To what extent can targeted cyber threats impact on individuals and businesses?

In 2016, Saleh Ibrahim Al-Motairi, Director-General of the Saudi National Cyber Security Center announced that Saudi Arabia suffered almost 1,000 cyber-attacks on infrastructure and intellectual property – with ransomware being the most common type of cyber-attack across the Middle East. In the United Arab Emirates (UAE), cyber espionage ranks high as an area of concern – especially for large organisations that are state-owned. Key examples are Shamoon and Greenbug – two notorious cyber-attacks that hit Saudi Arabia, stealing organisations’ data, spying on their actions and sabotaging the firms’ reputation. Such cyber-attacks have led many companies to large financial and reputational losses.

The first hit was in 2012 when Shamoon targeted energy companies in Saudi Arabia and sent individuals emails containing a suspicious link. Once opened, Shamoon destroyed 35,000 computers at state-owned organisation Saudi Aramco, wiped their master boot records and replaced these with an image of a burning flag of the United States – within a few hours. Strategic information was compromised and this pressured the company to invest substantially in an overhaul of its IT infrastructure. Shamoon repeatedly resurfaced in 2016 and 2018 by using its aggressive disk-wiping malware to disrupt Saudi Arabia’s oil and gas industry with the intention to cause maximum damage.

Greenbug – another cyber espionage group active since 2016, recently targeted organisations in the aviation, energy, government, investment and education sectors. It is believed that Greenbug’s attacks started with a phishing email that prompted the recipient to download a RAR archive containing information about a supposedly business proposal. All it took was for one recipient to click on the link to trigger the unravelling of “Shamoon” across the entire organisation.

Is phishing common in the UAE?

Shamoon and Greenbug are key examples of phishing email campaigns ran by sophisticated hackers. Between January and March 2019, the UAE alone experienced 1.1 million instances of phishing and 23 million instances of malware. A Kaspersky Lab report indicated that the region was facing 3.16 million attacks in crypto-mining malware and 5.83 million attacks in phishing. As a result, expenditure on cyber security technologies have increased significantly in the UAE and it is projected that the Middle East and Africa cyber security market would reach USD 66.5 billion by 2025.

What other industries are at risk?

As part of Saudi Arabia’s Vision 2030 plan, there will be a shift to the digitalisation of government data. However, along with an increase in mobile working adoption rates, this will make confidential data more susceptible to cyber-attacks in both public and private sectors. The proliferation of big data and internet penetration rates across Saudi Arabia and the gulf region have also made the Middle East an attractive target for sophisticated cyber criminals. Financial services and banking industries are at high risk, along with the oil and gas sector. Research has shown that even the healthcare sector is at risk as many hospital IT systems are vulnerable to ransomware attacks. This means that hospitals may ultimately need to transfer patients to other treatment facilities when cyber incidences occur.

What is being done to prevent cyber threats from occurring?

According to the National Cyber Security Centre, Saudi Arabia is one of the world’s highest spenders on cyber security technologies, with the market expected to grow to $3.5 billion in 2019 – a 14.5% growth rate from last year. However more still needs to be done to prevent cyber threats from occurring. As at July 2019, the Telecom Regulatory Authority has launched the UAE National Cybersecurity Strategy in a move to create a safe and strong cyber infrastructure in the UAE. This strategy consists of 60 initiatives which aim to protect the UAE against cyber-crimes. It is also based on the five pillars including the protection of UAE’s critical assets and establishing a ‘National Cyber Incident Response Plan’ to enable swift and coordinated responses to cyber security threats and attacks in the UAE. The goal of this strategy is to spread awareness on cyber security amongst the general public and educate the population on how to protect oneself against cyber threats. The UAE has also accounted for the development of 40,000 cyber security professionals and aims to provide an ecosystem of cyber security training providers to help develop students’ capabilities for a career in cyber security. The government is also looking to build a cyber security national awards programme to drive innovation, encourage organisations to implement up-to-date cyber security programmes and support research undertaken by academic institutions across the region.

Cyber security professionals are increasingly in demand. Are you one of them?

Businesses today are increasingly interconnected and are heavily dependent on digital business processes. As a result, this amplifies the impact of cyber-attacks on every area of the business. Cyber-attacks have become a key business risk that implicates not only the IT department but also the financial, operational and reputational areas of the organisation. It is therefore of pivotal importance for an organisation to ensure that its cyber security measures are fit for purpose.

At Huxley, our recruitment team specialises in placing cyber security specialists with key industry players. If you are a candidate looking for your next career opportunity or a client looking for your next key hire, feel free to contact us at  +971 4 436 0400 for a confidential discussion. To learn more about what we do, you can also visit our LinkedIn page. 

5 Top Tips for writing your Business Analyst CV

04 Dec 2019

Creating the perfect Business Analyst CV can be difficult, so our consultant Brittany Arlove has put together some of Top Tips which you can use in order to build or enhance yours.

Our Dubai team has been awarded with six different titles by Global Banking & Finance Review

08 Nov 2019

Huxley’s DIFC based regional office in Dubai is extremely honoured to have been awarded 6 titles by Global Banking & Finance Review. This is a great testament to the hard work, strategy and partnerships that the team has with our clients and candidates. Find out more about the awards in the article.

How is Qatar defending its cybersecurity efforts in preparation for FIFA World Cup 2022?

07 Oct 2019

Qatar will become the first Middle Eastern country to host the FIFA World Cup in 2022 at its new 80000-capacity Lusail Iconic Stadium. In light of hosting the world’s largest sporting event, the Middle East has come under increasing scrutiny over the state of its security and technological landscape.

What are the implications of UAE’s increasingly younger workforce?

10 Sep 2019

A younger workforce can impact the job market in various ways as it potentially influences the availability and market rates of many roles as well as the employability of older employees. Their influence in the gulf will be especially significant in the near future and is expected to reach 75% of the total number of employees in the gulf by 2025.

Tags: MENA