UAE cyber experts unite to warn against unprecedented criminal threat

Scammers are presenting increasingly sophisticated threats as their targets struggle to keep up with sinister technology

Powered by automated translation

Businesses, banks, governments and the public are facing a rising threat from increasingly sophisticated cyber-criminal operations.

Experts told The National that many people are leaving themselves open to the threat of costly online attacks, with increasing expertise among scammers driven by lucrative underground markets for personal information and the only a slim chance of detection and punishment.

Hacking gangs in countries with growing cybercrime industries such as Russia, China and Iran, where criminals are rarely extradited even if identified by overseas authorities, have been blamed in part for the growing threat.

Human error remains the biggest vulnerability when it comes to fighting cybercrime. This is especially true in a society as diverse as the UAE that comprises a mix of nationalities, income and education levels

People who fall victim to scams that use messaging apps or social media accounts also face having their digital lives – details of bank transactions, passwords, profiles and emails – sold online without their knowledge.

Meanwhile, state-sponsored hackers are increasingly using their skills not to steal money but to sow discord and division in rival countries, while also gaining access to intellectual property and other secret information.

Breaches in the Middle East are “both widespread, frequently undetected and increasingly appear to be state-sponsored”, DarkMatter, a cyber-security company in the UAE, said this summer.

It called for increased vigilance, describing the situation as critical, with cyber criminals posing a “potentially devastating” risk to national security and citizens.

“Cyber-security breaches in the region pose a genuine risk to critical sectors as cyber criminals harness new technologies to launch sophisticated and targeted attacks,” said Karim Sabbagh, chief executive of DarkMatter.

“The intent of the attacks we’re observing is to undermine the progressive social, economic and digital agendas in the Middle East. Organisations in the region have a short window of time to transform their cyber-security posture and demonstrate stronger resilience in the face of escalating and increasingly sophisticated cyber-security threats.”

In has been estimated that organised cyber crimes accounted for more than $1 trillion (Dh3.67tn) in stolen assets in 2018, almost 20 per cent of which was taken in the Middle East. Other research suggests the region is particularly vulnerable to data breaches. Another estimate predicts that $5 trillion is at risk over the next five years globally.

Businesses in the region were becoming increasingly aware of the importance of security, experts said, following a series of high-profile breaches.

Careem, the ride-hailing app, fell victim to a huge leak last year when data of up to 14 million customers were stolen, while Sony and Marriott Hotels are among numerous other companies that have been victims of high-profile attacks. But some are still neglecting to set appropriate budgets or send staff on training programmes, security experts said.

They also said that security systems often failed to keep pace with advances in malware, leaving some defences obsolete. The introduction of 5G and advances in artificial intelligence will also present new dangers.

A culture shift that would entail increased intelligence-sharing in the private sector is needed to help turn the tide against criminals, industry figures said.

Suvo Sarkar, head of retail banking at Emirates NBD, said the bank was investing significant sums in keeping people safe, including through public awareness campaigns and improved infrastructure.

But he said that human error was a major cause of successful attacks.

“Cyber security is of growing importance worldwide to organisations across a wide variety of sectors, as fraudsters mount increasingly sophisticated attacks against unsuspecting users,” he said.

“One of the most common types of cyber crime facing banking customers globally is social engineering-based cyber attacks. These scams aim to manipulate human weaknesses to reveal confidential information.

"With fraudsters developing increasingly sophisticated means of accessing data, human error remains the biggest vulnerability when it comes to fighting cyber crime.”