Cybercrime appears to be the second most common form of economic crime in the Middle East; Read on to find out how the cyber-security services and laws help you brace against cybercrimes.
A study by Cisco’s Middle East ICT Security Study 2014 noted strong adoption of smart devices in the MENA region, which is set to grow from 133 million in 2014 to 598 million in 2018.
And, we can see the implications.
Cybercrime is the second most common form of economic crime reported in the Middle East though it is the fourth most common form of economic crime globally, says a recent PricewaterhouseCoopers’ (PwC) 2014 Global Economic Crime Survey; implying that technologically sophisticated fraudsters are on rise.
Increase in digital applications and Internet adoption also means more complex security threats. The Middle East Businesses are at high risk; with more than 65% of employees glossing over or undermining the security risks of using personal devices in the workplace, noted the Cisco’s study.
Quantifying the cost of cybercrime is difficult because factors such as interruption to operations, loss of business, damage to brand and impact on safety systems are difficult to fit in any mathematical calculation.
Cybercrime costs the global economy about $445 billion every year, according to a report from the Center for Strategic and International Studies (CSIS) released this month. It also confirmed that the losses could range between $375 billion and $575 billion.
An approximate amount lost due to cybercrime in the Middle East may vary between USD 1 million and USD 100 million annually, said the PwC 2014 Global Economic Crime Survey.
The countries where most of the cybercrime financial services occurred between 2012 and 2013 included the UAE, Oman and Lebanon, the PwC report added.
Cybercrimes are so fast that even before the victims realize the attack, the loss is already done. An irony is that the very technology that the victim organizations rely on to safeguard their data becomes the tool against them by sophisticated criminals.
“Cybercrime syndicates are now using even more sophisticated attacks to defence systems put in place by organisations and nations and these need to be tracked accurately with robust defence mechanisms against these syndicates,” said Mohammad Abbas, the Chief Security Officer of Bank Al Habib, a Pakistan-headquartered bank with branches in the GCC at the Gulf Information Security Expo and Conference (GISEC) 2014.
Statistics reveal attacks on the rise
In the Middle East, Saudi Arabia recorded the highest total number of local and online malware detections, closely followed by the United Arab Emirates in the first quarter of 2014, according to a report by Kaspersky Lab based on data from Kaspersky Security Network. Additionally, it mentioned that Bahrain and Lebanon were the safest countries with lowest threat levels.
More than 34.9 million cyber-attacks and malware infections on computers and mobile devices, representing an increase of almost 10% year-on-year (2013’s figure was 31.6 million) were neutralized by the Kaspersky Lab products in the first quarter of 2014. About more than 7 million of these cyber-attacks came from the Internet, while the remaining came from local sources such as USB drives and DVDs.
Furthermore, Saudi Arabia recorded greatest number of incidents, 9.8 million attacks. Of these, about 80% were local threats, 43.8% on USBs, DVDs and local networks, while 28.1% were online threats.
UAE followed with 8.7 million attacks, with 1.97 million online threats (42.6% local threats).
Other regions within the Middle East reported similar incidents, though of lesser magnitude. Iraq had the region’s highest percentage of web threats (35%), whereas Egypt had the highest local infection (51.3%).
The safest countries in the Middle East in terms of IT threats were Bahrain and Lebanon. They had the fewest malware detections: 17.7% and 15.3% Internet-borne threats, respectively.
The PwC survey indicated that most common targets of cyber attacks in the Middle East are applications, networks, systems, mobile devices, removable storage devices, and data held by third parties.
“While mobile and financial malware, distributed denial of service, web threats and advanced persistent threats are becoming more popular among cybercriminals, removable media and local networks are still the primal sources of IT dangers for users in the Middle East. Companies and home users should be aware of those risks and to care of their data, using comprehensive solutions to keep safe,” said Ghareeb Saad, Senior Security Researcher at Kaspersky Lab.
“Online offences such as money and identity theft are the most common and profitable strategies used by cyber criminals,” said Abbas.
As cybercrime is ‘international’ or ‘transnational,’ it often challenges effective implementation of domestic and international laws. As well as lack of well-defined cybercrime laws only help cybercriminals to take advantages of the less severe punishments or difficulties of being traced.
Recently, the GCC authorities issued a new cybercrime law to address the rise in electronic crime. The law includes provisions and punishments on crimes such as credit card frauds, internet crimes, cyber terrorism, viruses, hacking, system interference, illegal access and interception, and so on.
The UAE prides in having the most detailed and comprehensive cyber-crime law in the Arabian Gulf and wider Middle East. The UAE-Law No. 5 of 2012 (Combating Information Technology Crimes) replaces the earlier Cyber Crimes Law 2006 and provides for a range of new offences, including offences intended to address the UAE’s obligations to international treaties.
The latest law sets out significantly higher penalties and for the first time, a full range of known cyber offences have been codified, along with the sentences.
Cyber security market is growing 10% year-on-year globally, and is estimated to be worth $66 billion in the next decade, while for the Middle East, the market size is expected to cross $25 billion mark, according to Guy Meguer, General Manager in Middle East for CyberSecurity at Airbus Defence and Space, during the second edition of GISEC in Dubai recently.
The pace of technological change is one of the greatest cybercrime risks; sophisticated hacking groups make use of the most advanced technological and keeping pace with their advancement is the real challenge for the professionals and organizations operating in digital ecosystem.
“Our experience has been that the level of sophistication employed by determined cyber criminals in the Middle East is as high as anywhere in the world. The persistency which hackers employ and the simple vulnerabilities they exploit present a real danger to Middle East organisations, whose staff may be the subject of cyber attacks and, knowingly or unknowingly, give away sensitive information or allow IT control breaches to occur. Combating this requires much broader planning than just IT security,” said Dean Gilbert, Head of Forensic Technology, PwC.
Well, that’s not the end. Cybercrime and cybersecurity form an infinite loop; each one trying to outwit the other.