At its ninth annual event “Kaspersky Cyber Security Forum-Middle East, Turkey and Africa 2024”, organized at the end of February in the Malaysian capital Kuala Lumpur, Kaspersky revealed its expectations for industrial cyber security for the countries of the region, in addition to presenting a brief in which it addressed the main cybersecurity challenges faced by industrial enterprises in the coming year.
According to statistics released by Kaspersky Security Network (KSN) in the second half of 2023, 32.6% of computers of industrial control systems globally were attacked by malicious programs. In the Middle East, Turkey and Africa, the figure reaches 36.5% in Turkey, 36.8% in Africa, and the Middle East to 33.5% (28.9% in Bahrain, 35.6% in Egypt, 18.85% in Kuwait, 23.6% in Oman, 37.4% in Qatar, 29.3% in Saudi Arabia and 32.9% in the UAE). A slight decrease in this figure was observed at the regional level compared to what was recorded in 2022, and this may be due to the increased interest of industrial companies in cybersecurity.
The Middle East is one of the most important regions in the world that attracts a diverse mix of cultures, ethnicities and backgrounds, which contributes to uniting the issues of cybersecurity culture in Africa, Asia and other regions. Specifically, during the second half of 2023, 2.55% of computers working with operational technologies were exposed to threats via devices connected to USB connections (seven times more than the number registered in western Europe), while 3.6% of devices were infected with worms (14 times higher than the infections registered in Australia and New Zealand), and 8.1% of computers using operational technologies were exposed to spyware (7 times higher than the percentage registered in North America).
Taking an overview of the 2023 figures, Kaspersky expects the industrial cybersecurity landscape to continue to evolve, along with the emergence of several key trends. Efforts to enhance the performance of industrial IoT and SmartXXX systems have exposed them to more cyber attacks, while the rise in prices for energy carriers has increased hardware costs, which encouraged a strategic shift towards cloud services. On the other hand, increased government involvement in industrial processes has led to the emergence of risks of new types, including concerns about data leakage due to unqualified personnel, inadequate practices for disclosing threats and risks in responsible ways.
This analysis of past events, data and situations will lay a solid foundation that will help to reach a deeper understanding of the cybersecurity landscape that industrial enterprises will face in the current year 2024, including the following:
