Cybercrime Challenges in the GCC

GCC governments need to do more to fight cybercrime, says Megha Kumar of IDC

Tags: BahrainCyber crimeIDC Middle East and AfricaKuwaitQatarSaudi ArabiaUnited Arab Emirates
  • E-Mail
Cybercrime Challenges in the GCC GCC countries need more collaboration on cybercrime, and more efforts to fight software piracy, says Kumar.
By  Megha Kumar Published  May 6, 2010

Securing information assets has been a major concern for businesses in the GCC for many years. As organizations in the region increasingly do business with global partners and customers, they have become particularly sensitive to security threats. Rapid improvement in Internet penetration and use among households and businesses, has also increased vulnerability. The increased concern is reflected in the growth in spending on IT security software by all sectors in the GCC which topped $280 million in 2008 - a nearly two-fold increase from 2005.

However, IT security concerns are no longer limited to corporations looking to secure their data or networks. It is now emerging as a key concern for governments as well. As countries in the region experience improved connectivity levels they are increasingly becoming targets for cybercrimes, which have been growing both in sophistication and frequency, regardless of the economic environment. These crimes can range from identity thefts to massive bot-net attacks, where zombie computers are used to transmit viruses, spam or create denial-of-service attacks. Cybercriminal activity is now becoming more organized and financially motivated - as seen from the sharp increase in online scams and illegal financial transactions. The avenues by which attackers target users has now diversified with them taking advantage of vulnerabilities in social networking platforms, web browsers and hosting sites to gather confidential corporate or personal information.

The GCC countries have been victims of such attacks in the past. Hacking of ATMs of several banks, the ‘Ghostnet' attack that affected computers in Bahrain and Kuwait in 2009 and defacement of some websites of publications are a few examples.

The banking and financial services sectors have been investing significantly in access and authentication solutions to protect customers from identity theft. Telecommunication service providers have also invested in network and content security solutions to protect their customers. However, protection against cybercrime cannot be the sole responsibility of organizations in industry. Governments need to take a greater interest in cyber security.

The internet in the GCC countries is heavily monitored and filtered especially for content that does not adhere to the social or political sentiments of the region. In a similar manner, governments need to proactively secure the countries against cybercrimes. Large scale attacks can even bring down government services and cripple telecommunication networks, leading to severe losses to both business and home users. Most GCC countries have drafted cyber laws but very few offenders have been prosecuted under these laws. The laws have rarely been modified since their release. Countries such as the UAE, Saudi Arabia and Qatar have been more proactive than others - setting up national agencies such as computer emergency response teams (CERT), establishing a special task force to fight cybercrime, launching campaigns to increase public awareness on IT security and launching parental controls for internet usage. GCC governments will need to collaborate both at a regional and international level to tackle this menace as cybercrime is not bound by borders.

Another major challenge in securing IT environments is the prevalence of software piracy in the region. Software piracy stands at an average of 50% in the region (2008 BSA-IDC Global Piracy Study). Pirated software is usually more susceptible to viruses, malware and trojans and is commonly used by organizations and individuals in the region. Software that has been manipulated or cracked can essentially provide backdoor entry for hackers or bot-nets and cause havoc across networks. The pirated software being bought is not limited to games, operating systems or office applications but also includes security software. Users often refuse to pay to upgrade the trial editions of security software that are pre-installed on their PCs and opt for pirated security software instead, which leaves the user more vulnerable to attacks.

Piracy has been addressed in a more proactive manner by governments in the GCC, due to pressure from major vendors and anti-piracy organizations in the region. GCC countries have under taken several steps to bring piracy levels under control; however, much more needs to be done.

The economic crisis, unfortunately, could drive cybercrime and piracy as governments de-prioritize cybercrime and piracy to focus on financial and political challenges. It is important that governments address cybercrime and piracy with renewed vigor during the current economic situation. Greater efforts to educate both consumers and enterprises on the benefits of security policies and regulations and legitimate software will not only create a more sustainable business environment but also safeguard individuals and households.

UAE, Saudi Arabia and Qatar, in particular, have been striving to position themselves as attractive centres for doing business. In order to enhance their attractiveness, it is imperative that they improve regulation and implement processes to better protect business and consumer assets from cybercrimes.

As the GCC region recovers, the governments will need to ensure not just political and economic stability but also digital stability to sustain growth levels.

Megha Kumar is senior analyst, software services, at IDC MEA

3197 days ago
Samir Pawaskar

Agree in totality. The region has to take aggressive steps in this direction. Although a few of them do have some sorts of cyber crime legislation in place others are still raw... But having reached the first step they need to ramp up on the apparatus that will implement this law ... digital forensics etc..... Samir Pawaskar

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code