x Abu Dhabi, UAESaturday 22 July 2017

UAE firms told beware of threat of cybercriminal underworld

Companies in the UAE have been urged to draw up policies to regulate employees' use of smartphones in a bid to avoid 'catastrophic' attacks by cybercriminals.

Companies in the UAE have been urged to draw up security policies to regulate employees' use of smartphones in a bid to avoid "catastrophic" breaches of confidentiality and attacks by cybercriminals.

Malicious software spread via mobile devices is on the rise, according to anti-virus specialists. Some global firms have also expressed concern over employees' voluntary disclosure of sensitive information via social networking sites.

In a recent high-profile global case, an executive at Microsoft was reportedly fired after he tweeted details regarding the new Windows Phone made by Microsoft's partner Nokia.

Tariq Al Hawi, the director of aeCERT, which is responsible for announcing security breaches and tracking online criminal activity in the UAE, said he encouraged firms to draw up security policies concerning mobile devices.

"We can't stop people bringing their own handheld devices to work," Mr Al Hawi said. "The first thing any [chief information officer] should do in this case is set the policy for these handheld devices.

"A lot of people are not aware about the information they give out through their mobile devices. Everybody now has a Twitter account, a Facebook account. And they think it's OK to spread the word that he had heard at a meeting at the office. And this may turn out to be a catastrophic problem for the employer."

Anti-virus companies confirmed more and more malicious software - or malware - was being spread via smartphones. Such software is capable of recording phone conversations, spying on email, or hacking banking information.

"The increase has been around 11 per cent from Q2 to Q3 on the malware on the mobile," said Sherif El Nabawi, an executive at the anti-virus firm McAfee, in reference to the global market.

Possible guidelines include warnings about downloading applications to disabling the use of smartphone cameras.

In addition to setting out policies specifying which phone features can be used, Mr El Nabawi said companies could also use features such as "remote wipes", which allow managers to clear information on employees' phones if they are lost or stolen.

Some UAE companies already have a security policy in place governing mobile devices.

Mohamed Sabah, the executive director for information security and network services at the conglomerate Dubai Holding, said all new employees must sign its security policy.

"The company has the right to log in to your phone at any time," Mr Sabah said. Employees breaching the terms of the policy face "disciplinary actions", he added.

The executives, present at a discussion hosted by aeCERT, were speaking in a personal capacity, rather than as representatives of their respective organisations.

The discussion was held in advance of the information-security conference Black Hat Abu Dhabi, which is being held next month.

General Michael Hayden, a former director of the US Central Intelligence Agency, is expected to be the keynote speaker at the event.

bflanagan@thenational.ae

twitter: Follow and share our breaking business news. Follow us