Rajesh Gopinath, VP – Sales Engineering, MEA at Paladion​​, explains how Middle East enterprises can protect against a Careem type data breach…

Enterprises in the Middle East need to substantially reduce attacker dwell time to prevent a successful data breach. It takes a company an average of 106 days to identify a breach. The only way to effectively reduce attacker dwell time is by using a combination of AI-driven and manual threat hunting to identify and evict attackers before there is a catastrophic data breach like this.

You are an enterprise in the Middle East. You feel confident your security systems are thoughtfully set up and provide you with comprehensive protection. So, instead of thinking about incoming threats, you go about your day-to-day operations, focusing primarily on your business’ key value driving functions. Everything seems to be progressing smoothly… until you get the news.

Another enterprise in the Middle East has been breached. Millions of files have been compromised. The public outcry deafens. Suddenly, you can’t focus on your business’ operations. Suddenly, a whole set of other questions enter your head: How did they get breached? What can we learn? Are our defences strong enough? Are we next?

Unfortunately, this is not a hypothetical situation for enterprises in the Middle East. Recently, Dubai-based ride-sharing platform Careem announced a data breach. Cybercriminals infiltrated their systems and walked away with over 14 million records for the company’s customers in the Middle East.

For many enterprises in the Middle East, this became the week they had to ask how their colleagues at Careem got breached, whether their own defences are strong enough, and whether or not they will be the next enterprise in the Middle East to make headlines.

How was Careem breached?

As Gulf News reports, Careem announced (via a blog post) that they had been breached, and their 14+ million records had been stolen on January 14. Careem is a major enterprise in the Middle East, based in Dubai, but operating in 80 cities spread throughout 13 countries.

The cybercriminals who committed this successful attack stole records on both Careem’s drivers, and their customers (their riders). The information they stole includes names, email addresses, phone numbers, and trip data. It is unclear how much geodata relating to drivers’ and customers’ trips was stolen.

While no credit card data was stolen, and while Careem’s representative stated they have seen no evidence of “fraud or misuse related to this incident,” it is naive to believe the individuals whose information was stolen are safe. The criminals behind the attack can still cause plenty of havoc utilising the data stolen. The stolen records give criminals enough personal information to perform additional phishing, or even social engineering, attacks against the affected parties.

What Can We Learn from Careem’s Breach?

At first glance, Careem’s breach appears to be a repeat of Uber’s breach (which they announced last November). The similarities go beyond the fact that both are ride sharing companies.

● Both companies lost massive amounts of records: Uber lost around 56 million records.
● Both companies took a substantial amount of time to announce the breach: Uber took nearly a year to announce their breach.
● Both companies lost driver and customer data, but not corporate data.

This last point deserves further elaboration. Uber explicitly stated that they lost only customer and driver data, and that their corporate network was not breached. Careem implied this fact, by only mentioning that customer and driver records were stolen, and without mentioning any loss of corporate data.

This fact is not as heartening as it might initially seem. Instead of speaking to the strength of corporate defenses within both companies, it leads to the uncomfortable realisation that many enterprises appear to be simply less careful with, and to apply fewer defences to, their customer, vendor, and third party data, than they offer their own in-house data.

Given the increased interdependence between customers, companies, and vendors, it is distressing to see many prominent enterprises in the Middle East accept even one “weak link” in their security. After all, today, it can only take one breach, in one corner of a company, to create system-wide failure, substantial internal damage, and lost reputation.

Are your defences strong enough?
Careem’s representative noted it takes their company an average of 120-180 days to identify a breach. So, while it is wise to ask if your current defences are already breached, or whether you will be the next enterprise in the Middle East to suffer a breach, another question may be even more important to ask: “Is our security program proactively hunting for attackers or are they waiting for an alert or breach to respond?”

At Paladion, several of our customers have reduced their dwell time from an average of 90 days to under two days. This is possible only using proactive threat hunting, and since manual threat hunting is slow, and speed is the primary success driver in cyber defence, we use a combination of AI-Driven and Manual Threat hunting to achieve these results. This is the right approach to cyber security today.