‘WannaCry’ online attacks a wake up call for cyber security
DUBAI // More work and attention needs to be put into cybercrime in the Middle East as experts warn of the evolving risks and threats it faces.
As cyber security becomes a growing concern both in the region and globally with the recent WannaCry incident - the world’s biggest ransomware attack - which caused havoc in 150 countries and affected more than 200,000 computers, countries are being urged to better protect their critical infrastructure.
“Just imagine what could happen if an attack, like WannaCry, infected airport systems of passenger flow monitoring and passport control, posting all passenger data online,” said Natalya Kaspersky, president of InfoWatch Group said during the Gulf Information Security Expo and Conference (Gisec). “All kinds of systems in a smart city can be exposed to such a collapse.”
Local utility providers in the UAE and airports have started tackling the issue head-on, with more focus and increasing investments in their own security. “Middle East organisations have seen greater volumes of attacks last year and have suffered larger losses than other regions in the world due to cyber incidents,” said Brian Pinnock, cyber resilience expert at Mimecast.
“One of the threat areas that has been mostly ignored by enterprises is email security and more than 90 per cent of cyberattacks start in emails. While email, itself, is seldom the end goal for the attackers, over 70 per cent of these attacks lead to other systems in the network. Advanced security still requires a defence-in-depth strategy.”
In the UAE, systems need to be strengthened which is exactly what Mohammed Almarashda hopes to do when he returns back to his country after graduating with a PhD in homeland security from the UK at the end of the year.
“I’ve always believed in cyber threats,” said the 34-year-old policeman from Sharjah. “They are the most dangerous and fatal threats to our nations and critical infrastructure and they are border-less so we have to be aware, preventive and cautious.”
With rising threats and concerns in the region, he hopes to change the landscape of the UAE’s cyber-security.
“My research tackles cyber security from [the perspective of] information sharing to have a better handling of any cyber incidents,” he said. “The UAE is leading in the area in the Middle East but we always need to be up-to-date about new research, threats and warnings because it’s constantly evolving and you can’t predict what will happen next. We’re an oil-producing country so most of our economy depends on this and companies are very vulnerable targets for hackers.”
His work attempts to illustrate the sort of disturbance and impact cyber-attacks could have on the four realms of national security, namely diplomacy, intelligence, military and the economy. “Not many people have integrated that in a PhD,” he added.
“The model I will come up with will hopefully give us a more resilient cyber security framework. My aim is to give recommendations to those in charge about how we can enhance our cyber security capabilities, with the National Electronic Security Authority and the Supreme Council of National Security.”
He strongly believes his research will contribute to improving the Emirates’ cyber resilience, having awarded him a spot as the first non-EU member of the European Cyber Security Council. “There was a vital gap in the intelligence system and information sharing when 9/11 happened,” he said. “Most American agencies dealing with intelligence, like the National Security Agency, the FBI, Interpol and the CIA received information about the attack but did not share it which created a gap in terms of analysing the data. People don’t want to share by nature but our interests and aim are common so we should be able to.”
This will also be Mr Almarashda’s way of paying back his country. “The UAE has given me so much, it’s my time to return the favour as best as I can,” he added.
Updated: May 26, 2017 04:00 AM