The Fintech Times and today’s Spotlight Middle East and Africa (MEA) series looks at predictions in cybersecurity and the wider fintech space in 2021. Hear from experts as Pinsent Masons and Thales give their thoughts.
The cybersecurity market in MEA was valued at $7.174 billion in 2019 and was expected to register a compound annual growth rate (CAGR) of 14.08 per cent during 2020-2025 according to a report from Morder Intelligence.
Seema Bono is a Senior Associate at the international law firm, Pinsent Masons LLP in Dubai. She specialises in investigations/compliance and international commercial dispute resolution. She is an English qualified lawyer and practised in London for a number of years before relocating to Dubai in 2014. She advises major corporate clients on high-profile investigations arising from accounting issues, cyber, bribery and corruption and fraud. She is actively engaged in advising on managing internal investigations and compliance matters, including third party risk management and cyber issues. Seema has extensive experience of advising clients on complex, multi-jurisdictional litigation and international arbitration proceedings in various sectors, including financial services, telecoms, energy, hotels, logistics and real estate. Seema is a registered lawyer at the Dubai International Financial Centre Courts and has expertise in various forms of alternative dispute resolution, including mediation and arbitration. Seema is the Chair of Pinsent Masons’ Diversity & Inclusion Committee in the Middle East.
With regards to 2021 predictions of cybercrime and digital protection in the MEA region, Seema comments, “Managing cyber-crime risk and digital protection will remain firm priorities for businesses in 2021 in the Middle East and North Africa (MENA) region, particularly as the digital footprint of businesses increases. Operating in a Covid-19 world has given rise to a rapid proliferation of technology and huge demand for digital services. However, the current climate is one which plays aptly into the hands of attackers engaged in online scams, phishing and hacking aimed at undermining and disrupting business and economies. Increased threats have emerged in the last year as a consequence of remote working, rogue employees, activists and an unsettled environment in which governments and businesses are distracted by the global pandemic. In 2021, we will therefore see more corporates equipping their people and teams with the skills and resources to identify and respond adequately to protect valuable information and systems. This will include more regular online training and awareness programmes on the serious risks and potential reputational consequences flowing from cyber-attacks.”
Seema further adds, “We will also see more technology and services providers increasing and fine-tuning their offering. These providers have consistently improved their armoury of tools and products to support businesses in the fight against this invisible threat. 2021 will witness more sophisticated policies and protocols being developed within businesses in the MENA region. These will be designed and tailored to manage cyber risk, prevent attacks and respond robustly, where required. Digital protection is increasingly becoming an important facet of the customer experience and 2021 will see the underlying customer becoming even more engaged in conversations around the safeguarding and protection of data. As the Covid-19 pandemic continues to disrupt economies, the importance of a robust approach to the management of cyber risk and digital protection is essential to promote confidence and protect business.”
Another industry expert, Dr. Waël Kanoun, also shares his thoughts on cyber crime. He is the Head of Cyber Defence Solutions business Line at Thales in the Middle East. He also holds the role of International Lead of the Cybersecurity for Ground Transportation vertical at Thales. Previously, Waël held the position of Head of R&D Cyber Security, while working at Nokia Bell Labs. His experience spans various OT and IT systems for critical infrastructures such as telecom, ground transportation, defense, utilities (electricity & water), public safety, etc. His work is extensively published in peer-reviewed international conferences and journals, and led to +10 patent applications. He has served on review committees of several international conferences and journals, and has given cybersecurity lectures in French Universities and Graduate Schools. He holds a PhD in Information and Cyber security from Telecom Bretagne, France.
With cyber crime, Dr. Kanoun comments, “The MENA region, a region marked by certain flourishing economies, is increasingly becoming the target of cybercriminals. Increasing rates of cybercrime activity are occurring, ranging from opportunistic data breaches to more targeted attacks to the increasing use of ransomware by threatening groups of actors.
It is important to focus on the threat of targeted ransomware attacks which were in 2020 and remain a major threat in the MENA region today. Indeed, from June to September 2020, five Middle Eastern companies in the construction, manufacturing, engineering and technology sector were victims of attacks by large groups such as the ransomware operator ATK161 (Maze), ATK168 (Sodinokibi) and ATK182 (Netwalker). In addition, from September to November 2020, four other companies in the professional services, retail, manufacturing and health industries were targeted by the Egregor group, a variant of ransomware similar to Maze that has increased the frequency and sophistication of its attacks.
In addition, ransomware-as-a-service is also part of the cyber threat landscape equation, for example, the Thanos variant of ransomware, first released on the Dark Web market in June 2020, targeted unnamed state-affiliated organisations in the MENA region.
In addition, a second trend of attack modes can be highlighted because of its very important impact. Indeed, phishing scams increased in the second quarter of 2020, both due to the greater success of these actions with subject lines related to COVID-19 increasing malicious email openings and an overall increase as users spent more time online.”
Data breach is costly everywhere and this also affects the region. Dr. Wael comments, “Finally, it has been observed in 2020 that the average cost of a data breach incident incurred per company in the Middle East is $6.53 million, well above the overall average cost of incidents of $3.86 million. This trend of attack is therefore a clear indication that cybercriminals are targeting MENA industries with the most sensitive customer data, thus generating significant financial gains.
According to IBM‘s cyber security researchers, healthcare companies have been found to bear the highest cost per record of a data breach, followed closely by the financial services and technology sectors.”
In summary, 2021 despite its challenges shows much activity not solely just in cybersecurity but in the wider fintech context for MEA. This was shown with other experts from Dubai Financial Services Authority (DFSA) (based at Dubai International Financial Centre (DIFC)), Kearney and now with today’s series with Pinsent Masons and Thales.