This year's GISEC cyber security conference in Dubai shows the fight against cyber crime is global
How the fight against online fraud has become a billion dollar business
It is a dark world of worms and viruses, malware, botnets, black hats and hackers. The criminal side of cyberspace.
They lurk in the background of this week’s Global Information Security Expo and Conference (GISEC) in Dubai, but also drive a fast growing multi-billion dollar industry to fight them.
Dozens of security firms and consultants are attending the three day event at the World Trade Centre, offering their own solutions to a criminal enterprise that threatens to overshadow any other.
With many cyber crimes either undetected or unreported, the exact scale of the problem is hard to determine.
But the Middle East is regarded as one of the most vulnerable and highly targeted regions in the world.
The ride-hailing service Careem last month revealed that it had suffered a data breach that saw hackers obtain the personal details of 14 million customers.
Careem said that it discovered the attack in mid-January, although it is not clear how much earlier the network had been broken into.
Such a timeline is not unusual, says Yazan Hammoudah, from the Dubai-based cyber security company FireEye.
On average, hackers access networks for around 100 days before they are detected, he says. In the MENA region, this rises to 175 days - or nearly six months.
“Imagine what could happen in those six months, says Mr Hammoudah. "The attacker can spread inside the network, stealing credentials, using tools and procedures that can give them more ability to attack even different organisations.”
A report for the company found that almost a quarter of all attacks in 2017 were aimed at the financial sector, the highest proportion. Next came government organisations on 18 per cent and 12 per cent aimed at businesses and professional services.
“No one is safe from these kind of attacks,” he added. “Education, healthcare - all of them are targeted.”
A problem for the future will be shortage of trained workers in the cyber protection industry, Mr Hammoudah said. It is estimated that the US has around 285,000 unfilled vacancies alone.
"I expect in the next few years this number will go even higher,” he said. At the same time spending on cyber security in the MENA region has risen to $1.8 billion, an increase of 11 per cent on 2016.
“We see the region is being subjected to cyber attacks big time”, he said.
The latest security survey from GMB, another Dubai based software company, found that nearly four organisations out of 10 had suffered a serious incident in 2017, with with 15 per cent reporting five incidents or more. The numbers were up by 13 per cent on the previous survey.
At the same time, nearly 80 per cent believed their company’ security strategy was adequate.
Among those attracted to the business of cyber security is the UK government, which is hosting six British companies at GISEC.
The delegation includes Peter Estlin, from the City of London Corporation, and with a 35 year background in international finance.
The field has created 800 businesses, employing 100,000 people and worth £2 billion (Dh10 bn) in exports for the UK. Within two years he predicts this could reach £3bn.
“There is more cyber crime in the UK than all other crimes put together,” Mr Estlin said.
“It ranges from simply obtaining data falsely, to financial crime, fraud - either picked up through identity theft or phishing, and fraudulent transactions.
"In terms of the magnitude, we are seeing a much greater incidence of the 'you and I' attacks through emails and other forms, but cyber attacks on companies are increasingly, literally on a daily basis.”
The aim of the UK is both to convince the international community that the country’s highly lucrative financial sector is safe to do business with, but also to built the export market for the services of British companies.
The UK is now deploying teams of what it calls “cyber envoys” in selected key markets, including the Arabian Gulf, with an office in Dubai.
“Its fair to say cyber is not a specific issue for an individual country. It’s global,” Mr Estlin says.
“If we are going to trade with the Gulf we want to make sure they have got adequate cyber security. And they may also have some great ideas."