Targeted attacks increasing in Middle East IT sector

IT threats are constantly evolving, meaning companies attempting to secure IT systems against these attacks have a regular struggle to stay ahead of the game. The latest trend in IT cybercrime appears to involve more specific attacks.

"Targeted attacks are very different to the other more common scams in that the attackers often do not know exactly what they're looking for but target specific persons in an organisation who they believe have access to information that could be of value. As such, these are less likely to rely on sporting events as a social engineering hook, but could be disguised as financial or stock market reports that could interest a chief financial officer, for instance," comments Kevin Hogan, senior director, development, Symantec.

Other firms involved in IT security have also noticed the change towards this form of threat. "We are really starting to see now huge increases in targeted attacks. Previously, mainly there were mass attacks and people trying to affect huge number of users, but right now even here in the region, we have seen an increase in the number of targeted attacks," says Tarek Kuzbari, managing director, Kaspersky Labs Middle East.

New IT technology causing attitude change

A number of new technologies are also presenting challenges to the IT security industry. One of which is the introduction of consumer products into businesses' IT systems. "The growing trend of non-company owned devices that are connected to the enterprise network, both locally and remotely, is a major challenge. McAfee R&D team is modifying its protection tools and strategies for hand-held devices such as BlackBerry, iPhone, and Nexus One," explains Essam Ahmed, team leader system engineers, Mena.

Of the attacks which are not targeted, most now seem to latch onto current events in order to attract the attention of potential victims. Events such as the FIFA World Cup and the London Olympics 2012 have been used in emails containing viruses, in order to coax a user into opening it.

Another challenge to the industry comes with the increase in popularity of cloud computing and services. "As data moves into the cloud, security services will become even more important, and a company's ability to dig in and inspect data moving on and off corporate networks will become increasingly critical," says Ahmed.

Data loss being taken into account

Another issue coming more sharply into focus for the IT industry is the need for data loss prevention. Bulent Teksoz, regional technology manager at Symantec, believes this is of huge interest to the sector right now. "Data Loss Prevention is a big topic right now. Companies want their confidential data to be secured, but with limited resources, they don't know where to begin. One common mistake is trying to build DLP solution in every piece of data they have."

"That is both resource and time consuming, a DLP solution must be well-thought out before the deployment and start with discovery phase, finding confidential data wherever it is stored. Then there is monitoring the confidential data, putting protection around it and managing with a unified policy across the enterprise," Teksoz adds.

As technology becomes more advanced, so do the threats against IT security. Those tasked with ensuring this security, believe the answer to the ongoing problem ultimately lies in the attitudes of the end user. "Security companies will continue to enhance the protection they offer users against the threats posed by these criminals, but the real answer lies in ongoing user education," concludes Hogan. "Creating a pool of savvy users is the surest and fastest way to hit the criminals where it hurts most - their profits."