[ISN] MidEast second biggest spender on IT security services

From: InfoSec News (alerts@private)
Date: Wed Dec 26 2007 - 23:02:34 PST


http://www.business24-7.ae/cs/article_show_mainh1_story.aspx?HeadlineID=399

By Karen Hart 
Emirates Business 24/7  
December 23, 2007

With no major worm outbreak in the past two years, CIOs are feeling much 
safer now. That should be good news but complacency may be setting in 
without big attacks grabbing headlines.

CIOs top priorities are improving business processes, controlling costs 
and retaining customers. Security fell out of the top 10 priorities, 
said Gartner security analyst John Pescatore. One of the problems, he 
said, is that enterprises are not thinking about security for new 
threats. Firms may have old threats covered, but it is the new scenarios 
that carry the big bang.

New products and new technology are creating new holes to exploit. 
Businesses have not done the threat modelling, said Pescatore.

The software powering mobile phones, for one, is getting less 
heterogeneous by the minute as Windows Mobile gains market share. That 
means the list of potential victims is growing. In addition, people tend 
to trust files sent via text messaging.

Researchers at McAfee Avert Labs concur. They expect an increase in web 
dangers and threats targeting Microsofts Windows Vista operating system, 
among other new or increased threats.

Threats are moving to the web and newer technologies such as VoIP [voice 
over internet protocol] and instant messaging, said Patrick Hayati, 
regional director, McAfee Middle East.

Professional and organised criminals continue to drive a lot of the 
malicious activity. As they become increasingly sophisticated, it is 
more important than ever to be aware and secure when traversing the web.
 

INTERNATIONAL ESPIONAGE

Then there is the ever-present internet espionage currently being used 
by over 100 countries, which is becoming more of a trend by the day, 
according to a McAfee report. The study finds that the number of 
cyber-espionage incidents and computer attacks on critical national 
infrastructure are rapidly increasing around the world.

This is the rough consensus of the security experts we have spoken to, 
and a credible figure given how low the barriers to entry are. All you 
need is a few computer science graduates, said Ian Brown, lead 
researcher for McAfee and a security expert at Oxford University.

This year saw a record number of incidents in which countries reported 
an attempt to infiltrate their information defence systems or an attack 
aimed at disrupting key organisations such as air-traffic control, 
financial services or utility companies.

One of the highest-profile incidents was in April, when Estonian 
officials accused Russia of mounting a series of cyber-attacks that 
brought down the websites and information technology networks of state 
institutions such as the presidents office, ministries, parliament and 
the police, as well as political parties. The press and banks were also 
targeted.

 
DUBAI ATTACKED

Earlier this year, Dubai eGovernment said one of their platforms was 
attacked by hackers attempting to corrupt data and damage websites. No 
financial or personal information was accessed or damaged, it said.

Salem Al Shair, eServices Director, Dubai eGovernment, explained: We 
have two platforms. The eHost and the eHost Plus. While eHost Plus is 
highly developed and hosts very sensitive sites, eHost is less developed 
and hosts limited data sites.

The hacking incident happened in the eHost, the first time it was 
penetrated. eHost Plus has never been, and hopefully never will be, 
penetrated. We have had hundreds of attempts to penetrate eHost Plus but 
so far no one has been successful.

Even though Dubai eGovernment had Dh55 million of transactions online 
last year, there is no rewarding information on either platform, Al 
Shair said. A hacker cannot get any financial gain. We do not keep any 
credit card or bank information. Financial matters, which a lot of 
people are worried about, are very well protected and will not be 
available.

Personal information is just in the range of name, age and date of 
birth. The only thing that we worry about is that someone comes in and 
damages some of the files. It takes substantial effort to bring them all 
back again.

But even obtaining personal information can pose a huge personal 
security risk, said John Paul Moralde, ENSB Operations Engineer at 
EastNets Dubai.

Corrupt individuals can use this information against their victim by 
pretending to be the victim. Having a victims personal information can 
leverage the culprits malicious intent by consistently using this 
information to personally harass the victim, he said, adding that 
computer-related laws in the UAE are not very well implemented.

IT systems in the Middle East are not that mature but a lot of efforts 
are being made to address this problem, Moralde said.


BIG SPENDERS

The Middle East is now placed second in worldwide IT security services 
spending with the Americas region topping the list according to a recent 
report from market analyst IDC. The company said in its latest report on 
the region that expenditure on security appliances and software grew by 
60 per cent in 2006, with the market forecast to grow at an average rate 
of 23 per cent each year through to 2011.

Growth in the financial sector, and an increasingly sophisticated 
enterprise sector are driving demand, according to the report. Security 
expenditure is focused on perimeter defence, with threat management 
solutions making up 56.4 per cent of 2006 total spend, marking a growth 
of 61.2 per cent year-on-year.

Spending on secure content management is also high, taking up 24 per 
cent of expenditure, and security and vulnerability management rank as 
third-highest expenditure with 11.4 per cent.

The biggest spenders on security solutions are government, which 
accounts for 26.9 per cent, followed by telecommunications and finance, 
with 22.6 and 21.2 per cent share, respectively.

Saudi Arabia makes up the bulk of spending, accounting for 41 per cent 
of the market, with the UAE second with 31.2 per cent. IDC predicts that 
all GCC markets will continue to show double-digit security spending 
growth in 2007, with Saudi Arabia expected to grow by 45 per cent, the 
UAE by 36.6 per cent and Bahrain, Kuwait, Oman and Qatar as a whole by 
27.2 per cent.

The IT security market benefits heavily from investments in basic 
infrastructure by companies across the region, which inevitably includes 
threat management and secure content management technologies, said Vinay 
Nair, senior analyst at IDC MEA. A large number of firms are making 
increasingly sophisticated investments in information leakage detection 
and prevention technology.


Internet police

Unlike many states in the US, there is no legal requirement in most 
parts of the world to disclose data breaches to the public. Moreover, 
there is no centralised organisation to which businesses can report 
computer crime, a factor businesses claim is very frustrating.

There is no specialised authority to report e-crime other than the local 
police station and they have little understanding of it. It is a major 
problem, said David Roberts, Chief Executive of Corporate IT Forum, 
which represents computer users in about half of the FTSE 100 companies.

According to Dubai eGovernments Al Shair, Dubai has a dedicated police 
unit called the e-crime division. Im sure they operate with the 
collaboration of Interpol and other anti-crime agencies in the world.

Asked if e-culprits can be convicted in Dubai, he said: There is a local 
law issued by the government on e-crimes. But to be frank, I havent gone 
through the whole thing. Al Shair added that Dubai is not an exception 
to the rise in e-crimes. This problem is not limited to Dubai. Criminals 
are using technology to commit crimes in organisations around the world, 
he said, citing the CIA and Pentagon as examples.

According to US-CERT, there were 5,000 cases of e-crimes reported in the 
US in 2005, which rose to 23,000 in 2006 and in the first quarter of 
2007 alone 19,000 incidents have been reported.

The US Government has spent $64 billion (Dh234bn) on information 
technology systems, out of which eight per cent has gone to security. 
The UK Government spends 11 per cent of IT expenditure on security.

Still, 62 per cent of their businesses have been hacked one way or 
another, Al Shair said.

The issue of being hacked is not a taboo. It is the same old fight 
between good and evil. However, we have to understand this is long war. 
When you improve your security, the hackers do the same.


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Wed Dec 26 2007 - 23:08:11 PST