While CISOs and other security leaders in government and business in the Middle East have challenges specific to the region, such as concerns about operational technology used in the oil and gas sector, regional and global knowledge sharing is increasingly seen as an important way to fight cybercrime.\n\nWith a yearly growth rate of 15%, global cybercrime damages are predicted to cost up to $10.5 trillion annually by 2025, up from $3 trillion in 2015, according to Cybersecurity Ventures.\n\nMiddle Eastern countries are not immune to cybercrime. In its State of Ransomware 2021 report, Sophos reported that that 38% of the UAE tech executives polled said they were attacked with ransomware during the past year.\n\nCountries in the region are fighting back. End-user spending on security and risk management in the Middle East and North Africa (MENA) is forecast to total US$2.6 billion in 2022, showing an increase of 11.2% compared to last year, Gartner has forecast.\n\nPrime targets of hacker attacks are medical and government institutions, as well as the retail sector, oil and gas companies and critical infrastructure.\n\nThe issue of countering cybercrime is on the agenda of governments worldwide, and the UAE along with the rest of the Middle East is no exception.\n\nIn 2019 the UAE came up with its new three-year national cybersecurity strategy that among other initiatives calls for implementing a legal and regulatory framework covering all types of cybercrime. It also aims to train 40,000 cybersecurity professionals and protect the UAE's critical assets in nine sectors, including energy, ICT, government, electricity and water, finance and insurance, emergency and health services, transportation, and food and agriculture.\n\nThe UAE joins the global fight\n\nThe UAE is developing local and global partnerships to jointly fight cybercrime, according to Dr. Mohamed Al-Kuwaiti, head of cybersecurity for the UAE Government. Cybersecurity is not the responsibility of one entity, one person or one country \u2014 it is a collaborative job and shared responsibility across all, he says. \n\n"We are partnering not only with hackers, government and private entities, but also academia, and even school kids. They all work to secure safe digital lifestyle and environment. We are also actively working with international consortia," Al-Kuwaiti says.\n\n"In fact, we have just finished the biggest [virtual] cyber exercise [Cyber 193] where we had more than 140 countries working with us to train and share information in cybersecurity. We are also working with the UN and ITU."\n\nThe UAE was ranked fifth worldwide in the International Telecommunications Union\u2019s Global Cybersecurity Index 2020 for its advanced cybersecurity infrastructure, jumping from number 47 previously, Al-Kuwaiti says.\n\nCybercrime is dangerous to the country\u2019s critical infrastructure, such as water and electricity, aviation, and healthcare. If any of these get hacked or disrupted it can wreak havoc, as in the case of cyberattacks on hospitals during the COVID-19 pandemic, Al-Kuwaiti says, referring to last year\u2019s two ransomware attacks on hospitals in one week in France.\n\nInterpol starts to work with GCC\n\nStephen Kavanagh, the executive director of Police Services for Interpol in France, says that his organisation is currently talking to Gulf Cooperation Council (GCC) authorities and particularly to the UAE to set up a cyber-desk for the Middle East region.\n\n"We can't deal with all of the cyberthreats from Lyon in France. We want to be able to work with regions and the Middle East is one of them. We are talking about how we can set up a cyber-desk for the Middle East so we can break down the threat vectors that are taking place and can look at the gateway partners," Kavanagh says.\n\nData on threat vectors exist globally, but no one single law enforcement agency has all that information so there is need for new relationships and partnerships. The GCC can help Interpol bridge that gap and respond to the needs of businesses and individuals.\n\n"Instead of just defending ourselves what we need is to be able to get back on the front foot and start arresting some of those cyber criminals and putting\u2026 them [behind bars]," Kavanagh says.\n\nUAE tests, collects threat assessment data\n\nHassan Abdullah, director of Security Systems at Dubai Electronic Security Centre (DESC), said his organisation, which was established in 2014, is forming a bigger team together with the Dubai Digital Authority to fight cybercrime.\n\n"It is a common thing for cybercriminals to try and test your networks but we have a very good defence system, while entities are mature and thanks to Dubai Cyber Index the response time is very high now from entities," he says.\n\nDubai Index was set up in part to monitor compliance with government cybersecurity requirements.\n\n"We measure the response time and the resolution of (test attacks) and if there is a malware on a computer. That has dramatically increased the response time of government entities," Abdullah says.\n\nWith new technology increasingly being implemented throughout the region, the number of cyberattacks is expected to increase, but Abdullah is optimistic because there is more awareness now about cyberthreats.\n\n"We work together hand-in-hand with international organisations as well as GCC entities to share information," he added.\n\nChallenges remain, however. Despite the fact that the UAE is witnessing an increase in tech talent, there is still a lack of experts in the field, Abdullah says.\n\n"In UAE we need at least 3,000 cybersecurity experts in the next two years," he says.\n\nEfforts to groom talent continue; Dubai Cyber Innovation Park, the research arm of DESC, was officially launched during this year\u2019s GISEC Global cybersecuirty event held in Dubai in March.\n\nHealthcare particularly vulnerable\n\nThe healthcare sector is the most vulnerable to cyberattacks and is targeted more often than other sectors by cybercriminals, according to some cybersecurity experts.\n\nCyberattacks on hospitals are particularly dangerous, says Sultan Owais, digital lead at the UAE Prime Minister\u2019s Office.\n\n"We definitely need skills in many critical sectors. We also need technologies and norms and practices to meet this challenge," Owais says.\n\nHealthcare organisations have equipment that has been used for 20-25 years and it is not meant to be maintained from an IT perspective and updated. Such specialist equipment has unique weaknesses that commercial laptops bought from a shop don\u2019t have, he explains.\n\nMaintaining this equipment is its own sort of challenge that requires its own set of practices, Owais says. That's why health regulators are setting priorities for the industry across the globe, he adds.\n\nCyberattacks on healthcare industry are especially dangerous because they don\u2019t just deal with money but the health patients, notes Ramakrishnan Natarajan, vice president of IT at Emirates Hospital.\n\nRansomware attacks compromise health records, including backups, and can make it impossible to get them back. And when health records are compromised, no one knows how they may be utilised, Natarajan says.\n\nThere are a lot of steps CISOs can take to fight these attacks. First of all, one needs to get the basics right, Natarajan says. The most important thing is that employees should be trained on healthcare safety and information security. In fact, this sort of training should be tied to their KPIs (key performance indicators), he suggests.\n\nHealthcare organisations are top ransomware payors\n\nAbdullah Marghalany, cybersecurity chief officer at the Ministry of Health, General Directorate of Health Affairs in Medina, Saudi Arabia, says that the healthcare system is the sector most attacked by cybercriminals and is the biggest payer of ransom money.\n\nEvery attack costs healthcare organisations $7 million on average and last year there were cyberattacks worldwide every 40 seconds, he says, adding that some 37% of all the cyberattacks in 2020 were on healthcare systems.\n\n"Last year it cost the world $6 trillion of ransom money paid to cybercriminals. If we compare this money to countries\u2019 economies, it would be the third largest economy in the world after the US and China," he says.\n\nAlso, there are hidden costs. There are costs related to shutting down systems after a cyberattack, Marghalany says. Organisations, especially in the healthcare system, need to invest more in new technologies and also people to help confront cybercrime, he says.\n\nThe National Cybersecurity Authority of Saudi Arabia (NCA) compels every organisation and every CISO both in the public and private sectors to have a cybersecurity strategy and comply with NCA guidance, Marghalany notes.\n\nIn fact, the NCA audit organisations twice a year to check the compliance, he adds.\n\nSaudi Arabia was ranked second after the US in the International Telecommunications Union\u2019s Global Cybersecurity Index 2020 for its cutting-edge cybersecurity infrastructure, up from the previous year\u2019s 40th place, he says.\n\nOT a critical issue for critical infrastructure\n\nThe main challenge in protecting critical infrastructure from cyberattacks is OT (operational technology), according to a GCC-based oil and gas production cybersecurity expert, who did not want to be named. Most solution providers focus on IT rather than OT.\n\nThe existing solutions require the shutting down of production to put new applications in place, but that is difficult to do: oil must be pumped continually. It's a very big problem, the expert said.\n\nHis views are echoed by a number of other industry experts.\n\nIn IT the main security issue is data. But OT includes physical assets, plants, equipment, and all kinds of hardware, which present countless attack vectors. So OT is easier to attack, said Jad H. Abdulsalam, CISO at Saudi Arabian Mining Company (Maaden).\n\nThat\u2019s why priorities and methodologies are different for OT. The challenge on the OT side is that organisations have legacy infrastructure, as most plants were built at a time when today's cybersecurity issues were not prevalent. This is the reason why most facilities do not have up-to-date security systems and controls. It requires some time for a complete upgrade of a plant or production line, Abdulsalam explains.\n\nSome of the solutions require a complete upgrade, which is expensive, and if the upgrade requires suspension of a production line, it will cause huge financial losses and interruptions.\n\nIt will in turn affect the company's reputation, commitments, and ability to deliver, Abdulsalam, says.\n\nAttacks on OT on the rise\n\nThere has been an increase in cyberattacks on OT in the last five years and the impact of such attacks can be disastrous. OT security technology was designed back in 1980s and 1990s, while more recent industrial OT solutions have been developed in the last three to four years.\n\nCurrently, there are hundreds of OT technologies in the world that need to be evaluated with new security systems. It will take time, Abdulsalam says.\n\n"It is one of the biggest challenges in our region because in our case in general, in OT, one of the main things that you need to have is the right level of visibility on the infrastructure otherwise you will not be able to identify and catch the threats," Abdulsalam says.\n\n"However, we are starting to see a good number of companies delivering solutions, but still it requires some time to bring it the right way and also for an organisation to go along with this new technology to be mature enough to reach the right level," he added.\n\nShaik Abdulkhader, who up until recently was CISO at Qatar Petrochemical Co. (QAPCO), said because of the relative lack of maturity of OT security solutions, cybercriminals are committing crimes without getting caught.\n\nA lack of information sharing in the region adds to the problem, he says.\n\nApparently, while international cooperation on security is ramping up, more work remains to be done.