Seven types of cyberattacks are very common in the financial sector due to the nature of assets handled, the financial attractiveness of the sector, the impact of the threat to the economy, and the geopolitical stature of the region perpetrated by non-state and state sponsored actors. Here is a discussion between Bharat Raigangar (Board Advisor – CSA 1CxO) and one of the authors of the report, Dr. Mathew Nicho, Associate Professor – Associate Researcher, Research and Innovation, Rabdan Academy, Abu Dhabi, UAE. The candid responses are captured in this article.
Cyber-attacks on financial institutions present a critical threat due to the loss of financial assets, disruptions in financial markets, and global transactions, which can impact any country’s economic scenario. The Research & Innovation Center of Rabdan Academy in association with ADGM Academy Research centre and UQ Cyber (University of Queensland) carried out an extensive study based on their own research and interviews conducted across 12 financial organization in UAE. Their insights, expertise and candid perspectives have been instrumental in shaping a comprehensive report around Cyber Threats across Financial Sectors.
This report primarily focuses on the UAE financial sector, but also covers the applicability from a global relevance also. Technological advancements in cybersecurity, utilizing Artificial Intelligence Artificial Intelligence (AI) and Machine Learning (ML) have emerged as playing a pivotal role in the cybersecurity landscape, facilitating accelerated anomaly detection and streamlining responses to recurring threats encountered in organizations’ day-to-day operations.
Bharat: First of all, let me congratulate you on a very informative and thought-provoking study report. I am sure you and the rest of the team would have spent a large effort to not only get the required data points from various financial institutions in the region but also compile it to bring this out to the public domain. Also, a special thanks of support to the research team of ADGM.
Could you explain the role of ransomware in the UAE financial sector’s cyber landscape, and why it has become a critical threat?
Mathew: Ransomware represents a critical and evolving threat to the UAE’s financial sector, primarily driven by its transformation into Ransomware-as-a-Service and its ongoing evolution through AI technologies. What makes this threat particularly severe is the presence of well-funded state and non-state actors who deploy highly skilled teams dedicated to methodically probing and bypassing security controls. Despite its sophisticated nature, our analysis shows that many successful attacks could have been prevented if critical IT controls hadn’t been compromised. These compromises often stem from various organizational pressures: project teams rushing to meet deadlines, compliance efforts focused on merely passing audits rather than ensuring genuine security, and management teams lacking full appreciation of potential consequences. Adding to this challenge is the rapid spread of information through social media networks, which provides threat actors with valuable intelligence for crafting targeted attacks. The combination of these factors namely sophisticated attack methods, well-resourced adversaries, organizational vulnerabilities, and information exposure makes ransomware a persistent and critical threat to the UAE’s financial infrastructure.
Bharat : What is the primary socio-technical vulnerabilities impacting the UAE’s financial sector, and the role of people in mitigation?
“Cyber Pro-active and gamification awareness, along with the right defense-in-depth, will go a long way in providing the right confidence and ease-of-doing business.“
Bharat Raigangar, Board Advisor, 1CxO-CSA
Mathew: The primary socio-technical vulnerability in the UAE’s financial sector centers on what I call the ‘Internetworked Computer User’ (ICU). In today’s interconnected world, every stakeholder – whether employee, customer, supplier, or member of the public, is not just networked, but internetworked, creating a complex human ecosystem that can either be our greatest vulnerability or our strongest defense. The key to transforming this traditionally perceived ‘weakest link’ into an effective ‘human firewall’ lies in revolutionizing our approach to security awareness. Traditional training methods are no longer sufficient. Instead, we need to implement what I recommend as Context-Based Micro Training (CBMT). This approach recognizes that cyber threats are highly contextual – attackers craft their strategies based on specific situations and opportunities within our ecosystem. Management’s responsibility, therefore, extends beyond traditional security measures. They must systematically identify exposed cyber contexts within their operations and develop targeted micro-training modules for different stakeholder levels, including customers. This contextual approach ensures that security awareness is not just theoretical but directly applicable to real-world scenarios that users encounter. By adapting security training to reflect the actual threat landscape and making it relevant to each user’s context, we can transform every ICU from a potential vulnerability into an active component of our defense system thus effectively creating a human firewall that strengthens our entire security posture.
“Traditional training methods are no longer sufficient. Instead, we need to implement what I recommend as Context-Based Micro Training (CBMT).”
Dr. Mathew Nicho, Associate Professor – Associate Researcher, Research and Innovation, Rabdan Academy, Abu Dhabi, UAE.
Bharat: With the emerging technology growing at a high speed with Quantum computing and AI – which are here to stay, what role, according to your research, does Artifical Intelligence and Machine Learning (AI & ML) play in both enhancing and compromising cybersecurity in the UAE’s financial sector, and what best practices do you suggest for leveraging AI defensively?
Mathew: While technological landscapes continuously evolve, AI has established itself as a transformative force with long-term implications for cybersecurity. What makes AI particularly significant is its powerful dual nature in the cyber battlefield. On the offensive side, threat actors are rigorously deploying AI to refine their attacks to unprecedented levels of sophistication. The result is the creation of threat vectors so convincingly benign that traditional detection methods often fail to identify their malicious nature. This has fundamentally changed the threat landscape facing financial institutions.
- Strategic AI deployment:
- Deploy autonomous AI defense systems calibrated to organizational context
- Implement AI-driven security analytics and continuous monitoring
- Leverage AI for proactive threat landscape scanning and prediction
- Utilize machine learning for pattern recognition and anomaly detection
- Deploy AI for automated incident response and threat containment
- Human-AI synergy:
- Establish expert human oversight for AI system decisions
- Integrate human contextual intelligence with AI insights
- Leverage human expertise for strategic threat analysis and response planning
- Enable human modification of AI defense parameters based on emerging threats
- Create feedback loops between human analysts and AI systems
- Develop human-led protocols for critical security decisions
The key to success lies not in relying solely on AI but in creating a synergistic relationship between artificial and human intelligence in our defensive posture
Bharat: Moving to the threat landscape, especially when we look at the heterogenous environment of IT-_OT-IoT, how are device deception attacks becoming more prevalent in the UAE, and what are the possible consequences for the financial sector?
Mathew: Device miniaturization has revolutionized the threat landscape, creating new attack vectors through increasingly sophisticated and compact computing devices. For instance, we now see smartwatches capable of running penetration testing operating systems, effectively turning everyday wearables into potential attack tools. The proliferation of IoT devices presents an even more critical challenge. These devices have become ubiquitous in our environment, creating an expansive attack surface that hackers can exploit. The real danger lies in the network connectivity – a single vulnerability in an IoT device connected to the LAN can potentially compromise the entire organizational network.
In the context of the UAE’s financial sector, this creates multiple risks:
- Miniaturized devices can bypass traditional physical security measures
- IoT vulnerabilities provide entry points into secure networks
- Connected devices create a complex web of potential attack vectors
- A single compromised device can impact the entire network infrastructure
This evolving threat requires financial institutions to implement comprehensive device security strategies and robust network segmentation to protect against these sophisticated attack vectors
Bharat: In the context of information supply chain attacks (Third Party and Nth Party), what are some specific risk management strategies you recommend for UAE-based financial institutions to safeguard their data and systems? How effective is the TPRM Risk Quantification maturity in the region.
Mathew: Information supply chain security requires comprehensive visibility across both organizational and extended networks. I conceptualize this using what I call the ‘Moving King’ analogy: Just as a king receives varying levels of protection based on the situation – with the entire army mobilizing during high-risk movements – information security should be similarly dynamic and context-aware. Key strategic elements should include:
- Dynamic Data Protection:
- Implement flexible security controls that adapt to information value
- Adjust encryption levels based on data sensitivity and context
- Scale protection measures according to risk levels
- Enable secure functionality without compromising business operations
- Complete Visibility:
- Monitor information flow across the entire network ecosystem
- Track data value fluctuations throughout its lifecycle
- Maintain awareness of data location and usage patterns
- Identify critical points where protection needs escalation
- Adaptive Security Framework:
- Deploy flexible tunneling and encryption mechanisms
- Balance security with business functionality
- Enable heightened protection for sensitive data movements
- Allow appropriate access for legitimate business operations
This approach ensures that like a king’s protection detail, security measures can dynamically scale up or down based on the situation while maintaining continuous visibility across the information supply chain. The buzz word of Risk Quantification especially on Supply Chain is still at its nascent space where the need of the hour is Advisors and solutions which can give a near-real-time valuation of the organizations Crown Jewel-at-risk in the hands of Third and nth parties.
Thanks, Dr Mathew, for your insightful discussion and I am sure the cyber community at large would benefit a lot from this research report.
In conclusion, seven types of cyberattacks are very common in the financial sector due to the nature of assets handled, the financial attractiveness of the sector, the impact of the threat to the economy, and the geopolitical stature of the region perpetrated by non-state and state sponsored actors. Social engineering flaws, like those observed in spear phishing, voice cloning, and ransomware, typically exploit human interactions and behaviors within the financial industry, are creating mistrust among the service end-users. Cyber Pro-active and gamification awareness, along with the right defense-in-depth, will go a long way in providing the right confidence and ease-of-doing business.
