The consultancy KPMG expects its cyber security business to grow nearly threefold over the coming years in the Arabian Gulf region as demand for solutions to online threats increases.
“It is one of the fastest growing businesses within KPMG in the region and globally,” said Karl Hendricks, the head of consulting for KPMG Lower Gulf region. “As long as businesses are going to keep expanding and going more into the digital space, it is going to continue to grow.”
The Russian computer security software company Kaspersky Lab, international police organisations Interpol and Europol and authorities from various countries uncovered a global cyber criminal group called Carbanak that has stolen up to US$1 billion since 2013, by attacking up to 100 banks, e-payment systems and other financial institutions in about 30 countries.
Kaspersky also uncovered the first known Arabic-speaking cyber espionage group called Desert Falcons, which has been able to steal from about 3,000 victims in more than 50 countries, taking more than one million files.
The recent Sony Pictures hacking scandal of has highlighted the risk of a lack of vigilance when it comes to cyber security. The hacking infuriated the United States administration, which blamed North Korea for the action and led to the tightening of US sanctions against Pyongyang.
The US budget proposal for 2016 fiscal year includes an allocation of $14bn for cyber security efforts as more governments spend to protect their networks and institutions against online attack.
KPMG’s biggest customers in the region are financial institutions, but also include governments and corporates.
“I see from a government perspective they are definitely being more proactive [in the Arabian Gulf region],” said Mr Hendricks. “I have seen a lot of the government entities dedicate CIOs [chief information officers] in their business.”
Many high-calibre firms in the Middle East region have fallen victim to cyber attacks. Oman’s Bank Muscat and National Bank of Ras Al Khaimah lost $45 million in 2013 when a cyber group hacked into credit card processing firms and stole the money through ATM withdrawals.
The website and payment system of the telecoms firm Etisalat was briefly hacked last year.
But the most high-profile attack came in 2012, when the state-owned oil company Saudi Aramco suffered a computer virus attack that disabled 30,000 workstations.
State-owned Qatargas also fell victim to a virus attack that brought down personal computers the same year. Although Aramco and Qatargas did not identify the perpetrators, security firms suspected the Shamoon malware of causing the attacks.
The Stuxnet program in 2010 disrupted Iran’s nuclear programme, the Flame cyber espionage operation, uncovered in 2012 stole, valuable data and was primarily aimed at Iran, and the Gauss cyber espionage toolkit stole mainly financial data, with the vast majority of infected computers located in Lebanon.
“You have the risk of reputational damage. You have the risk of client information damage. You have risk of restoration afterwards,” said Mr Hendricks.
dalsaadi@thenational.ae
Follow The National's Business section on Twitter