Cyber security is set to be a major issue in the UAE with more than 400,000 computers getting compromised in the past five years – 80,000 of them in 2009 alone – an IT security expert has said.
Dave Rand, Chief Technology Officer at IT security company Trend Micro, told Emirates Business: "This figure will get higher in 2010. According to BBC Television, 60 computers can take down one website, therefore 80,000 computers can do much more."
In a study on 106 computers that were infected in some way or the other, Rand discovered that the average period of remaining infected was 300 days. This essentially meant that the attack or infections stayed undetected for long periods.
"These are not simple viruses but bots, which self-updates and downloads components all the time," he said, highlighting the danger.
In certain cases machines stay infected for up to two years. "As normal business buying cycles happen in this period the computer just gets replaced. The problem is not solved just avoided," Rand said. Computers compromised in this manner are used for sending spam mails mostly for identity theft.
Typically businesses update security software on their systems, but according to Rand the focus should be on the behaviour of the computer and network.
"Irrespective of the kind of security software targeted, infections happen at specific individuals with access to information. An example is spearfishing, which is targeted at specific executives. A few years ago there were bots looking for press releases trying to get information before they hit newswires. This enabled stock trading," he added.
Rand cited the example of a virus that attacked coast guards looking for a particular form, which had details of containers to be inspected.
According to Rand, idle bank accounts could be targets of such attacks this year. "Schools can be a target as they have special funds dedicated to revamping premises that are never touched. In a normal audit these accounts are not looked into, which makes it easier for cyber criminals to access. This was already happening at the end of 2009," he said.
As cyber criminals do not have geographical boundaries, attacks can be launched from anywhere.
"Micropayments is another area of concern, which is going to drive the internet economy. Technology is already available for processing and when 100 million computers steal a penny it becomes a lot of money. Payments were a target, but they never took advantage of the payment as it was always the information such as credit card numbers. These were sold regularly on the internet," he said.
Rand did not dismiss the fact that the era of data theft will still be prevalent, but new trends based on micropayments will change the security scenario. "The whole underground economy will drive this growth and become a global threat," he added.
The IT security industry is presently at $1 billion (Dh3.67bn) and Rand expects at least a 10 per cent growth this year.
He expects the ISPs to play a critical role in reducing the number of infected computers. "I was working on a project with Turk Telecom and in 2006, which was the largest source for viruses, 1.79 million computers were infected every month in spite of the excellent infrastructure and high-speed network. The reason was mainly the large number of unlicensed software being used," he said.
Keep up with the latest business news from the region with the Emirates Business 24|7 daily newsletter. To subscribe to the newsletter, please click here.