Heightened concern: Governments work to counter a global rise in cyberthreats stemming from digitalisation and the shift to remote work

Russia’s invasion of Ukraine in February 2022 caused disruptions across the global economy, from food to energy, and prompted an increase in the number and sophistication of cyberattacks – exacerbating similar impacts from the Covid-19 pandemic.

According to a poll of 800 chief audit executives conducted by the UK-based Chartered Institute of Internal Auditors, 77% of respondents thought the war had elevated cybersecurity and data-security risks. Senior cybersecurity analysts have said that the invasion has been accompanied by a sustained cyber-conflict, with a large number of attacks and threats launched since the start of the war.

Spillover

On the day before Russia’s military forces invaded Ukraine, a wave of distributed denial-of-service attacks attributed to Russian hackers disabled Ukrainian government, military and bank websites. That same day, US and UK intelligence agencies warned that a Russian state-backed hacker group known as Sandworm had created a new malware called Cyclops Blink. US government officials announced in April of that year that they had disrupted the malware, but worries remain.

While cybersecurity officials say that Russia has primarily focused cyberattacks on Ukrainian companies and infrastructure, rather than on targets in the EU, the US or emerging markets, there are nevertheless concerns that cyber-conflict could spill over as the war progresses. An example of this was seen in the February 2022 cyberattack on Viasat, a US satellite communications provider used by the Ukrainian military. EU, UK and US officials blamed Russia for the attack, which affected customers not only in Ukraine, but also throughout Europe.

Pandemic Cyberthreats

The increased threat of cyberattacks builds on the already heightened cybersecurity environment triggered by the pandemic. As financial transactions have increasingly migrated online since the outbreak of Covid-19, businesses around the globe have become targets for hackers. According to a 2022 report from security vendor SonicWall, ransomware attacks were up 105% in 2021, including a 1885% increase in attacks on government agencies, with health care (755%), education (152%) and retail (21%) entities also seeing a notable rise in breaches.

Indeed, the rapid adoption of digital solutions during the pandemic heightened cyberthreats to the education sector and emerging markets with large digital industries. This threat has continued into 2022. For example, leading Nigerian betting platform Bet9ja announced in April of that year that its website had been hacked by the BlackCat group, a syndicate of Russian hackers not believed to be aligned with the state. This followed a ransomware attack on Bank Indonesia, the country’s central bank, in January 2022 that was ultimately unsuccessful in disrupting public services and did not result in critical data being leaked. Meanwhile, in February of that year the website of television broadcaster CNN Philippines was shut down after a cyberattack while the network was hosting a presidential debate in the lead-up to the country’s May 2022 election.

Cryptocurrencies have provided similarly fertile ground for hackers around the world. A record $14bn in digital currencies was transferred to illegal addresses in 2021, according to blockchain data platform Chainalysis, up from $7.8bn in 2020.

Security Measures

With cyberattacks on the rise in recent years, several emerging markets have taken steps to bolster security. In late May 2022 the National Portal for Cybersecurity Services was launched by Saudi Arabia’s National Cybersecurity Authority, a body that aims to develop and manage cyber-services, support communication mechanisms and enhance cybersecurity capacities.

Once it is fully rolled out, all government agencies will be able to access the portal, which is expected to offer its services to more than 400 government entities by the close of 2022. The country’s approach to increasing its flexibility and readiness in order to neutralise attacks as they evolve could provide an example for others in the region.

Cybersecurity concerns remain, however. “The 2022 State of Email Security” report published by UK-headquartered IT security firm Mimecast found that six in 10 Saudi companies saw an increase in the number of email-based threats during the previous year. In another survey by the firm, published in 2022, 68% of the 400 IT decision-makers surveyed in the Kingdom and the UAE have had to postpone digital transformation initiatives due to cybersecurity concerns. As more businesses become digitalised, attackers have greater scope to target and compromise their systems.

MENA Impact

The value of the cybersecurity market in the Middle East is projected to grow from $20.3bn in 2022 to $44.7bn in 2028. This potential is partly a reflection of the risks: a study by research centre Ponemon Institute and IBM Security conducted in 2020 showed that data breaches result in an average corporate loss of $6.5m per organisation in the Middle East, which is significantly higher than the global average of $3.9m. 

Smaller businesses with fewer resources to invest in cybersecurity mechanisms face distinct online risks. For example, small businesses in Bahrain saw a 348% rise in cyberattacks in the first quarter of 2022 compared to the same period in 2021, according to Russian cybersecurity firm Kaspersky: the company detected nearly 45,3000 breaches during the first three months of 2022, up from 10,100.

In an effort to keep pace with emerging opportunities and threats, in early 2022 Bahrain launched the Telecommunications, ICT and Digital Economy Sector Strategy 2022-26. The framework includes objectives to develop cybersecurity standards and enhance national capacity to monitor and respond to cyberattacks, as well as a target to train at least 20,000 citizens on cybersecurity. Through these measures, the country aims to establish quality digital infrastructure, attract large tech companies and become a regional centre for digital innovation.

Meanwhile, in June 2022 Bahrain’s Telecommunications Regulatory Authority launched the Telecommunications Emergency Response Plan. Designed in collaboration with other stakeholders, the plan lays out a coordinated sector-wide response to ICT-related emergencies. By bolstering the country’s ability to respond to cyberattacks, the roadmap seeks to ensure business continuity in sectors including health, education and energy.

Regional Responses

Nigeria has also taken notable steps to improve its cybersecurity. In June 2022 the government announced that it had created cybersecurity toolkits for more than 41m micro-, small and medium-sized enterprises. Many other emerging markets on the continent have indicated that they will develop their own national strategies in the coming months. For example, that same month Kenya announced it planned to develop strategies to protect its digital ecosystem.

In a sign of the global importance being placed on the issue, in June 2022 international media reported that the US and the EU were developing plans to fund secure digital infrastructure in developing countries. The proposal marks the first time the US and the EU will work together to fund and protect other countries’ critical infrastructure from cyberattacks. Initial projects are slated to take place in countries in Africa and Latin America.

While cybersecurity awareness is rising globally, some regions remain at greater risk of attack than others. According to the most recent Cyber-Risk Index for the second half of 2021 – developed by Japanese multinational cybersecurity software company Trend Micro in partnership with the Ponemon Institute – Latin America recorded the highest level of risk, followed by Europe, North America and Asia Pacific. Africa was not included in the report.

Although the report noted that the global rise in cyberthreats in 2021 had largely stemmed from the pandemic and the shift to remote work, Latin America’s elevated risk was attributed to the lower level of perceived readiness of the region’s organisations when it came to responding to cyberattacks. In 2021 the number of cyberattacks in Latin America increased by 600%, according to cybersecurity company Fortinet. Mexico was the target of 54% of the 289bn attempted attacks, followed by Brazil (30.6%), Peru (4%) and Colombia (3.9%).

As countries around the world take stock of the risks and damages associated with cybercrime, it is expected that the rise in attacks may lead to greater demand for innovative solutions such as cyberinsurance. According to Vantage Market Research, the global market for cyberinsurance is projected to reach $28.5bn by 2028, up from $7.5bn in 2021.