While Cybercriminals are Finding More Creative Ways to Access Valuable Data, GCC Businesses are Still Relying on Basic Defense Tactics
Today’s cybercriminals are developing more complex tactics, and GCC companies are struggling to protect their valuable data against such sophisticated attacks.
Exacerbating the cyberattack risk is the increasing data that is being generated, with the emerging Internet of Things (IoT) era, and various smart city initiatives in the region.
The worrying news is that a large number of GCC businesses are still limiting their information security strategies to monitoring stolen employee information, and detecting suspicious activity. And with limited security measures in place, businesses and stakeholders are being exposed to high risk.
Our leading security partner, Symantec, has recently published a 2015 Internet Security Threat Report indicating that although there was a 14 percent decrease in infected e-mails, and 20 percent fewer attack instances, highly targeted spear-phishing attacks rose by eight percent last year.
The findings also revealed that targeted attacks increased by 400% in the UAE, and that 2014 experienced a record of 24 zero-days, with the top five resulting in 295 days of attacks before organizations were able to react. This delayed reaction time increased global response times from five days in 2013, to a disturbing 59 days in 2014.
What Businesses are at Highest Risk?
Cybercriminals are well aware of the potential monetary value of sensitive data from large enterprises. Symantec found that skilled hackers attacked 5 out of 6 large companies last year, representing a 40 percent increase from the previous year.
Smaller organizations are by no means immune, however. Cybercriminals recognize that while large organizations store higher-value data, smaller organizations may be easier to access with limited funds available for advanced security solutions.
Big companies must also be very critical of any potential partners or vendors, as cybercriminals are now reaching such large organizations indirectly through these smaller enterprises. Hackers are finding ways to obtain partner employee credentials, or implant malicious content on their devices to gain access to valuable information from large enterprises.
Ultimately, with an increase of 26 percent in non-targeted attacks, and 317 million new pieces of malware released, all businesses, regardless of size or industry, must continuously evaluate their security measures.