Staff are biggest cyber attack threat to organisations: security officials

Employees’ lack of understanding of basic security measures are leaving organisations in the region vulnerable to cyber attacks, security officials have said.

With 99 per cent of cyber incidents a result of “internal vulnerabilities” and an expected 26 billion devices in the world by 2030, they said more diverse and regular staff training was required to be able to counter the evolving digital threats.

“We see lots of social engineering attacks, which is something [where] we lag behind,” said Dr Fadi Aloul, head of computer science and engineering at the American University of Sharjah. “[The university] is very active in security awareness, which is something we lack in this region. People are so excited about technology and gadgets and completely forget about security.

“The Internet of Things is probably our next big threat; it’s a tsunami coming up very soon that will lead to cyber blackmailing.”

During a panel discussion about the GCC Cyber Threat Landscape at the Gartner Security Summit in Dubai on Tuesday, security officials spoke of internal vulnerabilities as the Achilles’ heel of today’s cyber-security environment.

“The financial sector is the most targeted in the world because it’s where the money is,” said Thabet Khamis, head of information security at the UAE Central Bank. “The type of attacks we get are mostly social engineering, fraud attempts and we see attempts from people who pretend to be CEOs and account managers in specific banks.”

Social engineering attacks are when the user is tricked into giving away information or breaking normal procedures. External cyber attacks involve cyber criminals able to hack into a system on their own and internal attacks are caused by an employee who assisted in allowing the hackers into their company’s system, whether unwittingly or not.

Mr Khamis said internal attacks largely occur when an employee helps the attacker due to their lack of understanding of the threats.

“These days, the one-click processes that most banks are trying to achieve for any kind of application they want to enhance customer experience actually lead to some of these incidents that we currently face in the financial sector,” he said.

“I always tell my team to go back to the basics, [especially when] organisations in the Arab world depend on people more than the process, so when that person leaves, it goes back to zero.”

_____________________

Suspected Iranian hackers target Saudi, US and Korean industries

More than 50 per cent of consumers exposed to cyber risk: survey

UAE official news agency says it was cloned to spread fake news

_____________________

Research has found that, of the successful internal cyber attacks that take place, 95 per cent of them are triggered by staff lacking education, perhaps clicking on a link in an email that they shouldn’t.

“Only five per cent are malicious,” said Sam Olyaei, senior research analyst in security and risk management at an American research and advisory firm providing information technology-related insight.

“We look at the first line of defence, which is the people. You can have the best defence in the world but you can’t do anything if it comes from the inside. People need to be educated.”

Many penetration vulnerability tests in the UAE have found ransomware and viruses hidden within the organisations' network.

“I tell them to start with the internal components first,” said Mohammad Bushlaibi, a forensic analyst at aeCert, the UAE computer emergency response team at the Telecommunications Regulatory Authority (TRA) and the country’s cyber security coordination centre. “They think they’re safe because there’s no movement but internal exposures in these types of security threats are more dangerous than external ones because you have firewalls for external threats while you don’t for internal.”

Regional studies have found that careless employees were the most significant challenge in facing these threats, followed by external cyber hackers, internal cyber hackers and then “hacktivists”.

“You need to think about human interaction as well,” Mr Bushlaibi said. “It could just be a human resources employee receiving a CV from someone he didn’t contact, open it, and you have a ransomware in your system. Employees think only their computer is affected but they don’t know it goes beyond that, so we’re working on awareness learning management.”

The GCC is taking these measures seriously, especially following cyber attacks on Aramco in Saudi Arabia in 2012 and attacks on American, Saudi Arabian and South Korean aviation and energy firms since last year, purportedly from a gang of Iranian hackers suspected of working for the government in Tehran.

“We see basics lacking a lot and it’s almost non-existent,” Mr Olyaei said. “Nation state attacks are the biggest threats - if you’re going to be part of the digital transformation and you don’t have the basics, you’re going to be in big trouble. Simple things like diverting surgeries, hospitals, airports not being able to issue visas – in the digital business world, it’s canny for hackers.”

Another way to earn air miles

In addition to the Emirates and Etihad programmes, there is the Air Miles Middle East card, which offers members the ability to choose any airline, has no black-out dates and no restrictions on seat availability. Air Miles is linked up to HSBC credit cards and can also be earned through retail partners such as Spinneys, Sharaf DG and The Toy Store.

An Emirates Dubai-London round-trip ticket costs 180,000 miles on the Air Miles website. But customers earn these ‘miles’ at a much faster rate than airline miles. Adidas offers two air miles per Dh1 spent. Air Miles has partnerships with websites as well, so booking.com and agoda.com offer three miles per Dh1 spent.

“If you use your HSBC credit card when shopping at our partners, you are able to earn Air Miles twice which will mean you can get that flight reward faster and for less spend,” says Paul Lacey, the managing director for Europe, Middle East and India for Aimia, which owns and operates Air Miles Middle East.

COMPANY%20PROFILE

%3Cp%3E%3Cstrong%3ECompany%20name%3A%3C%2Fstrong%3E%20Revibe%20%0D%3Cbr%3E%3Cstrong%3EStarted%3A%3C%2Fstrong%3E%202022%0D%3Cbr%3E%3Cstrong%3EFounders%3A%3C%2Fstrong%3E%20Hamza%20Iraqui%20and%20Abdessamad%20Ben%20Zakour%20%0D%3Cbr%3E%3Cstrong%3EBased%3A%3C%2Fstrong%3E%20UAE%20%0D%3Cbr%3E%3Cstrong%3EIndustry%3A%3C%2Fstrong%3E%20Refurbished%20electronics%20%0D%3Cbr%3E%3Cstrong%3EFunds%20raised%20so%20far%3A%3C%2Fstrong%3E%20%2410m%20%0D%3Cbr%3E%3Cstrong%3EInvestors%3A%20%3C%2Fstrong%3EFlat6Labs%2C%20Resonance%20and%20various%20others%0D%3C%2Fp%3E%0A

CONFIRMED%20LINE-UP

%3Cp%3EElena%20Rybakina%20(Kazakhstan)%0D%3Cbr%3EOns%20Jabeur%20(Tunisia)%0D%3Cbr%3EMaria%20Sakkari%20(Greece)%0D%3Cbr%3EBarbora%20Krej%C4%8D%C3%ADkov%C3%A1%20(Czech%20Republic)%0D%3Cbr%3EBeatriz%20Haddad%20Maia%20(Brazil)%0D%3Cbr%3EJe%C4%BCena%20Ostapenko%20(Latvia)%0D%3Cbr%3ELiudmila%20Samsonova%0D%3Cbr%3EDaria%20Kasatkina%E2%80%AF%0D%3Cbr%3EVeronika%20Kudermetova%E2%80%AF%0D%3Cbr%3ECaroline%20Garcia%20(France)%E2%80%AF%0D%3Cbr%3EMagda%20Linette%20(Poland)%E2%80%AF%0D%3Cbr%3ESorana%20C%C3%AErstea%20(Romania)%E2%80%AF%0D%3Cbr%3EAnastasia%20Potapova%E2%80%AF%0D%3Cbr%3EAnhelina%20Kalinina%20(Ukraine)%E2%80%AF%E2%80%AF%0D%3Cbr%3EJasmine%20Paolini%20(Italy)%E2%80%AF%0D%3Cbr%3EEmma%20Navarro%20(USA)%E2%80%AF%0D%3Cbr%3ELesia%20Tsurenko%20(Ukraine)%0D%3Cbr%3ENaomi%20Osaka%20(Japan)%20-%20wildcard%0D%3Cbr%3EEmma%20Raducanu%20(Great%20Britain)%20-%20wildcard%3Cbr%3EAlexandra%20Eala%20(Philippines)%20-%20wildcard%3C%2Fp%3E%0A

On Women's Day

Dr Nawal Al-Hosany: Why more women should be on the frontlines of climate action

Shelina Janmohamed: Why shouldn't a spouse be compensated fairly for housework?

Samar Elmnhrawy: How companies in the Middle East can catch up on gender equality

The National Editorial: Is there much to celebrate on International Women's Day 2021?

$1,000 award for 1,000 days on madrasa portal

Daily cash awards of $1,000 dollars will sweeten the Madrasa e-learning project by tempting more pupils to an education portal to deepen their understanding of math and sciences.

School children are required to watch an educational video each day and answer a question related to it. They then enter into a raffle draw for the $1,000 prize.

“We are targeting everyone who wants to learn. This will be $1,000 for 1,000 days so there will be a winner every day for 1,000 days,” said Sara Al Nuaimi, project manager of the Madrasa e-learning platform that was launched on Tuesday by the Vice President and Ruler of Dubai, to reach Arab pupils from kindergarten to grade 12 with educational videos.

“The objective of the Madrasa is to become the number one reference for all Arab students in the world. The 5,000 videos we have online is just the beginning, we have big ambitions. Today in the Arab world there are 50 million students. We want to reach everyone who is willing to learn.”