The service-centric transformation of the cybersecurity industry is proceeding at full speed, with 90% of security requirements expected to be fulfilled through a service model three years from now, according to the State of the Market Report 2022 by Help AG, the cybersecurity arm of e& enterprise (formerly Etisalat Digital) and the region's trusted security advisor.
The first of its kind to focus exclusively on digital security in the Middle East region, Help AG's annual State of the Market Report delivers cybersecurity intelligence across a range of parameters, including the top threats over the course of the year, the region's biggest vulnerabilities, the kinds of attacks and attack vectors which are a cause for concern, anatomy of high profile breaches, security investment patterns of organisations in the region, and where the market is headed in terms of technologies and evolution.
TOP THREATS FACED IN 2021
DDoS attacks continued their upward trajectory in 2021, with 149,753 attacks detected in the UAE last year, amounting to a 37% YoY increase. This indicates that attackers are strategically targeting UAE organisations, particularly in the government (target of 37% of DDoS attacks), private (34%), healthcare (8%), financial (6%), education (5%), oil and gas (4%), and hospitality (4%) sectors.
The attacks continue to increase in scale, with the largest one observed in the UAE last year and measured at 145.9 Gbps. In fact, DDoS attacks with a volume of over 40 Gbps have become the norm in the UAE ever since the pandemic began.
DDoS attacks are also increasing in duration. The longest recorded attack in 2021 lasted for a duration of 44 days and 19 hours, and over 14% of observed DDoS attacks lasted more than 60 minutes. Additionally, 58% of DDoS attacks observed in the UAE in 2021 were multi-vector in nature, and UDP Flood, IP Fragmentation, and DNS Amplification were found to be the top attack types.
Ransomware attacks also continued to increase in frequency last year, largely thanks to their high rates of success, which can be attributed to their relative simplicity and their significant, immediate impact on an affected business, as well as the fact that many organisations still end up paying the ransom, thus encouraging threat actors to continue utilising this attack method.
Apart from increasing in number, ransomware attacks are also becoming highly sophisticated as attackers become more professional than ever. The danger posed by ransomware is being exacerbated by the proliferation of ransomware-as-a-service, which has turned ransomware into a profitable business model wherein ready-made malicious code is sold to cyber attackers.
The year 2021 saw a 9.3% increase in the total number of detected vulnerabilities, with a total of 18,378 identified as per the NIST National Vulnerability Database (NVD). The number of vulnerabilities found in core applications also increased, and worryingly, core security controls were found to be missing in most cases.
Medium and low risk vulnerabilities rose in number, whereas fewer high severity vulnerabilities were detected compared to 2020. In order to help regional businesses stay abreast of discovered vulnerabilities, Help AG released 130 threat advisories throughout 2021, which included recommendations for organisations on how to stay protected.
Key Areas of Investment
Help AG has identified a number of areas which saw significant investment over the course of 2021. There has been a marked increase in investment in locally hosted solutions and services, including Security Service Edge (SSE), private access, DDoS protection, and security platforms. Additionally, Help AG identified hypergrowth in investments into managed cyber defence and OT and IoT security, while there was a significant increase in investments into the IAM/PAM space.
Accelerating digital transformation, service-centric business evolution and adoption of cloud in combination with local regulations and requirements around data residency have created a need for investments into locally hosted cybersecurity solutions and services.
From Cybersecurity to Cyber Resilience
Normal recovery and business continuity processes are no longer enough. Systems are more interconnected and dependent than ever. What organizations need in order to stay safe in this environment is to adopt a comprehensive approach to boost business resilience, by embedding cybersecurity from day zero and beyond, and combining preventive, detective, and responsive methods, across the three pillars of people, processes, and technology.
The resilience of governments and economies depends on the collective resilience of the businesses and individuals, and this can be achieved by creating a strong business continuity plan incorporating cybersecurity controls at every step, and having a well-structured incident response and recovery plan in place.
The past year saw a rapid acceleration toward the service-based cybersecurity model. In fact, Help AG estimates that three years from now, 90% of all cybersecurity requirements will be fulfilled through a service model.
‘Help AG as a Service' is the culmination of the company's transition from technology delivery to a service-centric model, which has placed it in the best position to offer the entire lifecycle, from ‘Assess' to ‘Defend' to ‘Respond,' as a service to customers.
Technology Trends in 2022
Looking ahead into the coming months, the technologies that will reign supreme come as a direct consequence of attack trends. Secure cloud enablement, application security, identity security, and Security Service Edge will continue to be top priorities in an increasingly digitised and perimeter-less world.
VOICE OF THE CUSTOMER
The State of the Market Report 2022 also incorporates in-depth insights shared by some of the key representatives from large enterprises and government organisations in the region, who shed light on their cybersecurity strategies and challenges as a microcosm of the larger environment.
Highlights include Nawah Energy Company, who shine a spotlight on the unique security challenges associated with OT environments; Higher Colleges of Technology, who touch on the shift educational institutions are making toward managed services; National Bank of Fujairah, who emphasize the importance of investing in artificial intelligence and machine learning as part of incident detection; the Department of Health in Abu Dhabi, who underline the importance of building security into life-saving medical devices; and Invest Bank, who highlight the main security challenges facing the banking sector, including unencrypted data and insider threats.
Stephan Berner, Chief Executive Officer at Help AG, said: “As the region's cybersecurity landscape becomes increasingly complex and challenging, our State of the Market Report offers an invaluable resource for organisations that are striving to secure their digital roadmap and keep pace with the ever-evolving cyber risks in the distributed age. The resilience of governments and economies depends on the collective resilience of businesses and individuals, and through our annual report, Help AG seeks to empower organisations and people with vital insights from our experience and expertise, thus elevating cybersecurity for the entire region.”
Nicolai Solling, Chief Technology Officer at Help AG, added: “The increasing frequency and sophistication of cyberattacks highlight the importance of information sharing among organisations. As cybersecurity professionals, it is our responsibility to mitigate and limit the impact of security challenges in an environment where threats and vulnerabilities are weaponising quicker than ever before. This is why we publish our State of the Market Report and make it readily available for organisations across the region, providing them with unparalleled intelligence into the state of cybersecurity in the Middle East.”