If you want to cause as much damage as possible with a cyber attack, you should target an organisation in the Gulf region. That’s an unfortunate truth caused by the region’s influx of organisations collecting high-value data coupled with a lack of financial investment or cyber security regulation.
There have been plenty of high-profile data breaches in the Gulf region in the past few years, including the 2012 attack on Saudi Aramco, which was at the time considered the worst cyber attack ever seen.
Things haven’t improved. According to the Ponemon 2017 Cost of Data Breach Study, cyber attacks cost countries in the Middle East (which it classifies as the Gulf region and ten other countries) an average of 580 SR, making it one of the costliest regions in the world. The report also found that the average data breach in the Middle East affected 33,125 records. Only India had a higher average (33,167).
A wake-up call
There have been a number of recent attacks on organisations in the Gulf region that should act as a wake-up call:
- Saudi Arabia’s General Entertainment Authority (GEA) was attacked in September. According to Reuters, the company’s website was targeted by hackers from outside the kingdom.
- Cyber attacks in the United Arab Emirates have increased by more than 500% in the past five years, according to the country’s minister of state for foreign affairs, Dr Anwar Bin Mohammad Gargash.
- Thousands of computers in Saudi Arabia’s civil aviation agency and other Gulf State organisations were wiped after a cyber attack in December 2016. The criminals used Shamoon, the same malware that was used in the Saudi Aramco attack. Shamoon may have returned again in September 2017, as a similar attack targeted more Saudi Arabian companies, as well as some in the US and South Korea.
- Organisations in Bahrain face 2,000 to 3,000 threats each month, according to cyber security experts in the kingdom. Mohammed Abdulkareem, a senior member of Bahrain’s Institute of Banking and Finance, said the banking sector is at the greatest risk, with phishing emails one of the largest threats.
Defences aren’t adequate
According to Arab News, countries in the Gulf region are attacked so often because they don’t have sufficient defences in place. It states:
“Data protection laws are weak, there are no regulatory requirements to notify the public about breaches (outside some of the financial hubs), and there is little co-ordinated effort by the authorities to counter the threat. Some places have police units that deal with cyber fraud, but they are not adequately resourced to deal with big, globally-orchestrated attacks.
“In addition, the region has been slow to adopt counter-cyber insurance, which – while it does not deter the criminals – would mitigate some of the worst effects.”
Most organisations looking to improve their cyber security would benefit from certifying to ISO 27001, the international standard that describes best practice for an information security management system (ISMS).
Achieving accredited certification to ISO 27001 demonstrates that your company is following information security best practice.
To learn how to implement an ISO 27001-compliant ISMS, you should download our free green paper on the topic. You’ll discover how to implement an ISO 27001-compliant ISMS in nine steps and the things you need to look out for at every step of the process.