The Middle East is responsible for a significant share of the world’s energy resources and is also one of the fastest growing regions for personal internet and mobile phone use. How vulnerable is the region to major cyber attacks?
Last year, the UAE National Electronic Security Authority announced that cybersecurity is one of the biggest economic and national security challenges countries face in the twenty-first century. All stakeholders, including government and private entities, are vulnerable to cyber attacks, it said.
Studies show that hacks have been increasing over the last several years against major corporations in the Gulf, specifically where the majority of the region’s economic activity is situated.
Though many companies are found to be severely lacking in technical expertise to counter these threats, businesses are becoming increasingly proactive in raising awareness of these issues to boost defenses.
Cybersecurity challenges facing the Middle East
Cyber attacks against major corporations in the Middle East are reported to have risen over the last few years.
According to the Cisco 2015 Annual Security Report, companies in the region are employing solutions that block network breaches and other malicious attacks, but cybercriminals are learning to evade detection by changing tactics to steal information.
Energy firms in the Gulf are the most vulnerable to these attacks. Researchers from the cybersecurity firm Symantec, for example, said that earlier this year a new information stealer called “Trojan” was detected targeting petroleum, gas, and helium industries primarily in the U.A.E., but also firms in Saudi and Qatar.
The attack on Saudi Arabia’s state-owned Aramco in August 2012 is the most notable hack against a Middle Eastern energy company in recent years. Over 30,000 workstations were infected with a virus that destroyed thousands of computers.
A group calling itself Cutting Sword of Justice claimed responsibility for the attack, saying it had hacked Saudi’s oil giant for its “crimes and atrocities taking place in various countries around the world, especially in the neighbouring countries such as Syria, Bahrain, Yemen, Lebanon [and] Egypt.”
In April 2015, the first Arabic-speaking group of cybercriminals, also calling itself Desert Falcons, emerged targeting multiple high profile organisations and individuals from across the Middle East.
The group has allegedly attacked more than 3,000 top companies and individuals across 50 countries globally with over one million files stolen.
Companies in the region have also expressed concern over potential attacks emanating from the CyberCaliphate, a group sympathetic to ISIS that was responsible for hacking the Twitter account for U.S. Central Command earlier this year.
Sub-state actors, however, are not the only perceived threat to energy firms in the Gulf.
Key Sunni nations like Saudi Arabia have expressed fear over Iran’s ability to launch a cyber attack against energy firms to undermine the Gulf’s oil dominance in the region. Israel’s growing cyber capabilities are also seen as a risk.
Responding to cyber threats
In light of these challenges to online security, experts argue that many companies in the Middle East are ill-equipped to defend against major cyber attacks.
Research by Symantec and Deloitte suggests that more than two thirds of organisations in the Middle East lack the internal capabilities to protect themselves against sophisticated hacks. Additionally, 70% regional IT decision-makers are reported to lack complete confidence in their company’s cybersecurity policies.
Despite this gloomy outlook however, Middle Eastern companies are becoming increasingly proactive in expanding their IT departments and promoting greater awareness of these infrastructure challenges. Current estimates value the Middle East cybersecurity sector at $25bn over the next 10 years.
The U.A.E is a frontrunner for engaging with stakeholders to raise greater awareness on these issues.
Last year, the U.A.E government created the Dubai Centre for E-Security to develop efficient ways to save and swap information amongst all of the Emirates. The Dubai World Trade Center (DWTC) hosts annual events and conferences such as the GISEC conference and GITEX.
Similarly, the GCC Cyber Security Summit hosted in Abu Dhabi last weekend drew some of the world’s top security firms from across the globe to discuss the cyber issue.
Oman has also become actively engaged in boosting cybersecurity awareness. The Oman National CERT was established in April 2010 with the sole purpose of analysing online security threats.
The Regional Cyber Security Summit in Muscat and the Oman Infrastructure & Cyber Security Conference held earlier this year with the UK Department of Trade and Industry also worked to assist the Oman security community to “achieve its strategic goals in protecting critical national assets.”
This awareness campaign is key, as it promotes shared responsibility and greater transparency between governments and private companies to protect critical online infrastructure.
Mike McConnell, senior executive at Booz Allen Hamilton, emphasises the importance of continued research and development efforts: “It is imperative that IT leadership lead a fundamental shift to embedded security.”
“With cyber defense a driver of product and systems development, rather than an afterthought. This shift is particularly important as the internet of everything expands the avenue of attack.”
Investing in the future
Building stronger cyber security defenses is crucial not just for security purposes, but also for boosting consumer and investor confidence. As the Middle East continues to grow economically at a rapid rate, it will be imperative for companies to maintain the trust and legitimacy in the cyber sphere so as to encourage greater investment.
A failure to do could have devastating effects.