Cyber incidents are ‘business risk’ in the Gulf

Sectors most at risk are com­panies with large amount of cus­tomer data, such as health care and télécommunications.

Growing number of security weaknesses are being identified


2017/01/08 Issue: 88 Page: 20


The Arab Weekly
N.P. Krishna Kumar



Dubai - Cyber incidents targeting corporations in the Gulf region have seen a steady rise in recent years, put­ting major companies at increasing risk of frequent and grave attacks. Protecting data can have massive cost implications, ex­perts said.

Shabnam Karim, a Dubai-based senior associate for global legal firm Clyde & Company, notes there has been an increase in issues related to “ransomware” — malicious soft­ware designed to block access to a computer system until money is paid — hacking and data breach across the Gulf Cooperation Coun­cil (GCC).

“Some of these incidents relate just to the theft of confidential in­formation but there are now regular claims relating to fraudulent pay­ment transactions, which have oc­curred due to hacking.” Karim said.

“According to official statistics, the UAE is the eighth most targeted country globally and the first in the Middle East and Africa for spear-phishing.”

“Spear-phishing” is an e-mail spoofing fraud attempt that targets a specific organisation or individu­al, seeking unauthorised access to confidential data.

“Within the UAE, finance, insur­ance and real estate sectors were the most affected last year. Close to three-quarters of all attacks were directed towards companies in those sectors. We do not have accu­rate numbers of [the] incidents in this region. However, we have seen a real increase in the last two years in cyber incidents, across sectors,” Karim added.

Gary Hibberd, managing director of AGENCI, a leading cyber-security agency in London, stressed the ina­bility of IT departments to confront cyber threats. “With 1 million new forms of malware created every day and the proliferation of data, to expect the IT department alone to tackle this threat is a futile exer­cise,” Hibberd said during a visit to Dubai.

“Companies at their board level need to see cyber-crime as a busi­ness risk. Cyber-security is not an IT problem or a technology issue any more. Corporate strategy and resources have to be marshalled to tackle this on a permanent basis.”

Oisin Fouere, managing director of K2 Intelligence and head of the cyber-defence practice within the region, said, “A key measure to en­sure that gaps are effectively reme­diated is to establish and maintain a dedicated and skilled cyber-security function with executive level re­porting.”

The sectors most at risk are com­panies with a large amount of cus­tomer data, such as health care and telecommunications, Karim said.

“In order to achieve a financial gain, we see hackers frequently tar­geting banks and exchange houses,” she said. “The Bank of Muscat claim in 2013, which resulted in a multi­million-dollar theft from hacking, is a good example of the level of sophisticated criminals that com­panies in the UAE are dealing with.”

“There are several risk mitigation steps that can be deployed. This in­cludes setting up internal policies because cyber-data breaches are not always externally perpetrated but can result from internal ac­tions, such as an employee acciden­tally clicking on a phishing link,” she added.

The information overload and the arrival of the Internet of Things (IoT) with the prospect of 40 billion internet-enabled devices by 2020 will make the situation even more complex.

“A growing number of security weaknesses are being identified as a result of both smart initiatives and IoT deployment,” said Fouere. “We firmly believe that until li­ability for security weaknesses are attributed to manufacturers that this issue will continue to pose sig­nificant cyber-security risks both for the government and individual users. Governments should intro­duce and maintain basic security standards for embedded devices, ensuring that manufacturers carry out adequate security testing of de­vices before release.”

Hibberd said the introduction of IoT, smart grids and smart cities will result in a world that is increas­ingly interconnected and interde­pendent.

Asked how risks can be reduced in the future, he stressed that “fun­damentally, education is the key and awareness is its close ally”.

“We must educate those who create the products we use and it should be legislated that they pro­vide privacy by design and default,” he said. “It must be a feature (of the product). Authorities need to put more pressure on organisations to improve their security but, ulti­mately, we as the users of these de­vices need to take account for our own safety.”

Legislation that imposes a re­quirement upon businesses to declare and report cyber-security breaches would be an effective tool, Karim argued.

“This would provide better data into where and how breaches are occurring, as incidents are often hidden from the public domain, businesses would no longer be able to adopt a laissez-faire approach and would have to treat cyber-se­curity as a boardroom issue.”


N.P. Krishna Kumar is an Arab Weekly correspondent in Dubai.


Editors' Picks

The Arab Weekly Newspaper reaches Western & Arabic audience that are influential as well as being affluent.

From Europe to the Middle East,and North America, The Arab Weekly talks to opinion formers and influential figures, providing insight and comment on national, international and regional news through the focus of Arabic countries and community.

Published by Al Arab Publishing House

Publisher and Group Executive Editor: Haitham El-Zobaidi, PhD

Editor-in-Chief: Oussama Romdhani

Deputy Editor-in-Chief: Dalal Saoud

Senior Editor: John Hendel

Chief Copy Editors: Jonathan Hemming and Richard Pretorius

Analysis Section Editor: Ed Blanche

Opinion Section Editor: Claude Salhani

East/West Section Editor: Mark Habeeb

Levant Section Editor: Jamal J. Halaby

Gulf Section Editor: Mohammed Alkhereiji

Society and Travel Sections Editor: Samar Kadi

Senior Correspondents:

Mahmud el-Shafey (London)

Lamine Ghanmi (Tunis)

Correspondents

Saad Guerraoui (Casablanca)

Dunia El-Zobeidi (London)

Roua Khlifi (Tunis)

Rasha Elass - Thomas Seibert (Washington)

Published by Al Arab Publishing House

Contact editor at:editor@thearabweekly.com

Subscription & Advertising: Ads@alarab.co.uk

Tel 020 3667 7249

Mohamed Al Mufti

Marketing & Advertising Manager

Tel (Main) +44 20 6702 3999

Direct: +44 20 8742 9262

www.alarab.co.uk

Al Arab Publishing House

Kensington Centre

66 Hammersmith Road

London W14 8UD, UK

Tel: (+44) 20 7602 3999

Fax: (+44) 20 7602 8778

Follow Us
© The Arab Weekly, All rights reserved