The conflict in Ukraine has caused disruption across the global economy, prompting an increase in the number and sophistication of cyberattacks. According to a poll of 800 chief audit executives conducted by the UK-based Chartered Institute of Internal Auditors, 77% of respondents thought the conflict in Ukraine had elevated cybersecurity and data-security risks. Senior cybersecurity analysts have said the invasion has been accompanied by a sustained cyber-conflict, with a large number of attacks and threats launched since the start of the conflict.
Spillover
On the day before the start of the conflict, a wave of distributed denial-of-service attacks attributed to Russian hackers disabled Ukrainian government, military and bank websites. That same day, US and UK intelligence agencies warned that a Russian state-backed hacker group known as Sandworm had created a new malware called Cyclops Blink. US government officials announced in April of that year that they had disrupted the malware, but worries remain.
While cybersecurity officials say that Russia has primarily focused cyberattacks on Ukrainian companies and infrastructure, rather than on targets in the EU, the US or emerging markets, there are concerns the cyber-conflict could spill over. An example of this was seen in the February 2022 cyberattack on Viasat, a US satellite communications provider used by the Ukrainian military. EU, UK and US officials blamed Russia for the attack, which affected customers not only in Ukraine, but also throughout Europe.
Cyberthreats
The increased threat of cyberattacks builds on the already heightened cybersecurity environment in the wake of the Covid-19 pandemic. As financial transactions have increasingly migrated online in recent years, businesses have become targets for hackers. According to a 2024 report from security vendor SonicWall, malware jumped 11% in 2023, with encrypted threats up 117% and cryptojacking up 659%. Notably, malware attacks dropped by 2% in Europe and Asia, while increasing in North America and Latin America by 15% and 30%, respectively.
The rapid adoption of digital solutions during the pandemic heightened cyberthreats to the education sector and emerging markets with large digital industries. This threat continued in 2022. For example, leading Nigerian betting platform Bet9ja announced in April 2022 that its website had been hacked by the BlackCat group, a syndicate of Russian hackers not believed to be aligned with the state. This followed a ransomware attack on Bank Indonesia, the country’s central bank, in January 2022 that was ultimately unsuccessful in disrupting public services and did not result in critical data being leaked. Meanwhile, in February 2022 the website of television broadcaster CNN Philippines was shut down after a cyberattack while the network was hosting a presidential debate in the lead-up to the country’s May 2022 election.
Cryptocurrencies have provided similarly fertile ground for hackers around the world. A record $24.2bn in digital currencies was transferred to illegal addresses in 2023, according to blockchain data platform Chainalysis, up from $20.6bn in 2022.
Security Measures
With cyberattacks on the rise in recent years, several emerging markets have taken steps to bolster security. In March 2024 Saudi Arabia’s National Cybersecurity Authority, a body that aims to develop and manage cyber-services, support communication mechanisms and enhance cybersecurity capacities, announced the launch of the National Policy for Managed Security Operations Centres (MSOC) and the Regulatory Framework for Licensing MSOC Services. The country’s approach to increasing its flexibility and readiness in order to neutralise attacks as they evolve could provide an example for others in the region.
Additionally, in February 2024 the National Cyber Security Agency in Qatar updated its Qatar National Cybersecurity Strategy for the period 2024-30. In line with international trends, the strategy intends to enhance corporate governance, bolster cybersecurity capabilities, nurture digital talent, forge international collaborations, strengthen the cybersecurity workforce and closely monitor the overall performance of the strategy. The strategy highlights the importance of developing a skilled cybersecurity workforce that can handle the hurdles of the digital age. By establishing training programmes and talent development initiatives, Qatar aims to nurture cybersecurity professionals with the knowledge and expertise to safeguard its digital infrastructure effectively.
Africa’s Response
Nigeria has taken notable steps to improve its cybersecurity. In June 2022 the government announced the creation of cybersecurity toolkits for more than 41m micro-, small and medium-sized enterprises. Many other emerging markets in Africa likewise indicated plans to their own develop national strategies around this time. For example, Kenya announced in June 2022 that it planned to develop strategies to protect its digital ecosystem.
Djibouti has also implemented several measures to enhance cybersecurity. In partnership with the EU, Djibouti’s Ministry of Economy and Finance’s Digital Economy and Innovation team launched the Initiative for Digital Governance and Cybersecurity in January 2022. This endeavour aims to limit Djibouti’s exposure to cyberthreats by improving the security of digital distribution channels, as well as enhancing coordination and communication with other countries. A training programme was also held in November 2022 to help the workforce develop the skills needed to understand different forms of risk, vulnerabilities and attacks.
Gulf Impact
The value of the Middle East’s cybersecurity market is projected to grow from $20.3bn in 2022 to $44.7bn in 2028. This is partly a reflection of the risks, as a study by research centre Ponemon Institute and IBM Security conducted in 2020 showed that data breaches result in an average corporate loss of $6.5m per organisation in the Middle East, which is significantly higher than the global average of $3.9m.
Smaller businesses with fewer resources face distinct online risks. For example, small businesses in Bahrain witnessed a 348% rise in cyberattacks during the first quarter of 2022 compared to the same period in 2021, according to Russian cybersecurity firm Kaspersky. To keep pace with the emerging opportunities and threats, in early 2022 Bahrain launched the Telecommunications, ICT and Digital Economy Sector Strategy 2022-26, which includes such objectives as developing cybersecurity standards and enhancing the country’s capacity to monitor and respond to cyberattacks, as well as conducting cybersecurity training.
Saudi Arabia was second globally in the cybersecurity index in the Switzerland-based International Institute for Management Development’s World Competitiveness Yearbook 2023. The ranking was an acknowledgement of the Saudi model in cybersecurity, as the Kingdom is working on developing its related capacity and workforce through such initiatives as the Saudi Cybersecurity Higher Education Framework, which aims to develop quality academic programmes for higher education in the field of cybersecurity.
Kuwait has been particularly proactive in implementing measures to mitigate cybersecurity risks, enacting a national cybersecurity law in 2015 and publishing a cybersecurity framework for the banking sector through the central bank in 2020.
Regional Action
In a sign of the importance of the issue, in June 2022 international media reported that the US and the EU were developing plans to fund secure digital infrastructure in developing countries. The proposal marks the first time the US and the EU will work together to fund and protect other countries’ critical infrastructure from cyberattacks. Initial projects are slated to take place in countries in Africa and Latin America.
Some regions are at greater risk of attack than others. According to the Cyber-Risk Index for the second half of 2022 – developed by Japanese multinational cybersecurity software firm Trend Micro in partnership with the Ponemon Institute – North America had the highest level of risk, followed by Latin America, Asia Pacific and Europe (Africa was not included in the report). The index broke down the cybersecurity risk factors into five categories: clickjacking, business e-mail compromise, ransomware, fileless attacks and botnets. Latin America and the Caribbean suffered 137bn cyberattack attempts in the first half of 2022, up 50% compared to the same period the previous year, according to cybersecurity company Fortinet, with Mexico the target of 62% of the attacks, followed by Brazil (23%) and Colombia (4.6%).
As countries around the world take stock of the risks and damages associated with cybercrime, it is expected that the rise in attacks may lead to greater demand for innovative solutions such as cyberinsurance. According to Vantage Market Research, the global market for cyberinsurance is projected to reach $28.5bn by 2028, up from $7.5bn in 2021.
Read More from OBG
