Why cyber crime is a $6bn time bomb for businesses

Experts say many public and private sector firms are already enduring regular attacks – and criminals' methods are getting smarter

DUBAI , UNITED ARAB EMIRATES , SEP 20  ��� 2017 : - Guests watching the video presentation during the press conference of Kaspersky Lab regarding Cyber crime held at the Media One hotel in Dubai Media City in Dubai. ( Pawan Singh / The National ) Story by Nawal
Powered by automated translation

Cyber crimes are becoming more sophisticated as new technology like artificial intelligence and cloud computing pose a major challenge to the region's public and private sectors.

The Mena region is a lucrative market for cyber criminals, Nidal Taha, president of Z Services, a cyber security firm, told The National. Cyber crimes netted more money for crooks than even the drugs trade, Mr Taha said.

Cyber criminals are responsible for stealing more than $1 trillion (Dh3.67tn) globally last year. Of this, the Mean region's share was almost 20 per cent – Dh734 billion – according to Z Services.

Criminals techniques are becoming more advanced with every passing day, Mr Taha said.

"They’ve got the best tools to breach even the most secure networks. The only option to combat them is to regularly update security systems and earmark dedicated teams and budgets for cyber defence," he said.

The cyber-security market, which includes spending to protect internet-connected systems – hardware, software and private data – from attacks, was valued at $6.24bn in the Mena region last year, according to market analysis and advisory firm Mordor Intelligence.

With regional companies setting aside increased budgets for cyber security, the overall industry is predicted to experience robust growth.

Cyber security is expected to grow at a compound annual growth rate of nearly 15 per cent in the Middle East and North Africa region over the next five years, according to Mordor’s forecast.

"The rapid digitalisation in countries such as Saudi Arabia and UAE has triggered a rise in the number of connected devices, opening new gateways for cyber attacks."

Cyber attacks in 48 per cent of the Mena companies surveyed caused damage worth more than $500,000 and almost 60 per cent of businesses lost their systems for more than five hours because of a breach, according to the Cisco 2018 Security Capabilities Benchmark Study.

"The alarming increase in cyber attacks in recent years is a growing cause for concern among Middle East businesses. We have observed the average cost of an enterprise data breach has passed the $1m mark, which is a huge amount," said Maher Yamout, senior security researcher at cyber-security company Kaspersky Lab.

After the growing number of cyber attacks, businesses started giving more importance to Chief Information Security Officers, who now take the lead in making crucial decisions that will help protect their business in long run, Mr Yamout said.

Abu Dhabi, U.A.E., September 19, 2018.  
Darkmatter CEO Karim Sabbagh.
Victor Besa / The National
Section:  BZ
Reporter:  Deena Kamel
Karim Sabbagh of Abu Dhabi's DarkMatter warns of the 'huge gap' in cyber-security investment. Victor Besa / The National 

Kaspersky's recent report on CISOs revealed that 83 per cent of them believe cyber-security breaches are inevitable, which means that businesses cannot afford to be unprepared.

However, the level of protection against external online attackers was assessed as extremely low for 43 per cent of Middle East companies, which may encourage a rise in attacks, according to a separate report by Kaspersky.

Industry experts say Middle East organisations must find a way to effectively share threat intelligence so that new types of attacks can be stopped. Threat-intelligence feeds and the exchange of information can help companies gain knowledge about attackers' latest tactics used by attackers.

"Many organisations don't have a formal cyber security-training programme for employees. A cyber-security budget needs to be set aside and cyber risk must be managed in a structured way to decrease the incidences of such crimes," said Manikandan Thangaraj, vice president at ManageEngine, an IT management firm in Dubai.

It is the number one crime in the value of dirty money… even before drugs. They've got the best tools to breach even the most secured networks

"Many businesses still use traditional tools to prevent attacks. While this may work well against attacks that follow a particular signature, they are not effective against attacks that have new and innovative patterns" Mr Thangaraj said.

The danger of cyber attacks was highlighted by several high-profile incidents in the region. The Shamoon virus that first appeared in Saudi Arabia in 2012 crippled 35,000 computers at Saudi Aramco, the world’s biggest oil-producing company.

The same year, a virus was also found in the computer network of Qatar’s RasGas, a producer of liquefied natural gas.

In the first half of 2018, the UAE experienced one of the biggest data breaches of the decade when ride-hailing firm Careem admitted 14 million of its customers had their data stolen.

Last December, Shamoon 3 – a data-wiping malware – hit the oil and gas sector. It attacked Saipem, the technology vendor of Saudi Aramco and other majors in the kingdom.

DarkMatter, a cyber-security company in the UAE with government contracts, said that the financial and oil and gas sectors in the Middle East, as well as utilities and transport infrastructure, frequently come under attack.

The company estimates that cyber crimes will cost the private and public sectors $6tn in the next two years globally, in what Karim Sabbagh, chief executive of the Abu Dhabi-headquartered firm, called "the largest transfer of economic wealth in the history of mankind". However, he gave a warning of a "huge gap" in cyber security investment, which will amount to just $1tn between 2017 and 2021.

The energy industry in particular is critical to Middle East economies, with the Gulf Cooperation Council nations having $835bn in active oil and gas construction projects, according to a DarkMatter report. Three quarters of regional oil and gas companies have experienced some form of cyber-security breach in the past.

The UAE Telecommunications Regulatory Authority rolled out its first National Cybersecurity Strategy in June to create a legal framework that safeguards emerging technologies and the nation’s critical infrastructure. The new strategy includes 60 initiatives that will be carried out across different sectors over the next three years, and then further evaluated.