This post was originally published here: post

 

November 27, 2016  by  Chris Fernando

Channel Post speaks to regional industry experts about the impact of cyber crime on regional businesses

Cyber crime is definitely not a new phenomenon. It has been hitting the headlines as never before, with businesses across the world suffering high-profile and damaging breaches. The Middle East market is no different. Cyber crime is a major business risk at the moment and hence, cyber security has become a top priority, both for businesses, governments and law enforcers.

Ghareeb Saad, the Senior Security Researcher for Global Research and Analysis Team - Middle East, Turkey and Africa, at Kaspersky Lab.

Ghareeb Saad, the Senior Security Researcher for Global Research and Analysis Team – Middle East, Turkey and Africa, at Kaspersky Lab.

“Cyber security is developing quickly along with the development of IT and the growing numbers and sophistication of IT threats,” explains Ghareeb Saad, the Senior Security Researcher for Global Research and Analysis Team – Middle East, Turkey and Africa, at Kaspersky Lab. “Awareness about cyber threats is raising because more companies and individuals encounter threats, hear about public cases of breaches, and also efforts by governments and security vendors alike. However, we feel there is still a room for improvement in terms of cyber security awareness and strategies in companies.”

According to a study by PwC, in 2016, companies in the Middle East suffered larger losses than other regions last year, as a result of cyber incidents. Around 56 percent lost more than $500,000 compared to 33 percent globally, and 13 percent lost at least three working days, compared to 9 percent globally. The attacks in question range from the actual theft of data, to coordinated spam emails or phishing attempts.

In its report, PwC further added that one of the explanations for the high rate of such incidents in the Middle East may be the greater prevalence of malware in the region, and there are also more fax-based scams than is typical elsewhere, which can be hard for businesses to track centrally. Companies in general, as well as in the
Middle East, often find it difficult to identify when an attack has taken place: many only discover it when third parties or clients report suspicious messages or requests for funds.

Evolution of Cyber Crime

Rafik Hajem, the Vice President for EMEA at Guidance Software.

Rafik Hajem, the Vice President for EMEA at Guidance Software.

Rafik Hajem, the Vice President for EMEA at Guidance Software, says, “As commerce moves online, digital crime becomes more lucrative, and will continue to become more sophisticated. That said, online transaction with trusted vendors in general are usually safe. Companies have a vested interest to protect their consumers and work hard to gain and keep consumer trust. Users should always exercise caution and use common sense when conducting any payment activity online. Users also need to be wary and on the alert for scams and attacks like phishing emails.”

The Middle East and Africa region is in many ways driven by the same overall security discussion as the rest of the world, according to Nicolai Solling, the Chief Technology Officer at Help AG. “You can say that cyber security has become globalized in the last decade, and we therefore have to deal with the same issues as the rest of the world. And then again we do have our unique differences. There are a number of challenges that impact how we work as a result of the user base being very different. There are also cultural aspects, and the effect of our geographical location. Many of the political conflicts in our region today are being fought simultaneously on IT platforms,” explains Solling.

Recently, researchers at US cyber security company FireEye identified a wave of emails containing malicious attachments being sent to multiple banks in the Middle East. The researchers assert that hackers are probing the defenses of banks in the Middle East, using malware-infected emails sent to bank employees to collect information about bank networks and accounts. As organisations in the region seek to shore up their defenses against increasingly creative and determined hackers, innovative cyber security solutions are in high demand.

The Problem of Ransomware

Nicolai Solling, the Chief Technology Officer at Help AG.

Nicolai Solling, the Chief Technology Officer at Help AG.

In the last 2 to 3 years, ransomware has been extremely successful with many organisations and individuals falling victims to the attack, according to Solling. “It is only speculation how much ransomware actually turns over as an industry, but just one campaign of CryoptoWall is believed to have generated over $300 Million to the attackers in a period of a couple of years. Since then at least 5 to 6 campaigns have happened, which we can then multiply the number with,” explains Solling.

Recent analysis of malware shows that 50 percent of all malware is now focused on crypto ransomware. This is a number that is up from 10 percent a year ago. Furthermore Kaspersky Labs released numbers that they have seen an increase in ransomware attacks of 20 percent year over year. “Kaspersky Lab’s database now includes about 15,000 ransomware modifications and the number continues to grow,” adds Saad. “The problem with ransomware is the critical damage it brings, because if a victim is not properly protected by a cyber security solution and has no back up, there are high changes that all the encrypted data will be non-restorable, even if the ransom is paid.”

Saad further adds that for cyber criminals, ransomware is an easy way to get money. “They also prefer to be paid in the Bitcoin crypto currency, which offers them a sufficiently high level of anonymity,” says Saad. Why have ransomware then become so successful? “First of all, there is the users and technology not deployed well enough, but secondly crypto currencies have enabled the attackers with a payment channel which is anonymous. This means that they can now run a business where they extort the user and get the user to transmit money in the form of crypto currency and they never need to worry about being caught,” explains Solling.

Is BYOD a Problem?
Hajem says that connecting more devices and services to the corporate network increases the surface area of risk and provides hackers with additional opportunities to gain access. “Policies such as BYOD also raise issues when it comes to privacy regulations and being able to ensure security, while simultaneously protecting the privacy rights of employees and customers,” adds Hajem. “In many organizations, the weakest link in the cyber security chain continues to be users.”

According to Hajem, social engineering attacks are nothing new, but they continue to be a very successful tactic for cyber criminals. “Cyber criminals are always looking for the path of least resistance, and often it’s much easier to trick a human being than a piece of security software. Security and IT teams need to coordinate with human resources, internal communications and corporate leadership to be sure that everyone from the CEO to the most junior employee is educated about cyber security threats and how to defend against things like phishing attacks,”adds Hajem.

Each new technology brings benefits. However, at the same time, it creates more attack vectors for cyber criminals. Hence, when implementing them, security risks should be taken into consideration. “For all the concepts such as cloud services, virtualization, and BYOD concepts, there already are solutions to help IT security administrators safeguard their whole infrastructure. Managing all these aspects might be a real hard work for IT people, which takes time and leaves a possibility to miss some important details,” says Saad.

According to Saad, as part of a comprehensive security approach, along with good security solution, organizations should educated employees about threats related to new IT implementation, and security policies should be updated accordingly. For example, an employee should know what to do if he has lost his smartphone with corporate mailbox on it.

“In addition to adopting a security focused mentality, users can rely on security solutions to help protect their sensitive information. There is no shortage of products promising you total protection, but again these products do not replace common sense,” adds Solling. “While I will not endorse any particular product, my general advice is to read a sufficient number of reviews when evaluating any new security solution. The ‘Virus Shield’ Android antivirus scam is a good example of how prioritizing ‘ease of use’ above all else can easily leave you vulnerable.”

Is End Point Security Enough?
Over the years one thing has been clearly established that only antivirus isn’t capable of solving the security needs of the endpoint. “There is an emergence of integrated, next-gen endpoint security technologies that organizations need to consider when considering their approach to endpoint security,” explains Solling. “After all, the endpoint is at the forefront of data-access and therefore also the place where most attacks are bound to happen. So, it should be taken for granted that protecting the endpoint is still essential.”

Solling recommends that the minimum requirement of a good security solution today is a mix of antivirus, IPS, anti-malware and device control. “Furthermore, as add-on features, which many customers now demand, the vendors are typically offering data-loss prevention, encryption services and patch and update management,” Solling adds.

Saad on the other hand is of the opinion that endpoint security is still essential as it blocks most of the widespread attacks. “The other question is that for a number of cyber threats, organizations need additional security measures, such as anti-targeted attack solution or anti-DDoS solution, for instance. Also, security awareness in important, because human factor remains very important,” he adds.

According to Hajem, endpoint detection and response tools are only becoming more critical to identify advanced threats that bypass traditional perimeter security. “But then, endpoint security solutions are designed to work in concert with network perimeter tools, alerting solutions such as SIEM tools, and other elements of cyber security. Cyber threats will always continue to evolve, and there is no single solution or fully automated system.”

Today, enterprises need a skilled security team with the appropriate tools not only to stop threats, but also to identify, triage, and re-mediate threats that will penetrate the network. It’s no longer a matter of if a breach will occur, but when, and will you be prepared to respond appropriately to mitigate the risk and damage.