The Middle East cybersecurity landscape stands out as one of the most dynamically under siege – characterized by various threat traps, a flourishing economy, and extensive digitisation.
Consequently, this has drawn the interest of malicious actors from various parts of the world.
Based on our research, approximately 83% of cyberattacks that were successful in the past 18 months were targeted in nature, highlighting the sophistication with which threat actors can compromise invaluable information belonging to specific companies or groups of individuals.
Why cybercriminals target the Middle East
Firstly, the region’s significant role in oil and gas production and resource transportation makes it an attractive target for cyberattacks on critical infrastructure. This leaves indispensable facilities like oil and gas fields, power plants, ports, and airports vulnerable to cyber threats.
Secondly, geopolitical tensions in the Middle East create an environment conducive to cyberattacks. Well-trained groups of attackers, known as advanced persistent threats (APTs), take advantage of these tensions to execute targeted cyberattacks and engage in cyberespionage activities.
Moreover, the region faces a relevant threat from hacktivist groups – cybercriminals who carry out attacks not for financial gain or data collection, but to draw public attention to social or political issues. These hacktivists employ tactics such as massive Distributed Denial of Service (DDoS) attacks and website defacement to voice their concerns and create an impact on a wider scale.
As a result, massive data leaks increase an attack’s effectiveness through compromised user data, allowing social engineering attacks to campaign with increasing success.
Last year, many big players announced the growth of cyber threats. Any company, regardless of the scale of the business, is at risk: from a large, reputed, industry-forming organization to an SME with a stacked customer data bank, especially ones working as contractors with a large organisation, all have invaluable information at stake. For several years now, there has been a steady trend of attacks on supply chains.
Counterparties of a potential victim will inevitably fall into the field of view of criminals, and consequently, the trend of attacks on supply chains will intensify.
Growing cyber threats are forcing businesses to take a more conscious approach to their protection, making it crucial not only to enhance the information security of data and critical business processes but also to achieve a real result by excluding non-tolerable events.
A conscious approach to result-driven cybersecurity
Now, for a CISO to ensure that the business, the clients, and the partners are all protected, the first step is to test the feasibility of their cybersecurity defences with exercises that simulate real attacks.
During the exercise, one team, called the “blue team,” defends the perimeter, and the other, the “red team,” attacks. A more advanced way is to attract “white” hackers using the bug bounty platform, which will implement invalid events.
This is a complex and multi-tiered task, which is in reality worked out by well-coordinated groups of hackers with a variety of skills and experience. They need to figure out how business processes are built, bypass protection systems, and demonstrate the very act of a non-tolerable event.
Specialists will need to find individual vulnerabilities and investigate and implement their entire chain. This requires skills in finding vulnerabilities in the network and the experience of finding weaknesses in the infrastructure. If a vulnerability is discovered, the participants receive a financial reward.
Reaching a bug bounty on non-tolerable events is the only way for the head of information security (IS) to demonstrate to top management the effectiveness of the built-in protection system. Nevertheless, traditional bug bounty programs, which are aimed at finding vulnerabilities in the systems under study, remain the most popular. Take for example – Qatar telecom operator Ooredoo QPSC who hosted its systems on a Bug Bounty platform, with online clothing retailer Namshi following suit.
Moving to a secured future
A new approach to building effective cybersecurity makes it possible to avoid or prevent non-tolerable events. What is critical to the business is strategically identified and protected first. Accordingly, tools that are focused only on the result are selected. The price of a mistake in this matter is colossal, therefore, stringent requirements are implemented on the qualifications of experts and the tools they use.
Over the past year and a half, cybersecurity experts have accumulated a colossal amount of expertise in the working conditions of massive attacks. Moreover, all the technologies that were developed by the experts, drew this expertise into themselves one way or another. This significantly increased their effectiveness in the context of effective defense, when in the end, only one thing is important – the guaranteed failure of the attack.
The future development of information security systems in the Middle East lies in exploring the wider utility of artificial intelligence to search for and neutralise threats. This is being initiated not only just to address the skill gap, but also by advanced technologies that are already being developed by security vendors.
The writer is director of international business development at Positive Technologies