How security teams in the area strengthen their defenses throughout the Muslim holy month despite a manpower shortage and a surge in ransomware, phishing, and DDoS attacks.
During the holy month of Ramadan, Middle Eastern businesses raise their cybersecurity efforts by being especially watchful and utilizing external support, all while enjoying shortened working hours and heightened e-commerce activity.
Cybersecurity teams frequently have skeleton staffs during the ninth month of the Muslim calendar, which is recognized globally as a time for reflection and fasting. Muslim consumers also have a tendency to spend more during Ramadan on gifts, special offers, and specialty cuisine.
Table of Contents
Additionally, all of this creates the ideal environment for dishonest people to engage in fraud and frauds.
The endpoint security company Resecurity has noticed a notable rise in cybercrime since the start of Ramadan on March 10. As of this year’s Ramadan, the business calculates that the cumulative financial effect of these cyberattacks and cyberscams against the Middle East has reached as high as $100 million. This number comprises wire fraud, fraudulent campaigns, e-commerce fraud, and phishing, and it takes into account fraud committed against international visitors, residents, and expats.
Resecurity has out in particular a growing trend in which fraudsters pose as regional shipping firms such as Aramex, SMSA Express, and Zajil Express in order to trick Internet users. They use fake parcel delivery messages on WhatsApp, iMessage, and SMS to target victims and demand quick payment for their “delivery.”
Resecurity emphasized in its research that it’s highly recommended for users to avoid sharing personal and payment details on dubious websites or with people claiming to be bank or government representatives.
The Middle East, Turkey, and Africa (META) security research director Shilpi Handa of IDC concurs that there has been a “noticeable increase” in DDoS, phishing, and ransomware attacks throughout the holy month.
Cyber Risk Assessment
Nonetheless, cybersecurity specialists in the region are aware of the increased cyber risk during Ramadan. According to Handa, security measures usually begin well before Ramadan.
During this time, numerous organizations actively strengthen their outsourced agreements, with a specific emphasis on reinforcing 24/7 security operations,” she explains. She further notes that leveraging a remote and diverse workforce proves particularly advantageous during Ramadan, ensuring seamless coverage of around-the-clock security shifts through a combination of fasting Muslim and non-Muslim personnel.
Handa advises organisations who expect to be understaffed during Ramadan to prioritise key infrastructure to preserve operational continuity and reduce the frequency of active threat hunts. Companies should also improve security measures for email and corporate networks, as they have historically been targeted in the Middle East, she says.
In recent years, the UAE Cybersecurity Council has issued particular cautions during Ramadan. On March 4, this year, the UAE began its National Cybersecurity Campaign, which aims to raise public awareness and promote cybersecurity best practices.
Ezzeldin Hussein, regional senior director, solution engineering, META at SentinelOne, recommends that firms encourage cross-training within cybersecurity teams to guarantee that critical activities can be completed by diverse team members. He adds that clear rules for incident response and escalation channels should be established to streamline decision-making processes in the face of potential staffing reductions.
According to Ali Haider, a senior security consultant at Secureworks based in New York, firms should go above and beyond to foster a culture of alert and awareness among employees, as well as urge them to report any suspicious actions or security issues.
Haider, who has worked in the UAE and Saudi Arabia for over a decade, suggests that businesses collaborate with the appropriate law enforcement organisations. “Keep open contact lines and coordinate security efforts as appropriate. “Collaborating with authorities can improve security effectiveness and enable a coordinated response to security incidents,” he argues.
Ramadan & Year-round
Of course, strong cybersecurity measures should be implemented all year round, not just during Ramadan, warns Haider.
“Attackers may target possible vulnerabilities, such as understaffed or distracted teams. However, organisations should be vigilant and strengthen cybersecurity safeguards year-round,” he advises. “Ultimately, a proactive approach is key to safeguarding against cyberattacks, regardless of the time of year.”
