The speed, convenience and anonymity of the Internet are continuously being exploited by cybercriminals who are relentlessly upping their game by launching brute force targeted attacks against organisations across the Middle East and North Africa (Mena), according to a report.

These cybercriminals are committing a diverse range of criminal activities to penetrate even the most sophisticated and secure internal networks of organisations in the region, said the Cisco 2015 Annual Security Report.

The enterprises are using solutions that block network breaches and other malicious attacks, however, cybercriminals are learning to evade detection by changing tactics to steal information, extract money through scams and disrupt networks, it said.

Cyberattackers choose varying methods such as devise spam campaigns using hundreds of IP addresses to bypass IP-based anti-spam reputation products. They also use malicious advertising or malvertising and design malwares that persistently infect users’ machines.

The first known Arab-speaking group of cybercriminals Desert Falcons was revealed to be a cyberespionage group targeting multiple high profile organisations and individuals from Middle Eastern countries including the UAE, last month.

Started in 2011, the group has attacked more than 3,000 victims across 50 countries globally with over one million files stolen.

Such groups have made cybercrime one of the fastest growing transnational organised crimes in the world.

According to recent report from the Centre of Strategic and International Studies (CSIS), cybercrime costs the global economy approximately $445 billion every year, with losses ranging between $375 billion and $575 billion.

In the Middle East, cybercrime is the second most common form of economic crime reported with total  losses varying between $1 million and $100 million annually, according to PricewaterhouseCoopers’ (PwC) 2014 Global Economic Crime Survey.

With the shifting security landscape and the emergence of new cyberthreats, countries in the Mena region must continue to formulate cyberdefence strategies and frameworks to adequately prepare individuals, organisations and governments against potential attacks and security concerns such as the Desert Falcons.

At the third Gulf Information Security Expo and Conference (Gisec), global industry experts will convene at the region’s leading IT security platform to address various risks and dynamic changes happening within the Middle East’s security environment.

Scheduled to take place from April 26 to 28 at the Dubai World Trade Centre (DWTC), Gisec will address key issues surrounding cybersecurity management, identity management and disaster recovery.

The event will address susceptible industry sectors such as financial services, governments, oil and gas, IT and pharmaceuticals as well as for individuals.

Gisec’s exhibition segment will also showcase over 150 exhibitors, attracting over 5,000 trade visitors and security professionals from 50 countries including chief information security officers (CISOs) and chief information officers (CIOs).

As organisations and governments around the globe are preparing for hostile cyberthreats that could potentially cause a major global crisis, an expert will discuss cyberdefence strategies and how to use the most advanced technologies and integrated systems to protect governments and companies against cyberattacks, according to Dan Lohrmann, an internationally recognised cybersecurity leader and ex-chief security officer for Michigan, US.

“Governments, organisations and companies must first of all be alert and aware of the cyberthreats they face each and every day. This means an active programme in educating everyone from front-line staff to senior executives in the importance of protecting sensitive information,” said Lohrmann.

He also added that cyberdefence teams must be equipped with skills, tools and other resources to effectively counter cyberattacks that are relentless and constantly changing.

Trusted partnerships are vital to provide real-time intelligence to work together across traditional siloes, such as police, government, defence, technology companies and company staff.

“Companies need to create a vibrant cyber ecosystem to detect, respond and recover from cybercrime and other types of online attacks,” Lohrmann said.

Lohrmann also highlighted that - unlike emergencies that are caused by natural disasters such as ice storms, hurricanes or tornadoes - a cyberdisruption can be difficult to predict and even harder to know when the attack has truly ended. The overall coordination of roles and responsibilities when responding to cyberemergencies remains a serious challenge for governments around the world.

“The fact that over 80 per cent of critical infrastructure is owned and operated by the private sector is also a complicating factor, requiring new types of coordination, information sharing and emergency management exercises,” he said.

At GISEC, Lohrmann will also share several cyberdisruption response plans and examples as part of emergency management efforts being implemented by state governments in the US. As new efforts are continuously rolled out to address the growing regional cyberthreats, these examples and best practices can be further adopted to strengthen the emergency management plans of governments in the Mena region.

He will conduct a training session about how to build a vigilant security culture within an organisation. This interactive session will centre on the impact of new cyberattacks, mobile malware, insider threats and online security challenges on business strategies. - TradeArabia News Service