This issue is filled with great insights and expert commentary on areas that are relevant to the legal landscape and highlight how the business community is embracing technology, media and telecommunications. There are various topics covered, from new ways of working and digital transformation in the finance sector to data protection regulatory updates and guidance. We also have a series of articles that focus on e-commerce across a number of jurisdictions.
You will also find insights from our lawyers around real estate analytics, tech trends, and data centres.
We hope this edition of Law Update provides some useful food for thought – enjoy the read!Take a read of the edition
Haroun Khwaja - Senior Counsel - Digital and Data
June – July 2017
Today, it is not unheard of for commercial and industrial companies to come under the same level of sophisticated attack that was once reserved for states. The increasing use and reliance on technology and the proliferation of new technological devices have made us more vulnerable now than ever before. To make matters worse, sophisticated crime syndicates are using encryption to hide their activity. Consequently, any company, government entity, non-profit organisation, or individual that uses computer systems or the Internet is susceptible to a cyber attack. The drivers for these crimes are varied and include extortion, commercial sabotage, hacktivism, cyber spying, cyber terrorism, and cyber warfare. There is particular concern about the vulnerability of the healthcare sectors in many countries as they process vast amounts of sensitive personal data.
Attacks in the Middle East
The Middle East has long been a target for various types of cyber attacks.
The Shamoon attack on oil giant Saudi Aramco in 2012, described by former US defence secretary Leon Panetta as the most destructive cyber attack on a private business then seen to date, is believed by US officials to have been the work of hackers working on behalf of the Iranian government. In that attack, the virus crippled 35,000 computers at Saudi Aramco within hours by overwriting the master boot record and rendering their computers inoperable. Earlier this year, the Saudi government warned organisations in the Kingdom to be on the alert for variants of the Shamoon virus, following attacks on various ministries and government agencies. Given the continued conflicts in the region, such attacks are expected to increase.
At the time of writing, the WannaCry ransomware hack has indiscriminately hit 200,000 targets in at least 150 countries. Ransomware is a type of malicious software that blocks access to a computer system until a sum of money is paid. According to Symantec, Saudi Arabia is the most targeted country for ransomware attacks in the Middle East and Africa region, followed by the UAE.
Potential losses resulting from cyber attacks
The frequency and severity of cyber attacks increases year-on-year, and it is now imperative that organisations take a proactive strategy to manage them. Such strategies need to be targeted to ensure:
Protecting against, and recovering from, cyber attacks
A multi-pronged approach should be taken to deal with this threat in a way that covers all bases, including:
Customers should review their existing IT contracts to ensure they contain sufficient obligations on the technology vendor or IT service provider to comply with the measures above. Where the contract does not address these issues, the customer should seek to raise these concerns with vendors and service providers with a view to having terms amended to address these types of essential concerns.
Organisations can no longer afford to ignore cyber security threats and must put in place systems and processes to defend against and recover from cyber attacks. The recent global Wannacry ransomware hacks are a clear reminder of this. Financial institutions, healthcare providers, government agencies, airlines and online businesses are particularly vulnerable and should undertake an internal review to identify and address any weaknesses.