Dire need for threat intelligence in the Middle East

1370 views
Jeff Ogden

By Jeff Ogden*

IN the Middle East we’re seeing the same attacks that are making waves globally. Interestingly we’re not seeing too many new attack types, but better execution of existing ones through better social engineering and data correlation. Phishing has become almost flawless with criminals preying on the gaps in human firewalls because phishing emails are becoming harder to identify. Cybercriminals use homoglyphs and homographs – subtly changing characters and words in URLs and email addresses. These types of attacks often bypass certain email security systems because the URLs seem legitimate. To create lookalike domains, attackers use non-Western character sets to display letters that look identical to the naked eye. Mimecast.com, for example, looks like мімесаѕт.com in Cyrillic. Combined with a fake SSL certificate, it becomes much harder to spot a fake website. This creates prime conditions for phishing attacks: 36% of UAE organizations in a 2019 Mimecast and Vanson Bourne research report saw an increase in targeted spear phishing attacks using malicious links over the past year.

Ransomware also remains a challenge, with organisations having to ask themselves how prepared they are for such an attack. The fact is that without the right security measures in place, there’s a chance that your business could become a victim, which would lead to downtime and loss of data. This highlights the importance of having a cyber resilience strategy, which includes layered security protection, independent data storage and alternative access routes to key systems like email, for when the worst does occur. A successful ransomware attack could wipe out your entire corporate memory which would have devastating consequences for your business. At the very least, it could lead to significant downtime which would bring the productivity of your organisation to a halt. According to Mimecast and Vanson Bourne’s study, 87% of organisations experienced downtime of two to five days following a successful ransomware attack.

In terms of industries most affected, healthcare remains a top target. This sector is growing at a rapid pace, with the region becoming a healthcare hub. But unfortunately, as per global trends, this is one of the hardest hit sectors. There are several reasons for this. To perform the highest level of medical care, organizations must process and become custodians of highly sensitive patient data. The value of medical records on the black market is at least 10 times higher than credit card data. That’s because Protected health information (PHI) contains more personal data points and cannot just be reissued in the event of a problem. Bank account details and passwords can be changed following a breach; but information about allergies, disabilities, mental health or hereditary conditions, can’t. When PHI is stolen, attackers steal identities and know the patients’ ailments, which they either use or sell to then obtain prescriptions. These are then traded or sold illegally, which means it’s become a trickle-down conomic system

So, what can organizations do to manage the threat landscape? As mentioned, they need to ensure they have the right preventative measures to protect themselves, before, during and after an attack. A critical part of any cyber resilience strategy is making use of actionable threat intelligence. It’s important to take available threat information and convert it into value for business. Actionable threat intelligence helps security professionals manage and prioritize today’s evolving advanced threats. There is a lot of data out there but focusing on the information that matters to your organization will help you mitigate future risks. No organization, no matter the size, should be ignoring the value of intelligence and the role it plays in preventing cyberattacks.

* The writer is General Manager for Middle East, Mimecast


1370 views