DarkMatter Group, the region’s first and only fully integrated digital and cyber transformation firm, released the first semi-annual Cyber Security Report for 2019 revealing that critical infrastructure sectors, including Oil & Gas, Financial, Utilities and Transportation, are in the firing line from a growing incidence of cyberattacks across the UAE and wider Middle East.
The report analyzes threats and trends observed by DarkMatter between October 2018 and March 2019 providing a snapshot of the cybersecurity environment in the UAE and the wider region.
The Middle East breaches are both widespread, frequently undetected, and increasingly appear to be state-sponsored. Cybercriminals are aiming their weapons where it hurts the most at critical infrastructure, with potentially devastating effects on the security of nations and their citizens.
In Q1 of 2019 there were 75% of intrusion sets documented in DarkMatter’s review were motivated by cyberespionage actions, such as stealing remote access credentials and personal information, 75% of observed UAE domains are hosted outside the country, placing sensitive data at high risk , 91% of organizations assessed by DarkMatter had outdated software and were missing critical security patches; 83% used unsupported software, 91% of assessed organizations were vulnerable due to weak or default passwords, 87% of assessed organizations used insecure network protocols.
“Cybersecurity breaches in the region pose a genuine risk to critical sectors as cybercriminals harness new technologies to launch sophisticated and targeted attacks,” said Karim Sabbagh, CEO of DarkMatter Group.
The latest focuses on the global significance of targeted attacks on the UAE’s critical infrastructure sectors. Of these, the Oil and Gas sector faces the greatest vulnerability to cybersecurity breaches. In the Middle East, an estimated 75% of regional oil and gas companies have had their security in their operational technology compromised. The commercial and strategic importance of this industry to the region makes it an attractive target for geopolitical or economic rivals.
“In this digital battlefield, while organizations believe they have most of the security management controls in place to mitigate cybersecurity risks, the reality is that technical control and capabilities to address the cybersecurity challenge are markedly lagging behind. So there’s a considerable risk that if an attack happens, it may well be successful. The C-Suites must and can readily take steps to effectively manage holistically their security posture in order to be better prepared against escalating malicious attacks,” concluded Sabbagh.