As part of the Middle East region, Kuwait is not immune to the threat of cybercriminals. However, Intelligent CIO wanted to discover more about the country’s cybersecurity scene. We spoke to Mohamad Amin Hasbini, Head of Global Research and Global Analysis team for META, Kaspersky Lab, at the company’s Cyber Security Weekend to find out more.
How much of a threat do cybercriminals represent to Kuwait?
There is a good amount of interest in Kuwait.
From one side the country has a good amount of money stored in banks and it also has a lot of industrial systems which is also interesting for attackers.
These are some of the most interesting factors for attackers and the main motivation of why they target users – because they want the money from the bank accounts.
Other than the banking sector what other industries there would be under threat?
Critical infrastructure is one of the most interesting sectors for attackers.
Attackers can also use blackmail when controlling these systems. A lot of damage could be done using critical infrastructure attacks so they are also very dangerous because these are systems that are running, for instance, the likes of water treatment facilities.
In the case that it ever happens this could poison a lot of users of a treatment facility.
In another case, attacks happen on the electric grid or oil refineries so this could stop the availability of electricity in a city or, for example, stop the production of oil facilities.
These sort of attacks have been happening in Kuwait but the results have not come out. There is no big incident in Kuwait at the moment but the extensive use of critical infrastructure facilities opens the door for such types of attacks.
Is there anything unique about Kuwait in terms of cybersecurity?
Yes. Kuwait is an oil producing country and because of its special geopolitical position it makes it a target for many different types of threats and at the same time criminals are interested in financial institutions there. It’s like being surrounded by all sides.
How prepared are enterprises in Kuwait for cyberattack?
There are good preparations that we see in Kuwait by organisations and also measures pushed by the government for securing the infrastructure but there is also the possibility for an enhanced situation with potential for better protection against these threats.
The first problem is actually awareness. A lot of countries, governments and organisations, are doing training for employees to help them deal with cyberattacks and from attacks within their organisations. In Kuwait, this could be better.
With the Middle East region as a whole having a problem with mobile security is the same true of Kuwait?
We see that users in Kuwait are using new types of mobile devices which automatically puts them in a safer situation. Older devices with older software are usually vulnerable for attacks that allow the attacker to get into the device and have full control over it which is very bad of course.
What are the current threats in Kuwait?
Kuwait users and organisations need to be careful around holidays such as Ramadan. These holidays are attractive for attackers because they can send messages saying things like ‘congratulations on the holidays.’ These are messages in What’s App and sometimes email. Cybercriminals use these a lot, we have seen them in Kuwait last year around Ramadan and they say things like ‘open this file’ and sometimes people sadly believe it’s genuine but when they open it it’s malicious.
We have seen different levels of these attacks some of them are advanced. All types of attackers use these attacks.
What would the advice be to avoid becoming a victim of these?
We need to be careful. First, we need better awareness and awareness starts with learning how to deal with technologies that we rely on. People need to know where to click and where not to click and to know what is a suspicious file and then avoid those. This is a good start.
Another good measure is to activate two factor authentication. This is highly recommended for any user.
Click below to share this article