Government websites are vulnerable to cyber attacks that are seeking to exploit defence and security flaws, says a United States report.
International cooperation is needed to fight the threat posed by such attacks, according to the report last year, compiled by the Going Global Defence Initiative of the Virginia Economic Development Partnership. “These sites are important to the government in relating to and connecting with the people,” it says.
“In the Middle East, there is a growing recognition of the threat of cyber attacks and the market for cyber-security software and services is expected to continue to grow.”
Hani Nofal, the executive director at Gulf Business Machines, an IT company with offices in Abu Dhabi, Dubai and the wider GCC, believes the development of widespread connectivity requires an adequate response in terms of building security.
“We are experiencing the biggest fundamental change since the initial deployment of the internet,” Mr Nofal says. “Connections between context-aware machines will change how we use devices and improve our lives, but for that we need robust and effective security policies.”
Matthew Cochran, the chairman of the Defence Services Marketing Council in Abu Dhabi, agrees, saying training on equipment and software alone are not enough. “Governments, militaries and critical national infrastructure must also have cyber leadership education together continuously to achieve a rapid response,” he says.
Many regional cyber attacks are driven by an interest in discovering the security capabilities governments are procuring, and thus their potential weaknesses, says Colonel Ralph Thiele, who presided over the Cyber Defence and Network Security UAE summit in Abu Dhabi in December.
“There are people who want to threaten the stability of governments,” he says.
It is not only the world’s governments that are at risk. In the United States, the financial industry regulatory authority (Finra) says its examiners found wide variation in the way financial brokers defend against the risk of hackers.
While large brokers have sophisticated systems for monitoring threats and sharing information, some smaller firms have not taken basic steps such as assessing their vulnerabilities, Finra says in a report last week.
Finra’s findings follow hacks on large banks such as JP Morgan that led to the theft of customer data and a breach of Web-based systems operated by the Federal Reserve. Brokerages could bolster their defences by tightening relationships with vendors and improving employee training, the report says. “Finra expects firms to consider the principles and effective practices presented in this report as they develop or enhance their cyber-security programs,” says the regulator, which is funded by the brokerage industry. “Finra will assess the adequacy of firms’ cyber-security programs in light of the risks they face.”
The US securities and exchange commission (SEC) released a separate report that found 88 per cent of brokerages and 74 per cent of money-management firms have been victims of cyber attacks directly or through a vendor. The SEC findings were based on a survey of 57 brokerages and 49 investment advisers to find out how financial firms prepare for hacking threats.
The SEC says many brokers and money managers lack policies that address whether they will reimburse clients for losses. Firms also do not typically tell regulators or law enforcement about network breaches, as just 11 per cent of brokers and 4 per cent of investment advisers reported incidents in which employees misappropriated client funds, securities or customer data.
“[The SEC’s] risk alert makes clear that cyber security is a persistent and growing threat and that firms must take their cybersecurity duties seriously,” says the SEC commissioner Luis Aguilar. “If they do not, they jeopardise themselves and threaten the financial safety of the millions of Americans who have put their trust in them.”
business@thenational.ae
* with agencies
Follow The National's Business section on Twitter
