The surface footprint of cyber attacks has increased since the COVID-19 pandemic.

Inayat-ur-Rahman, Deputy Business Editor

Cybersecurity Ventures research states that cybercrime will cost the global economy $6.1 trillion annually by this year, making it the world’s third largest economy. Since the graph of cybercrimes is going uphill and not showing any signs of slowing down, individuals and industries are at equal risk of cyber-attacks making it important to be alert at all times.

According to the ResearchAndMarkets.com, the cybersecurity market in the Middle East & Africa was valued at $1.9 billion in 2020, and it is expected to reach $2.9 billion by 2026 and register a compound annual growth rate (CAGR) of 7.92% during the forecast period of 2021-2026.

The number of attacks has gone up considerably since the outbreak of COVID-19. UAE being one of the leading economies in the Middle East has become the prime target for malicious actors making it one of the most affected countries in the region, accounting bulk of the COVID-19 themed attacks in GCC.

This was stated by Anand Choudha, CEO and President at Spectrami, during an exclusive with Gulf Today on Friday.

Anand Choudha

“Even the head of UAE Government Cyber Security, Mohamed al-Kuwaiti also highlighted that the country has seen an “at least 250% increase” in cyber attacks in 2020.”

“The surface footprint of cyber attacks has increased since COVID-19 hit the UAE, which has completely changed the cyber security scenario in the country,” Anand added.

 “Prior to COVID-19, most organisations had people working within a defined perimeter and had controls to protect in that infrastructure; but what we have seen post COVID is that workers started remote working and they had to log on remotely using their personal devices.

“So, within a short amount of time businesses had to evolve to support a huge amount of remote workers and when you go for such a drastic change, it obviously leaves a gap.” He added.

“From an attacker perspective this was a Golden opportunity to exploit the vulnerabilities because the window of exploitability increased manifold with many potentially unsecured assets accessing data.”

 “The security team of most enterprises had to work double or overtime to make cyber security predictable and reduce the surface area of attack and subsequent breaches. We are also seeing increased attacks by nation states.”

“The bottom line is that the stakes are higher than anytime and it’s going to be some very interesting months for cyber security as the new normal kicks in and cyber security tries to keep pace with the changing business environment.”

Answering to a question about the attacks, Anand mentioned that they have seen different kinds of attacks carried out in the past one year.”

“Right from very sophisticated nation state attacks to increase footprint of mobile attacks and also growth in zero day attacks, but probably without exception the most common attack vector was which was seen was business email compromise via phishing attacks.”

“We saw a drastic increase in both the sophistication and the volume of attacks and organisations have struggled to keep up to protect against the volume and advanced vectors. Essentially the signal to noise ratio has amplified exponentially. Phishing is typically the first phase of a larger compromise and either through malware or non-malware getting access to unsecured machines which leads to larger attacks. Also, attacks on mobile devices in enterprise organisations have increased.”

Regarding the key reasons that government and enterprises are the prime targets for cyber attacks, he elaborated that data is the new oil, adding that he think the most important aspect is with businesses moving digitally it is a no brainer that you see government and enterprises are prime targets for cyber attacks.

“The motives behind these attacks is mainly to cripple infrastructure and bring down critical services to disrupt the economy and a number of attacks target financial gains.” “There are different vectors which have contributed for the increasing cyber attacks but two key would be a financial gain financial motivation by certain actors and second is by nation states to gain access to sensitive information within non friendly countries.”

“At a strategic level the board members of these organisations need to be more cognizant of cyber security. Organizations need to give more budget to cyber security and maybe have a dedicated board member advising them on cyber security.”

“Business needs to support cyber security as a function and at a tactical level keep on investing in people, process and technology and keep a lookout on new threats. As defenders you have to be successful every time to thwart attacks, while attackers have to be successful just once; so it’s a very asymmetrical battle.”

“ The worst thing anybody can do is to get complacent thinking since they have not been attacked in the past, so they will also be not attacked in the future.”