Talking about cyber attacks will boost security, says expert

Many businesses avoid making ransomware attacks public knowledge

Many UAE businesses have been hit by ransomware attacks. PA
Powered by automated translation

Greater transparency over cyber attacks should be encouraged to boost understanding of the growing security threat, an expert has said.

The number of ransomware attacks surged by 151 per cent worldwide in the first half of 2021, a World Economic Forum report said, highlighting the need for action.

Gems Education, the largest private school operator in the UAE, was targeted by cyber criminals last week. The group says an investigation is continuing.

It confirmed its payment systems were not compromised.

If you ask any organisation today what is their biggest concern is, ransomware would be one of them
Nicolai Solling, Help AG, cybersecurity arm of Etisalat

Transparency is key

Nicolai Solling, chief technology officer at Help AG, the cybersecurity arm of e& enterprise (formerly Etisalat Digital), said many companies try to avoid making cyber attacks public.

“Multiple times every single day, we know that organisations in the UAE, in the Middle East and all over the world are being impacted by ransomware.

“But, it's only once in a blue moon that information is released around these issues. People see it as a potentially embarrassing situation to be in. Actually being open about these things is something that would help a lot in order to gain knowledge and also in understanding how big the problem is."

The dangers facing educational institutions are not too different from other organisations, Mr Solling said.

One of them is the availability of IT services within schools, the educational sector and institutions, which can be affected by ransomware, a type of malware designed to deny a user or a company access to files stored on a computer.

"If you ask any organisation today what is their biggest concern is, ransomware would be one of them," he said.

Companies are 'custodians of data'

He said people needed to ensure they were comfortable that the organisation for which they work was able to secure their data safely.

Organisations need to be "painfully aware of the data that they're storing" as they are the custodians of such information, he said.

"Depending on which data you're the custodian of, you need to make sure that your security measures are done accordingly. There's a very big difference in storing information about a service of a car, compared to storing data about a student," he said.

"Performing assessments of your infrastructure and applications is something that should be part of any organisation's strategy when understanding and dealing with cyber security incidents."

He said data security measures had improved in recent years.

"If you look at pretty much every single organisation that is taking credit card payments, they would not be actually the ones storing or processing the payment. They would rely on third party organisations for doing that," he said.

He said some companies still ask for copies of a credit card, or credit card numbers, a practice he believes should stop.

Algirde Pipikaite, who leads the World Economic Forum's cyber security strategy, laid bare the stark dangers of cyber crime in an interview with The National in January.

"Ransomware attacks disrupt our critical services around the globe – from stopping operations in meat production to manufacturing and threatening energy supplies to citizens ... 80 per cent of the forum’s Cyber Security Leadership Community members stressed that ransomware is becoming a danger and threat to public safety," she said.

She said more assistance should be provided to small and midsized enterprises (SMEs) to help them combat the threat.

"We need to provide solutions for the SMEs to better protect themselves against current and future cyber threats and shift the burden to the makers of technology rather than the users," she said.

"That means that we need to integrate security features like security-by-design and security-by-default when developing new technology."

Updated: March 02, 2022, 7:49 AM