Cash-rich oil wells bring cyber attack danger to Middle East

Cybersecurity awareness finally grows in the Middle East

In the wake of a growing number of targeted attacks in the Middle East, cyber security is becoming ever more important.

The region may have been left largely unscathed by the recent international WannaCry attack that hit governments, banks and hospitals around the world; however, in recent years the Middle East has seen a rise in targeted attacks. Saudi Arabia’s energy sector has faced several focused assaults for example, and we’ve also seen a growing number of ransomware attacks in UAE and Qatar. Malware is also an issue; one of the most high profile examples being Shamoon, which has resurfaced on several occasions, destroying data on thousands of computers.

“The threat landscape in the Middle East is rapidly evolving in sync with the increasing sophistication of cybercrime across the globe. Cybercrime has become a heavily globalised industry, with international hacker operations that have become very sophisticated,” notes Sachin Bhardwaj, Director Marketing and Business Development, eHosting DataFort.

Last year companies in the Middle East suffered larger losses than other regions as a result of cyber incidents according to a survey by PwC. It stated that 56 per cent lost more than $500,000 compared to 33 per cent globally, and 13 per cent lost at least three working days, compared to nine per cent worldwide. Businesses in the Middle East are also more likely to have suffered an incident like this compared to the rest of the world: 85 per cent of respondents compared to a global average of 79 per cent.

“The resources of Middle East countries and their rapid adoption of digitisation have made the region an attractive target for a wide array of cyber threats. Indeed, governments and large organisations in almost every vital sector of the region have sustained damage from cyberattacks,” notes Scott Manson, Cyber Security Leader for Cisco Middle East and Turkey.

One such resource is oil and gas – an industry particularly vulnerable to cyberattacks due to its remote and geographically vast operations and therefore high dependence on networks. Then there are several other challenges specific to the region that need to be considered.

For example, according to Cisco, the Middle East and Africa is predicted to see an increase of mobile devices and connections from 1,300 million in 2016 to 1,814 million in 2021, creating more endpoints to protect. Lack of skills is also a concern, with many businesses finding it hard to recruit and retain individuals with the necessary cyber security knowledge and experience.

Plus cultural and political issues also have a role to play, as Nicolai Solling, CTO at Help AG highlights.

 “We do have our unique differences: there are a number of challenges that impact how we work as a result of the user base being very different. One of these is that the Middle East is a very multicultural region, and this has a huge impact.

“Cyber is also the new frontier of political conflicts. Anyone opening a newspaper will see that we have our fair share of political and armed conflicts, which of courses means that we are more exposed to warfare in the cyber domain as well,” he explains.

On a positive note however, the growth in cyberattacks have been a wakeup call for business – and governments – in the region, which are now much more aware of threats than they were say, just 12 months ago.

“Business have realised that it’s a matter of when not if they will be attacked,” says Hany George, Security Specialist for Mimecast Middle East. “This has raised the right questions within business where reassessing their security posture has become top of mind.”

According to Tech Mahindra the EMEA market is expected to contribute approximately 35 per cent of overall cyber security spending by 2019, with technology providers seeing a clear upward trend in the deployment of the latest tools and solutions to tighten security controls.

“One of the prime drivers have been the banking, finance and telecom ‘service sector’ of [countries such as] Saudi Arabia, UAE etc,” says Rajiv Singh, Senior Vice President – Global Cybersecurity Business at Tech Mahindra.

“Oil companies are leaning more on operational technology and the Internet of Things and Cloud security, with shipping and logistics companies increasing their focus on cyber security, which was hitherto completely lacking,” he notes.

Michael Marriott, Security Researcher at Digital Shadows highlights that although there’s been no shortage of action from businesses across the region, it’s not enough to just “throw money at the problem”.

“Whether there has been efficient and targeted action I’m not sure,” he says. “Throwing money at the problem doesn’t always solve it – it can sometimes make the situation worse. After all, the task of integrating and controlling a multitude of cyber security solutions in your network is a challenging one - even for the largest organisations. That is why more businesses are recognising that managing their digital risk is the best way to ensure they are spending wisely, and deploying their resources most efficiently.”

Analysts including IDC believe that going forward the Middle East can expect to see an increase in cyberattacks, especially ransomware and new types of social engineering attacks. However, both businesses and governments are become more proactive in their approach to security.

But there is still work to be done according to Solling, especially by governments, which he believes should be focusing on wider education.

“An area where governments can and should get involved is in awareness of the general population. Especially in our region, with the cultural diversity coupled with the tremendous uptake in both government as well as private initiatives to deliver innovative IT enabled services, we diligently need to educate our citizens,” he explains.

“Cyberattacks over the past few years have indeed raised awareness, but users remain the weakest link,” agrees Megha Kumar, Research Director, Software and Cloud at IDC Middle East, Turkey and Africa. “Many of the attacks are the outcome of hackers taking advantage of lack of user awareness and social engineering attacks,” she notes.