Despite the fact that the GCC (Gulf Cooperation Council) cyber security market is booming, with spending expected to reach $11.4 billion (34 billion SAR) by 2024, a recent study has found the Middle East is still vulnerable to cyber attacks.
Key findings of the study
The Cisco 2018 Security Capabilities Benchmark Study, which surveyed security professionals in Europe, the Middle East, Africa and Russia, found that:
- 87% of organisations admitted to suffering a cyber attack in the past year;
- 48% of attacks resulted in damage over $500,000 (2.43 million SAR); and
- 59% of organisations had to manage an outage of more than 5 hours in the past year because of a breach.
Scott Manson, Cisco’s cybersecurity lead – Middle East and Africa, said: “Faced with potential losses and adverse impact on systems, organisations need to move beyond relying solely on technology for defence. That means examining other opportunities to improve security, such as applying policies or training users”.
Cyber attacks in the GCC countries
Kalle Bjorn, director at Fortinet in Dubai, said: “Cyber criminals are becoming smarter and faster in how they leverage exploits to their advantage, and organisations in the Middle East are at high risk of being targeted.”
According to a recent study by cyber security company Trend Micro, the majority of countries in the Middle East are prime targets for attacks, particularly the UAE and Kuwait. In Q1 of 2018 there were 1.7 billion ransomware attacks worldwide, of which 2.4 million were in the UAE and 1.9 million in Kuwait.
In recent years, several high-profile breaches have hit the GCC countries, such as the Shamoon virus, which wiped thousands of computers in Saudi Arabia’s civil aviation agency and other Gulf state organisations after a cyber attack in 2016.
Samina Rizwan, senior director of business analytics and big data for MEA at Oracle, said: “As per the Gartner study, by 2022, cyber security rating of an enterprise will be equally important as credit rating. Therefore, it becomes very essential to safeguard your (enterprises’) data from cyber criminals”.
GCC organisations should look to adopt best-practice information security standards to protect themselves, such as ISO 27001, the international standard that describes best practice for an ISMS (information security management system).
Benefits of ISO 27001 certification
An organisation certified to ISO 27001 will help to:
- Avoid the penalties and financial losses associated with data breaches;
- Meet increasing client demands for greater data security;
- Protect and enhance its reputation;
- Get independently audited proof that its data is secure; and
- Meet local and global security laws, such as the EU GDPR (General Data Protection Regulation).