LONDON: Cyber attacks in the Gulf are a growing threat for businesses operating in the region, Internet security experts warn, calling for more to be done to protect data.
Businesses, consumers and governments in the GCC are increasingly victims of a varied range of cybercrimes, including malware emails; software that holds a victim’s data to ransom, and most recently “cryptojacking” which involves the unauthorized use of someone’s computer to mine for virtual currencies.
“Cyber risk is a real threat to Gulf states, with the cost of data breach mounting in 2017,” Edmond Christou, Middle East analyst at Bloomberg Intelligence, told Arab News. Bloomberg Intelligence on Monday published research on the impact of cyberattacks on oil and gas companies in the Gulf.
“Although we have seen a move toward greater protection from these risks, including Dubai launching a cyber-security strategy last year and Saudi Arabia setting up the National Authority for Cyber Security, it is still not enough,” he said.
Saudi Arabia’s new authority was set up in November following growing fears last year that the “Shamoon” virus had re-emerged. That virus brought tens of thousands of computers at national energy company Saudi Aramco to a standstill in 2012.
There were also reports of a malware attack against safety and control systems at a Saudi Arabian petrochemical company last year, an attack that could have triggered an explosion.
New research from security firm Symantec found that one in 175 emails in Saudi Arabia is blocked as malicious, which exceeds the global average of one in 412.
Incidents of spam and phishing emails in the Kingdom exceeded the global averages too, the Internet security report — published on March 26 — found. The UAE also struggles with cybercrime, with one in 238 emails blocked as a suspected malware attack.
Haider Pasha, chief technology officer for the emerging markets at Symantec Middle East, told Arab News that the Gulf is seen as an attractive target for cyberattacks due in part to the number of large and strategically important companies based in the region, and specifically in Saudi Arabia.
He added that Gulf businesses are also in “catch up mode” when it comes to digitization of their services, as compared to those in other more developed markets.
“Practically every industry we are talking to in oil and gas, service providers, even health care and finance are essentially going through a race to digitize,” he said.
Pasha noted that some advancements in cybersecurity have been made.
“You need to really understand where your sensitive data is, where the assets are and have a robust security strategy or framework that you can abide by. I see that happening more and more within Saudi Arabia and the UAE,” he said.
Governments are also encouraging individuals to better protect themselves against viruses on their computers and mobile phones. “Consumers are more aware of what are the basic cybersecurity hygiene they need to do to stay secure,” Pasha said.
Yet there remains much more work to be done, said Simone Vernacchia, senior director and digital infrastructure and cybersecurity lead for the Middle East at PWC.
“Although the governments’ level of maturity is increasing, attacks are getting more advanced and the motivation of attackers is increasing,” he said.
“Sometimes critical country infrastructures are partially or completely managed by private entities, which need to increase their maturity in order to guarantee the country’s resilience,” he said.
Vernacchia called for governments to be better able to anticipate attacks and put in place regulation that would force companies to disclose data breaches to governments so they could use that information to protect other entities.
“They should foster private-public collaboration across different entities to share intelligence and act together against common threats,” he said.
Amir Kanaan, regional managing director at Kaspersky Lab, based in Dubai, agreed that regional governments need to work with businesses to combat the cyber threat.
“Many Middle Eastern cities are touted to develop immensely in the next few years to become smart cities and business hubs, which makes it all the more important for them to have an intelligent security strategy in place,” he told Arab News.
“We believe that the only way to combat cybercrime effectively is when the public and the private sectors work hand in hand toward solving this problem.”