Region has talent but lacks resources to fight hackers
Dubai: There may be a silver lining to the recent increase in cyber attacks in the Middle East, according to Wael Mohammad, the president and COO of digital security firm TrendMicro.
The obvious, although also worrisome, way to look at the recent attacks, such as the recent release of customers information following the hacking of Qatar National Bank, is that regional financial institutions are now viewed as both worth the effort and attention of potential hackers.
“I honest believe it’s good news, because 10 years ago … they used to use Middle Eastern sites as an examples of how they could penetrate and nobody was home. There was nothing to actually get,” he said.
The fact that attacks are now taking place indicates a number of things for the Middle East, says Mohamed, who is based in Texas but was in Dubai on Wednesday.
“Number one is that there is something valuable to actually be taken, which means that digitalisation and online dependence is higher than it once was. That’s important,” he said.
However, the attacks also mean that there is now a substantial amount of computer talent in the Middle East, though most of it does not come with the practical experience or pedigree that most people in the computer industry would include on a CV. That’s an issue not just in the Middle East but across emerging markets.
“This is the challenge and opportunity in this region. The skill and knowledge that exist that is not fully utilised is an opportunity,” he said.
This opportunity exists across emerging markets, he said, but for it to be fully utilised, “institutions and mindsets need to change.”
However, the growing rise in technology fluency is also being coupled with another kind of fluency — fluency in Arabic. And while that too might sound like a good thing for the Arab world, it is instead translating into an increase in Arabic-language specific attacks.
Cyber attackers have used English, French or Russian as their primary language of attack. These attacks were not technical attacks, but email-based attacks (called phishing attacks) meant to trick a users into revealing their password or other information, which a hacker could use to access a system. Early attacks in Arabic were often so bad — in terms of the language — that they failed. Fluency in Arabic has now improved to the point that recipients are falling victim at a higher rate than before.
“Now there are bots that speak Arabic,” Mohammad says. “[We are seeing] email that is designed in an Arabic context and all of sudden is fair more damaging that it ever was.” Bots are third-party internet applications that can be used for a number of tasks, including simulating conversations.
This means that security company can no longer simply be software vendors in the Middle East, he says. Mohamed says sales of software in the Middle East have doubled over the past two years and will likely double again. Attacks in the Middle East have been growing, but despite the amount of raw talent available, there are a lack of resources, both for TrendMicro and customers in the region, to implement the security.
“I have a lot of customers who are saying ‘give me the resources to do the work.’ That’s not scalable. I’m not in the business of providing professional services,” he says.
This has created a vacuum of security resources that “is massive and needs to be filled eventually.”
Source | GulfNews