Middle East construction cyber security at risk
"We are risking that our buildings and high-rise towers are being built on broken and hacked code," expert tells Construction Week Qatar
Cyber security in the Middle East is at risk, fuelled partly due to ignorance about the topic in the region, a construction expert has told Construction Week Qatar.
Walid Jaludi, managing director at ITCA, Middle East and Africa said: “Cyber security in the Middle East is at high risk. Security breaches emphasise the reality of the risk to secure data and the substantial harm, financially and otherwise, which can result from breaches.”
Jaludi points out the role of ignorance in compounding the situation.
“One of the largest roadblocks IT security faces in the battle against cyber-attacks is the lack of understanding about the true threat to cyber security. Companies need to be looking at the overall picture – from source to solution. One of the biggest source threats typically associated with cyber security is malware.
“What IT does not generally realise is that it is not malware breaking into enterprise security from the outside that is the most serious threat. Most commonly, security breaches are caused by malware coming from the inside of companies where pirated or ‘cracked’ software is being used.”
According to Cisco’s recent Middle East ICT Security Study, businesses across the region are at high risk, with 65% of employees not aware of the security risks through using personal devices in the workplace. As opposed to individual computers or devices, internet infrastructure is increasingly under threat, resulting in a rise in password and credential theft, data accessing infiltrations and breaches.
Jaludi adds: “With the boom in construction in UAE and Qatar, the Middle East in general, and the GCC countries specifically, are at high risk owing to the alarming amount of pirated computer-aided design (CAD) and building information modeling (BIM) software being used by the sector.
“Enterprises and even governments have become fully dependent upon information and communications technology (ICT) and the information infrastructure. An infrastructure of computer networks directly supports the operation of all sectors. The reach of these computer networks exceeds the bounds of cyberspace."
He points out that they "also control physical infrastructure vital to operations such as electrical transformers, trains, pipeline pumps, chemical vats, and radars", and is critical of "the lack of strong IT asset management and weak corporate ownership concerns toward IT issues and security in our region", which he believes "opens the door for cyber-attacks against all".
Jaludi maintains that it is difficult to put the cyber security threat into precise numbers, “but what I can say, is that piracy in our region is extremely high”.
“The result is not only in financial losses to the software vendors, but also to their business customers owing to unfair competition as the pirates are not paying the same price for the software as legal users are. In addition, legitimate customers who unknowingly hire pirate subcontractors risk having their projects made unstable because of the poor quality of code in pirate software.
"The risks and vulnerabilities are in the end results – the buildings in which we live and work – specifically in our region, where massive construction is going on.
"If the software being used for designing and building is pirated – ‘cracked’ – then we are risking that our buildings and high-rise towers are being built on broken and hacked code,” he adds ominously.