Gulf region must do more to prevent cyber attacks

If you want to cause as much damage as possible with a cyber attack, you should target an organisation in the Gulf region. That’s an unfortunate truth caused by the region’s influx of organisations collecting high-value data coupled with a lack of financial investment or cyber security regulation.

There have been plenty of high-profile data breaches in the Gulf region in the past few years, including the 2012 attack on Saudi Aramco, which was at the time considered the worst cyber attack ever seen.

Things haven’t improved. According to the Ponemon 2017 Cost of Data Breach Study, cyber attacks cost countries in the Middle East (which it classifies as the Gulf region and ten other countries) an average of 580 SR, making it one of the costliest regions in the world. The report also found that the average data breach in the Middle East affected 33,125 records. Only India had a higher average (33,167).

A wake-up call

There have been a number of recent attacks on organisations in the Gulf region that should act as a wake-up call:

Defences aren’t adequate

According to Arab News, countries in the Gulf region are attacked so often because they don’t have sufficient defences in place. It states:

“Data protection laws are weak, there are no regulatory requirements to notify the public about breaches (outside some of the financial hubs), and there is little co-ordinated effort by the authorities to counter the threat. Some places have police units that deal with cyber fraud, but they are not adequately resourced to deal with big, globally-orchestrated attacks.

“In addition, the region has been slow to adopt counter-cyber insurance, which – while it does not deter the criminals – would mitigate some of the worst effects.”

Most organisations looking to improve their cyber security would benefit from certifying to ISO 27001, the international standard that describes best practice for an information security management system (ISMS).

Achieving accredited certification to ISO 27001 demonstrates that your company is following information security best practice.

To learn how to implement an ISO 27001-compliant ISMS, you should download our free green paper on the topic. You’ll discover how to implement an ISO 27001-compliant ISMS in nine steps and the things you need to look out for at every step of the process.

Download Implementing an ISMS – The nine-step approach >>