It is a no brainer to mention that cyber crime is increasing and today, the focus is more on money & cyber war than anything else. We see a lot of such incidents these days including the hacking and data breach at Target, Sony, Anthem to name a few.
What about information security in the other parts of the world? Are we secure enough? Or better, did we have any breaches in the recent past?
I see that a number of organizations were hacked in the recent past in all of the GCC countries. Saudi Aramco cyber incident was a major one in the last 2 years. There were a number of political influenced security incidents in the past
- Dubai Police Social Media Accounts Hacked (comments about it)
- Insider Threat – Employee hacks internal server and gets himself a promotion (Abu Dhabi)
- Etisalat website and payment service were hacked
- Cyber mafias strike at leading Omani bank
- Ministry of Internal Affairs of Kuwait was hacked
- 428 bank accounts hacked in Kuwait
The list above is just a few among a large number of such incidents in the region. Now, lets see how serious are Gulf Countries in terms of Information Security?
UAE emirates Dubai and Abu Dhabi has set up security standards (ISR & ADSIC respectively) that should be implemented within the government sector. Other countries such as in the GCC (Kuwait, Bahrain, Oman) are still weighing their options in terms of developing country security standards.
What about the companies? How serious are they about cyber security? Information Security is still considered as a cost component and regulatory requirement by most of the companies in GCC and not as a better business practice.
Do we have to wait till a major security incident happen in the middle east to make it a better business practice?