ME companies play catch up with cyber criminals

Dubai - "Companies today are increasingly getting into the IoT revolution, where they are connecting a lot of devices to the Internet."

While a number of companies in the region are getting into the spirit of the Internet of Things (IoT), by increasingly connecting a host of devices to the Internet, a large majority of them aren't aware of the risk associated with their actions, cyber security experts at the Future Technology Week said.
"Companies today are increasingly getting into the IoT revolution, where they are connecting a lot of devices to the Internet. The problem today is that many of these devices don't have very high levels of security. It is easy for cyber criminals to discern the weakest link in the network and target it," said Aji Joseph, general manager of RadarServices Middle East.
"There are two things to be aware of in this scenario: firstly, the more exposure you have when you are connecting devices to the Internet, the greater the threat; and secondly, many companies don't have the right set of resources to manage these connected devices," he explained.
"You must understand that these devices have limited intelligence and are competing with real human beings, so it is crucial to combine those devices with expertise. This is something that is missing in a lot of companies today, as only the biggest established businesses have the luxury of recruiting the very best IT help and on-site professionals."
Joseph also stressed that cyber security today has to be looked at from a comprehensive perspective. "The days of users buying an antivirus for their computers are long gone - businesses today need to have a comprehensive security policy and plan in place."
He also spoke about how companies today are targeted by cyber criminals. "Apart from the normal host of computer viruses, one of the most prevalent threats that companies face is the ransomware attack, where hackers take over a machine or group of machines and then encrypt the data, before asking for a ransom to decrypt and return the data. In addition, we also see a lot of man-in-the-middle attacks in the UAE, especially in the retail segment, where a lot of customers have their e-mails and other sensitive systems being compromised."
For Joseph, even having the right security plan in place won't mean much unless a company educates its employees on cyber threats and how they target businesses. A lot of companies get compromised because of employee error, he said.
John Dillon, vice-president of global marketing, web and security at Akamai, echoed the same thought, and said it is crucial to have company staff regularly updated on the latest types of cyber threats and security measures in place to prevent them before they do any damage.
"There are two types of threats that companies today face. The first is volumetric in nature, where hackers begin bombarding your website with lots of web traffic, causing it to run extremely slowly, or even shut down in the worst-case scenario. This means that you can't effectively serve your genuine customers anymore. This is one of the more unsophisticated types of attacks. But, there are lots of clever criminals out there that are hard at work looking at how to target a company's weak points. The second type is a web application attack, where someone tries to either deface your website by putting up nasty messages or they try to steal customer information," he revealed.
Akamai delivers up to 30 per cent of the world's web traffic, which equates to seeing and analysing over 20TB of new attack data every day. This ensures that the company is well positioned to understand and respond to the increasing complexity and frequency of web attacks seen in an evolving threat landscape.
"Everyday, there are new and emerging threats by criminals that are becoming increasingly sophisticated in the way they attack companies. A firewall needs to keep pace with this; its rules need to be updated, and the only way to do that is through intelligence. This is where Akamai's strength lies; we see emerging threats before the rest of the community does, and we are able to offer rule updates to our customers. A lot of times a hacker will run a few tests, and we can actually monitor those threats and help our customers be prepared for when the hacker unleashes the threat."
- rohma@khaleejtimes.com