Cyber security in the UAESeptember 2, 2016
TOGY talks to Ovanes Mikhailov, managing director of Kaspersky Lab, about the cyber security of critical infrastructure and industrial environments, based on industrial control systems. Kaspersky Lab provides its oil and gas clients multi-layered protection against both generic cyber threats and, increasingly, advanced persistent threats. Kaspersky Lab is of one of the world’s fastest-growing cybersecurity companies and the world’s largest privately-owned cyber security business. From the UAE, Kaspersky Lab serves the oil and gas industry by providing cyber security software and services and critical infrastructure protection.
How would you characterise the size of the cyber security market for the oil and gas industry?
The cyber security market has already surpassed the physical security market in terms of size. More and more important and confidential information is being stored on computers and cloud based systems which means protecting software and hardware is of critical importance, especially for companies dealing with sensitive information and highly valuable assets, like oil and gas companies.
Most of our clients in the oil and gas industry are large international companies and they are fully aware of the threat posed by hackers to their institution’s IT systems. They normally have large IT departments which analyse their risks and have the infrastructure and funds to invest in protective software and the appropriate staff training to minimise the threat of an attack.
How would a cyber criminal typically target a multinational?
An attack can begin with the opening of an email by one member of an organisation. The large IOCs in the UAE appear to have invested heavily in training all their staff members on how to avoid putting the company at risk from hackers who will target all members of the institution in an attempt to infiltrate the systems. Some cyber criminals may target people working in a non-IT department, assuming they are unaware they could be the target of an attack.
Does this approach change for small and medium-sized enterprises (SMEs)?
The small to medium-sized companies are also at risk of cyber-attacks and many in this region need educating on the topic. There are a lot of family run oil and gas businesses in the UAE which have not invested in specialised IT departments or specialists and they are uninformed of the potentially severe consequences an attack could have on their infrastructure, from their computers to refining equipment.
What might be the typical outcomes from a coordinated cyber-attack?
A cyber-attack can have far reaching outcomes. A hack can slow IT systems down but they can also have physical consequences such as delaying or stopping production for a set period of time and this can reduce a company’s efficiency and in turn have disastrous effects on a company’s finances due to loss of business.
What are the specific risks of an attack in the UAE?
The centralised nature of the UAE’s oil and gas industry, with one large national company and a number of subsidiaries, could make the UAE a target for hackers. Having a national oil company means there is a bigger concentration of utilities and information which creates a bigger target for cyber criminals.