UAE banks need to plug all holes against cyber threats
While the UAE’s top banks remain resilient to market forces, they are nevertheless being affected by regional economics. As the competitive dynamics of a maturing sector play out, more mergers and acquisitions are being discussed across the Gulf.
However, are these new entities cognisant of the attendant security challenges? Even as banks in general seek to improve their cost-to-income ratios, DarkMatter Group has seen an accelerating increase in threats from cyber incidents.
An increasing number of cyber threat actors now track business activity and look to exploit systemic weaknesses to cause financial damage, injure client confidence or hold corporations to ransom with sophisticated malware techniques. By disregarding these possibilities, GCC organisations risk both revenue and reputation.
A DarkMatter Group investigation has revealed that a significant portion of Gulf’s top companies’ websites are potentially vulnerable to hackers as they are currently not secured by a Public Key Infrastructure (PKI). Using trusted electronic identities, TLS certificates enforce robust verification and data encryption, securing connections to servers over the internet.
Considerably more surprising is DarkMatter Group’s discovery that in the greatly regulated banking and finance sectors, almost 40 per cent of enterprise websites still remain unprotected. In many cases, only the digital banking gateway was fortified but not the corporate site. To draw a parallel, you wouldn’t lock away your valuables, but leave your front door wide open when going on holiday. It is vital to secure all websites, even those that appear in no danger.
DarkMatter Group has partnered with the UAE banking sector for several years to both identify impediments and deliver solutions that safeguard these vital economic institutions. In addition to DarkMatter Group’s nationally-accredited PKI credentials, they are actively developing unique, differentiated approaches to ring-fence the sector through PKIs and trust services.
The preliminary research, which examined over 180 websites of regional corporate leaders across different industries, points to possible vulnerabilities at these household names. In the financial world, the sensitivity of the data entrusted to many players — including banks, investment institutions and insurance providers — further invites stiff regulatory penalties in case of a breach.
Cyber defence ecosystems
Bankers that disregard industry standards for security — such as PKI (Public Key Infrastructure) — may as well play with fire. Harsh contextual realities attest to the rise of cybercrime in the financial world. In our ‘Cyber Resilience and Trust Report’, statistics from Dubai Police showed how cybercrime in the UAE increased by a staggering 136 per cent between 2013-15, totalling a reported $22.3 million (Dh82 million) in damages and lost revenue.
Across the Middle East, companies have suffered bigger losses from cyber incidents, with over 56 per cent losing more than $500,000 each as compared to 33 per cent globally. Local businesses are also more exposed, with 85 per cent of regional companies reporting offences as compared to a worldwide average of 79 per cent.
With hackers employing ever more sophisticated tools, the issue is more important than ever. Worldwide spending on cyber security products and services is forecast to top $1 trillion over the next five years, but cybercrime is expected to cost businesses over $6 trillion annually by 2021. Additionally, global ransomware costs are projected to top $5 billion this year — an astounding 15-fold increase since 2015.
However, agile companies are retaliating, and DarkMatter Group’s frontline programmes will help ensure those levels of losses are not repeated. Although the industry is in catch-up mode, UAE banks have an opportunity to be recognised as among the most secure in the world by adopting PKI.
In addition to PKI, DarkMatter Group’s customised strategies will equip banks with evolving ecosystems of cyber defence through infrastructure capable of halting attacks and adapting to prevent new kinds of breaches.
For many companies, it is a question of the investment around securing their cyber-infrastructure. Implementing those changes can require time and focus, but they are all areas that DarkMatter Group has market-leading expertise in dealing with here in the Middle East. What’s clear is that the can can’t be kicked down the road and action is now imperative.
Banks are integral to any economies and are crucial custodians of everyday corporate activities such as the swift transfer of finances and the guarantee of essential business functions. The average cost to a business of a data breach currently stands at $3.62 million globally — but the cost of a major operational outage to banks remains almost unquantifiable. In this context, deploying PKI is a low-cost investment.
(Mats Rosberg is Senior Manager — Trust Services, DarkMatter Group.)