FEATURE
Hadi Jaafarawi , Managing Director – Middle East at Qualys
Which industries are the biggest targets for cyberattacks in the Middle East and what advice can you offer to best secure themselves ?
It is all about low-hanging fruit . Threat actors look for a payday that is some combination of easy and lucrative . Because of that , all industries will be under threat . However , the Middle East ’ s well-known focus on petrochemicals makes the oil and gas industry a major lure for cybercriminals , hacktivists and state-sponsored groups . Lately , following a series of high-profile supply-chain attacks around the world , governments have looked anew at the vulnerability of critical infrastructure such as energy facilities , power plants and transportation hubs . The region ’ s high degree of interconnectedness presents a constant probability of a cyberattack on one industry triggering a domino effect , jeopardising national infrastructure on a larger scale .
IBM ’ s latest Cost of a Breach report calculates an US $ 8 million average between Saudi Arabia and the UAE alone . This is a 156 % increase from a decade ago – a jarring sign that attackers are becoming more sophisticated and that the nightmare scenario is more alarming than ever . Few organisations can take a million-dollar hit in their stride . And so , we must act . Middle East organisations must adopt comprehensive cybersecurity strategies that include short- and longterm measures to address imminent threats and build resilience for the future . Regardless of your scale or industry , you must be proactive . You must have a plan . You must know where your risks lurk . And you must make security part of your corporate DNA , promoting transparency and awareness , breaking down information silos and fortifying defences .
How has the convergence of IT and OT impacted the cybersecurity landscape ?
This is one instance where the breaking down of a silo is a double-edged sword . The convergence of Information Technology ( IT ) and Operational Technology ( OT ) across the Middle East has led to many challenges . For a start , IT and OT skills are very different . Someone who is trained in data and networks will traditionally know little about physical plant machinery . And engineers that look after OT will likely be unaware of the vulnerabilities in business software . IT is used to taking systems offline to update and patch vulnerabilities . But in an OT setting , going offline even for a moment can be very costly or even downright dangerous .
IT and OT merged to accommodate the rise of Industry 4.0 . The Industrial Internet-of-Things ( IIoT ) brought many benefits but it also expanded the attack surface as previously air-gapped OT systems , such as those governing industrial control systems ( ICS ) and critical infrastructure became linked to corporate IT networks and , by association , the savage wilds of the Internet . Thus , threat actors were given an opening . Ironically , OT systems , which were designed primarily for the preservation of safety and the maximisation of uptime , have been put in a position where those core missions are under threat because of well-intentioned initiatives to improve their efficiency .
So , because attackers can use your IT to hit your OT , critical infrastructure has become vulnerable and must be protected through a holistic cybersecurity plan that encompasses both sides of the technology stack .
What stands out to you most about the Middle East cybersecurity market and what do you think will be the catalyst for change in the years to come ?
The amount spent on Digital Transformation in the Middle East is set to double in the five-year-period to 2026 . This is an extraordinary expansion that brings with it considerable risk and the cybersecurity market has seen rapid growth as the region ’ s enterprises have operated more and more on the global stage . Many countries here play critical roles in global energy production and have profound geopolitical significance . Moving into this global ( and undeniably digital ) space demands a recognition of the importance of cybersecurity .
When looking forward , the first change catalyst I can see is the escalating frequency and sophistication of attacks . Another is the everchanging www . intelligentciso . com
57