In its fourth analytical study of security vulnerabilities in the Lebanese “digital domain” in cooperation with the Lebanese University of Sciences and Letters USAL, the Association of Research Center for Strengthening Cyber Protection focused on “identifying hackable systems in the Lebanese digital domain during the third and fourth quarters of 2021, starting with Among the current Key Trends of cyber-attacks globally are the identification of 25 Miter CVSS vulnerabilities in software widely used in digital information systems.”
The study worked on “comparing the results that were reached with the results of the third analytical study conducted by the center previously during the second quarter of the year 2021, and it found that there are approximately 761 loopholes in the various information systems in the Lebanese cyberspace from various sectors (services, industrial, health). banking, technology, or other).
And it concluded, “The existence of critical security gaps, especially in servers and network protection devices that are used in institutions and companies, despite the passage of more than three months since those concerned were informed of them, but rather the emergence of new systems that suffer from these old vulnerabilities.
The results of the second half showed that Lebanon is severely affected by the new security vulnerabilities that mainly affect sectors related to the citizen, especially consumer and health, and that most of the targetable systems (more than 89% of them) are located on the Lebanese territory, meaning that they may be connected to the internal networks of the relevant institutions. This increases the sensitivity of the issue in terms of security at the national level.”
And it concluded, “There are compliance violations, as unencrypted user login data is sent from the user’s browser to the server through all network elements around the world, allowing anyone with access to network elements to see this data, which is a very dangerous aspect.”
The study raised “serious concerns about the security awareness of companies in Lebanon,” stressing “the need for a national body to follow up on news of new security vulnerabilities in order to approach them at the level of the Lebanese digital space in preparation for addressing them by the concerned authorities.”
It called on stakeholders in the public and private sectors to “communicate and integrate with these efforts in order to build an integrated cyber security protection system at the national level.”