Complex Made Simple

GCC businesses not ready for new global cyber-threat levels

Worldwide cyber attacks are fewer, but far more targeted and effectual now, according to symantec research

As global cyber-attacks increase in complexity, GCC businesses must prepare themselves for newer and more advanced threat levels, warns Dubai-based IT consultancy, Condo Protego.

The recently published 2015 Internet Security Threat Report (ISTR) by Symantec, a global leader in information protection technology, found that despite a 14 percent decrease in malicious e-mails, and 20 percent fewer targets, highly targeted spear-phishing attacks rose by eight percent in 2014.

In the UAE alone, targeted attacks rose 400 percent in 2014, from less than 1 percent of the global total, to almost 5 percent. Furthermore, the average response time from companies increased from five days in 2013, to 59 days in 2014. These findings confirm increasing intelligence of cybercriminals, and the difficulty faced by organizations to effectively protect their data against such sophisticated attacks.

“While cyberattacks are becoming increasingly complex, many GCC business information security strategies are still limited to basic defence tactics, and, thus expose businesses and stakeholders to high risk,” said Savitha Bhaskar, Chief Operating Officer of Condo Protego.

According to the ISTR, 2014 experienced 24 zero-days, the highest in history. The top five of these resulted in 295 days of attacks before organizations were able to react. Non-targeted attacks also increased by 26 percent throughout the year, with the release of 317 million new pieces of malware.

Cybercriminals continue to improve their attack strategies by acquiring new techniques to avoid detection, and using corporate infrastructures to help breach security. These advancements in their methods have led to an increased number of attacks on larger organisations. According to Symantec, 5 out of 6 large companies were attacked by skilled hackers in 2014, representing an increase of 40 percent from 2013.

“Cybercriminals are looking for information that has monetary value, and can be sold. To extract this potentially dangerous data, rather than approaching large enterprises that are likely to have high security measures in place, cybercriminals are attacking the smaller companies that have access to this information, and limited budgets for security measures, including vendors and partners. It is very important that businesses of all sizes are well protected against both direct and indirect cyberattacks, and that large organizations carefully evaluate the security measures of vendors and partners,” added Bhaskar.

According to experts at Condo Protego, the threat of cyberattacks is now even larger than ever, as Internet of Things (IoT) developments emerge amid regional smart city initiatives. The increasing quantity and value of data being generated is being recognized by cybercriminals, further putting organizations in the region at risk.