The Middle East, home to some of the fastest growing economies in the world, has made strides in technology adoption but is still vulnerable to cyber attacks, according to experts.
The level of protection against external attackers was assessed extremely low for 43 per cent of companies, which may facilitate a rise in attacks, according to a report released by Kaspersky Lab based in Moscow. The survey, which evaluates data collected from Middle East enterprises until the end of 2017, revealed that three-quarters (73 per cent) of successful perimeter breaches were achieved by penetrating vulnerable web applications.
"Qualitative implementation of simple security measures like network filtering and password policy would significantly increase the security stance," said Sergey Okhotin, a senior security analyst of security services at Kaspersky Lab.
The high incidence of cyber attacks in the region is creating a boom in the cybersecurity industry, which is worth $11.4 billion (Dh42bn), and is expected to double in size by 2022, according to consultants Fircroft.
The danger of these attacks were highlighted in several high-profile incidents in the region. The Shamoon virus that first appeared in Saudi Arabia in 2012 crippled 35,000 computers at Saudi Aramco, the world's biggest oil producing company.
The same year, a virus was also found in the computer network of Qatar's RasGas, a producer of liquefied natural gas.
Cyber attacks in 48 per cent of the Middle East and Africa companies resulted in damage of more than $500,000, while 58 per cent of the businesses had to manage an outage of more than five hours due to a breach, according to the Cisco 2018 Security Capabilities Benchmark Study.
There were 1.7 billion ransomware attacks detected globally in the first quarter of 2018, according to Trend Micro, a Japanese multinational cyber security and defence company. Out of these, 2.4 million were in the UAE, followed by Kuwait and Bahrain with 1.9 million and 1.2 million respectively.
One reason for the higher number of attacks in the UAE is the continued use of password-only authentication.
At a time when security professionals are recommending next-generation identity-management techniques such as facial recognition and biometric identification, just over 80 per cent of large Gulf enterprises still use usernames and passwords as the exclusive means of log-in, according to Microsoft's 2018 Digital Transformation survey.
“The findings clearly show that many of the region’s enterprises have a long way to go to create secure environments for their customers, employees and their intellectual property,” said Mohammed Arif, regional director of modern workplace and security at Microsoft Gulf.
Cyber criminals prowling the web plundered almost Dh4bn from victims in the UAE in 2017, according to security experts. More than half of the adult population in the UAE fell victim to cybercrime in 2017, with the latest Norton Cyber Security Insights Report revealing each lost an average of Dh669.
According to cyber experts, in the coming months, there could be a surge in the number of crypto-jacking (the unauthorised use of someone else's computer to mine cryptocurrency) attempts and malware attacks in the Middle East. Besides, the region's Operational Technology ecosystem will be more prone to cyber attacks.
"OT environments in the region such as oil and gas and utilities industries will be more at risk with the rise in sophisticated cyber attacks," said Kalle Bjorn, a director of systems engineering at cybersecurity software developer Fortinet in Dubai. "Cyber criminals are becoming smarter and faster in how they leverage exploits to their advantage, and organisations in the Middle East are at high risk of being targeted."
There is also a growing concern about data security among regional organisations.
“As per the Gartner study, by 2022, cyber security rating of an enterprise will be equally important as credit rating. Therefore, it becomes very essential to safeguard your (enterprises’) data from cyber criminals,” said Samina Rizwan, senior director of business analytics and big data for MEA at Oracle.