An estimated 41% of Gulf-based enterprises experienced a cyber-attack in 2017
A 46% increase in the Gulf cyber-attacks compared to 2016
As the cyber threat landscape continues to evolve, it is imperative for the government and private sector to pay attention to some of the most significant areas of heightened risk in the cyber environment, according to Booz Allen Hamilton.
The cyber threat landscape in Qatar and generally in the Gulf is rapidly expanding – with attacks against regional entities and residents increasing in quantity and sophistication. Indeed, a May 2018 survey reported an estimated 41% of Gulf-based enterprises experienced a cyber attack in the previous 12 months – a 46% increase from 2016 numbers.
Severe cyber attacks are also occurring with increased frequency as hackers find new ways to breach complex firewalls and security systems, despite ongoing government and private sector efforts to accelerate the development of cybersecurity capabilities.
According to Ziad Nasrallah, Principal at Booz Allen Hamilton MENA, “The evolving cyber threat landscape worldwide and here in the region requires that governments and individuals prioritize taking adequate measures to safeguard themselves from attacks. This requires identifying loopholes hackers can exploit across the entire supply chain. At the same time, governments and organizations must invest in robust cybersecurity measures or risk attacks that could compromise their entire operations.”
Echoing this sentiment, Jay Townsend, Principal at Booz Allen Hamilton MENA, said that “Gulf countries recognize the growing cyber threat to governments and businesses. As more economies throughout the region adopt digital technologies and implement e-services, the threat to personal data security is rising. It is in the national interest for Gulf countries to secure not only networks but also confidential data that hackers can exploit.”
Across the cyber environment, Booz Allen Hamilton has identified seven key areas where Gulf entities may face significant attacks in the future:
- Attacking the supply chain through vendors
Supply chain management is integral to the success of any organization. Successful infiltrations of vendor software platforms in large supply chains can lead to simultaneous compromises across countless enterprises. The NotPetya attack, in which attackers compromised the Ukrainian tax software M.E.Doc and sent out poisoned updates that spread through compromised networks and infected endpoints with destructive malware, is the most notable example to-date. The attack caused global disruptions and damage costs reaching an estimated USD $10 billion. While entities in the Gulf were largely spared, many organizations lack visibility into the security of their vendors, leaving them exposed to unknown threats and vulnerabilities.
- Targeting industrial control systems
Industrial control systems (ICS) represent an increasingly diverse and extensively connected set of technologies that control and automate significant portions of society, including power grids, oil and gas operations, manufacturing, and more. ICS attacks can be devastating as they could result in operational halts and even physical damage. In Qatar, the government recognized the severity of the ICS threat and developed a national ICS security standard that sets mandatory performance-based ICS security baselines that operators have to meet. As ICS attacks grow in frequency and sophistication, however, government policies will likely struggle to keep pace with the evolving array of threats.
- Attacking third-party software tools
As software development processes mature, software platforms are aiming to provide the best utility for consumers and developers. Many of these platforms are user-friendly and highly customizable, which increases their vulnerability to threat actors looking to spread malicious code through the applications they create. There have already been instances of this – at least two campaigns have distributed malicious code into iOS and Android development libraries and the applications that incorporate them. As software development becomes more sophisticated in the Gulf, the industry should be wary of the risk of hackers compromising third-party software libraries and software development kits.
- Exploiting the fledgling cryptocurrency environment
Earlier this year, hackers stole an estimated USD $532.6 million from Tokyo-based cryptocurrency exchange Coincheck, reigniting debates about security and regulatory protection in the emerging market for cryptocurrencies such as Bitcoin. While some countries opted to impose jurisdictional restrictions on investments in cryptocurrencies, the Supervision and Control of Financial Institution Division at the Qatar Central Bank issued a circular to all banks operating in Qatar prohibiting them from dealing with cryptocurrencies and stressing that violators can be subject to penalties. However, the circular is directed at financial institutions in the country, whereas most cryptocurrencies are bought and sold by individuals via online exchange services that fall outside the Central Bank’s regulation.
- Breaching large government and industry databases
In an increasingly digital world, databases – often of sensitive personal information – are significant targets for both cyber criminals and state-sponsored hackers. Breaches discovered at the US Office of Personnel Management in 2015 and the credit bureau Equifax in 2017 resulted in the loss of sensitive information on hundreds of millions of people – information that cyber criminals could sell and exploit or that state-sponsored hackers could use to build significant intelligence databases. The recent breach of SingHealth, Singapore’s largest group of healthcare institutions, is a further reminder that all data remains vulnerable to theft and exploitation. As Qatar seeks to drive its Vision 2030 through the TASMU Smart Qatar Program – with a main focus on digitizing the transportation, logistics, healthcare, environment and sports sectors – associated wider government and industry digital databases will become new and lucrative targets for hackers.
- Using ransomware to disrupt economies
The threat of ransomware, a popular cyber criminal tool for several years, is continuing to evolve. Indeed, the threat today encompasses both individuals and economies. At the individual level, ransomware campaigns are still generating substantial revenues for hackers. More threatening, however, are scenarios where hackers attack government or industry networks – potentially crippling operations. For example, in the United States this year, the city of Atlanta was hit with the SamSam ransomware, forcing portions of the city to revert to managing business operations on paper. Indeed, some estimates suggest that the average business in the region could face costs of up to USD $1 million per incident from ransomware attacks targeting their networks. At the same time, The Ministry of Transport and Communications (MOTC)’s Qatar National Information Security Center (Q-cert) issued guidance and advisories to entities and institutions in Qatar to be aware of ransomware malware.
- Targeting high-profile events
Lastly, large events draw not only large crowds, but also the attention of hackers. The two biggest events of 2018 to-date – the Winter Olympics in South Korea and the FIFA World Cup in Russia – both witnessed a significant volume of cyber attacks: an attack at the Olympics caused disruptions at the opening ceremony while Russia claimed to face 25 million cyber attacks during the course of the World Cup. Similarly, the 2022 World Cup in Qatar could potentially draw similar levels of attention – to both the World Cup itself and Qatar broadly – from hackers.
Leave A Comment
You must be logged in to post a comment.