Dubai: Information security experts warn that the region faces bigger insider threats than from hackers outside as the ‘Bring Your Own Device’ (BYOD) concept is gaining momentum.
BYOD is a practice of employees bringing personal devices to their workplace, with smartphones and tablets outpacing the sales of laptops. The new trend results in innovation and cost-savings but also creates security challenges, according to the experts.
“Today’s enterprises are facing unprecedented security threats as organisations embrace new technologies. Newer threats keep cropping up as technologies evolve,” Bala Venkatramani, marketing manager of IT security solutions at ManageEngine, told Gulf News.
He said that sacked employees and unhappy staff have been involved in several security breaches.
“Hackers would not have siphoned millions from two banks in the region and $45 million globally without the help of an insider. Hackers need to have access to the banks’ database continuously and the logs would have shown failed logins. This did not happen. But investigation is going on,” said Venkatramani.
Network security
Consumerisation of smartphones and BYOD are the biggest trends driving the network security market in the region.
According to IDC, IT (information technology) spend in the UAE is expected to grow by 13 per cent to $7.3 billion this year compared to $6.5 billion last year, mainly fuelled by the hardware sector — smartphones, computers and media tablets.
“With insider threats looming large, organistaions need to control access to IT resources. Organisations should give access strictly based on job roles and responsibilities,” said Bashar Bashaireh, regional director at Fortinet.
According to a survey conducted by Fortinet, more than 65 per cent of companies in the UAE allowed staff some form of access to personal devices last year.
“Thirty-five per cent of the users think that policies and securing personal devices that they bring into the corporate network is not the employer’s responsibility. This will show you the magnitude of the threats from inside,” said Bashaireh. He added that a malware from an employee’s device can penetrate into the corporate network and do the damage.
Reviewing policies
With the adoption of BYOD, organisations need to “have security policies and control access to resources in place and review them regularly”.
Recent industry reports show that as much as 40 per cent of people in the Middle East and Africa have been victims of cyber attacks, which have also cost businesses globally over $110 billion annually.
In Saudi Arabia alone, estimates suggest that businesses hit by cybercrime lost $693 million last year; businesses in the UAE lost $612 million.
Insider threats are expected to grow 50 per cent year-on-year in the UAE as IT adoption is growing fast, according to Bashaireh.
“The challenges CIOs [chief information officers] are going to face is how to control the devices coming inside the corporate network and have different software for different operating systems,” he said.
