The number of "highly professional" cyber-criminal gangs has surged to about 900 from about a dozen five years ago, with most engaged in state-sponsored espionage, the chief executive of cyber-security company Kaspersky has said.
The spike in this specific activity and in wider cyber crime highlighted the increasing need for organisations to secure their digital infrastructure by making them "unhackable", Eugene Kaspersky told The National at Gitex Technology Week in Dubai.
"In 2017, there were only very few highly professional cyber-criminal gangs that existed," he said.
"Now we are monitoring about 900 professional projects, tools that have branched or forked from the same source code ... and we don't know who's behind them."
Mr Kaspersky added that about 80 per cent of these activities are state sponsored, while the rest are involved mostly in ransomware and financial crime.
State-sponsored cyber attacks are those carried out by criminals directly linked to or sponsored by a nation state. Their main aims are gathering intelligence, exploiting vulnerabilities in critical infrastructure and extortion.
Among the segments at risk are public services and utilities, companies with active government contracts, high-value companies and businesses that handle sensitive information.
There have been several "significant" state-sponsored cyber attacks or attempts in the past couple of years, with targets including telecommunications companies, European Commission members and South-East Asian governments, according to data from the Centre for Strategic and International Studies.
While there is no talent shortage in cyber-security companies to fight bad actors, there is still a lack of action within those organisations using their solutions to enhance their system protection, Mr Kaspersky said.
"To develop the scaleable technology like developing new architecture security products or bringing in new ideas, I don’t see a problem," he said.
"But for companies, they can’t find enough cyber-security engineers to implement new systems and ideas — and that’s the problem."
Mr Kaspersky suggested two strategies for organisations to protect their systems: a short-term plan involves applying threat intelligence, several layers of protection and making decisions on machine learning.
The longer-term method involves redesigning the architecture of cyber security systems and building it on principles of cyber immunity or implementing techniques to protect systems from all fronts.
"It's much, much more than a sandbox. This is the only way to make the system unhackable," he said, referring to the development method of having all tools in an isolated environment without affecting the actual system.
"The main thing to do right now is to protect critical infrastructure, then immunise it."
He also said that countries in the Middle East have been taking strides to advance their cyber-security infrastructure and recognised the importance of leveraging local talent to add another layer to safeguarding systems.
"It’s changing so fast. There’s much more investment in cyber security, and there are more talented people," he said, adding that the UAE and Saudi Arabia were markets that stood out.
"Localising talent must be done to protect and keep critical infrastructure under control. The localisation of data is also important, so states understand the importance of their data and its cyber security," he said.
"If it's critical infrastructure, it has to be local people ... national security doesn’t like foreigners who will have access to that."
Mr Kaspersky also said that the company was willing to open a new data transparency centre, having opened nine of them since 2018. But this would depend on the requirements of the local market, and he hinted that the Middle East is a candidate.
"If there is a request from a local government, yes, we will. It will depend on the requirements. If it’s needed and they ask us to, we can do it."
On cryptocurrencies, Mr Kaspersky said it is a "great innovation, but the world is not ready for that right now" because of its smaller scale compared to the current financial sector.
"It’s an alternative financial system, but it’s not comparable with the existing banking system because it's much smaller," he said.
"I believe that in the future, most crypto-based financial systems will be one among the global systems."