Paladion Networks, the Information Risk Management provider with footprint in 30 countries worldwide including the Middle East, released its latest Threat Intelligence Report with a special focus on the Middle East.
The report is based on research by Paladion Labs, the research wing of Paladion Networks, over the year 2011. Paladion has been operating in the region for over eight years and has offices in the UAE, KSA, Qatar and Oman. In the Middle East, Paladion services over 105 customers in banking, telecom and government sectors. Paladion serves eight out of top 10 telecom companies and 20 out top 25 banks in the region.
According to Rajat Mohanty, CEO, Paladion Networks: "Our conclusions are based on first-hand experience of working in the Middle East with local and multi-national companies from various industry sectors. As revealed in the report, the InfoSecurity threat landscape within enterprises is shifting with changing times and the measures to deal with them are expanding. Overall, while threats are getting more financially motivated and targeted on applications, organizations have lower level of monitoring and higher vulnerabilities on application level which also stay open for much longer compared to network level."
Firosh Ummer, Executive Director, Paladion Networks (UAE) further added: "Phishing as an attack form has gone down in the region last year. On an average, a bank would have faced around 400-500 phishing incidents last year and the average victim per attack was around 10-15 end consumers. While monetary losses from phishing can be absorbed by the banks, the impact on reputation and customer trust is higher."
He said: "Given the dominance of certain geographies in attack sources, a differentiated security monitoring strategy with geo-mapping tools can be of value to organizations. Also, as Phishing as a threat is reducing its fizz, there is likely to be some other forms of attack to replace Phishing in near future, and financial institutions in the region have to gear up other fraud management measures to protect Internet and ATM channels."
As for the external attacks in the Middle East region, Paladion data shows that on an average, larger organizations face 50 intrusion attempts per month from outside the organization.
Interestingly the current threat scenario as seen in the report proves the importance of Application monitoring in future. However, today enterprises are more focused on monitoring the network periphery compared to Applications. And the need of the hour certainly demands a change in the focus towards the way security is managed at present.
The key findings from this report are as below. The data has been taken from Security Incident Monitoring, Phishing Monitoring, Vulnerability Assessment (VA) and Penetration Testing services carried out by Paladion for 260 companies and 14,000 assets. These companies are medium to large enterprises having a minimum turnover of $200m and 2500 employees. They are spread across India, Middle East and South East Asia, representing various industry verticals.
• Threats- be it attacks or phishing- are not random, affecting all organizations equally but are targeted more at bigger organizations.
• External attacks are clearly focused on breaching business applications and while overall the external attacks (both application and network level) did not raise much during the year, they rose substantially on the business applications.
• In contrast, the security monitoring effort of organization is focused on perimeter devices and monitoring of threats on applications level is very limited.
• On the other hand, there was a clear decrease in phishing attacks on financial institutions in the region. The average return for phishers is also reducing due to faster takedown and lower victims per site. Phishers still continue to target business days and business hours while increasing the attacks during slack period of vacations or festivals.
• Most of the external attacks in India and the Middle East region are getting routed through China and US.
• Phishing attacks however predominantly come through US and hardly any phishing attack was seen routed from China.
• On the internal front, more than attacks or malware, it is the policy violations and unauthorized changes that dominate the internal risks.
• Security monitoring is therefore more focused on operational issues such as configuration changes, user account activity and policy violations.
• On the security management side, organizations have improved their network vulnerability management with average vulnerability discovered per assessment being 0.7 per asset. However the application level vulnerabilities are high with average being vulnerability per application per assessment.
• Organizations are facing challenges in managing closure of detected vulnerabilities. While it is better on network level with half-life of vulnerabilities being 1-2 months (half the detected vulnerabilities are closed by this time), on the application front the half-life is 3-4 months.