally, there is the topic of ransomware which impacts the consumers, enterprises as well as government. Ransomware is the first “real” direct business model between attackers and their targets, and unfortunately the business model is working very well for the attackers. From all indications, we have seen so far, 2017 will unfortunately only show a greater rise in Ransomware,” added Solling.
The change in perspective from preventive measures to a ‘detection & recovery’ approach stems from the fact that the attacks are becoming more targeted and being made with little or no warning. Companies often find it difficult to identify when an attack has taken place and many only discover it when third parties or clients report suspicious messages or requests for funds.
Stressing on the importance of turn-around-time after a threat has been recognised, Mazen A. Dohaji, Regional Director – Middle East, Turkey & Africa at LogRhythm said, “A determined threat can’t be permanently stopped, but it can be slowed and discouraged to the point where it may abandon its efforts to compromise a particular organisation and switch targets instead. The key to threat management is to stop attacks as early in the attack lifecycle as possible. Obviously, the sooner a threat is detected, the sooner it can be addressed to prevent additional damage.”
The increase in number of data thefts reflects that information from mobile devices, digital transactions, social media and many other sources is vulnerable to attacks from cyber criminals. The question that now arises is whether any particular industry or sector is more susceptible to such attacks and why.
“There is no definitive answer to this question, but if I’m to select three verticals among which cyber-attacks have grown the most, I would cite government, banking and utilities (oil&gas) sectors, not because they are easier to attack, but for the simple fact that they are “high-value” targets for attackers, whether from a monetary or political perspective,” Roland Daccache, Senior Systems Engineer at Fidelis Cybersecurity.
While cyber criminals may have various motivations behind their attacks, many are financially motivated which is why banking and finance, retail and other industries that deal with monetary transactions still remain prime targets. “Banking and financial institutions are the softest targets for cyber-attacks, followed by government institutions and agencies, oil & gas, and utility companies,” Amit Roy, Executive Vice President and Regional Head for EMEA at Paladion.
When looking for a reason, one needs to look at the new technologies that have gained rapid acceptance and are quickly becoming a huge part every organisation in the region. Adopting latest technologies like IoT, digital transformation, artificial intelligence, etc. ensure higher productivity and better business growth but they are also enabling easier access to networks by cyber criminals. Regardless of the industry, wherever the operations become increasingly digital, those organisations appear more lucrative to cyber criminals.
“IoT-enabled applications and solutions are evident across the region, in various industry and government sectors, including manufacturing, healthcare, transportation, oil/gas, utilities, energy and water. As these organizations face various internal and external security issues such as network attacks, malware, malicious software and external hackers, it is critical that they develop robust mechanism to quickly detect any suspicious activities,” explained Florian Malecki, International Product Marketing Director at SonicWall.
To safeguard against sophisticated cyber threats, organizations need to first adopt a robust cyber security framework that continuously adapts to the changing threat landscape. According to Paladion, managed security service providers play an important role by offering robust cyber defence solutions with Machine Intelligence, Data Sciences and Security Analytics.
Roy emphasized that organizations need to first adopt a robust cyber security framework that continuously adapts to the changing threat landscape. “This requires effective ISMS, regular security testing or vulnerability management, round the clock security monitoring, and the right security technologies,” he continued.
Governments at individual and regional level have an important role to play both from creating a regulatory and policing framework perspective, to working with IT security firms in the private sector to fight cybercrime syndicates.
“Currently in the Middle East, companies are not obliged to report data breaches that have occurred. Consequently, many don’t, largely because of the ways in which this disclosure could negatively impact the business and its reputation,” Sebastien Pavie, Regional Director, MEA, Identity and Data Protection at Gemalto.
Solling emphasized that one area where governments can and should get involved is in creating awareness of the general population, especially in this region where governments can add a lot of value is around legislation of information security.
As this phenomenon seems to be a never-ending battle, organizations need to be more alert and dynamic in equipping themselves with a comprehensive cyber security strategy delivering 360 degree visibility, continuous monitoring, advanced analytics and efficient incident response orchestration. This will ensure that these firms are well positioned to identify and respond to the early indicators of an intruder, and neutralise the threat before it can result in a material cyber incident. In order to be certain that targeted threats are reduced, stringent cybercrime measures need to be set up by all organisations in the region.