Dealing with the cyber threats

The UAE is effectively dealing with the cyber threats to its national security. Its approach could be a model to deal with such threats 

The UAE is reportedly the second-most targeted nation for cybercrime, according to a report by The Gulf News. Attacks in the nation are thought to cost $1.4 billion yearly. In 2020, the UAE had a 250% surge in cyber attacks, with ransomware and phishing events occurring more often. Cyber-attacks swept the Middle East as soon as COVID-19 began to spread there, leaving both public and private institutions exceedingly vulnerable and making the pandemic both a physical and a digital threat. More people were connected online than ever before despite physical distance on a global scale, dramatically expanding the attack surface for eager cyber threat actors (TAs). We have seen how these players were able to successfully exploit the new reality against the backdrop of the widespread panic and political turbulence that followed the pandemic’s onset more than two years ago by raising the bar for social engineering assaults. Ransomware attacks were common and severe in the Middle East, particularly in the United Arab Emirates (UAE), whose renowned digital economy and connections made it an attractive target.

The UAE has prioritized the shift to the digital economy as a national priority because technologies like artificial intelligence, blockchain, fintech, the internet of things, and 5G are swiftly gaining awareness throughout the public and commercial sectors. It now stands a greater danger from focused cyber threats, though. The attacks the UAE has suffered might be a sign of things to come, and the country’s response might be a model for how the region should deal with this growing security threat in the short and long periods.

The UAE government’s director of cyber security, Mohamed Hamad al-Kuwaiti, established the UAE Cyber Security Council in November 2020. To design a cyber-security policy, offer a secure cyber infrastructure, and provide swift response times in the fight against cybercrime, the Council was established. The UAE has recently been moving toward a “service-centric approach” to aggressively tackle cybercrime, reaching preliminary agreements with several businesses like Huawei, Amazon Web Services (AWS), and Deloitte. By using a service-level, agreement-based offer, and outsourcing security operations to a qualified provider, this kind of strategy compels businesses to take a service-based approach to cybersecurity rather than a technology-focused one. Additionally, this method lowers expenses, increases effectiveness, and enables businesses to concentrate on what matters most.

More specifically, these agreements—along with one struck in March 2022 with the UAE-based Cyber Protection X—are designed to improve local cyber security training and knowledge, share best practices, and support research and innovation in the field. These partnerships are expected to boost the UAE’s cyber security infrastructure and hasten the country’s transition to a digital economy. The nation continued to place a high priority on cyber security and cyber awareness, moving up to the 33rd spotto claim the 5th position on the International Telecommunications Union’s Global Cyber security Index 2020.

One of the most popular locations for cyber-attacks is the Middle East. The necessity for cyber security in the Middle East has increased as a result. In the Middle East, the cyber-security market is projected to rise from $15.6 billion in 2020 to $29.9 billion by 2025, at a compound yearly growth rate (CAGR) of 13.80%, according to Research and Markets .com’s worldwide projection. Approximately 38% of firms, according to research, have adopted a mixed working technique (online and offline). These firms have made use of virtual and cloud-based technology to run their operations.

The vast majority of attacks in the Middle East are carried out via social engineering techniques, email domain exploits, and malware injection, according to the blog’s various data. Organizations in Middle Eastern nations must give cyber-security priority. Tools and services that might empower their staff and increase employee awareness in the face of cyber-attacks must be used by them. UAE enacted several laws to tighten its cyber security.

Regulation on General Data Protection (GDPR)

The GDPR became effective on May 25, 2018. The adoption of this rule as a global standard for data protection signaled the development of the environment for protecting private information. The GDPR stipulates that fines may not exceed 4% of worldwide revenue or €20 million, whichever is greater.

Law No. 30 of 2018 in Bahrain

On August 1st, 2019, Bahrain implemented the PDPL (Personal Data Protection Law). The EU served as its inspiration. Offenders may get a term of up to one year as punishment. Egypt’s Personal Data Protection Law No.151 of 2020. PDPL was incorporated in Egypt in July 2020. The purpose of this law was to address the issue of data protection and privacy. This legislation limits the collection of personal data to that which is necessary for certain purposes. It also laid down guidelines for businesses seeking permits to handle sensitive and private data. Criminals who are caught engaging in illicit activities face a maximum fine of EGP 5 million or a possible 6-month detention in jail.

(The writer is an advisor to Cyber/Aerospace Security and an eminent expert for Counter Terrorism & Cyber Security, in West Asia & Middle East. The views expressed are personal). This is the first part of two–part series on national security.

To be concluded…

Source: The Pioneer