They can stall operations, destroy your company’s image, and cause expensive legal action — cybersecurity threats. The more technology your business relies on to support the market demand for your services and products, the greater your cybersecurity exposure becomes.
Let’s analyze the top three cybersecurity threats that companies in the Middle East had to face in 2020.
Hackers Are Targeting Industries that Store Sensitive Data
Cybercrime is flourishing in the Middle East. In 2020, the average cost of a data breach was $6.52 million per company, according to a study by the Ponemon Institute and IBM. To put it in perspective, the global average cost of a data breach was only half as much, i.e., $3.86 million.
In 2019, data breaches cost the companies in the Middle East $5.97 million on average. The year-to-year increase in severity is staggering.
Furthermore, the most targeted industries include:
- Financial services
Here are the most common cyberattack types in the Middle East.
Phishing attacks are wreaking havoc in the Middle East — there were 973,061 phishing attacks in 2020 alone.
Consequently, in October 2020, a series of phishing attacks redirecting users to a malicious copy of Netflix website rocked the region.
Once on the site, users would input their credentials to log in, but the logging information went directly into the database of hackers behind the scam.
If the targeted Netflix subscribers used the same credentials on other websites, e.g., social media, hackers could obtain highly sensitive data and information for extortion purposes.
With access to logging data, malicious actors can also use the credentials to create email schemes to steal money.
What to do:
- Never use the same password for different websites and services. Also, consider using different logins and even email accounts when signing up.
- Ensure all services you use have built-in two-factor authentication. This way, even if someone steals your credentials, they won’t be able to break through the additional layer of protection.
Note: An SSL certificate used to be a gold standard in identifying a legitimate site from a scam. Unfortunately it’s no longer the case. Roughly 50% of phishing websites now have an SSL certificate — which means the address of these websites begins with https:// (and has the familiar padlock). Hackers are growing increasingly sophisticated in their attempts to mimic legitimate sites.
Ransomware is a form of a cyberattack where hackers encrypt corporate data and render the company’s systems inaccessible for employees.
As such, the hackers not only paralyze critical company IT infrastructure but also threaten to publish all the sensitive data if the company doesn’t pay the ransom.
In the first half of 2020, there were almost twenty major ransomware attacks on the companies operating in the Middle East.
In January 2020, Oman’s largest insurance company was a victim of a ransomware attack, with an undisclosed amount of data affected.
What to do:
- There’s no 100% successful method to defend against ransomware attacks. However, you should monitor the dark web to see if your company isn’t discussed as a potential target.
- Regular intelligence reports can significantly improve the security of corporate assets and sensitive data.
- Monitor all traffic on the internal network to spot any suspicious activity.
- Keep software and firmware up-to-date and patched. That includes your remote workforce’s setup.
- Train your staff to recognize suspicious emails.
- Perform regular offline backup copies of all important data.
Data breaches are a plague, generating huge losses for businesses. One of the main methods behind data breaches is the use of stolen credentials (i.e. obtained through phishing sites).
But there’s a slew of other tools that let hackers conduct account takeover attempts. In fact, even beginning hackers can obtain and use these tools with relative ease.
Some of the methods behind data breaches include credential stuffing, brute force, and account checking.
It would seem that companies have little to say to protect themselves against such targeted attacks. However, malicious activity amounts to only half of all data breaches — meaning strong security practices implemented across all company assets can help keep your business more resilient.
What to do:
- A large percentage of data breaches happen because of human error. Training your employees in cybersecurity awareness is therefore critical to keeping your company resilient.
- Ensure all third-party service providers and vendors have high-quality security measures implemented. This will help you significantly decrease the risk of a cyberattack by way of a third-party.
- Use security-rich software solutions for business-critical operations such as board meetings. Data encryption (including during transmission), multi-factor authentication, role-based access control, verified service vendors (e.g., a trusted cloud-service provider), are an absolute must.
Protect Your Company from Cybersecurity Threats
The growing economy of the countries in the Middle East is spurring an increase in cyberattacks. Malicious actors are exploiting vulnerabilities on an unprecedented scale.
Needless to say, the cybersecurity awareness among staff and business leaders should go hand in hand with the rapid expansion of the cybersecurity threat landscape.
A coordinated and multi-faceted effort is required to protect company assets from malicious actors. Encryption, tested and trusted software, threat intelligence, and ingrained cybersecurity hygiene among staff will help your company navigate these increasingly treacherous waters.