Global cyber crime costs are expected to increase by nearly 15 per cent on a yearly basis over the next four years to reach $10.5 trillion annually by 2025, from $3tn in 2015, California research company Cybersecurity Ventures has said.
Cyber criminals have taken note of successful tactics from this year, including those making headlines tied to ransomware, nation states, social media and the shifting reliance on a remote workforce.
Industry experts expect them to pivot those into next year's campaigns and grow in sophistication, wielding the potential to wreak more havoc across industries.
“Over this past year, we have seen cyber criminals get smarter and quicker at retooling their tactics to follow new bad actor schemes – from ransomware to nation states – and we don’t anticipate that changing in 2022,” Raj Samani, fellow and chief scientist of the combined company formed after the merger of McAfee Enterprise and FireEye, said.
“With the evolving threat landscape and continued impact of the global pandemic, it is crucial that enterprises stay aware of the cyber security trends so that they can be proactive and actionable in protecting their information,” Mr Samani said.
The National looks at the top 10 cyber security trends of the year ahead:
Weaponising operational technology environments
Cyber criminals could weaponise operational technology environments to harm or kill humans in the next four years, the Connecticut-based technology research and consulting company Gartner has said.
The OT is a type of computing and communication system – including both hardware and software – that controls industrial operations, mainly focusing on the physical devices and processes they use. It is used to gather and analyse data in real time, which is further used to monitor a manufacturing unit or to control equipment.
Various industries, such as telecoms and oil and gas, use OTs to ensure different devices work in co-ordination.
Attacks on OT environments have evolved from “immediate process disruption” such as shutting down a plant – for example in the recent Colonial Pipeline ransomware attack that took down the largest fuel pipeline in the US – to compromising the “integrity of industrial environments” with intent to cause physical or reputational harm, Gartner said.
Remote working brings new challenges
Remote working spurred by the Covid-19 pandemic could compound cyber threats in 2022.
Home devices that employees use to access office networks are usually not subject to the same security restrictions as corporate devices. This complicates efforts to control and monitor employees’ digital behaviour, applications and data outside traditional firewalls, industry analysts said.
Geopolitical cyber concerns pose growing risks
Some state actors will launch cyber attacks because they are “cheap, reliable, portable, easily hidden and hard to detect”, Moody’s Investors Service said in a report earlier this year.
The state-sponsored attacks threaten reputational damage, cause disruption of work flow and loss of intellectual property.
“Entities that find themselves the targets of these attacks could experience substantial credit damage,” the rating agency had said at the time.
Use of social media for attacks
While using social media to target victims is not a new strategy, it is relatively uncommon. It demands a level of research to engage the vulnerable target into interactions and establish fake profiles.
“The targeting of individuals has proven a very successful channel and we predict the use of this vector could grow not only through espionage groups, but [also] other threat actors looking to infiltrate organisations for their own criminal gain,” McAfee Enterprise and FireEye said in its cyber threats predictions for 2022.
Cryptocurrency exchanges to experience an increase in attacks
Cryptocurrency exchanges experienced a 10-fold increase in attacks in the first half of the year compared with the prior year period, said a report by cyber threat intelligence company PhishLabs, although it did not disclose the exact number of attacks.
The majority of the cryptocurrency attacks were orchestrated through social media.
“We anticipate cryptocurrency businesses will continue to be aggressively targeted by threat actors through social media in future … [it is] due to a majority of their activity and communication taking place through social platforms,” the report said.
Hackers pulled off the biggest cryptocurrency heist yet on August 10, stealing $613 million in digital coins from token-swapping platform Poly Network, only to return $260m worth of tokens less than 24 hours later.
Phishing attacks
Phishing typically comes in the form of fraudulent emails or pop-up messages that aim to obtain personal information from victims, such as credit card details and sensitive data, including personal identification numbers, usernames and passwords.
Phishing emails may also secretly install malicious software or malware in victims' computers. Such nefarious installations may be a virus or spyware designed to collect more information, which could lead to further fraud.
API becoming a lucrative target
Internet of Things and 5G traffic between API (application programming interface) services and apps will make them increasingly lucrative targets, causing unwanted exposure of information.
The connected nature of APIs potentially also introduces additional risks to businesses as they become an entry vector for wider supply chain attacks, McAfee Enterprise and FireEye said.
“In most cases, attacks targeting APIs go undetected as they are generally considered as trusted paths and lack the same level of governance and security controls.”
Cyber security talent crunch
The coming year will prove to be the most challenging one yet with regards to the continuing cyber security talent crunch, said the US cyber security firm BeyondTrust.
“Some drivers of this supply-demand imbalance include the accelerated adoption of hybrid cloud and digital transformation initiatives, post-pandemic projects ramping up and budgets becoming available for spend,” it added.
Rise of ransomware
The use of ransomware has picked up pace and became more dangerous in 2021. It will continue its rapid rise next year and its variations will increase with the frequency of attacks.
“Organisations must stop trying to prevent adversaries’ missions and instead prevent them from being worthwhile,” said Marty Edwards, vice president of operational technology at Columbia-headquartered cyber security company Tenable.
“In other words, organisations must make sure these missions cost too much to conduct. If the reward doesn’t cover the cost of the investment, threat actors won’t pursue it,” he added.
Cloud migration poses threat
Nearly half of the organisations moved business-critical functions to the cloud as a direct result of the pandemic, said Tenable.
However, cloud migration requires specific considerations that will likely be overlooked in 2022. For instance, detecting and preventing malicious activity in the cloud is a lot different, said Bob Huber, chief security officer at Tenable.
“And this can be further complicated by the nuances of working with cloud providers, as well as other company stakeholders looking to rapidly adopt new services in the cloud.
“Unless organisations educate their entire teams, not just security teams, about securing the cloud, they will inevitably pay the price as their migration accelerates,” said Mr Huber.
About Housecall
Date started: July 2020
Founders: Omar and Humaid Alzaabi
Based: Abu Dhabi
Sector: HealthTech
# of staff: 10
Funding to date: Self-funded
Ten tax points to be aware of in 2026
1. Domestic VAT refund amendments: request your refund within five years
If a business does not apply for the refund on time, they lose their credit.
2. E-invoicing in the UAE
Businesses should continue preparing for the implementation of e-invoicing in the UAE, with 2026 a preparation and transition period ahead of phased mandatory adoption.
3. More tax audits
Tax authorities are increasingly using data already available across multiple filings to identify audit risks.
4. More beneficial VAT and excise tax penalty regime
Tax disputes are expected to become more frequent and more structured, with clearer administrative objection and appeal processes. The UAE has adopted a new penalty regime for VAT and excise disputes, which now mirrors the penalty regime for corporate tax.
5. Greater emphasis on statutory audit
There is a greater need for the accuracy of financial statements. The International Financial Reporting Standards standards need to be strictly adhered to and, as a result, the quality of the audits will need to increase.
6. Further transfer pricing enforcement
Transfer pricing enforcement, which refers to the practice of establishing prices for internal transactions between related entities, is expected to broaden in scope. The UAE will shortly open the possibility to negotiate advance pricing agreements, or essentially rulings for transfer pricing purposes.
7. Limited time periods for audits
Recent amendments also introduce a default five-year limitation period for tax audits and assessments, subject to specific statutory exceptions. While the standard audit and assessment period is five years, this may be extended to up to 15 years in cases involving fraud or tax evasion.
8. Pillar 2 implementation
Many multinational groups will begin to feel the practical effect of the Domestic Minimum Top-Up Tax (DMTT), the UAE's implementation of the OECD’s global minimum tax under Pillar 2. While the rules apply for financial years starting on or after January 1, 2025, it is 2026 that marks the transition to an operational phase.
9. Reduced compliance obligations for imported goods and services
Businesses that apply the reverse-charge mechanism for VAT purposes in the UAE may benefit from reduced compliance obligations.
10. Substance and CbC reporting focus
Tax authorities are expected to continue strengthening the enforcement of economic substance and Country-by-Country (CbC) reporting frameworks. In the UAE, these regimes are increasingly being used as risk-assessment tools, providing tax authorities with a comprehensive view of multinational groups’ global footprints and enabling them to assess whether profits are aligned with real economic activity.
Contributed by Thomas Vanhee and Hend Rashwan, Aurifer
COMPANY%20PROFILE
%3Cp%3E%3Cstrong%3EName%3A%20%3C%2Fstrong%3EKinetic%207%3Cbr%3E%3Cstrong%3EStarted%3A%3C%2Fstrong%3E%202018%3Cbr%3E%3Cstrong%3EFounder%3A%3C%2Fstrong%3E%20Rick%20Parish%3Cbr%3E%3Cstrong%3EBased%3A%3C%2Fstrong%3E%20Abu%20Dhabi%2C%20UAE%3Cbr%3E%3Cstrong%3EIndustry%3A%3C%2Fstrong%3E%20Clean%20cooking%3Cbr%3E%3Cstrong%3EFunding%3A%3C%2Fstrong%3E%20%2410%20million%3Cbr%3E%3Cstrong%3EInvestors%3A%3C%2Fstrong%3E%20Self-funded%3C%2Fp%3E%0A
More from Neighbourhood Watch:
Citadel: Honey Bunny first episode
Directors: Raj & DK
Stars: Varun Dhawan, Samantha Ruth Prabhu, Kashvi Majmundar, Kay Kay Menon
Rating: 4/5
Killing of Qassem Suleimani
Key figures in the life of the fort
Sheikh Dhiyab bin Isa (ruled 1761-1793) Built Qasr Al Hosn as a watchtower to guard over the only freshwater well on Abu Dhabi island.
Sheikh Shakhbut bin Dhiyab (ruled 1793-1816) Expanded the tower into a small fort and transferred his ruling place of residence from Liwa Oasis to the fort on the island.
Sheikh Tahnoon bin Shakhbut (ruled 1818-1833) Expanded Qasr Al Hosn further as Abu Dhabi grew from a small village of palm huts to a town of more than 5,000 inhabitants.
Sheikh Khalifa bin Shakhbut (ruled 1833-1845) Repaired and fortified the fort.
Sheikh Saeed bin Tahnoon (ruled 1845-1855) Turned Qasr Al Hosn into a strong two-storied structure.
Sheikh Zayed bin Khalifa (ruled 1855-1909) Expanded Qasr Al Hosn further to reflect the emirate's increasing prominence.
Sheikh Shakhbut bin Sultan (ruled 1928-1966) Renovated and enlarged Qasr Al Hosn, adding a decorative arch and two new villas.
Sheikh Zayed bin Sultan (ruled 1966-2004) Moved the royal residence to Al Manhal palace and kept his diwan at Qasr Al Hosn.
Sources: Jayanti Maitra, www.adach.ae
Our legal consultant
Name: Dr Hassan Mohsen Elhais
Position: legal consultant with Al Rowaad Advocates and Legal Consultants.
Tori Amos
Native Invader
Decca
COMPANY%20PROFILE
%3Cp%3E%3Cstrong%3EName%3A%3C%2Fstrong%3E%20Floward%0D%3Cbr%3E%3Cstrong%3EBased%3A%20%3C%2Fstrong%3ERiyadh%2C%20Saudi%20Arabia%0D%3Cbr%3E%3Cstrong%3EFounders%3A%20%3C%2Fstrong%3EAbdulaziz%20Al%20Loughani%20and%20Mohamed%20Al%20Arifi%0D%3Cbr%3E%3Cstrong%3ESector%3A%20%3C%2Fstrong%3EE-commerce%0D%3Cbr%3E%3Cstrong%3ETotal%20funding%3A%20%3C%2Fstrong%3EAbout%20%24200%20million%0D%3Cbr%3E%3Cstrong%3EInvestors%3A%20%3C%2Fstrong%3EAljazira%20Capital%2C%20Rainwater%20Partners%2C%20STV%20and%20Impact46%0D%3Cbr%3E%3Cstrong%3ENumber%20of%20employees%3A%20%3C%2Fstrong%3E1%2C200%3C%2Fp%3E%0A
Haemoglobin disorders explained
Thalassaemia is part of a family of genetic conditions affecting the blood known as haemoglobin disorders.
Haemoglobin is a substance in the red blood cells that carries oxygen and a lack of it triggers anemia, leaving patients very weak, short of breath and pale.
The most severe type of the condition is typically inherited when both parents are carriers. Those patients often require regular blood transfusions - about 450 of the UAE's 2,000 thalassaemia patients - though frequent transfusions can lead to too much iron in the body and heart and liver problems.
The condition mainly affects people of Mediterranean, South Asian, South-East Asian and Middle Eastern origin. Saudi Arabia recorded 45,892 cases of carriers between 2004 and 2014.
A World Health Organisation study estimated that globally there are at least 950,000 'new carrier couples' every year and annually there are 1.33 million at-risk pregnancies.
500 People from Gaza enter France
115 Special programme for artists
25 Evacuation of injured and sick
The specs
- Engine: 3.9-litre twin-turbo V8
- Power: 640hp
- Torque: 760nm
- On sale: 2026
- Price: Not announced yet
Infiniti QX80 specs
Engine: twin-turbocharged 3.5-liter V6
Power: 450hp
Torque: 700Nm
Price: From Dh450,000, Autograph model from Dh510,000
Available: Now
SCHEDULE
Saturday, April 20: 11am to 7pm - Abu Dhabi World Jiu-Jitsu Festival and Para jiu-jitsu.
Sunday, April 21: 11am to 6pm - Abu Dhabi World Youth (female) Jiu-Jitsu Championship.
Monday, April 22: 11am to 6pm - Abu Dhabi World Youth (male) Jiu-Jitsu Championship.
Tuesday, April 23: 11am-6pm Abu Dhabi World Masters Jiu-Jitsu Championship.
Wednesday, April 24: 11am-6pm Abu Dhabi World Professional Jiu-Jitsu Championship.
Thursday, April 25: 11am-5pm Abu Dhabi World Professional Jiu-Jitsu Championship.
Friday, April 26: 3pm to 6pm Finals of the Abu Dhabi World Professional Jiu-Jitsu Championship.
Saturday, April 27: 4pm and 8pm awards ceremony.
Avatar: Fire and Ash
Director: James Cameron
Starring: Sam Worthington, Sigourney Weaver, Zoe Saldana
Rating: 4.5/5
The five pillars of Islam
The Uefa Awards winners
Uefa Men's Player of the Year: Virgil van Dijk (Liverpool)
Uefa Women's Player of the Year: Lucy Bronze (Lyon)
Best players of the 2018/19 Uefa Champions League
Goalkeeper: Alisson (Liverpool)
Defender: Virgil van Dijk (Liverpool)
Midfielder: Frenkie de Jong (Ajax)
Forward: Lionel Messi (Barcelona)
Uefa President's Award: Eric Cantona
VEZEETA PROFILE
Date started: 2012
Founder: Amir Barsoum
Based: Dubai, UAE
Sector: HealthTech / MedTech
Size: 300 employees
Funding: $22.6 million (as of September 2018)
Investors: Technology Development Fund, Silicon Badia, Beco Capital, Vostok New Ventures, Endeavour Catalyst, Crescent Enterprises’ CE-Ventures, Saudi Technology Ventures and IFC
Jeff Buckley: From Hallelujah To The Last Goodbye
By Dave Lory with Jim Irvin
%20Ramez%20Gab%20Min%20El%20Akher
%3Cp%3E%3Cstrong%3ECreator%3A%3C%2Fstrong%3E%20Ramez%20Galal%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarring%3A%3C%2Fstrong%3E%20Ramez%20Galal%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStreaming%20on%3A%20%3C%2Fstrong%3EMBC%20Shahid%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%20%3C%2Fstrong%3E2.5%2F5%3C%2Fp%3E%0A
What the law says
Micro-retirement is not a recognised concept or employment status under Federal Decree Law No. 33 of 2021 on the Regulation of Labour Relations (as amended) (UAE Labour Law). As such, it reflects a voluntary work-life balance practice, rather than a recognised legal employment category, according to Dilini Loku, senior associate for law firm Gateley Middle East.
“Some companies may offer formal sabbatical policies or career break programmes; however, beyond such arrangements, there is no automatic right or statutory entitlement to extended breaks,” she explains.
“Any leave taken beyond statutory entitlements, such as annual leave, is typically regarded as unpaid leave in accordance with Article 33 of the UAE Labour Law. While employees may legally take unpaid leave, such requests are subject to the employer’s discretion and require approval.”
If an employee resigns to pursue micro-retirement, the employment contract is terminated, and the employer is under no legal obligation to rehire the employee in the future unless specific contractual agreements are in place (such as return-to-work arrangements), which are generally uncommon, Ms Loku adds.
Paatal Lok season two
Directors: Avinash Arun, Prosit Roy
Stars: Jaideep Ahlawat, Ishwak Singh, Lc Sekhose, Merenla Imsong
Rating: 4.5/5
More from Rashmee Roshan Lall
More from Neighbourhood Watch:
