UAE banking sector invests heavily in fight against cyberattacks

UAE banking sector invests heavily in fight against cyberattacks

Since the pandemic, the number of cyberattacks in the UAE and the region has seen a substantial increase, as organisations have been forced to an immediate remote working scenario.

As part of efforts targeting the cyber security of the financial sector, the Central Bank of the UAE (CBUAE) conducted a real-time cyberattack simulation exercise designed to test the resilience of the UAE’s banking sector against any potential cyberthreats.

In addition to this, the UAE Banking Federation recently organised RaCE, a two-day cybersecurity webinar, focusing on best practices in data privacy and protection as businesses shift to a hybrid working environment.

Bahi Hour, Director, System Engineering – META at Attivo Networks, said: “The accelerated digitalisation efforts of the banking industry in the region has given a much larger attack surface area for cybercriminals to exploit. In addition to phishing and malware, the attackers have evolved and equipped themselves with advanced persistent threat (APT) tactics to navigate around defences and infiltrate networks without being detected. The CISOs need to adopt a multi-layered cybersecurity strategy to help ensure the safety of their prized digital assets.”

Remote working has increased the dependence on VPNs to connect employees with the corporate networks, which provides an additional potential path for criminals to attack. They can either exploit a vulnerability,or socially engineer an employee to reveal access credentials and gain entry to the network.

Industry experts anticipate COVID-19 related phishing attacks to continue well through 2021, as employees continue to work from home. Prior to the pandemic, perimeter security was sufficient to block such activity, but since all employees are now logging in at all times, from different places, utilising multiple devices, detecting unauthorised access has proven difficult.

According to industry pundits, infiltrators are now changing tactics to avoid detection and maximise the payout. They have adopted a new strategy that involves spending months hidden in the system, carefully navigating through the network and patiently waiting to locate their victim’s most valuable assets. A 2020 report by the Ponemon Institute revealed that the average time for companies in KSA and UAE to detect data breach is 269 days.

The increased incidence of attacks on financial institutions in the region is compelling these institutions to invest in measures against cyber threats.

Ray Kafity, Vice President META, Attivo Networks, said: “CISOs can proactively defend against APT threats by utilising a portfolio of solutions that can detect, isolate and remedy the attack. In addition to endpoint security, tools using deception and concealment techniques, provide early detection capabilities for discovery, credential theft, lateral movement, privilege escalation and data gathering activities.”