Dubai: As the cyber threat landscape continues to evolve, it is imperative for the government and private sector to pay attention to some of the most significant areas of heightened risk in the cyber environment, according to Booz Allen Hamilton.

The cyber threat landscape in the Middle East is rapidly expanding – with attacks against regional entities and residents increasing in quantity and sophistication. Indeed, a May 2018 survey reported an estimated 41% of Gulf-based enterprises experienced a cyber attack in the previous 12 months – a 46% increase from 2016 numbers.

Severe cyber-attacks are also occurring with increased frequency as hackers find new ways to breach complex firewalls and security systems, despite ongoing government and private sector efforts to accelerate the development of cybersecurity capabilities. In particular, threats to industrial control systems are of growing concern in the region after reports in March suggested hackers nearly triggered an explosion at a petrochemical plant in Saudi Arabia last year.

According to Ziad Nasrallah, Principal at Booz Allen Hamilton MENA, “The evolving cyber threat landscape worldwide and here in the region requires that governments and individuals prioritize taking adequate measures to safeguard themselves from attacks. This requires identifying loopholes hackers can exploit across the entire supply chain. At the same time, governments and organizations must invest in robust cybersecurity measures or risk attacks that could compromise their entire operations.”

Echoing this sentiment, Jay Townsend, Principal at Booz Allen Hamilton MENA, said that “Gulf countries recognize the growing cyber threat to governments and businesses. As more economies throughout the region adopt digital technologies and implement e-services, the threat to personal data security is rising. It is in the national interest for Gulf countries to secure not only networks but also confidential data that hackers can exploit.”

Across the cyber environment, Booz Allen Hamilton has identified seven key areas where Gulf entities may face significant attacks in the future:

  • Attacking the supply chain through vendors

Supply chain management is integral to the success of any organization. Successful infiltrations of vendor software platforms in large supply chains can lead to simultaneous compromises across countless enterprises. The NotPetya attack, in which attackers compromised the Ukrainian tax software M.E.Doc and sent out poisoned updates that spread through compromised networks and infected endpoints with destructive malware, is the most notable example to-date. The attack caused global disruptions and damage costs reaching an estimated USD $10 billion. While entities in the Gulf were largely spared, many organizations lack visibility into the security of their vendors, leaving them exposed to unknown threats and vulnerabilities.

  • Targeting industrial control systems

Industrial control systems (ICS) represent an increasingly diverse and extensively connected set of technologies that control and automate significant portions of society, including power grids, oil and gas operations, manufacturing, and more. ICS attacks can be devastating as they could result in operational halts and even physical damage. Indeed, the aforementioned petrochemical plant in Saudi Arabia was reportedly only spared physical damage from the cyber attack due to an error in the hackers’ code.

  • Attacking third-party software tools

As software development processes mature, software platforms are aiming to provide the best utility for consumers and developers. Many of these platforms are user-friendly and highly customizable, which increases their vulnerability to threat actors looking to spread malicious code through the applications they create. There have already been instances of this – at least two campaigns have distributed malicious code into iOS and Android development libraries and the applications that incorporate them. As software development becomes more sophisticated in the Middle East, the industry should be wary of the risk of hackers compromising third-party software libraries and software development kits.

  • Exploiting the fledgling cryptocurrency environment

Earlier this year, hackers stole an estimated USD $532.6 million from Tokyo-based cryptocurrency exchange Coincheck, reigniting debates about security and regulatory protection in the emerging market for cryptocurrencies such as Bitcoin. While financial regulators in the UAE are considering regulations for the cryptocurrency industry and developing a framework with industry firms and relevant authorities, the environment – lacking stringent global security protection standards – remains a lucrative target for hackers, especially as the number of cryptocurrencies and exchanges continues to expand.

  • Breaching large government and industry databases

In an increasingly digital world, databases – often of sensitive personal information – are significant targets for both cyber criminals and state-sponsored hackers. Breaches discovered at the US Office of Personnel Management in 2015 and the credit bureau Equifax in 2017 resulted in the loss of sensitive information on hundreds of millions of people – information that cyber criminals could sell and exploit or that state-sponsored hackers could use to build significant intelligence databases. The recent breach of SingHealth, Singapore’s largest group of healthcare institutions, is a further reminder that all data remains vulnerable to theft and exploitation. With Gulf countries such as Saudi Arabia and the UAE seeking to digitize their economies and entire industrial sectors – evidenced through electronic health records initiatives and more – the growing presence of large databases creates an array of new targets for hackers.

  • Using ransomware to disrupt economies

The threat of ransomware, a popular cyber criminal tool for several years, is continuing to evolve. Indeed, the threat today encompasses both individuals and economies. At the individual level, ransomware campaigns are still generating substantial revenues for hackers – indeed, in the UAE alone individuals lost an estimated USD $1.1 billion to cyber crime activities in 2017, with a significant portion of these losses due to ransomware attacks. More threatening, however, are scenarios where hackers attack government or industry networks – potentially crippling operations. For example, in the United States this year, the city of Atlanta was hit with the SamSam ransomware, forcing portions of the city to revert to managing business operations on paper. Indeed, some estimates suggest that the average business in the region could face costs of up to USD $1 million per incident from ransomware attacks targeting their networks. Throughout the Gulf, the rollout of major e-government programs and automated systems – such as e-gates at Abu Dhabi and Dubai airports – creates potentially significant vulnerabilities for similar attacks to cause major disruptions.

  • Targeting high-profile events

Lastly, large events draw not only large crowds, but also the attention of hackers. The two biggest events of 2018 to-date – the Winter Olympics in South Korea and the World Cup in Russia - both witnessed a significant volume of cyber attacks: an attack at the Olympics caused disruptions at the opening ceremony while Russia claimed to face 25 million cyber attacks during the course of the World Cup. Similarly, the upcoming Expo 2020 in Dubai could potentially draw similar levels of attention – to both the Expo itself and the UAE broadly – from hackers.

-Ends-

About Booz Allen 

For more than 100 years, Fortune 500 business, government, and military leaders have turned to Booz Allen Hamilton to solve their most complex problems. In the Middle East and North Africa region, we have more than six decades of experience solving the most difficult management and technology problems through a combination of consulting, analytics, digital solutions, engineering, and cyber expertise. With regional MENA offices in Abu Dhabi, Beirut, Cairo, Doha, Dubai and Riyadh, and global headquarters in McLean, Virginia, our firm employs more than 24,600 people and had revenue of $6.17 billion for the 12 months ending March 31, 2018. To learn more, visit www.BoozAllen.com . (NYSE: BAH)

Regional Media Contacts

Hala Akiki                                                              

Booz Allen Hamilton                                           

T +971 4 511 9511                                             

M +971 52 6807599                                          

Akiki_hala@bah.com                                           

Mustafa Hashim                   

BPG Orange                                         

D +971 4 506 5548

M +971 55 480 5200

Mustafa.Hashim@bpgorange.com  

© Press Release 2018

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.