Home / / Cyber-attacks a question of 'when, not if'

Cyber-attacks a question of 'when, not if'

Middle East energy firms in particular facing increased risk of cyber-attacks, says Juniper

Cyber-attacks a question of 'when, not if'
Pickering said that Middle East energy firms in particular were facing increased risks from cyber-attacks

Businesses in the Middle East, particularly in the energy sector, should be thinking in terms of when they fall prey to cyber-attacks, rather than if, according to Adrian Pickering, vice president of the MEA region at Juniper Networks.

Pickering explained that, due to the Middle East being a region rich in fossil fuels, attacks on oil, gas and energy firms are becoming widespread. As an example, he highlighted the recent threat made on Middle East energy firms by hacktivist group Anonymous. The group promised a cyber-attack on or before 20 June.

"With many petrochemical firms in the region being state owned, these threats against companies are putting governments, the economy, as well as citizens, at risk," he said.

Pickering said that these firms are even more at risk now because of a "fundamental asymmetry" created by the passive nature of traditional security defences. These defences, which he described as the ‘castle and moat' strategy, involve investing in large security stacks to block perimeter attacks. However, he said that this strategy should be discarded because cyber-attackers will eventually find a way into a corporate network.

"The ‘castle and moat' approach is ineffective at stopping modern attacks because it makes the perimeter the single point of failure and all attackers need is a single breach to achieve their objectives," he explained.

However, Pickering warned against going too far in the other direction - i.e. returning assault or taking action against attackers. He said that this route would simply lead to greater escalation, and would also be swamped with ethical concerns. Instead, he explained that enterprises needed to reach a medium ground that he described as ‘active defence'.

"A better approach is active defence, which looks to actively disrupt attackers when they are attempting to attack an organisation's infrastructures, but without crossing the line and risking retaliation," he said. 

"Active defence focuses on identifying and disrupting attackers once they set foot on a company's digital property, but not pursuing them out into the public domain."

To adopt active defence, Pickering called on all types of organisations - from the security industry and government to enterprises and legal bodies - to come together to establish new norms of engagement. He said that organisations such as the Dubai Centre for e-Security was a positive step in that direction.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.