50pc GCC firms are easy prey for cyber attacks

Manama: Almost 50pc of the GCC’s executives lacks confidence in their organisations having the right tools to predict and prevent cyber attacks, according to a report released by Gulf Business Machines (GBM). 

The report was discussed in a recent event organised in the Kingdom by the company, under the theme of “How Can We Predict Cyber-Attacks?”

The most common threats today are perceived from external sources, i.e. zero day malware, advanced persistent threats, phishing, ransom-ware, etc. Most organisations realise that security is a boardroom discussion, however, there exist huge inconsistencies in how they respond to the challenges posed by cyber threats. Lack of coordination between organisations and undermining the risks involved with an ostrich mentality can prove to be disastrous.

 The report says that despite a frequency of cyber-attacks, corporate investment in IT security is expected to decrease this year. About 71pc of GCC executives confirmed that their IT security budgets will either stay the same or decrease in 2016. Meanwhile, of the 700 executives polled in the GCC, 48pc of respondents said that their organisations conduct regular third-party security assessments, while only 40pc of organisations have a dedicated IT governance, risk and compliance function. 

“GCC organisations are doing worse than global benchmarks, however, only 29pc organisations plan to invest more in 2016 compared to 2015. About 71pc of organisations plan to invest similar or less in the area of security, which is not a positive sign. If we segregate the responses between enterprises and SMEs, 34pc of enterprises planned to invest more whereas only 25pc SME organisations planned a higher investment compared to 2015,” says the report.

The report lists out a set of actions to withstand this challenge; build awareness of the risks involved within the management as well as users across the organisation, appoint an owner for security and governance within the organisation, build security into the design of the infrastructure and applications from the initial stages and not as an afterthought, invest in security technology or services, which can integrate and collaborate to give maximum visibility and intelligence, invest in technologies, tools, and skills that will ensure that companies have the capability to predict, prevent, detect, and respond. 

“If we analyse the recent security breaches, it is apparent that security is not only the responsibility of the IT teams, but of all members within the organisation. Very often cyber criminals use phishing or social engineering to get critical information and spread malware targeted towards organisations. Therefore, individual users get compromised first, and are later used as launchpads to spread the malware and gain access to sensitive data. Due to this, it’s imperative to ensure that awareness programmes are run for management and users to help them recognise the risks, impacts, and best practices. For example, e-mail spoofing is a very common attack mechanism, do your users know how to detect such e-mails and alert the system administrators?” the report asks. 

The annual GBM Security Whitepaper, now in its fifth year, polled over 700 executives and IT professionals based in the United Arab Emirates, Qatar, Oman, Bahrain and Kuwait.