19 Apr 90% of All Cybersecurity Requirements Will Be Fulfilled by a Service Model in 3 Years
A new market report has predicted that 90% of all cybersecurity requirements will be able to be fulfilled by a service model in the next three years.
The report comes from Help AG’s latest State of the Market Report 2022, which focuses exclusively on digital security in the Middle East. The first of its kind, the report delivers cybersecurity intelligence across a range of parameters, including the top threats over the course of the year, the region’s biggest vulnerabilities, the kinds of attacks and attack vectors which are a cause for concern, anatomy of high profile breaches, security investment patterns of organisations in the region, and where the market is headed in terms of technologies and evolution.
In 2021, DDos Attacks were a growing concern with 149,753 attacks detected in the UAE, amounting to a 37% YoY increase. This indicates that attackers are strategically targeting UAE organisations, particularly in the government (target of 37% of DDoS attacks), private (34%), healthcare (8%), financial (6%), education (5%), oil and gas (4%), and hospitality (4%) sectors. The attacks continue to increase in scale, with the largest one observed in the UAE last year and measured at 145.9 Gbps. In fact, DDoS attacks with a volume of over 40 Gbps have become the norm in the UAE ever since the pandemic began.
Not only are the DDos attacks increasing in volume but they are increasing in duration too, with the longest recorded attack in 2021 lasted for a duration of 44 days and 19 hours, and over 14% of observed DDoS attacks lasted more than 60 minutes. Additionally, 58% of DDoS attacks observed in the UAE in 2021 were multi-vector in nature, and UDP Flood, IP Fragmentation, and DNS Amplification were found to be the top attack types.
Ransomware attacks also continued to increase in frequency last year, largely thanks to their high rates of success. This is believed to be due to their relative simplicity and their significant, immediate impact, as well as the fact that many organisations still end up paying the ransom, thus encouraging threat actors to continue utilising this attack method.
Apart from increasing in number, ransomware attacks are also becoming highly sophisticated as attackers become more professional than ever. The danger posed by ransomware is being exacerbated by the proliferation of ransomware-as-a-service, which has turned ransomware into a profitable business model wherein ready-made malicious code is sold to cyber attackers.
2021 saw a 9.3% increase in the total number of detected vulnerabilities, with a total of 18,378 identified as per the NIST National Vulnerability Database (NVD). The number of vulnerabilities found in core applications also increased. Worryingly, core security controls were found to be missing in most cases.
Medium and low risk vulnerabilities rose in number, whereas fewer high severity vulnerabilities were detected compared to 2020. In order to help regional businesses stay abreast of discovered vulnerabilities, Help AG released 130 threat advisories throughout 2021, which included recommendations for organisations on how to stay protected.
Key Areas of Investment
Help AG has also identified a number of areas which saw significant investment over the course of 2021. There has been a marked increase in investment in locally hosted solutions and services, including Security Service Edge (SSE), private access, DDoS protection, and security platforms. Additionally, Help AG identified hypergrowth in investments into managed cyber defence and OT and IoT security, while there was a significant increase in investments into the IAM/PAM space.
Accelerating digital transformation, service-centric business evolution and adoption of cloud in combination with local regulations and requirements around data residency have created a need for investments into locally hosted cybersecurity solutions and services.
Technology Trends in 2022
Looking ahead into the coming months, the technologies that will reign supreme come as a direct consequence of attack trends. Secure cloud enablement, application security, identity security, and Security Service Edge will continue to be top priorities in an increasingly digitised and perimeter-less world.
Stephan Berner, Chief Executive Officer at Help AG, said: “As the region’s cybersecurity landscape becomes increasingly complex and challenging, our State of the Market Report offers an invaluable resource for organisations that are striving to secure their digital roadmap and keep pace with the ever-evolving cyber risks in the distributed age.
“The resilience of governments and economies depends on the collective resilience of businesses and individuals, and through our annual report, Help AG seeks to empower organisations and people with vital insights from our experience and expertise, thus elevating cybersecurity for the entire region.”
Nicolai Solling, Chief Technology Officer at Help AG, added: “The increasing frequency and sophistication of cyberattacks highlight the importance of information sharing among organisations. As cybersecurity professionals, it is our responsibility to mitigate and limit the impact of security challenges in an environment where threats and vulnerabilities are weaponising quicker than ever before.
“This is why we publish our State of the Market Report and make it readily available for organisations across the region, providing them with unparalleled intelligence into the state of cybersecurity in the Middle East.”