The Middle East has seen a rise in cyber criminal activity recently, with energy companies Saudi Aramco and Qatar’s RasGas and news websites such as Reuters and Al Jazeera being targeted in the last few months.
There are a number of reasons for the increasing number of attacks in the region, explained Justin Doo, director of Security Practice, MENA at Symantec.
“Organisations have continued in recent times to install the same defensive protocols and technologies and solutions as they were five years ago and expecting to get a result.
“The threat landscape has changed. We see targeted attacks focused on individuals in organisations, using them as the vector into the business,” he said, adding that organisations have to upgrade their security systems to meet the new threats
The nature and purpose of those committing the crime is also varied.
“There is criminal motivation that is financially driven, we call it hacktivisim. Then there motivation driven by the social conscious, which took place during the Arab Spring, where people come together through social media and target specific organisations. They are not interested in the money, they are interested in causing embarrassment, in causing disruption and shutting down businesses,” he added.
Since many high profile companies don’t have PR strategies in place in case of a cyber attack, they are not prepared to deal with the media, which in turn could have an intrinsic effect on brand value, said Doo.
“These are the things being exploited, the cultural differences, the fact that we don’t disclose enough in this region, we don’t talk about it enough.”
While bigger companies are aware of the threat, it’s the smaller ones that are being targeted, said Justin.
“That’s a greater danger because they become the vector for cyber criminals to break into the bigger companies,” he added.
“The lack of awareness about digital identity is the biggest problem — if you don’t know that something that you have has a value to someone else, you are not going to protect it.”
Aji Joseph, the general manager of ESET Middle East says that awareness is also lacking among consumers in the region.
“We still lag behind the US and Europe, because in this region, consumers just buy [gadgets] based on recommendations; they don’t update themselves with what they need to know. The majority of them don’t have basic IT knowledge,” he said.
“Often they only realise the problem after they run into trouble. They are not willing to spend time to educate themselves about the gadget they use.
“No-one is immune, and now, with mobility in the mix, it has gotten even more complicated,” added Symantec’s Doo.
The only way to spread awareness is by talking about the problem and getting the message out through the media, through all the vendors in the market and the government, he said.
For consumers, Joseph suggests a basic three-step guide for cyber attack prevention.
1) Get a genuine and good antivirus system and update it regularly.
2) Ensure that the operating system and software is sufficiently patched.
3) Don’t click on unknown links, or open attachments that appear irrelevant.
“As a solution, it is important to look at how you can build protection around the information. Make the device irrelevant and make the information important,” added Doo.