Cybersecurity is becoming increasingly challenging for firms in the UAE, and organisations need to be better prepared to ward off attacks, KPMG’s 2015 UAE Cyber Security Survey has found.
The survey focused on UAE organisations’ readiness and ability to respond to cyber-attacks and assessed responses from the UAE over a period of two months.
As the range of cyber-threats multiplies, CFOs across the GCC are under increasing pressure to give greater emphasis to combating cybercrime at a company board level.
At a glance, verticals such as oil and gas and banking and financial services seem most at risk, but other verticals such as healthcare – where highly confidential patient information is the prize – are also at great risk.
A third of respondents who participated in the survey indicated that they had been hacked in the past 12 months and took between two weeks to a month to recover. Over half of the respondents that had been hacked didn’t know that they were being targeted by cybercriminals. Furthermore, only 50 percent of respondents said that they had cyber-attack contingency arrangements in place.
Nitin Khanapurkar, Partner, KPMG Lower Gulf, said, “The UAE is on the list of the top 10 destinations targeted by cybercriminals and it comes as no surprise that cyber-threats have been growing across key sectors like financial services, oil and gas, technology, government, retail, construction and healthcare.
“The objective of the 2015 KPMG Cybersecurity Survey was to assess UAE organisations’ readiness and ability to respond to cybersecurity threats and the survey has thrown up some interesting insights.”
Many boards in the UAE do not have a comprehensive or accurate view of their cyber-risks because threat intelligence and cyber monitoring have often been inconsistently implemented, KPMG says.
The survey also found that more UAE organisations need to better understand their threat profiles – including who, where and why they are likely to be targeted.
To respond to these growing threats, KPMG has created a ‘cyber incident response’ that focuses on actionable results, rules of evidence, with technical security analysis and testing to help organisations stay prepared to deal with a cyber-attack.
The Middle East has already witnessed a number of high profile attacks in the last few years, but evidence suggests that their number and severity are due to increase.
The 2012 Shamoon virus that was unleashed on Saudi Arabia’s Aramco caused outages to 30,000 of the company’s PCs, while the Stuxnet worm launched on Iran in 2010 caused severe damage to critical infrastructure.
“One of the most common causes of a failed response is lack of adequate preparation,” added Khanapurkar. “KPMG can help assist organisations with establishing clear lines of communication, policies and procedures and rules of engagement, in order to set the groundwork for a successful response if, or when, an incident occurs. On a parallel track, our teams work continuously to keep current on the latest technical methods, tools, and certifications for incident response.”