Digital Landscape or Digital Riskscape?

As businesses rush to embrace digital transformation in the Industry 4.0 era, recent research by international cybersecurity experts shows that while cyberspace can deliver superior efficiency and productivity benefits, it can also put businesses at severe risk.

Research from Kaspersky Lab points to a rise in malware attacks throughout the Middle East. In the UAE alone, the research states that attacks shot up by 12% in Q1 of this year compared to the first three months of last year.

The statistics are mindboggling. Over Q1 this year, some 23.4 million malware threats were reported in the UAE and 1.1 million phish attacks – that’s an average of over 12,000 threats every day!

And, in an era of the modern workplace when mobility is essential, comes an equally disturbing factor – mobile users are apparently proving even more vulnerable. Some 52,607 mobile malware attacks in the UAE spiked by 20% year-on-year.

Experts put the rising trend down to a culmination of factors, among them inappropriate use of employer’s IT property and unsecured sharing of company data via personal mobile devices. Analysts warn that malicious or criminal attacks are behind 61% of data-breaches in Saudi Arabia and the UAE.

What the research points out is that threats don’t just come from outside an organisation, they can be instigated by those inside and it delivers a stark wake-up call to companies that security within, will lessen the threat from the outside.

Cybersecurity experts are now unanimous in advising companies to design 360 degree inside-out, outside-in cybersecurity plans as part of their sales and growth strategies – because both can be stopped in their tracks by one successful cyber-attack.

The risks, warn the experts, are too great to be ignored. They point out that a single successful cyber-attack can result in major production losses through enforced critical downtime. It could cause huge reputational damage which could prove massively costly to rectify both in terms of time and money and a fall-off in consumer trust, which could force even the most loyal into a competitors’ arms.

There could be a loss of vital corporate and financial information and even fines from regulatory authorities for breach of any legal requirements such as those inherent in Bahrain’s new game-changing Personal Data Protection Law (PDPL) which came into force in August this year.

According to experts, it isn’t just the big boys that are at risk. Cybercriminals, it seems, believe size doesn’t matter when it comes to attacks putting just about everyone at risk from SMEs to enterprise-level organisations. Indeed Verizon’s 2018 Data Breach Investigations Report says SMEs were the victims in 58% of malware attacks last year.

And experts say that the threats are becoming more frequent and ever more complex and with the transition towards a mobile, modern workplace, company data is now being accessed from everywhere and from a range of mobile and personal devices. Also, cybercriminals have realised that employees could be their easiest gateway into company resources.

Email is probably not the first thing that comes to mind when business managers are considering how to guard against the increasing scourge of cybercrime. But apparently it should be, because email, while undoubtedly a business lifeline, is also the most common way for cyber criminals to infiltrate an organisation.

Email is most vulnerable to cyber-attack because of the growing number of threats including, business email compromise, ransomware, banking trojans, phishing, social engineering, malware and spam.

The issue has come into stark focus with the publication of a Barracuda Networks survey of IT security professionals throughout EMEA (Europe, the Middle East & Africa). The results show that 80% of organisations faced an email-borne, cyber-attack in the year June 2017-June 2018.

What’s more, most respondents – some 72% – believe the cost of email-related breaches is increasing. That fear is supported by a Ponemon Institute study which puts Middle East spend on post-breach response at US$1.43 million – and that’s without the hidden costs of productivity disruption and reputational damage.

Further, some 73% of respondents are expecting the frequency of email attack to increase and 70% reported being more concerned about email security now, than they were five years ago.

Take phishing and spear phishing where an employee is tricked into clicking a malicious link in an email. With spear phishing, an email seems to come from someone the recipient knows and trusts, such as a senior manager or a valuable client.

Phishing is a highly effective way for cybercriminals to infect businesses with malware. It can start a ransomware attack, quickly spreading from PC to PC and until the ransom is paid, businesses will be unable to access essential files and services.

Ways of ring-fencing against the threat are to come under the spotlight at the Intersec Future Security Summit, which will run alongside the 22^nd edition of Intersec at the Dubai World Trade Centre from 19 to 21 January 2020. This is when industry experts will analyse critical security threats, examine security loopholes in business ecosystems and discuss how cutting-edge technologies can be tailored to meet evolving security requirements.

In addition to the Future Security Summit, the Intersec Arena will also have a cybersecurity track, while Intersec’s Information Security section has around 100 exhibitors showcasing the full gamut of cybersecurity, from AI, Big Data, cloud, machine learning, back-up and recovery systems, software protection and biometric identification systems.

Without pre-empting the Summit, the likelihood is that the experts will be uncompromising in their messaging that the threats are not going away and the solution is to swiftly utilise the latest security technology to guard against them. The risks are too great and their impact too severe, not to sit up and listen.

More information is available at: www.intersecexpo.com