If you only read about data breaches in studies and reports, you might think that the Gulf region is getting much better at preventing cyber attacks. Gemalto’s Breach Level Index half-year review only reported three incidents in the Middle East up to the end of June 2017.
But that’s only part of the story. This year, a senior member of the United Arab Emirates government and cyber security experts in Bahrain both commented on a huge rise in cyber attacks in these countries. This shouldn’t be a surprise, because over the past few years there has been a surge in cyber crime across the globe.
Reports don’t show this rise in the Middle East because breach notifications requirements are lax, so researchers and the public rarely hear about attacks. However, if you look more closely at the figures, there are clues to the extent of the problem in the Gulf.
The cost of data breaches is rising
Despite the drop-off in reported data breaches in the Middle East, you can’t assume that fewer breaches being reported equates to fewer attacks occurring. Business in the Gulf has prospered in recent years, and many of the growth industries hold highly valuable information that cyber criminals covet, such as financial records, legal documents or manufacturing information.
This growth hasn’t been met with investment in cyber security. Whereas organisations’ defences remain the same, criminals are becoming more sophisticated in their attacks, leading to The New Arab claiming that the Gulf region is facing “a major cybersecurity deficit”.
This deficit is evident in the damage that cyber attacks are causing. Ponemon Institute’s breakdown of the Middle East in its regional 2017 Cost of Data Breach Study shows in the past year the per capita cost of a data breach increased from 526 SAR to 580 SAR, and the average total cost of a data breach increased from 17.30 million SAR to 18.54 million SAR.
Some efforts are now being made to make the Gulf region more aware of its obligations to stay secure. In September, the UAE Banks Federation announced that it was partnering with US-based Anomali to analyse cyber security threats to local and international banks in the UAE. Two months later, the Saudi Arabian government announced that it is setting up an authority to better protect the country’s data and improve online security for companies and individuals.
Initiatives like this will certainly help to address cyber threats, but organisations also need to make cyber security their own responsibility. This starts by making sure all staff are aware of their obligations.
Prevent cyber attacks against your organisation
Our Information Security & ISO27001 Staff Awareness E-Learning Course helps employees gain a better understanding of information security risks and how they can prevent data breaches.
The information on this course is in line with the compliance requirements of ISO 27001, the international standard that describes best practice for an information security management system.