Egypt’s increasingly digital economy faces ever-evolving new threats

August 2, 2019


Systems engineers, CEOs, and government officials are mobilizing in the face of ramped-up threats to corporate and public sector digital assets to protect consumers and businesses in Egypt and throughout the Middle East.

“In line with global trends, cybercrime in Egypt increased by 190 percent from 2012 to 2017,” says Ziad Abdel Tawab, who heads the Cabinet’s Information and Decision Support Center [IDSC], “but most of the crimes targeted penetrating websites and altering their homepages and content.”

For the third consecutive year, the support center and Egyptian Supreme Cybersecurity Council will convene the Arab Security Conference in September in Cairo. The event is considered the region’s most influential forum for public and private efforts to confront digital threats, with Egypt a recognized leader in the cybersecurity field in Africa and the Middle East.

In the International Telecommunication Union’s 2018 Global Cybersecurity Index, Egypt ranked 23rd, just behind Germany and ahead of Croatia and Italy.

With some of the highest mobile phone penetration rates in the world, the Middle East and Africa receive more than their share of mobile-phone malware attacks, according to Kaspersky Lab, a multinational cybersecurity and anti-virus provider headquartered in Moscow.

“The drop in ransomware incidents is a great showcase of the growing awareness of the need for cyber security,” says Amin Hasbini, a senior security researcher at Kaspersky Lab. “At the same time, we have to realize that if there are fewer ransomware attacks, malicious intent is being diverted elsewhere.”

Mobile malware attacks in the region numbered more than 368,000 in the first three months of 2019, an average of 4,098 per day and a 118 percent increase compared to the same period last year.

Kaspersky statistics for the Middle East and Africa show Egypt had the lowest number of users affected by domestic malware, which can spread through USBs, CDs, and DVDs.

Recent ransomware attacks on local and state governments in the United States have already in certain cases resulted in capitulation to hacker demands for tens of millions of dollars, while hundreds of thousands of individuals have had their personal identification information stolen.

Such incidents reflect a new era for digital assaults, as hackers move from targeting individuals and companies to effectively holding hostage entire cities, such as Lake City and Riviera Beach in Florida.

Just this month, the entire nation of Bulgaria fell victim to a cyberattack that compromised the privacy of nearly all its citizens’ data, including income, taxes, loans, and health insurance.

Companies respond

“An increase in high-profile attacks has led to an increase in awareness of cybersecurity challenges in the public and private sectors,” says Mohamed Soliman, security business unit leader for IBM Egypt.

Attacks target social, state and financial institutions as “cyberspace naturally becomes another arena for disputes between nations and [non-state actors] with conflicting agendas,” he says.

In September 2016, Yahoo revealed it had been victim of biggest data breach in history, likely by a “state-sponsored actor.” The 2014 attack compromised personal data of all its 3 billion user accounts, effectively knocking an estimated $350 million off its sale price to Verizon.

In November, Marriott International conceded cyber thieves had stolen data on approximately 500 million of the hotel chain’s customers.

The rise of cryptocurrencies and the “dark web” – the clandestine corner of the internet accessible only through special software that allows users to remain anonymous – provide hackers and nefarious entities with new avenues to pursue cybercrimes.

“When a new vulnerability is discovered, hackers compete to exploit that weakness, publishing or selling their exploits anonymously on the dark web to gain fame or money,” Soliman says.

Holding more than 3,000 security patents, IBM operates a broad research, development, and delivery organization that monitors more than 2 trillion events per month in 130-plus countries, and offers advanced and integrated portfolios of enterprise products and services.

“Cybersecurity is not an IT problem, but an issue that affects every member of an organization,” says Soliman, whose company recently signed agreements with the Information Technology Industry Development Agency and the Information Technology Institute to stimulate entrepreneurship among young professionals and develop skills around cybersecurity for such technologies as artificial intelligence and blockchain, a cryptographic payment transactions platform.

As one of the highest-volume digital payment processors in the world, Mastercard has been at the vanguard of cybersecurity efforts in Egypt, closely collaborating with the government on several fronts since 2010.

“We consider our partnership with the Egyptian government as a model for best practices in terms of the private-public partnership,” says Magdy Hassan, general manager of Mastercard for Egypt and Pakistan. The 2017 Cyber Crime Law “was a great example of how the government has been keen to work with the private sector, and onboard global expertise to support” its initiatives.

Mastercard launched its joint cybersecurity work with authorities by safeguarding government payroll systems in 2010. By 2014, it had developed the first of its kind NFS (national fraud security) solution that helps protect banks and other card issuers in the domestic market, and the first interoperable ecosystem platform in 2016 in collaboration with the Egyptian Banks Company (EBC) and the Central Bank of Egypt (CBE).

The ecosystem offers a simple interoperable payment platform for people, businesses, and governments to transact with a wide range of payment instruments that includes P2P, P2M, bill payment, airtime purchase, and salary disbursement, among other services.

The NFS program resulted in an eleven-fold reduction in fraud rates, meaning “Egypt effectively became a benchmark for the region, a model for the positive deployment of workable cybersecurity mechanisms,” says Hassan.

Egyptian efforts

The increasing expense of cybersecurity vigilance for companies and governments has driven efforts to develop measures to both counteract and preempt attacks.

“With its Supreme Council for Cybersecurity, Egypt built an impressive model for other countries,” says Sameh Aboul Enein, a member of the U.N. group of governmental experts on information and telecommunications development. This is a 24-member body dedicated to creating a national strategy to help government agencies prevent cyberattacks and educate the public on cybersecurity.

Still, “Egypt has yet to enact comprehensive laws to protect personal data, although provisions that address data protection [are included in] in various existing rules,” says Aboul Enein.

Additionally, the constitution sets out principles regarding privacy rights and imposes financial penalties for unlawful acts under the Egyptian Civil Code, which governs the collection, use, and processing of personal data.

Aboul Enein thinks Egypt should strengthen existing legislation by defining what constitutes data protection and other significant terms, such as personal data and sensitive personal data.

He also believes “Egypt would benefit from the creation of a national data protection authority with specific provisions that regulate online privacy and enforce legal requirements to report data security breaches or losses to the authorities.”

A May report by PricewaterhouseCoopers (PwC) titled the Digital Trust Insights Survey included 3,000 executives and IT professionals worldwide, found that the top 25 percent of respondents  – market leaders known as “trailblazers” – are not only leading the way on cybersecurity, but delivering more value and better business outcomes.

Geographically, 21 percent of Europe, the Middle East and Africa respondents were found to be trailblazers, compared to 30 percent in the Asia Pacific region, and North and South America.

“By focusing on building digital trust, trailblazers drive more proactive, preemptive and responsive actions to embed these strategies into businesses, as opposed to those who primarily look to minimize the operational impacts of cyber threats in a reactive manner,” said T.R. Kane, PwC’s US strategy, transformation and risk leader.

Furthermore, in PwC’s 19th Annual CEO Cybersecurity Challenge in the Middle East 2018 survey, 61 percent of respondents admitted they were concerned about cyber risk, yet only 39 percent of Middle East boards in the survey asked for information about how to assess their organizations’ readiness to cope with a cyberattack and 12 percent had not considered whether they even needed such information.

Basel Hammoda, founder of Egyptian startup Digital Cloud Platforms, points to the tension between efforts to accelerate expansion of the Middle East’s digital economy and put in place mechanisms to secure it.

“Our countries are generally more interested in accelerating this digitization than identifying cybersecurity threats,” he says. “But the more digitized you are, the more vulnerable you become.”