A majority of companies in the UAE and the Gulf are not even aware that they have been attacked by cyber criminals.
This was revealed by several key officials participating in this year’s Gulf Information Security Expo & Conference (GISEC) which started in Dubai on Monday.
According to experts, the number of ignorant victims could be almost 90 per cent of the overall affected.
The recently published Microsoft Security Intelligence Report points out that in countries such as Bahrain, Kuwait, Oman, Qatar, Saudi Arabia and the UAE, the infection rates of 10 to 12.9 computers per thousand is nearly twice the worldwide average for infection rates.
According to a recent survey result by PricewaterhouseCoopers banks and other financial institutions continue to remain the number one target both globally and across the region.
Its 2014 Global Economic Crime Survey points out that 39 per cent of financial sector respondents said they had been victims of cybercrime, compared with only 17 per cent in other industries.
As Nicolas Solling, Director, Technological Services at Help AG, a German IT security solutions provider with offices in the UAE said, a lot of companies here do not know that they are attacked simply because there is no visibility into the security events that is happening in their networks and sometimes the events are very difficult to detect
“We actually know that because studies have shown that it has taken almost six months for other people to actually tell them that they have been breached. During these six months the company is living in happy ignorance that nothing has happened. I would say very high percentage of companies fall into this category.”
According to him, there are two types of attack the one that takes services out of production in what is known as the denial of service. “That’s easier to spot as the results are immediate. It is the other category related to espionage such as industrial espionage and state sponsored espionage that gets tricky and very difficult to spot for normal companies.”
He also pointed out that most often companies or customers have no interest in communicating that they have been breached.
“We as normal media only hear about high profile information like when Target is attacked and eBay loses credit card details. Most other cases are never heard of unless there is a leak,” said Solling.
As Niraj Mathur, Security Practice Manager at Gulf Business Machines (GBM) said, stricter cyber laws could prompt the companies to disclose as and when they get to know that they are attacked. “There is no such initiative in the Middle East to encourage this. Usually, the news is leaked out either by an insider or the management itself decides to come out and make it public, which is really rare,” he said.
According to him, while banks and oil and gas installations are known to be high among the targeted forms, the ones that are underestimated are retail. “Most of our financial data including details of our debit and credit cards are stored by even small and medium retail outlets,” he said.
Gunnar Siebert, CEO of iSpin MEA, notes that companies that want to be insured against security breach do not even have the option to get themselves covered here as there are hardly any agencies that are offering the facility. “The service is widely prevalent in major markets like US, Europe and Japan. But it is yet to be made available here. That is one area where there is a massive potential,” he said.
Follow Emirates 24|7 on Google News.