Friday, March 29, 2024 | Ramadan 18, 1445 H
clear sky
weather
OMAN
25°C / 25°C
EDITOR IN CHIEF- ABDULLAH BIN SALIM AL SHUEILI

Cyber threats continue to menace GCC, Mideast firms

1362853
1362853
minus
plus

Oman is among countries in the Middle East, Turkey and Africa (META) region most impacted by cybersecurity threats manifest primarily in the form of malware spread in local networks via infected USBs, CDs, DVDs and other such devices, according to Kaspersky, one of the world’s largest privately owned cybersecurity companies.


The Russian-based global firm, which recently announced the relocation of its key operations to Switzerland, 58.0 per cent of users in the Sultanate were affected by local threats during the January — March 2018 timeframe. This compares with 61.8 per cent in Kenya — the highest in the META region — followed by Nigeria (58.6 per cent).


“In the Middle East, this list starts with Oman (58 per cent), Lebanon (55.6 per cent), Saudi Arabia (54.9 per cent) and Kuwait (50.5 per cent),” said Amin Hasbini, Senior Security Researcher — Global Research and Analysis Team, Kaspersky Lab.


“The highest numbers of web threat incidents were reported in Qatar (33.3 per cent), Saudi Arabia (30.2 per cent), and Egypt and Oman (28.8 per cent). South Africa had the lowest number of affected users in the META region (48.8 per cent for local and 19.6 per cent for web threats).”


Significantly, ransomware attacks in the META region spiked 8.5 per cent in Q1 of 2018 compared to Q1 of last year, said Hasbini. “We do expect such attacks to grow and evolve in complexity and sophistication. This highlights the importance of proper security solutions backed with continuous security training to raise awareness on the dangers of such attacks.”


Giving an overview of the ‘threat landscape’ evolving across the region, the cybersecurity researcher warned that organisations face a wide range of cyber threats not only from outside actors, but internally as well. Citing the 2017 Global Corporate IT Security Risks survey, conducted by B2B International and Kaspersky Lab, Hasbini pointed out that businesses and other organisations reported as many as 12 different types of threat incidents experienced by them during the year. These ranged from viruses and malware to targeted attacks and electronic leakage of data from internal systems.


“Consequently, organisations should adopt a holistic approach to cybersecurity that unites an effective IT security solution, employee education and security policies understood and followed by employees. A complete security strategy should include all stages – Prediction, Prevention, Protection, and Response.”


According to Kaspersky, enterprise systems continue to face targeted attacks including what are dubbed as ‘Advanced Persistent Threats’ (APTs). APTs and other specially targeted threats, the cybersecurity firm warns, can go undetected for weeks, months, and even years, while criminals discreetly gather data and work incrementally to exploit any unique vulnerabilities in their victims’ systems.


“Unlike regular malware, APTs are actively controlled and managed by the perpetrators,” said Kaspersky in a report on these threats. “The goal isn’t limited to malware delivery: the objective is to persist inside the enterprise perimeter. These attacks are the result of patient, often painstaking research by actors who are prepared to play a waiting game in the quest for their prize.”


In its report titled, ‘IT Security: Cost-Centred or Strategic Investment?’, Kaspersky identified five IT security incidents that had the most severe financial impacts on organisations in the META region. According to the report, enterprises in the region, which includes the GCC, paid up to $1.5 million for incidents involving electronic data leaks form their internal systems in 2017. In addition, they shelled out more than $1 million for incidents impacting suppliers they share data with.


The victims also included small and medium enterprises (SMEs) which lost around $141K as a result of “inappropriate” use of IT resources by employees. This is in addition to around $118K in expenses resulting from impacts to infrastructure hosted by a third party.


But despite the spike in IT security incidents, IT budgets earmarked for cybersecurity is on the decline, according to the report. Only around 62 per cent of companies in the Middle East, Turkey and South African (META) regions invested in cybersecurity in 2017, which was down 3 per cent in 2016. The average IT security budget for enterprises also dropped to 19 per cent in 2017, down from 23 per cent in 2016, the report added.


SHARE ARTICLE
arrow up
home icon