The numbers of cybercriminals in a particular country will always be hard to identify. Anonymity is their forte and the Internet provides an ample platform for launching global attacks from any location with a connection.
Cybercriminals have long made a mockery of national borders. Their reach can extend to any country or business where they see value. In a world where digital connections are, by definition, international, the lines on a map have become meaningless. As more of the world’s population connects to the Internet, so does the potential list of victims for cybercriminals.
Given the significant rewards however, we are seeing that large teams of hackers are being brought together to work on combined efforts to infiltrate systems across the world. This may be for political gain as we have seen with Anonymous and other dangerous hacktivists, or for financial gain of which there are many more. Teams, split by roles focused on various aspects of the hacking kill chain, will run through prospective victims with the efficiency of any top business in order to identify the means to infiltrate key systems and commence an attack.
We do know that in the Middle East, the main hubs of attacks focus on the UAE and KSA, being the largest economies and therefore the more likely to bear fruit. During the current pandemic there has been an even larger uptake in attacks as cybercriminals prey on people’s fears over the Covid-19 virus and the implications it has on day to day life.
The pandemic is a perfect opportunity for cybercriminals to take advantage of unsuspecting businesses across the Middle East. Sectors such as healthcare, financial services, retail and oil and gas are all stressed, which results in riskier behavior from businesses across the region. With the majority of the workforce still working remotely and employee cuts across the board, the usual standards of security and awareness have dropped while companies fight to stay on top of the current situation. This leads to a perfect storm for cybercriminals to profit from during the confusion.
No industry is untouched by the growing cost of cybercrime, all organizations have seen an increase in cybercrime during the past five years alone. Banking is the most affected, with annual costs in the millions. This probably comes as no surprise, considering that financial motives are consistently a major incentive for the criminal fraternity.
The Middle East continues to fight valiantly against Covid-19, and that includes combating fraud and cybercrime in the banking and financial system. As digital banking transactions are witnessing a significant spike during this time, the UAE banks are encouraging all to deploy robust fraud and cybercrime prevention measures to protect consumers. This is supported by the UAE 2020 KPMG cybercrime survey where 73% of respondents expect their business to invest significantly or slightly in changes to their cybercrime prevention initiatives.
Regions across the world are facing a significant increase in cybercrime and the Middle East is no different. The size of the combined Middle East economies and the strength of certain sectors such as Oil and Gas and Finance creates a target rich environment for launching cyberattacks. Businesses cannot afford to lose revenue or suffer downtime in services and the knock-on effects on supply chain management that is caused. Risks will be taken, opening up opportunities for cyber-attacks that, if successful, may be difficult to recover from both financially and reputationally.
This means that there is also no doubt that businesses world-wide are being challenged by a varied and fast-evolving threat landscape, and the UAE is no exception. The recent 2020 KPMG cybercrime survey in the UAE revealed that 88% of respondents have seen a slight or a significant change in cybercrime as a result of Covid-19.
The Verizon Data Breach Report 2020 states that web applications security breaches incorporate two key attacks that significantly affect the EMEA region. The first is hacking using stolen credentials, which is responsible for around 42% of data breaches. The normal modus operandi for this type of an attack is where stolen credentials, typically collected either through phishing or malware, are used to access a web application platform owned by the business and commit wrongdoing.
While every country in the Middle East faces challenges in relation to the growth of cybercrime, a recent CSIS and McAfee's study reported that the UAE is the second most targeted nation globally for cybercrime, costing the UAE a projected USD1.4bn per year. With 3.72 million people affected at some point, which is more than half UAE's population, the impact is substantial.
As the Middle East’s second largest economy, with a total national output (GDP) of more than USD690 billion, and a population willing to adopt new technologies quickly with more than one hundred-percent smartphone adoption and more than seventy percent social media usage, figures that are pointedly higher than other major countries across the world, the UAE makes an alluring target for cybercrime.
In total, for 2019, the Verizon Data Breach report record 4,209 incidents in the EMEA region, and of those a 185 had a confirmed data disclosure. The situation is further compounded in the UAE by the fact that 49% of respondents to the 2020 UAE KPMG cybercrime survey believe that their business has become significantly more vulnerable to cybercrime in this new working environment.
Cybercrime is here to stay. As Middle Eastern economies grow, their businesses and people became prime targets for cyber-attacks. During this uncertain period, they are still a hotbed of activity for those looking to take advantage of those who are unprepared. The best way to plan for the future is to work together to prepare by enhancing our capabilities, building effective cybercrime response plans, improving regulation to aid in the protection against cybercrime and most of all to educate those most at risk.
 Center for Strategic and International Studies