UAE Banks Increase Cyber Security by Emphasizing User Education
“It is crucial to educate and communicate with employees about the threat landscape in order to ensure that they are part of the CISO’s efforts to strengthen the security system.”
Dr Erdal Ozkaya is CISO at Comodo
Since the pandemic in the UAE and globally, cyber-attacks have increased exponentially. Remote working has significantly increased the attack surface. As banks and financial institutions moved their workloads to the Cloud all traditional security measures were rendered obsolete. This has made it easier for attackers to gain access to networks and infect trojans, viruses, and malware.
UAE Banks Improve Cyber Security Posture. Phishing attacks are a common way to gain access to the corporate Intranet. This is an old technique that has been around for over 25 years, but it still works. To gain sympathy and access, attackers are targeting specific topics or concerns in order to create sympathy.
Sophos, a global leader of next-generation cybersecurity, revealed that phishing attacks increased significantly during the pandemic. 60% of IT teams in UAE stated that phishing emails targeted their employees increased in 2020.
Recognizing the threat, CISOs and security team members in the IT departments of banks and financial services in UAE have begun to focus on their employees as the first line defense. Hisham Mohammad (CISO Emirates NBD), Egypt, says, “Education is an important part the defense strategy. This is the first line defense, but it is also the most vulnerable. We must educate our employees and teach them how to think like a CISO in every day decision making.
Hisham Mohammad, CISO Emirates NBD Egypt, “Educating employees in defense strategy is important.” This is the first line defense, but it is also the most vulnerable in the entire system.
Phishing emails are often used by attackers to trick users into downloading malware or sharing their credentials to gain access to the corporate network. Phishing is often just one step in a multi-stage attack. That is why CISO consider it a serious threat. Mohammad from Emirates NBD says, “To be a successful CISO, we have to communicate our thoughts to employees. We want employees to think the CISO is able to understand threats and take steps to ensure organizational security.” The organization’s security posture will be largely determined by how the CISO approaches these aspects.
Numerous security breach reports have highlighted an increase in cyber-attacks over recent years. Check Point Research found that organizations in UAE experienced a 29% increase of weekly cyber-attacks in 2021. They were subject to an average 311 weekly attacks, while Saudi Arabia, Kuwait, and Kuwait had an average 392 and 409 weekly attacks.
Dr Erdal Ozkaya is the CISO of Comodo. He was previously the Regional CISO for Standard Chartered Bank, and was responsible for UAE. He believes that knowing how to protect an organization is the most important pillar in strengthening cybersecurity. Organizations must educate their employees and spread awareness about phishing attack prevention. “It is crucial to educate employees and communicate the threat landscape to ensure that they are part of the CISO’s efforts to strengthen the security system.”
According to CheckPoint Research, the top three sectors that are most vulnerable to cyber-attacks globally are Education and Research. They suffer an average of 1,468 attacks per organization. Government and Military receive 1,082 attacks per week. Healthcare suffers 752 attacks per semaine.
Banks and financial services have always been at the forefront of technology adoption. The UAE market is no exception. The sector has adopted a variety of technologies.
