As the MENA region continues to develop technologically, cyber attacks targeting government and private sector entities are increasing in parallel.
While basic attack mechanisms including phishing, denial-of-service, and credential compromise remain common, more sophisticated cyber threats driven by the growing prevalence of artificial intelligence (AI), social media, and the Internet of Things (IoT) are creating new attack vectors and mechanisms that threaten the safety and security of both organizations and citizens. Consequently, there is an urgent need to anticipate and plan for this evolving cyber environment and while leveraging best practices to combat emergent cyber threats. Booz Allen Hamilton’s 2019 MENA Cyber Threat Outlook Report highlights the imperative of evolving cybersecurity approaches away from its traditional focus on security compliance and instead moving towards a holistic culture of proactive security across the entire enterprise environment.
The 2019 MENA Cyber Threat Outlook Report outlines the following recommendations for proactive defense based on emergent threat trends:
Be proactive about AI-driven misinformation threats
The growing availability and deployment of AI technology, while providing numerous benefits, has also given rise to an array of new or more sophisticated cyber threats, perhaps most notably so-called “deepfake” videos that exploit AI systems to create believable—but fake—videos depicting individuals saying or doing things that never occurred. These videos can spread false, misleading information that is used to discredit or damage the reputations of brands and organizations. Cybersecurity and information technology (IT) teams must monitor their threat environments to proactively identify and escalate potential threats in partnership with enterprise risk management teams to help prevent the spread of misinformation threats. These teams must also engage with organization leadership in awareness and crisis response training to practice managing reputational risks associated with the fallout from these and other reputational attacks.
Be mindful of growing risks to e-commerce systems
The rapid expansion of mobile applications, digital payments, and e-commerce platforms in the MENA region is encouraging cybercriminal organizations to find new ways to monetize their trade, which includes not only financial fraud but also the theft of sensitive information belonging to private sector companies and customers. In 2018 for example, cyber threat actors accessed customer data belonging to the regional ride-hailing service Careem, which affected an estimated 14 million users across the Middle East. To help avoid catastrophic data breaches, it is imperative for organizations to secure and encrypt databases, conduct regular vulnerability and compliance scans, and implement data-loss protection programs and identity access management to identify and track access records for accounts and data.
Work to strengthen critical infrastructure
Attacks against critical national infrastructure (CNI) entities are increasingly attractive for state-sponsored attackers. Cyber espionage incidents are increasing in the United States and around the world, as evidenced by recently discovered probes targeting dams and water facilities, telecommunications infrastructure, energy companies, and government institutions, among others. Regionally, hackers have successfully attacked energy and petrochemical facilities, most notably in the Triton and ongoing Shamoon attacks. Likewise, cybercriminals are also interested in targeting and acquiring the industrial tradecraft secrets and intellectual capital held by private sector CNI companies, which are increasingly lucrative targets. CNI organizations should work to secure systems from the ground up to include a focus on multi-layered network segmentation, network security monitoring, secure-by-design principles, and supply chain visibility to protect infrastructure from compromise.
Exercise caution about attack attribution
As threat actors continue to more capably obfuscate their attacks, frustrating attribution efforts, the risks associated with misattribution of attacks—especially in politically charged geopolitical environments—is rising. Government strategies of naming and shaming suspected hackers and responsible states, while designed to deter cyber attacks, run the risk of inflaming or escalating tensions. Confused or incomplete attribution reports, which can suffer from confirmation bias or a conflation of tool use with adversary identity, could likewise cause state-sponsored hackers or cybercriminals to retaliate against adversaries. As such, entities should employ caution when attributing cyber attacks to specific actors and, in the aftermath of events, focus on incident response and remediation activities before pursuing attribution, especially in a public environment.
Be vigilant about unsecured expansion of IoT environments
Increasing device connectivity and deployment is facilitating a broader cyber attack surface and new vulnerabilities in IT infrastructure. Wireless routers remain a prime entry point into IT infrastructure because of weak passwords and lax security controls that allow hackers an ingress point and network foothold. This access can then be exploited to infect IoT devices including smart televisions, internet-connected cameras, printers, kitchen appliances, electronic home assistant devices, and more. Infected IoT devices can be swept up into botnets for denial-of-service and other attacks. To help protect these networks, investment in strict security practices is key, including updating software and implementing patches, conducting regular vulnerability and compliance scans of enterprise networks, and implementing strong password policies to secure routers and other network devices.