Cyber-attacks have increased exponentially since the pandemic globally and across the UAE. Remote working significantly increased the surface area of attack and as banks and financial services organizations moved workloads to the Cloud, traditional security measures became redundant. This has provided attackers a fertile hunting ground to ingress networks and implant trojans, virus and malware.
A common way to access the corporate Intranet is via phishing attack, an old technique which has been in existence for more than 25 years but still remains an effective strategy. This is because attackers are tailoring attacks aligned to topical issues or concerns to gain sympathy and access.
Sophos, a global leader in next-generation cybersecurity, in the findings of its global survey, reveals phishing attacks ramped up considerably during the pandemic. The majority (60%) of IT teams in the UAE said the number of phishing emails targeting their employees increased during 2020.
Recognizing this threat, CISOs and security teams in IT departments of financial services and banks in UAE are focusing on its employees as the first line of defense. Says Hisham Mohammad, CISO Emirates NBD, Egypt, “Educating employees is an important part of the defense strategy. It is the first line of defense, yet this is the weakest part in the whole system. We have to educate the employees and make them think like a CISO in their day-to-day decision making.”
Hisham Mohammad, CISO Emirates NBD, Egypt, “Educating employees is an important part of the defense strategy. It is the first line of defense, yet this is the weakest part in the whole system.”
Attackers frequently use phishing emails to trick users into installing malware or sharing credentials and get access to the corporate network. Phishing is often the first step in a complex, multi-stage attack and that is why CISO are treating it as a serious threat. Adds Emirates NBD’s Mohammad, “To be a successful CISO we have to deliver our thoughts to employees and ensure that employees begin to think the CISO and is able to comprehend threats and take steps in favor of organizational security. How the CISO thinks and approaches these aspects will largely determine the security posture of the organization.”
Various security breach reports have highlighted the increase in cyber-attacks in recent times. According to Check Point Research, organizations in UAE witnessed a 29% increase in weekly cyber-attacks 2021, experiencing an average of 311 weekly attacks per organization, while Saudi Arabia and Kuwait have seen an average of 392 and 409 weekly attacks.
Dr Erdal Ozkaya, CISO at Comodo—who was earlier the Regional CISO at Standard Chartered Bank and was looking after UAE—says that the most crucial pillar in strengthening cyber security is knowing how to protect the organization. One of the most important things that organizations are doing is to educate employees and spread awareness about phishing attacks. “It’s really important to educate the employees and communicate about the threat landscape to ensure they partner in the CISO’s efforts of strengthening the security system.”
According to the CheckPoint Research, globally sectors experiencing the highest volume of cyber-attack globally are Education and Research with an average of 1,468 attacks per organisation, followed by Government and Military with 1,082 and Healthcare with 752 attacks per week.
“It’s really important to educate the employees and communicate about the threat landscape to ensure they partner in the CISO’s efforts of strengthening the security system.” Dr Erdal Ozkaya, CISO at Comodo
Traditionally financial services and banks have been at the fore front of technology adoption and UAE market is no exception to this trend. The sector has adopted a range of approaches to protect and defend its business and educating users and spreading awareness of the threat landscape is a top priority.
Read More News: https://enterpriseitworldmea.com/category/security/ I Watch CIOtv: https://ciotv.live/ I Read IT Partner News: https://www.smechannels.com/