Counting the cost of Middle East cyberattacks

Special Counting the cost of Middle East cyberattacks
1 / 2
Cybercrime is becoming the preserve of governments and hacktivists, rather than lone wolf criminals. Saudi Arabia and the wider Gulf region are increasingly bearing the brunt of this “fifth military domain.” (Shutterstock)
Special Counting the cost of Middle East cyberattacks
2 / 2
The global oil industry has become a regular target of hackers. (Shutterstock)
Updated 08 September 2019

Counting the cost of Middle East cyberattacks

Counting the cost of Middle East cyberattacks
  • Riyadh hosts the seventh Middle East and North Africa (MENA) Information Security Conference on Sept 8 & 9
  • Size of the Kingdom's cybersecurity market is projected to swell to $3 billion this year

DUBAI: As Riyadh prepares to host the seventh Middle East and North Africa (MENA) Information Security Conference, the focus is on both the human capital and the technological investments required by regional institutions to defend themselves successfully from cyberattacks.

The title of the conference, “Cyber Space, The New Frontier: Deception, Orchestration and Blackholes,” may conjure images of intergalactic supervillains, but the objective is fairly down to earth: To enhance connectivity and networking among senior regional cybersecurity professionals.
Companies and organizations in the MENA region neglect information security at their peril. Saudi Arabia’s cybersecurity market alone is expected to grow to $5.5 billion by 2023, as the Kingdom upgrades its information-technology infrastructure to combat increasingly frequent cyberattacks.
A report, titled “MEA Cybersecurity Market Forecast to 2023,” predicts the market will swell to $3 billion in 2019.
“The professional services segment of the cybersecurity market is projected to grow to $1.4 billion by 2023,” said Samer Omar, CEO of the MENA Information Security Conference 2019.
In the same period, Saudi Arabia’s large enterprises segment, and small and medium enterprises segment (SMEs) are respectively projected to grow to $3.4 billion and $2 billion, driven by increases in their adoption of advanced cybersecurity solutions.
The Kingdom’s size, wealth,  digitalization of government services and geopolitical prominence make it a prime target for all types of cyberattackers, from hacktivists and cybercriminals to nation-state intelligence-gathering and offensive information warfare operations.
According to the International Telecommunication Union, it ranked first regionally and 13 out of 175 countries in the Global Cybersecurity Index for 2018.
“As the world gets more and more interconnected and we become increasingly dependent on technology, the threat landscape is broadening and creating more opportunities for attackers,” said Mark Leveratt, cybersecurity advisor to the Defense Services Marketing Council in Abu Dhabi. “This is leaving individuals, organizations, governments and nations increasingly vulnerable to cyberattacks.”
Omar, who has more than 24 years of experience in the cybersecurity industry, says cybercrime is no longer merely about a solitary hacker; it involves highly organized and trained groups and underground organizations serving specific objectives, especially political ones.
To combat such threats and limit their adverse effects, he says, users need to be fully aware about the importance of preserving their data and systems, and of heeding security advice and guidance.


$5.5bn - Projected size of Saudi Arabia’s cybersecurity market by 2023.

$3bn - Projected value of cybersecurity market in 2019.

13 - Saudi Arabia’s global rank out of 175 countries in Global Cybersecurity Index 2018.

$6tn - Projected global cost of cybercrime by 2021.

Leveratt concurs, saying that most cybercrimes are committed by organized groups, whose methodologies, tactics, techniques and procedures keep changing to take advantage of the vulnerabilities in software and hardware for financial gain.
“Nation-state cyberespionage and offensive cyberwarfare are also on the increase, with several well-documented incidents in recent years,” he said. “Cyberspace is now widely considered the fifth military domain.”
Experts say cybercriminals are learning to monetize their efforts more effectively through ingenious and disruptive methods, in addition to embracing the latest developments in artificial intelligence and machine learning to make their attacks more powerful.
“Mobile platforms are one of the fastest-growing targets for cybercriminals. Cybercrime is today a massive industry and one of the world’s most lucrative activities,” Leveratt said. “Cybercrime pays. The comparative return on investment is exponential and it can act as a massive force multiplier and level the playing field for less militarily advanced nations.
“Overall, organizations are improving their cybersecurity strategies, but it is not enough to keep pace with the rapidly changing threats and risks imposed by new technologies.
“To put that in context, some governments are considering allowing the use of nuclear weapons in the fight against cybercrime.”
According to Kaspersky Security Network, an average of 27.3 percent of all users in the MENA region were affected by web-threat incidents during the first quarter of this year. Saudi Arabia had the highest number — 35.9 percent.
“With more complicated and evolving technologies in all sectors, hackers today are using innovative tools to match the advances and achieve their objectives, from financial crime to data theft and cyberespionage, to target both individuals and enterprises,” said Maher Yamout, senior security researcher at Kaspersky Lab.
“Gulf Cooperation Council  countries hold the largest proven crude oil reserves in the world, approximately 495 billion barrels, which represents almost 30 percent of the world’s total and is categorized as the largest producer and exporter of crude petroleum. This makes the oil and gas industry an critical regional asset, which makes it a lucrative target for cybercriminals.
“It is estimated that cybercrime could cost the world about $6 trillion by 2021, which is more profitable than the global trade in illegal drugs,” said Muhammad Khurram Khan, founder and CEO of the Washington-based Global Foundation for Cyber Studies and Research.
“Saudi Arabia, due to its geopolitical and strategic importance regionally and internationally, has become a key target of cybercriminals.”
In recent years, state-sponsored adversaries have launched serious cyberattacks with elaborate planning on critical infrastructure and government departments of the Kingdom.
“They are also targeting the general public and local organizations, including hospitals, universities and SMEs, for financial gain by performing ransomware attacks, which have increased by almost 400 percent over the previous years,” Khan said.
Khan adds cybercrime legislation should be an integral part of the national cybersecurity strategy of every country.
“Fortunately, Saudi Arabia has developed an anti-cybercrime law that aims to secure the safe exchange of data, protect the rights of users and the internet, and defend the public interest, morals and privacy,” he said.