Nikolai Soling *
The highly interconnected world we live in today faces a very remarkable reality, namely that devices and systems run the risk of global exposure. The exploitability offered by Log4j was an essential warning; As a result, governments, businesses, leading technology companies, and cybersecurity agencies around the world have rushed to protect their infrastructure, systems, and devices while managing the risks they pose.
Log4j is part of the Java Log Library, which is used by millions of computers around the world to record errors and routine system operations, and usually sends diagnostic messages about it to system administrators and users. But in December 2021, a vulnerability (CVE-2021-44228) enabled cyber-attackers to remotely apply code and gain access to log4j systems.
The initial reaction of global denial soon led to in-depth investigations that revealed remarkable vulnerabilities in various systems that can be accessed over the Internet, according to Jane Easterly, director of the US Agency for Cyber Security and Infrastructure Security (CISA). described. vulnerability on It’s the “most dangerous” she’s seen in her career.
The Log4j case study is one of the most important lessons in today’s cyber security field. It showed not only the security vulnerabilities that occur in the so-called secure zones in the cyber field, but also the inability to quickly detect cyber threats targeting specific sectors, industries and companies. With companies in the region and around the world moving at a tremendous speed to seize the opportunities offered by new technology, a false sense of security was one of the risks that made these companies vulnerable to cyber attacks.
In the UAE, as demonstrated by the Status of the Market Report 2022 issued by Help AG, cyber-attackers have become more professional and target organizations in a strategic way, especially government entities; It was the target of 37% of distributed service disruption (DDoS) attacks, followed by the private sector (34%), healthcare (8%), financial companies (6%), education (5%) and oil, gas and energy companies (4%), and the hospitality sector (4%), which emphasizes a scale where every major corner of the economy is vulnerable to cyberattacks in the absence of a robust security protocol.
With the UAE and the Gulf states embarking on a strategic transformation process into a knowledge economy, the adoption of new technologies is both an opportunity and a threat. The security vulnerabilities faced by governments in the region, according to the State of the Market Report 2022, reflect global results, whether in terms of distributed service disruption (DDoS) attacks, cloud threats, ransomware or significant vulnerabilities in known applications.
The resilience of governments and economies will depend on the collective action of institutions and individuals, and this can only be achieved by developing a strong business continuity plan with cyber security controls at every stage, as well as developing a well-structured plan for incident response and recovery. , while also acknowledging that cyber security is the responsibility of all individuals.
The “Covid-19 pandemic” has led to a critical transition to telecom health and telemedicine, increasing the risk of breaches of sensitive data and medical records and placing the way patient information is shared among staff under a microscope. Among the unique cyber security risks facing this sector are remote attacks on healthcare facilities that cause cyber attackers to take control of medical devices and deny essential life-saving services. Therefore, protecting the confidentiality and availability of information and ensuring that access points are secured while replacing outdated systems should be a priority for companies operating in the healthcare sector.
Whether it is to gain significant financial gain or to gain political influence, banks and financial institutions are a major target for cybercriminals around the world, and the UAE is no exception. The risks in this sector are of a high degree of seriousness, as they are not only banks and financial institutions that may be exposed to penetration, but may rather disrupt or hinder entire economies.
Therefore, these institutions need to increase their level of cyber-vigilance, especially with the UAE and other Gulf countries increasingly moving towards the digital economy and cashless transactions. Not including cyber security in the design of everything related to the banking sector can jeopardize customer data, shake their loyalty, in addition to making recovery from such violations very difficult and costly.
The nature of our highly interconnected world, in which the main vertical components of the economy are integrated with each other and among each other, makes all IT systems collectively vulnerable, and thus this world requires a comprehensive approach to move from cyber security to cyber resilience. With a reliable security partner, leading-edge solutions and best-in-class services, as well as a change in cybersecurity culture, this process can run smoothly for organizations in the long run, but the time to start is now.
* Head of Technology at Help AG