How to get the better of cyber-criminals

Top Stories

How to get the better of cyber-criminals
The sophistication and frequency of cyber attacks continue to increase, with reports stating that 70 to 90 per cent of all companies will be breached within the next 2 years.

dubai - Some of the key threats targeting organisations today are malware and human orchestrated attack campaigns

by

Rohma Sadaqat

  • Follow us on
  • google-news
  • whatsapp
  • telegram

Published: Sun 1 Apr 2018, 6:54 PM

Last updated: Sun 1 Apr 2018, 8:57 PM

Cyber-threats today have been classified as a top threat for many countries and organisations on a global scale - not just commercially but economically too.

Security experts have revealed that some of the key threats targeting organisations today are malware and human orchestrated attack campaigns. In addition, with the increased reliance of Internet of Things (IoT) devices, organisations have made themselves more vulnerable to IoT-based cyber-attacks.

"We are witnessing a rise in the number of Distributed Denial of Service [DDoS] threats being launched by cyber-attackers, where more than 7 million were recorded in 2017," says Alaa Hadi, regional director of high growth markets at Netscout Arbor.

He expects this figure to progressively grow overtime. "The financial services [41 per cent], government [37 per cent] and education [29 per cent] sectors have seen the highest volume of DDoS attacks last year."

"Having an advanced threat detection and multi-layered protection scheme is the best security measure against cyber security threats today," he added. "As cyber-attacks get more complex, it is becoming more crucial for organisations to detect and disable threats before they have a chance to bypass the network security gates."

"If the last few years have taught us anything, it's that organisations will be breached," said Alister Shepherd, MEA director, Mandiant at FireEye. "In January alone, the Telecommunications Regulations Authority reported dozens of attacks on UAE government entities and private companies from attackers outside of the country."

According to a recent report that FireEye published, the industries most targeted in the UAE and across the region include the energy, government, financial services and telecommunication sectors. In the Mena region, Gartner expected IT security spending to reach $1.8 billion in 2017.

Ray Kafity, vice-president, Middle East, Turkey and Africa at Attivo Networks, noted that the sophistication and frequency of attacks continue to increase at unprecedented rates, with reports stating that 70 to 90 per cent of all companies will be breached within the next 2 years.

"The biggest threat posed by cyber-criminals today is their ability to remain undetected in the network for months, once they have bypassed perimeter defences," he said. "New technologies and approaches like deception-based threat detection will be one of the techniques and investments that organisations will adopt to close this gap and strengthen overall defences."

Citing the results of the Internet Security Threat Report, Hussam Sidani, regional manager for Gulf, Symantec, said the profitability of ransomware led to a crowded market in 2016. In 2017, the market made a correction, lowering the average ransom cost to $522. Additionally, while the number of ransomware families decreased, the number of ransomware variants increased by 46 per cent, indicating that criminal groups are innovating less but are still very productive.

The UAE was the sixth most targeted country in MEA for ransomware attacks, down 4 spots from 2016. Globally, the UAE ranked 41st with 0.3 per cent of ransomware attacks detected worldwide. Symantec identified a 200 per cent increase in attackers injecting malware implants into the software supply chain in 2017. One in every 238 e-mails sent to organisations in the UAE contained malware, much higher than the global average of one in 412. Large organisations continued to be plagued by malicious e-mail, with one in every 76 e-mails containing a malicious attachment or URL.

Eyad Shihabi, VP for the Middle East, North Africa, and Turkey at BT Global Services, stresses that in today's digital age, no industry is immune from cyber-criminals.

Rising threat levels
Businesses have every reason to be concerned about the rising threat levels facing organisations today, Shihabi said. "With an increased level of digitisation and a strong economy, the Middle East has become a ripe target for advanced cyber-attacks. Over the past few years, the region has witnessed a string of targeted threats such as insider threats, cyber-espionage, ransomware and more."

Amir Kanaan, MD for the Middle East, Turkey and Africa at Kaspersky Lab, noted that according to the company's latest research in 2017, large enterprises face an average cost of $591,000 per security incident in the Middle East. In the same year, enterprises in the region incurred costs of up to $1.5 million for incidents involving electronic data leaks from their internal systems, and more than $1 million for incidents affecting suppliers that they share data with.

"Organisations are not getting better at security; they are getting worse," said Dragan Petkovic, director at Oracle Security MEA. "With today's borderless enterprise, as a result of cloud, mobile and edge technologies like IoT, there is general consensus that there is no such thing as 'total security'. As a result, business information can no longer be protected by the IT team trying to create digital castles and restrict access."

- rohma@khaleejtimes.com


More news from