83 per cent of organisations in the Middle East make the majority of their cyber security decisions without insights into threats, says new Mandiant report

Jamil Abu Aqel, head of Mandiant systems engineering for MEA and Emerging region — Google Cloud sheds light on the importance of informed cybersecurity decisions for businesses in the Middle East

As GISEC Global 2023 kicked off in Dubai, what latest solutions are you showcasing there?

This year at GISEC, we are showcasing Mandiant Advantage, our multi-vendor XDR platform delivering Mandiant’s expertise and frontline intelligence to security teams of all sizes.

One of the modules within Mandiant Advantage is Attack Surface Management which allows organisations to see themselves through the eyes of the attacker. This has rapidly become a top priority given the sharp uptick in adoption of cloud, SaaS and mobile across a distributed workforce which leads to an expanding, evolving and changing attack surface subject to an increasing number of sophisticated threats. Organisations can use the insights from Attack Surface Management to continuously discover and monitor their exposures and enable intelligence and red teams to operationalise and inform risk management.

Another module we are focusing on at the show is Security Validation, an automated and continuous testing program allowing organisations to quickly and confidently be able to answer the question: "Can we be breached by the latest attack?"

Last year marked a new record for the volume of cybercrime and data breaches globally. What more can to be done to protect digital assets?

Findings from our recent 'Global Perspectives on Threat Intelligence' report suggested despite the widespread belief among Middle East respondents that understanding the cyber threat actors who could be targeting an organisation is important (94 per cent), 83 per cent stated that their organisations make the majority of their cyber security decisions without insights into the threat actor that is targeting them.

As attackers become more sophisticated and innovative in their methods, we recommend businesses to take proactive measures to protect their valuable assets and customer data by seeking concrete threat intelligence on potential attackers and their methods relevant to their specific industry, leverage that intelligence to protect against potential threats, and effectively communicate on the cyber threat to key stakeholders.

What are the imminent trends in 2023 affecting attackers' behaviour along with organisations' investments in cybersecurity to ward off attacks?

Some of the trends we are witnessing include –

European energy concerns will play out in cyberspace

With recent geopolitical factors showing no signs of receding in Europe, concerns around energy supply and prices are likely to manifest as malicious cyber operations. Mandiant has already observed an uptick in energy themed phishing campaigns. European energy suppliers are a key target for state-sponsored threat actors looking to impose further pressure on rival countries. Pressure on the European energy supply will also increase interest in non-European energy providers. The availability of oil and gas as well as potential price movements and developing government energy policies will all become more important targets for state intelligence agencies.

The energy crisis in Europe may also result in more frequent targeting of critical infrastructure. This is a sector already at risk of destructive cyber attacks when nations are in conflict, but the current energy crisis amplifies the threat. We forecast critical infrastructure being targeted in ransomware campaigns focused on disrupting energy and power supply. State authorities must focus on increasing cyber security defences around high-impact target areas, whereas existing apparatus should be enhanced in light of potential threats in 2023. Securing the source of key energy infrastructure should be paramount.

More Extortion, Less Ransomware

Historically, cyber criminals have used ransomware to monetise access into a victim’s network. Due to several high-profile and visible breaches last year, organisations see mitigating brand damage as a much more compelling reason to pay a ransom than regaining access to encrypted systems. Over the next year, we will continue to see criminals rely on extortion, but actual ransomware deployments may decline.

What industries in Middle East are most at risk to cyber-attacks?

At Mandiant, we see that the industry’s most frequently targeted in the Middle East are across energy and utilities, government and the healthcare sector.

Where can you support businesses the most?

At Mandiant we have a strong local presence across the MEA and emerging region, with the team based across UAE, KSA, Qatar, Egypt, Morocco, South Africa, Turkey, Poland, Romania, and serving the whole region. Our aim is to help organisations adopt an intelligence-driven strategy to strengthen their cyber defences, tailored to their specific industry, country and company. We’re seeing that boards and senior leaders across governments, and public and private sectors in the region are more engaged than ever before and working to better understand how cyber risk is being managed within their organisations. More dialogue with leadership around cyber risk and the impacts proactive and reactive measures have on an organisation’s risk profile will be a great trend to see.

• KT Network