Dubai launches Security Industry Regulatory Agency

January 22, 2017
A 2016 file picture shows UAE Prime Minister and Dubai Emir Sheikh Mohammed bin Rashid al-Maktoum attending a ceremony
to launch the Mohammed bin Rashid Global Centre for Endowment Consultancy social initiative, in Dubai. (AFP)

Dubai - Cyber-crime is a fast-grow­ing threat to businesses and critical infrastructure facilities in the United Arab Emirates, yet many companies fail to realise the impor­tance of those threats and are ill-equipped to deal with security risks posed by highly organised hackers, industry experts said.
The Dubai government said it will launch the Security Industry Regu­latory Agency (SIRA) at Intersec 2017, the world’s largest trade fair for the security, safety and fire pro­tection industries. A forum provides a platform for decision-makers to discuss the law governing the Emir­ate’s security industry framework, guidelines and expectations.
Yet Amir Kolahzadeh, chief ex­ecutive officer at the Dubai-based It Sec, an industry leader in cyber-security, said more needed to be done to increase awareness about online threats. Organisations within the country and wider region lack measures to safeguard businesses in a growing digital era, he said.
“The cyber-security threat is not only targeting UAE residents and businesses, it is worldwide epidem­ic,” Kolahzadeh said. “However, the UAE and GCC [Gulf Coopera­tion Council] organisations’ lack of urgency in order to address these threats against their network and data does place them in a higher risk category than their counterparts worldwide.”
Kolahzadeh said a lack of official statistics means the UAE’s ranking among the most targeted nations for cyber-criminals cannot be deter­mined and cyber-crime is increasing exponentially.
“For example, the number of cli­ents calling us after they have been some way affected by a cyber-crime in the UAE had increased by fivefold from 2015 to 2016.”
Kolahzadeh, who is to make the keynote speech at Intersec 2017 on the tie between physical security and cyber-security, said it was im­portant to understand why hackers would decide to go after critical in­frastructure facilities, adding that often the crimes are not financially motivated but aimed for destabilis­ing a business or even a country.
“Cyber-security has moved be­yond what we have imagined,” he said. “Today hackers are easily ca­pable of infiltrating a [closed-circuit television] or access-control net­work of a prison, bank, hospital and open doors, lock doors, delete or replace footage and basically take over the physical security assets of the organisation, hence disabling critical infrastructure — and all done remotely,” he said.
Among the biggest threats to the UAE’s critical infrastructure are at­tacks on hospitals and health care systems that endanger public safety and put a spotlight on a new weak­ness as public and private institu­tions struggle to adapt to the digital era.
“We believe that the health care system will be the number one at­tacked industry in the next year or two,” Kolahzadeh said. “As all medi­cal devices are now online and con­nected to the internet for monitor­ing and reporting, they also become a target of hackers to take over these devices for ransomware.”
Scott Manson, cyber-security leader for the Middle East and Tur­key at Cisco, also highlighted the health care sector as a growing tar­get for cyber-criminals.
“According to the World Privacy Forum, the street value of stolen health care data is $50 as compared to $1 for a stolen Social Security number,” he said. “New attack mod­els such as ransomware can capital­ise on the sensitivity of the situa­tion, where the question is not just about losing data but patients’ lives. Adding up all these, the health care industry is an attractive target for cyber-criminals.”
One of the biggest hurdles in tackling cyber-crime is the lack of trained professionals to deal with it.
According the Cisco 2016 Annual Security Report, by 2019 there will be a deficit of 1.5 million security practitioners. Globally, 26% of or­ganisations face staffing shortages and 35% have expertise shortages with security jobs growing at 12 times the rate of the overall job mar­ket and three times the rate of gen­eral information technology.
Manson pointed to the lack of women entering the sector, which he said represented a loss of talent for the industry and a loss of oppor­tunity for them. He said increasing the number of security professionals is a priority in the war against cyber-crime as is better equipping employ­ees with cyber-security knowledge.
“UAE workplace security research conducted by Cisco and [Gulf Busi­ness Machines] showed employee behaviour is a genuine weak link in cyber-security and becoming an increasing source of risk, more through complacency and igno­rance than malice, because compa­nies have so insulated employees from the scale of daily threats that people expect the company’s securi­ty settings to take care of everything for them,” Manson said.
“When data breaches are the re­sult of an external attack, it is often the inexperience of employees that is exploited, whether it be by click­ing on an e-mail link they shouldn’t open or downloading an unap­proved app.
“Cyber-attackers have identified the human as the weakest element and no matter how many sophisti­cated security technologies are de­ployed within an organisation, a se­curity solution is still only as secure as its weakest link.”
Intersec 2017 runs January 22nd- 24th.