A 2016 file picture shows UAE Prime Minister and Dubai Emir Sheikh Mohammed bin Rashid al-Maktoum attending a ceremony to launch the Mohammed bin Rashid Global Centre for Endowment Consultancy social initiative, in Dubai.
Dubai – Cyber-crime is a fast-growing threat to businesses and critical infrastructure facilities in the United Arab Emirates, yet many companies fail to realise the importance of those threats and are ill-equipped to deal with security risks posed by highly organised hackers, industry experts said.
The Dubai government said it will launch the Security Industry Regulatory Agency (SIRA) at Intersec 2017, the world’s largest trade fair for the security, safety and fire protection industries. A forum provides a platform for decision-makers to discuss the law governing the Emirate’s security industry framework, guidelines and expectations.
Yet Amir Kolahzadeh, chief executive officer at the Dubai-based It Sec, an industry leader in cyber-security, said more needed to be done to increase awareness about online threats. Organisations within the country and wider region lack measures to safeguard businesses in a growing digital era, he said.
“The cyber-security threat is not only targeting UAE residents and businesses, it is worldwide epidemic,” Kolahzadeh said. “However, the UAE and GCC [Gulf Cooperation Council] organisations’ lack of urgency in order to address these threats against their network and data does place them in a higher risk category than their counterparts worldwide.”
Kolahzadeh said a lack of official statistics means the UAE’s ranking among the most targeted nations for cyber-criminals cannot be determined and cyber-crime is increasing exponentially.
“For example, the number of clients calling us after they have been some way affected by a cyber-crime in the UAE had increased by fivefold from 2015 to 2016.”
Kolahzadeh, who is to make the keynote speech at Intersec 2017 on the tie between physical security and cyber-security, said it was important to understand why hackers would decide to go after critical infrastructure facilities, adding that often the crimes are not financially motivated but aimed for destabilising a business or even a country.
“Cyber-security has moved beyond what we have imagined,” he said. “Today hackers are easily capable of infiltrating a [closed-circuit television] or access-control network of a prison, bank, hospital and open doors, lock doors, delete or replace footage and basically take over the physical security assets of the organisation, hence disabling critical infrastructure — and all done remotely,” he said.
Among the biggest threats to the UAE’s critical infrastructure are attacks on hospitals and health care systems that endanger public safety and put a spotlight on a new weakness as public and private institutions struggle to adapt to the digital era.
“We believe that the health care system will be the number one attacked industry in the next year or two,” Kolahzadeh said. “As all medical devices are now online and connected to the internet for monitoring and reporting, they also become a target of hackers to take over these devices for ransomware.”
Scott Manson, cyber-security leader for the Middle East and Turkey at Cisco, also highlighted the health care sector as a growing target for cyber-criminals.
“According to the World Privacy Forum, the street value of stolen health care data is $50 as compared to $1 for a stolen Social Security number,” he said. “New attack models such as ransomware can capitalise on the sensitivity of the situation, where the question is not just about losing data but patients’ lives. Adding up all these, the health care industry is an attractive target for cyber-criminals.”
One of the biggest hurdles in tackling cyber-crime is the lack of trained professionals to deal with it.
According the Cisco 2016 Annual Security Report, by 2019 there will be a deficit of 1.5 million security practitioners. Globally, 26% of organisations face staffing shortages and 35% have expertise shortages with security jobs growing at 12 times the rate of the overall job market and three times the rate of general information technology.
Manson pointed to the lack of women entering the sector, which he said represented a loss of talent for the industry and a loss of opportunity for them. He said increasing the number of security professionals is a priority in the war against cyber-crime as is better equipping employees with cyber-security knowledge.
“UAE workplace security research conducted by Cisco and [Gulf Business Machines] showed employee behaviour is a genuine weak link in cyber-security and becoming an increasing source of risk, more through complacency and ignorance than malice, because companies have so insulated employees from the scale of daily threats that people expect the company’s security settings to take care of everything for them,” Manson said.
“When data breaches are the result of an external attack, it is often the inexperience of employees that is exploited, whether it be by clicking on an e-mail link they shouldn’t open or downloading an unapproved app.
“Cyber-attackers have identified the human as the weakest element and no matter how many sophisticated security technologies are deployed within an organisation, a security solution is still only as secure as its weakest link.”