The digital age can too often become the realm of cybercriminals. In 2023, 26,447 vulnerabilities were disclosed, over 1,500 more than the year prior, according to the US-based Qualys Threat Research Unit. A separate Barracuda study found that 71% of organisations experienced a ransomware attack in 2023. The average annual cost of cyber compromises has been estimated at $5.34 million.
“The ever-increasing pace of technology, the rewards for crime and the cost of deploying cyber-attacks are making it easier than ever for criminals to target the good guys,” said David Boast, General Manager of MENA at Endava. The higher the risk, the more valuable the protection. The cybersecurity industry is expected to reach $208.8 billion by 2024, a 9.6% year-on-year increase. In this context, where does the Middle East stand?
Cybersecurity in the GCC
The overall spending on cybersecurity across the Middle East, Turkey, and Africa is set to cross $6.5 billion by the end of 2024, according to IDC. In the past two years, there have been no reports of meaningful cyberattacks or losses by a GCC bank, according to S&P— a testament to the strength of the region´s cybersecurity sector.
“When it comes to cybersecurity spending across MENA, the UAE and Saudi Arabia are leading the way,” said Emad Fahmy, Systems Engineering Manager, Middle East, at NETSCOUT. “The UAE continues to adopt the latest cybersecurity technologies, supported by the government’s proactive approach to predicting and mitigating any cyberattacks.”
Saudi Arabia is also positioning itself as an IT leader. Portulans Institute research ranked the Kingdom second globally in cybersecurity with initiatives like the National Transformation Program forming part of Vision 2030. The same research placed the UAE in eighth place globally, while Oman and Qatar ranked 28 and 34, respectively. Bahrain and Kuwait were placed 68th and 73rd. According to SOCRadar, in 2022 the region accounted for around 2% of posts on the global dark web, 1.8% of ransomware attacks and 0.1% of phishing campaigns. In comparison, the US alone was mentioned in 16% of global dark web posts, followed by Russia (7%) and India (4%).
Learn to protect
Banks and financial companies were the sixth most targeted sector in 2022. By the end of 2023, there was a 34.3% probability that a particular bank would be the target of a cyberattack, according to Guidewire. Despite the steps taken, constant action is required to stop cybercriminals.
“While accelerated digitalisation in the MENA region has enabled organisations to provide seamless user experiences to customers, they are faced with an ever-changing cyber threat landscape and strict regulatory requirements which place severe restrictions on data protection and residency commitments,” said Jonathan Mepsted, Vice President for Middle East and Africa at Netskope.
Financial institutions continue to adopt cloud applications to improve productivity and enable hybrid workforces. However, these technologies can be dangerous. An employee in the financial services sector interacts with 25 cloud apps per month, which have been identified as the cause of 63% of malware downloads in the sector.
“2023 was the year with the most ransomware payments being paid,” said Nicolai Solling, Chief Technology Officer at Help AG. He is right. The total cost of these payments globally crossed $1 billion for the first time in history. But making the payment is not the worst-case scenario.
“The biggest threat to large organisations is that someone steals their data and publishes it,” Solling added. “We have seen a lot of cyberattackers focus on how to steal data from organisations [rather than just blocking access to it] and then threaten to publish it unless they pay. That’s a much more difficult problem to deal with.”
To ensure that systems are secure, experts advise organisations to invest in appropriate defences, including identity security, asset-based security and privileged access management solutions. Moreover, they should also implement advanced intrusion detection systems to spot breaches. Morey Haber, Chief Security Advisor, BeyondTrust cited the importance of leveraging dedicated cybersecurity tools to protect employees’ remote access solutions.
“The primary risk to Middle East financial institutions stems from the lack of investment in cybersecurity solutions that go beyond modern technology and security best practices,” he said. “Until organisations start mandating minimum viable security controls, security will, unfortunately, continue to be an afterthought and a cost-based decision.”
AI: friend or foe?
The future of the cybersecurity sector is tied to artificial intelligence (AI) technologies. The latest Barracuda report said 50% of respondents believe AI will enable hackers to increase the volume, sophistication and effectiveness of attacks. Yet the industry is not unprepared. Research by Palo Alto Networks found that nearly 95% of UAE organisations and 94% of Saudi firms intend to increase investments in AI to enhance their cybersecurity infrastructure, among other use cases.
“Businesses across the MENA region must pay attention to the rise of AI-enabled threat actors,” stressed Mepsted. “The good news is the use of generative AI for continuous security analysis and monitoring can also help them protect their data.”
The rise of AI has already changed the industry, both in the resources needed to conduct attacks, and the strategies employed to prevent them. In a world where data is the most valuable currency, cybersecurity is increasingly becoming an organisation’s most pressing concern.
