Today's Edition
SARA ALZAABI (ABU DHABI)
Preventing ransomware attacks that compromise one's personal information is the most pressing concern in the realm of cyberspace, according to Dr. Mathew Nicho, Associate Researcher and Associate Professor at Rabdan Academy.
Speaking during a research seminar titled "The UAE Financial Sector: Cyber Threat Landscape", Dr. Nicho focused on security challenges and strategies for resilience against the growing threat of cyber-attacks.
He discussed the prevalence of threats targeting smart devices, and the impact of AI on cyber threats during the event organised by Rabdan Academy, in collaboration with Abu Dhabi Global Market Academy.
The seminar brought together a distinguished group of experts, specialists, researchers and students. It provided insights from IT security experts at leading financial institutions, focusing on the most pressing challenges and risks. It also explored effective strategies to enhance resilience and safeguard critical systems from the growing threat of cyber-attacks.
Speaking to Aletihad, Dr. Nicho said that most cyber-attacks on UAE's financial institutions stem from human error, with 87% targeting critical infrastructure.
This lack of awareness leads to distrust in technology.
"Users need to adopt a cautious approach, as in a zero-trust security model. From an IT security perspective, it's not just the average person who must be vigilant. Employees in critical organisations, in particular, must enforce continuous authentication, verification, and strict access controls for every user, device and transaction, regardless of whether they are inside or outside the organisation."
He noted that the development of AI singlehandedly changed the way spear phishing, deepfake, device spoofing and other forms of attacks are carried out. These are much more advanced than their predecessors.
"The truth is that while Distributed Denial-of-Service (DDoS) and website defacement attacks are not that serious in nature, a ransomware attack can cause serious damage to an organisation," he said.
"Indeed, the emergence of AI-assisted attacks have obliterated the way organisations previously approached network and data security."
Dr. Nicho cited the UAE Central Bank's 2017 threat intelligence platform, ensuring immediate reporting of cyber-attacks.
The government enforces over 30 compliance frameworks in banking and is expanding this to other sectors, aiming for 90-95% safety across the economy.
On the impact of emerging technologies like AI and blockchain on cybersecurity strategies, Dr. Nicho explained: "Hackers are using AI, but critical sectors, including finance, are leveraging AI to counter these threats. The key is to use 'good AI' against 'bad AI.'
"However, every AI system in organisations, especially in finance, must have expert human intervention. With the right team, AI can be more effective than the hackers' tools."
According to Dr. Nicho, operational threats in the UAE's financial sector are set to grow within the next three years, including cyber-attacks on banks and critical infrastructure.
He stressed that for financial institutions, the main operational threat is protecting data.
"If you can secure data and implement data loss prevention effectively, you protect customer information. It is crucial to have redundant servers in case of data theft. The real challenge arises when data moves between entities. This is where operational threats occur. Data should be secure when stored, but the key is protecting it when it is in use or in motion."
This, in turn, shifts the emphasis on the need to counter growing threats, with financial institutions investing in employee training at all levels.
Intensive training in deepfake defence, control management, and compliance improves cybersecurity and resilience.
Innovation remains key to tackling these challenges, according to Dr. Nicho.
"AI is still evolving, and we are learning how to protect assets, whether data, transactions, software, or even people. The fintech community needs to develop and update solutions that adapt to changing standards. They must ensure their solutions are scalable and up to date, not just based on past threats but also future ones.
"For measuring cybersecurity effectiveness, it is simple: it is about how many attacks you deflected and prevented. The more you stop, the more effective the strategy."
