Many organisations in the Gulf Cooperation Council (GCC) face increasing challenges in securing data, intellectual property and assets. From unsophisticated cyber-hackers to organised cybercrime gangs who look for ways to disrupt, deny and steal data, the impact of a cyber-hack can be significant for all organisations.
As cybercrime attack sophistication increases, many organisations react after it is too late — the attack is already underway. Even though organisations may have the understanding and maturity of a good cyber programme, a more proactive capability is needed to anticipate cybercrime threats; the need to implement preventive strategies is fast becoming a necessity.
The potential extent of cybercrime in the region and the associated losses are hugely underestimated. It is difficult for employers to control or influence individuals’ financial motivations for committing these crimes. However, company policies and procedures can be changed to control factors that lead to individuals committing these acts. Although cybercrime cannot be completely eradicated, there are ways to reduce its frequency.
Within the GCC, there is a growing trend of “redirection fraud”. Criminals are able to intercept payment attempts by exploiting weaknesses in the authentication process and a user is unknowingly being robbed. Even more sophisticated “Advanced Persistent Threats” (APTs) infiltrate a network for an extended period of time, sometimes years, to gather and control a system’s information.
These advanced malware exploitations have many organisations asking: “How can we ensure we have not been breached?”
The fight against cybercrime is migrating towards a more aggressive strategy. Traditional preventive strategies such as Intrusion Detection and Intrusion Prevention (software systems that detect and prevent malicious threats in a system) are far too limited to effectively shut down the cybercrime threats. Lessons learnt from global cybercrimes have given experienced investigators an advantage and allow them to draw from major international incidents to take a new proactive approach that further reduce threats; traditional IT security investments are incapable of eliminating the “threat gap”, which is an estimated 10 per cent of an organisation’s IT risk.
To fight cybercrime in the region, investigators are using a holistic intelligence approach and analysing problems found during investigations from both internal and external routes. Organizations need to investigate if IT systems are free from hacks, breaches and compromises, ensuring there are no malignant “advanced persistent threats” (APTs) or other malicious malware. A proactive strategy will help identify if problems discovered are an immediate or latent threat to an organisation.
Proactive organisations undergo forensic based internal investigations, or ‘Cybercrime Diagnostics’. IT forensic investigators are able to sample the network for indicators that a breach may have occurred. The “Who, What, Where, Why, When and How” approach gives targeted and actionable intelligence to an organisation so that they can understand the risks and reduce attempts to commit cybercrime.
Another effective technique being used in the GCC is ‘Cyber Threat Intelligence’. An externally run investigation provides actionable intelligence, threat analysis and experience beyond an organisation’s security department.
Cyber techniques to gather Human Intelligence (HUMINT) require the “Dark Web,” or information that is deeply hidden in the web and cannot be found by traditional search techniques. Finding content outside of the surface web allows cyber intelligence analysts to investigate potential economic and political threats.
Using this information, organisations can understand the risks and threats posed by cybercriminals and ultimately connect intelligence, helping to mitigate the cybercrime risks. In the GCC, organisations in sectors such as financial services, telecommunications and oil and gas have begun to implement real intelligence activities and assist in closing threat gaps.
Organizations have realised that the ever increasing rise of cybercrime means that education and awareness are necessary. Companies and individuals alike are rightfully demanding to understand the threats being posed and the risks they are facing.
It is more necessary than ever to place emphasis on improving employee awareness and finding more innovative security solutions. These efforts need to be championed by executives at the highest level of the organisation: 80 per cent of the solution is non-technical — it is a case of good governance.
In the GCC, organisations fear that cyber incidents will cause reputational harm; to combat modern cybercrime, these groups will need to take a more proactive approach to protect their data.
There is a growing need to understand and have actionable, relevant intelligence on the perpetrators that pose an internal and external threat. Only then can an organisation understand the “unknown unknowns” and protect themselves from cybercriminal intent.
The writers are with the global consultancy Ernst & Young.
