Businesses and governments in the Middle East are badly underprepared for dealing with any major cyber attack aimed at the region, one expert has warned.
In a piece for the National, chief executive of Good Harbor Security Risk Management and former national coordinator for security, infrastructure protection and counter-terrorism for the United States Richard Clarke said that even though authorities have invested in cyber security solutions in the past few years, they have failed to learn from the mistakes made by organisations in the US, Europe and Asia.
In particular, he noted that infrastructure operators, civilian ministries and private sector enterprises have been left largely undefended as Middle East governments focus their attention on offensive capabilities and, to a lesser extent, securing key government networks related to national security.
However, these organisations are in reality the most frequent targets for sophisticated hackers seeking to steal money, identity, intellectual property and valuable financial information.
But the threats do not end there, as it is by attacking key infrastructure operators that an enemy could cripple an economy or a nation, by disrupting electrical grids, air traffic control operations, banking systems or even traffic controls.
Mr Clarke warned that these are not merely theoretical possibilities, as such infrastructure networks are already frequently penetrated around the world by countries with cyber warfare capabilities, just in case they are one day called upon by their leaders to deliver damage or destruction.
"It is not just the threat of damage occurring some day that should worry governments in the region," the expert added. "Every day, companies and governments are put at a competitive disadvantage by the theft of information from their networks. Almost none of the companies involved even know that their networks have been compromised."
The Middle East may be more vulnerable to such incidents than Europe, Asia or the US. Mr Clarke noted that governments in these regions have enacted a large amount of legislation to ensure that critical sectors are engaged in serious cyber security efforts - but there are few such regulations in force in the Middle East.
"There is less money being spent on the defensive side of cyber security, and there are fewer experts dedicated to protecting networks in this region than in comparable countries elsewhere," he continued. "This condition is despite many countries in the region being even more dependent upon cyber-controlled infrastructure than those with older systems."
In order to counter this, he advised governments in the region to switch their focus from offensive cyber warfare capabilities and pay closer attention to defending critical industries and infrastructure from attack.
This will involve the creation of expert government agencies that can develop standards and regulations for businesses in their nations to follow. These organisations should also be able to evaluate technology, test networks, share information and develop a network of with personnel experts in defending systems.
He added that being able to deploy offensive actions of their own will not help nations that are suffering major disruption because their own networks have come under attack.