Arbor Networks’ 2013 research of DDoS activity in the Middle East has revealed that the average size of attacks in the region is 2.376Gbps and the average duration of an attack exceeds an hour and ten minutes.
Arbor says that services such as e-banking, government eservices, as well as mission-critical production systems have been prime targets for attackers.
Civil unrest in the region has given rise to organised cyber crime and an escalation in cyber attacks.
Mahmoud Samy, Area Head, Middle East, Pakistan and Afghanistan, Arbor Networks said, “Despite the evident evolution on the part of hackers, those that are under attack are not nearly as prepared for cyber-attacks as they could or should be. This was pointed out in the eighth annual Worldwide Infrastructure Security Report by Arbor which clearly highlights this very point: Just over half (51%) of network operators surveyed don’t regularly perform preparedness drills for cyber attacks.
“In a region wherein the rise in cyber crime has been a constantly growing concern, organizations in the Middle East remain shockingly ill prepared.”
For many CIOs and IT managers, this will require a change in how they traditionally approach these exercises. Yet, the evolution in the region’s threat landscape has become the driving force for more enterprises to formalise IT security, placing it firmly within the context of enterprise risk management and business continuity planning.
“Current financial realities require that companies incorporate IT security into their operational and financial planning to control escalating costs. At the same time, they must provide adequate resources to address their financially, regulatory and reputation-driven security priorities and incorporate all pertinent risk factors into their organisational security model,” Samy said.
“The abstract nature of risk management and business continuity planning can often make these processes daunting to planners and IT security professionals alike. In most cases, business continuity plans include detailed policies and procedures for keeping operations running in the wake of natural disasters such as fire, floods and earthquakes. But rarely do they incorporate contingencies for IT security incidents. This is a major oversight.”