Putting the Middle East on alert

Organisations in the Middle East show a varying degree of awareness and maturity when it comes to data security, but they can no longer rely just on traditional solutions and reactionary approaches

Tags: ComguardCyber crimeDDoSKaspersky LabSymantec CorporationWestcon Group Incorporationhelp AG (www.helpag.com/)
  • E-Mail
Putting the Middle East on alert Recent targeted attacks on organisations in the Middle East have increased awareness of the need to properly protect IT infrastructure.
By  Keri Allan Published  November 14, 2012

Organisations in the Middle East show a varying degree of awareness and maturity when it comes to data security, but they can no longer rely just on traditional solutions and reactionary approaches.

Targeted cyber attacks have been growing steadily in the Middle East during the last two years, with specialist organisations warning companies in the region that the threat landscape has changed. Flame, Gauss and Stuxnet are just three examples of the more sophisticated attacks, all highlighting the rise in the intelligence and complexity of cyber warfare.

The world is now a very small place - the reach of the Internet is global. As a result, we all face the same kinds of threat. However, there are differences in the level of awareness of malware and its uses.

“In Europe and North America, where IT has formed a key part of business for longer, there is a greater experience of threats and the security measures needed to combat them, compared to the Middle East and other areas of the globe. This is one of the reasons why countries in the Middle East figure regularly in the ‘high risk’ category in our quarterly reports,” explains David Emm, senior regional researcher, Kaspersky Lab.

These latest attacks have acted as a wake-up call to the region, as Nicolai Solling, director of Technology Services, help AG highlights: “There is a strong trend in the region to improve security, for example demonstrated by the ADSIC initiative in Abu Dhabi and the increase in ISO/IEC 27001 certificates in UAE and other Gulf states,” he notes. “There is also a growing awareness about security, demonstrated by security conferences and courses, which are always well attended. More and more organisations are realising the need to be protected as information is the lifeblood enabling them to offer their services.”

The issue of lack of market maturity, however, is playing a role in the management of security threats.

“Recent attacks have put companies in the Middle East on alert and underscored the importance of information protection and management. However, organisations across the Middle East have varying levels of maturity when it comes to managing security threats,” says Bulent Teksoz, chief security strategist, emerging markets, Symantec.

“Larger enterprises are generally more aware; however, board-level initiatives are required. Small and medium-sized businesses (SMBs) are increasingly targeted for both their typical lack of security as well as their connections into larger companies that might offer less secure access to those companies. Ultimately, any company that is vulnerable is worth attacking.”

Lakshman Nalvade, divisional manager, Westcon Security, says there is still a degree of complacency in the region: “Most organisations still believe they are not a potential target, and their current security measures are enough to protect them. The truth is that many organisations don’t know that they are the victim of cyber-attacks, while some know they have been attacked but fear to admit it because of reputation.”

Clearly, awareness has grown but is it translating into action? To an extent, yes, but there is still a long way to go.

“Actions can be defined in the preliminary stage, as several companies have started looking at available options in the market and some are evaluating these options. But it’s still a long way to go,” says Mohammad Mobasseri, senior vice president, Comguard.

“Certain organisations have taken actions to enhance incident detection mechanisms and to increase their defensive abilities against cyber attacks. Those are typically the organisations that have been breached and had to deal with the negative impact, so they have learned from their experiences,” notes Alaa Abdulnabi, regional pre-sales manager Turkey, Emerging Africa and Middle East at RSA.

“However, many organisations are still in denial mode in the hope that what happened to others won’t happen to them and that is a big concern. Those organisations need to realise that no one is safe and it is only a matter of time, so they need to learn from others experiences and react quickly to enhance their security posture.”

Jason Mical, director of Network Forensics at AccessData, can see that organisations are actively seeking ways to defend their information assets, but he believes that in many cases cyber security personnel, and even analysts, are still focused on traditional technologies and processes. These he believes have serious limitations.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code