Employees’ lack of understanding of basic security measures are leaving organisations in the region vulnerable to cyber attacks, security officials have said.
With 99 per cent of cyber incidents a result of “internal vulnerabilities” and an expected 26 billion devices in the world by 2030, they said more diverse and regular staff training was required to be able to counter the evolving digital threats.
“We see lots of social engineering attacks, which is something [where] we lag behind,” said Dr Fadi Aloul, head of computer science and engineering at the American University of Sharjah. “[The university] is very active in security awareness, which is something we lack in this region. People are so excited about technology and gadgets and completely forget about security.
“The Internet of Things is probably our next big threat; it’s a tsunami coming up very soon that will lead to cyber blackmailing.”
During a panel discussion about the GCC Cyber Threat Landscape at the Gartner Security Summit in Dubai on Tuesday, security officials spoke of internal vulnerabilities as the Achilles’ heel of today’s cyber-security environment.
“The financial sector is the most targeted in the world because it’s where the money is,” said Thabet Khamis, head of information security at the UAE Central Bank. “The type of attacks we get are mostly social engineering, fraud attempts and we see attempts from people who pretend to be CEOs and account managers in specific banks.”
Social engineering attacks are when the user is tricked into giving away information or breaking normal procedures. External cyber attacks involve cyber criminals able to hack into a system on their own and internal attacks are caused by an employee who assisted in allowing the hackers into their company’s system, whether unwittingly or not.
Mr Khamis said internal attacks largely occur when an employee helps the attacker due to their lack of understanding of the threats.
“These days, the one-click processes that most banks are trying to achieve for any kind of application they want to enhance customer experience actually lead to some of these incidents that we currently face in the financial sector,” he said.
“I always tell my team to go back to the basics, [especially when] organisations in the Arab world depend on people more than the process, so when that person leaves, it goes back to zero.”