Society has been moving online for some time. This shift may not always be noticeable from day to day due to its incremental nature, but when we take a step back and look at the bigger picture, the change has been immense. Very few elements of our modern lives have escaped digitisation.
From details about our employers to our personal affairs (think everything from shopping and banking to medical records tracked by apps), most of us now enter and store a wealth of sensitive and potentially valuable information across multiple devices.
While this is not necessarily a problem, it’s clear that the need to educate ourselves about how our data is stored and managed – and the measures we can take to protect ourselves and our businesses from cybersecurity breaches – has never been more important.
But are cybersecurity threats becoming more common? And if they are, what can we do to mitigate the risks they pose?
The downside of remote working
The short answer to the first question is “yes”. Cybersecurity threats are on the rise globally, in part due to a shift in attitudes towards remote working expedited by the COVID-19 pandemic. With more people than ever adopting a “Work from Home (WFH)” culture, corporate cyberattacks are at historically high levels.
This is predominantly because home networks tend not to be as secure as their corporate counterparts, which usually feature additional safety measures such as firewalls. Moreover, companies’ online activities are often monitored and supported by cybersecurity professionals, both in-house and external. Unsurprisingly, individuals seeking out such expertise remain the exception rather than the rule.
The use of employee-owned technology to complete work-related tasks also poses a potential hazard, with many workers taking a more casual approach to security on their devices than their employers would deem appropriate. Indeed, research suggests that one in 36 mobile devices has at least one high-risk app installed.
Ultimately, this leaves organisations in both the public and private sectors more exposed and vulnerable to online threats and attacks than they were before working from home became commonplace. The Middle East, for example, is currently experiencing unprecedented volumes of cybersecurity threats.
Statistics from Help AG show that the UAE saw a staggering 183% uptick in “distributed denial of service” (DDoS) attacks in the period 2019-20. Unfortunately, the global fightback against COVID-19 has done nothing to alleviate this trend, with a further 37% increase recorded during the period 2021-22.
Worryingly, the sophistication of such attacks is also on the rise. In June of this year, web performance and security company Cloudflare detected and mitigated a 26-million-request-per-second DDoS attempt – the largest attack of its kind on record.
Ransomware is another online threat that has been growing in the UAE in recent years. Hackers are now able to steal and encrypt data to prevent its use through increasingly complex extortion attempts, many of which also involve DDoS attacks.
The prevalence of ransomware rose by a jaw-dropping 435% globally in 2020 compared to the previous year. Naturally, these malicious activities can prove extremely costly. The average recovery cost for businesses that fall victim to such schemes is nearly $2 million.
Whichever way you look at it, cybersecurity is a big deal. In my opinion, the fact that the aforementioned spikes coincided with the global pandemic and the rise of remote working is far from coincidental. While I fully acknowledge that working from home can offer some advantages if employed effectively, we cannot afford to ignore the dangers that this trend poses to data security and, in turn, Gulf economies.
These dangers are placed in even sharper focus when we consider the primary industries of the Middle East. Our region is home to some of the largest oil-and-gas-producing nations in the world and, just like many others, these sectors are becoming increasingly digitised in the name of efficiency.
It’s needless to say that threats to smooth and continuous operations within the energy sector could prove catastrophic, not only for the nations that depend on the associated revenues but also for markets that import their fuel from the Middle East.
If we wish to gauge the potential ramifications of an attack on the GCC’s oil and gas infrastructure, we need to look no further than similar events that have taken place elsewhere in the world. For example, last year, Colonial Pipeline, one of the largest oil pipeline operators in the US, was shut down for several days by a ransomware attack on its digital systems.
When one considers cases such as this, it’s not exactly difficult to imagine the level of disruption that would result from a successful cyberattack on Middle East supply lines, not to mention the financial losses that would be incurred by global economies more generally.
How can we fight back?
Given that the stakes are so high, and the risks are seemingly everywhere, what can we do to mitigate cyber threats?
Here in the UAE, our government is keenly aware of the need to develop robust cybersecurity systems, especially as our nation’s digital infrastructure continues to transition to Web3 and investment in Industry 4.0 gathers pace. In consultation with experts from around the world, the UAE is determined to combine the latest research and innovations while developing homegrown talent capable of spearheading solutions within an ever-evolving digital landscape.
In 2020, the UAE Cybersecurity Council was established, with responsibility for the development and maintenance of a national cybersecurity framework. This followed the National Cybersecurity Strategy of 2019, which sought to develop more than 40,000 local cybersecurity professionals to keep the UAE’s digital borders safe and secure.
It’s hardly surprising, therefore, that our nation has succeeded in climbing the ranks of the Global Cybersecurity Index during recent years, placing in the top five in 2020 compared to 33rd the previous year.
Essentially, UAE residents and organisations are already benefiting from one of the most secure cyber environments on the planet. Timely government investment and a willingness to collaborate with researchers and innovators have served to create a culture of cyber awareness across our nation.
The long-term challenge is that malevolent actors are doing everything in their power to keep pace with cybersecurity developments, meaning there is absolutely no room for complacency. The UAE may have achieved significant progress in this field, but it cannot afford to rest on its laurels. By the same token, we must all acknowledge our responsibility for maintaining security standards, both within our private and professional lives.
After all, corporate cybersecurity is only as strong as the individual links in the chain, meaning that a single weak spot can result in widespread losses.