The UAE and Saudi Arabia should look to lead the way in cybersecurity

Brid-Aine Parnell

Wednesday 28 October 2015

Collaboration, information-sharing and increased spending are needed in the Middle East to fight back against the hackers.

Like in the rest of the world, it can often seem like cybersecurity in the Middle East tends towards the reactive rather than the proactive, with businesses and the public responding to attacks rather than protecting their networks.

But there is unfortunately evidence to show that in the Middle East, and more particularly in regional powerhouses such as the UAE and Saudi Arabia, there is a real possibility that people are not taking their online security seriously enough.

According to Mohammad Amin Hasbini, senior security researcher at Kaspersky, the UAE was the second most attacked Middle East country online last year – and the 15th worldwide – despite its relatively small population. It would seem that the Emirates are a target for hackers because smart device penetration is so high in the country.

“Every one of us now has at least five devices at home,” he stated back in March of this year. “Some of the statistics mention that over 60 per cent of children above 3 to 4 years old have smartphones.”

A survey published by Kaspersky Lab and B2B International Kaspersky in August showed that, despite easy access to smart devices and the internet, UAE residents are complacent about cybersecurity. Only around 23 per cent believe that they could be targeted by hackers to want to destroy their networks and systems.

In business terms, the Middle East is dominated by the oil and gas and banking and financial services sectors, both of which are targets for hackers and cyber-attacks. Back in 2012, the so-called Shamoon malware infiltrated around 30,000 hard drives at energy giant Saudi Aramco, crippling the company’s ability to operate and compromising its data.

This summer, 23 government websites in Saudi Arabia were breached over a two- hour period – although officials stated that no data was stolen and access to the sites was quickly restored. Equally, in 2013, around $45m was stolen in a credit card heist from banks in the UAE and Oman.

Although the threat of cyber-attack may not have been taken seriously in the past, the current amount of investment in cybersecurity suggests that that could be changing. A MarketsandMarkets report estimates that regional spending will nearly double, from $5.17bn in 2014 to $9.56bn in 2019, with Saudi Arabia representing the largest market.

The UAE government has adopted standards and frameworks to try to help enterprises, but – as with businesses all over the world – a reluctance to come clean about cyber-attacks is hindering efforts to combat them collaboratively.

Encouraging this information-sharing approach to cybersecurity needs to be the top priority for regional governments if they want to ensure not only that the threat is taken seriously by businesses and the public, but also that systems are robust enough to withstand attacks instead of simply reacting to them once they’ve been launched.