As stated in the Internet Security Threat Report from security-giant Symantec, the UAE is the second most targeted country in the Middle East for cyber-attacks. This has placed the region on high alert as they attempt to work towards a smart and digital city.
What initiatives have been taken?
Cyber Security Strategy 2017
To ensure that its goal is an achievable and sustainable one, a new cyber security strategy for Dubai was launched by Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and ruler of the Emirate of Dubai, earlier this year.
With five focus areas – Cyber Smart Nation, Innovation, Cyber Security, Cyber Resilience, National and International Collaboration – the UAE aims to maintain not just the flexibility but continuity of IT systems even in an event of a cyber-attack, whilst ensuring the protection of confidentiality, credibility, availability and privacy of data. The Dubai Electronic Security Centre (DESC) has been working with all government agencies in the Emirate to ensure that the level of electronic security is upgraded and alongside that, precautionary measures are taken to ensure that information security systems are in line with international standards.
Cyber Threat Intelligence Initiative 2017
The Cyber Threat Intelligence Initiative 2017 was launched after the CEO Advisory Council of the UAE Banks Federation (UBF) approved a proposal earlier this year on the creation of a cyber intelligence sharing platform.
Focused on the financial sector, this initiative allows banks to better identify, protect and respond to cyber-attacks. In addition, the ability to make immediate decisions and actions when required. This initiative also prepares banks in Dubai to collect, analyse and share data on cyber threats in a seamless manner while allowing for anonymous reporting, thereby reducing the exposure of sensitive data.
This initiative includes a range of tactics to tighten cyber security:
‘Cheque Chain’ launched by Emirates NBD to strengthen authenticity and minimise potential fraud
QR codes on cheques to make forging more difficult
Bank staff to validate the cheque’s authenticity and have access to its source at all times
Magnetic Ink Character Recognition (MICR) – a character recognition technology used mainly by banking industry to ease the processing and clearance of cheques and other documents
What do these initiatives mean for Dubai?
This suggests that a comprehensive understanding of the cyber threat and security landscape is needed, in order to be better prepared in response to emerging threats.
As cyber criminals evolve in a more sophisticated and organised fashion, traditional approaches will effectively become insufficient and even obsolete in addressing rising challenges posed by an evolving threat environment.
Organisations will need to work on their alert management department and look into the varied techniques aimed at bypassing security controls at the same time. This includes methods of exploitation alongside security vulnerabilities which may happen through the use of Heartbleed or Shellshock bugs, DNS Tunnelling and even domain fronting.
It is increasingly important to promote cyber resilience and greater transaction security to banking customers in the country. By garnering greater awareness of recent technics and development used by attackers as well as improving cyber security capabilities, it empowers banks to effectively confront new and evolving threats.
It is hence imperative that banks work together to create a common platform where threat information can be collected and shared in an attempt to increase security whilst protecting each of their business and operational environment.
What the future holds
A recent research report predicted that the GCC cyber security market is estimated to expand and may reach over $10.41 billion by the end of 2022. Comparatively, Al Mesmar pointed to recent statistics that indicate that cyber-crimes are expected to cost the world $6 trillion by 2021, doubling the figure $3 trillion from just a year ago.
It is hence important for organisations to plan for cost-effective strategies to curb the potential losses from cyber-crimes. This will also translate to the increase in demand for talent in relation to cyber security.
More than half of the IT decision makers and C-level executives surveyed globally have seen the volume of cyber-attacks increase this year which includes ransomware, phishing and impersonation fraud.
However, less than 20 percent feel completely confident in their ability to spot and defend against cyber-attacks.
With events and conferences held in the region such as Cyber Defence Live event by the intelligence-led security organisation, FireEye, there is an increasing awareness of cyber security. The event itself discussed best practices for GCC organisations as they seek to address the evolving landscape of such threats in the region. However, there is a need for professionals within this sector as well as a well-thought strategy to be able to challenge the evolving cyber landscape.
Looking ahead to 2018, the Gulf Information and Security Expo and Conference (GISEC) is set to bring together over 6,000 top security professionals to discover cutting-edge solutions, share insights with industry experts and equip themselves with the right tools to protect their businesses from rapidly-evolving cyber-attackers.
Supported by Smart Dubai, Dubai Police and the National Cyber Security Center KSA, GISEC creates opportunities for businesses and shares ideas with the world’s most important technological companies, government officials and private industries.