MENA: Cyber Education Needed
Kaspersky Lab focuses on cyber education in the Middle-East.
Amir Kanaan, Managing Director for the Middle East, Turkey and Africa at global IT security company, Kaspersky Lab, is witnessing growing threats as cyber criminals hunt out vulnerabilities in the region’s digital growth. He’s focusing on education to help businesses and individuals protect themselves.
In February 2018, when Amir Kanaan was promoted from General Manager for the Middle East to Managing Director for META after only 18 months with Kaspersky Lab, his objectives were clear: grow the company and increase awareness.
Growing the company shouldn’t prove too challenging. Globally, Kaspersky Lab’s revenues grew 8% to $698 million in 2017. In the MENA region alone, business grow by 31% in the same period. CEO of Kaspersky Lab, Eugene Kaspersky, said in a press release early this year that, “Despite the difficult geopolitical situation, unsubstantiated accusations, and attempts to undermine our business, the company maintains positive dynamics. We are confident that 2018 will be even more productive than last year.”
The “unsubstantiated accusations” refer to recent media reports that Russia-based Kaspersky Lab has been involved in malicious activity and state-sponsored hacking. However, despite the U.S. government since banning Kaspersky Lab software, and the EU taking steps towards a similar move, the allegations have not been proven and no evidence has so far come to light.
Kaspersky has responded by announcing that it will move its infrastructure out of Russia and open a data center in Switzerland to correspond with a new transparency initiative—something its competitors have yet to match. “We will have a third-party company, an international one, who will come and who will audit our source code and our processes on a regular basis. That will show that we are totally transparent and we have nothing to hide,” says Kanaan.
As the company continues to regain trust in its systems, the worldwide battle against cyber criminals shows no signs of abating. And, with hackers creating ever more sophisticated and potentially damaging methods of stealing both data and finances, raising awareness is at the forefront to ensure that businesses know what they need to invest in to protect themselves as they embark on their digital transformation journeys.
In March 2018, Forbes Middle East checked the Kaspersky cyber threat real-time map to identify the most cyber attacked countries in the Arab world. Saudi Arabia faced the highest number of cyber attacks in the Arab region and ranked at 17th place worldwide. The U.A.E came second, in 18th place, followed by Algeria at 24th.
Attacks in this region tend to be focused towards either causing damage or making money, with the number of industrial attacks also appearing to be on the rise. “In the beginning when we saw cyber attacks, they started with physical damage—it would be a virus on your computer and it would break your computer,” explains Kanaan. “Then you notice there is a virus on your computer but you don’t know there is a virus because it is trying to do something for financial benefit. Now we’re seeing both: financial benefit and also physical damage.”
When it comes to cyber crime for financial gain, ransomware remains a common problem in the Middle East. With an attack of this kind, a hacker will take control of a victim’s computer and encrypt their data, preventing them from accessing it. The victim will then receive a call or an email demanding ransom to decrypt the device. This could be countered in non-urgent cases, but for large-scale attacks, victims often have little choice but to pay.
“If you can take some days to think about it, bring someone to decrypt it, then maybe you will find a solution not to pay them. But if you have no chance, you have to pay,” says Kanaan. If the hackers are able to get into a hospital’s system for example, it could quickly cost lives, and the criminals often walk away with the ransom paid. Hotels have also fallen victim to ransomware, whereby the hacker will encrypt the lock of a guest’s room and demand the hotel pay to regain control.
However, trends are changing. In its recent report, Ransomware and malicious crypto-miners 2016-2018, Kaspersky Lab found that, globally, reported incidents of ransomware have fallen by almost 30% in the last year. Instead, cases of malicious crypto-mining are on the rise, with reports of users encountering miners up 44.5% from 2016/17 to 2017/18. While crypto-currency mining is not itself illegal, malicious miners can use malware to infiltrate an unwitting victim’s computer without them realizing and use it to steal crypto-currency. “Mining needs computer power, and it needs electricity, so we’re seeing a lot of personal computers becoming mining vehicles for the cyber criminal,” Kanaan explains. “We’re seeing a lot of that in the region.” Arguably even more damaging is the power of criminal groups to engage in politically-motivated attacks.
In April 2018, while investigating an unrelated phishing scam, Kaspersky Lab uncovered a geo-politically-motivated cyber-attack that had been targeting government departments and large private entities across the Middle East since 2017. It dubbed the attack Operation Parliament.
“Operation Parliament is another symptom of the continuously developing tensions in the Middle East and North Africa. We are witnessing higher sophistication and smarter techniques used by attackers and it doesn’t look like they will stop or slow down anytime soon” said Mohamad Amin Hasbini at the time, a Senior Security Researcher at Kaspersky Lab. The cyber criminals targeted untrained employees with email links, which once clicked on gave the hackers access to computers and enabled them to remotely take control, mine data and activate webcams.
“The biggest problem right now is employees,” admits Kanaan. With only 18% of employees in the META region fully aware of their organization’s IT security policies, many businesses should be considering what more needs to be done to teach staff of the dangers and how to avoid them. Kaspersky’s awareness programme for employees is designed to educate and test staff to make sure they’re being wise when opening emails or using USBs, even if they at first appear to be from a legitimate source. Just as important to Kanaan though, is making sure that the new generation are trained before they even enter the workforce.
To this effect, Kaspersky has been working with universities in Bahrain, Kuwait and the U.A.E. to educate and raise awareness amongst students about issues such as cyber bullying and internet safety. It is even currently in discussions with some universities in the region to push a cyber security curriculum inside of an MBA year. Upon graduation students would walk away with a general security degree on cyber security. “This will open a huge market because there’s a lack of cyber security professional resources,” says Kanaan. Until such a time that there are more qualified resources available, Kanaan expects many companies to turn to outsourced managed security service providers to oversee their data security.
Looking ahead and Kanaan hopes that security concerns will become fundamental to any further digital developments. “We cannot go back because digital transformation is the future. Without innovation the cyber criminal would be always winning,” he says. “We need a new approach, a proactive approach. Security should be a cornerstone of any discussion.”