Radwan Moussalli, Senior Vice President – Middle East, Central Asia and Africa, Tata Communications, talks about the emerging security concerns in the digital age and how organisations can tackle these threats.
The Middle East is home to approximately 230 million people of which 48.3 per cent are Internet users. That equates to nearly 112 million Internet users, and with a growing focus on connectivity, technology and smart cities by regional governments and organisations, those numbers are poised to rise dramatically. Cisco’s Annual Security Report for 2014 shows that mobile penetration in the Middle East and Africa will grow from the current 133 million devices to 598 million by 2018. While the digital age has truly taken hold across the region, there is also cause for concern.
The volume of threats and attacks that have compromised data belonging to individuals and organisations has increased sharply year-on-year. According to Cisco’s report, total global threats have reached a new all-time high, with a tracked increase of 14 per cent since 2012. Moreover, a sample of 30 of the world’s largest Fortune 500 company networks generated visitor traffic to Web sites that host malware – a sharp rise was noted in malware attacks aimed at the Middle East’s oil and gas sector. Industry experts warn that the Middle East has become a hotbed for cybercrime, a statement which is backed by reports and the fact that the region has witnessed several Distributed Denial of Service (DDoS) attacks, zero-day attacks, Trojans, and other advanced threats in recent times.
Each of these threats has disrupted the day-to-day digital existence of organisations and end users, all of who have grown accustomed to 24 hours of downtime. According to the Washington D.C. policy think tank, Centre for Strategic and International Studies (CSIS), if the impact was measured in terms of a dollar value, 24 hours of downtime from a major attack could cost $6-million per day. Worse still, in some sectors (such as oil and gas) the cost could exceed a staggering $8-million per day.
Beyond the loss of productivity and time, these threats also cause monetary losses that have in turn given IT managers, CIOs and CEOs many sleepless nights. Cyber security is an absolute necessity today and every measure must be taken to protect an organisation and its digital interests:
- Today, threats are more sophisticated than ever before. IT managers, CIOs and CEOs need to adopt a holistic approach to security as any form of information breach can be extremely disastrous, making security a key boardroom topic.
- The digital world is constantly evolving with new and sometimes disruptive technologies. With increasing dependence on cloud, Bring Your Own Device (BYOD), mobile and even social media, relying on a security solution that covers all the bases is absolutely vital. This is simply because as the technology landscape evolves, so do the coercions.
- Given the sheer number of threats that exist today, it’s vital that service providers offer three key areas of protection:
- First and foremost, protection against Distributed Denial of Service attacks is absolutely vital. Here, the malicious party launches high-volume attacks on cloud infrastructure and other hosted platforms that can completely cripple these systems. The only way to mitigate this threat is to have the right network fabric, so an organisation can weaken the malicious party’s distributed hubs.
- Advanced Persistent Threats (APTs) are also becoming a common place and here, traditional signature-based detection techniques cannot cope with zero-day attacks and targeted malware exploits. With APTs, older techniques such as signature-sandboxing have been rendered ineffective given that these targeted threats use multiple attack vectors on the target over a period of time.
- Counteracting APTs requires that a global Tier-1 network provider mitigate the risk through global threat intelligence and large attack aggregation points that serve as an early detection system. Malicious traffic is also a real problem in today’s digital world because if this type of traffic penetrates an organisation’s infrastructure, the company could suffer data loss, a loss of productivity or worse.
We believe prevention is better than cure, and what this means is that individuals, as well as organisations, need to take proactive measures to secure themselves and their digital footprints.