http://www.business24-7.ae/cs/article_show_mainh1_story.aspx?HeadlineID=2605
By Ryan Harrison
Emirates Business 24/7
February 20, 2008
Investment in anti-hacking technology is growing exponentially in the
UAEs banking sector as the move towards global e-commerce increases the
threat of security breaches, say analysts.
It is estimated that resources allocated to information security have
risen by more than 200 per cent year-on-year since 2005.
Greater awareness of the threat among UAE banks is driving the surge in
investment, said Naveed Moeed, principal technical consultant for the
Middle East and Africa at RSA, the security division of information
management group EMC.
We have had huge traction in the banking sector, he said.
Its far and away the fastest growing sector of our business in the last
three years. Its grown by well over 200 per cent year-on-year in terms
of revenue.
And practically all that revenue is coming out of the awareness of
fraud, particularly insider and online fraud.
To secure core banking you now have a package thats tried and tested.
But providing security for a growing population that wants to use ATMs
and the internet to do their banking is an ever-increasing task. The
bigger the banks grow the more they spend on security.
RSA, which provides information security solutions to 90 per cent of the
Fortune 500 companies, has seen its Middle East client base grow from
one bank the National Bank of Dubai in 2003 to 40 institutions at the
end of last year.
We have seen exponential growth from this sector and this reflects how
banks are reacting to security and how much they see it as leverage for
accelerating the business. Its also about retaining customers.
Moeed, who was attending the Secur Middle East Congress in Dubai, said
the extent of the damage caused by a security breach will depend on the
size of the bank and type of clients it had.
The Abu Dhabi Islamic Bank has more than doubled the amount it allocates
to information security to Dh15 million from Dh6m in 2006.
Ghanem Elshahry, the head of information security and risk management
there, said the UAE banking sectors increasing global exposure was
pushing institutions to take tougher measures.
The risk element is coming from opening up to the world, be it through
internet banking or international expansion, he said.
But we are not pessimistic about this because there are also
opportunities associated with opening up to the world.
Weve had several attempted attacks in the last year and some attempted
disruption, but we havent suffered any financial loss. Our budget
represents about 10 per cent of our IT allocation. UAE banks should
ideally allocate up to 20 per cent of their IT budget to information
security.
Banks in the region have become particularly vulnerable to phishing
attacks in recent years where criminals steal sensitive information from
unsuspecting computer users.
Hackers try to obtain usernames, passwords and credit card details
.E-mail or websites used for phishing usually appear trustworthy, but
are meant to trick people into revealing sensitive information.
Vinod Vasudevan, Chief Technology Officer and Director at security
company Paladion, said the countrys burgeoning banking industry marked
it out as a target for hackers.
The threats to banks are moving more towards financially motivated
attacks, he said.
Attacks in the past year have been mainly phishing attempts, and because
the Middle East is considered economically strong you have most of the
financially motivated, targeted attacks.
The reality today is any attack that is happening anywhere globally can
come quickly into the region.
Five years ago Europe and the United States would be where attacks would
first surface and there would be a lag before they appeared in the
Middle East or Asia.
But because of the economic prosperity here any new attack that surfaces
hits the region immediately. That lag has disappeared.
Paladion, which specialises in security solutions for the financial
services sector, estimates that a banks budget for information
precaution in the UAE has grown to 12 to 15 per cent of its IT funding
up from five to seven per cent two years ago.
A phishing attack can typically lead to thousands of accounts being
siphoned off in 24 hours, which could mean millions of dollars
disappearing in one day. The impact will also depend on the number of
users affected and the size of the bank the larger the bank the more
transactions they will have.
Last year the Abu Dhabi Islamic Bank faced several phishing attacks, but
Elshahry said preventative measures had controlled the security
breaches.
If we suffer from phishing it affects our reputation, so we have
controls to stop the attackers, he said.
When there is a security breach it affects how customers see us, which
is a problem for the growth of the bank. If customers do not feel secure
with the bank they will not continue to deal with us. Plus there is
greater competition in the region.
RSA says customers of European banks have moved to competitors because
of concerns about information security.
In Europe the banks that have done really well are the ones putting
these measures in place, said Moeed.
More customers are moving from certain high streets banks to other high
street banks because of the technology edge. If consumers feel a bank is
more secure then they will move to it. At the same time that bank is
reducing the level of fraud so its net profits double or triple.
Kurt Information Security, which is active in 15 countries, specialises
in securing data for the oil and gas, telecommunications, banking and
finance, government and service sectors.
It co-ordinates its Middle East security operations from headquarters in
the UAE.
CEO Michael Wellington said: Phishing attacks are, for all the big names
in banking, one of the largest threats today because they attack a huge
number of end-users. In the UAE the awareness is there but implementing
solutions that will maintain security is where we believe the challenge
is. Banks here are doing a lot but there is more to be done, especially
as competition is growing in the sector particularly from international
banks.
Ahmed Al Mulla, Chief Information Officer at Dubai Aluminium Company,
said he was recently asked by his chief financial officer whether his
information security measures would be adequate if the group were to
become a shareholder company.
We were working on a roadmap for finance and there were a lot of
regulations we would have to abide by.
One of the requirements was if we want to go the initial public offering
route, are we ready?
Were not ready for an IPO from a security point of view because we dont
need to be. Our CFO was trying to find out where we were as a business.
And, referring to the banking sector, he said: The technology is there
but the challenge is you need to keep updating the technology.
Hiring Hackers
Dubai-based banks are recruiting former hackers to shore up their
information security systems, said an information technology expert.
Addel Wahab Ahmed Mostafa, an IT consultant and chief of the technical
committee at information company UAE Data Warehouse PM, said banks were
hiring hackers in a bid to stay one step ahead of potential breaches.
Most of the big organisations are employing ex-hackers.
In Dubai banks are hiring hackers to protect themselves because how else
do you protect yourself from hackers?
You must figure out the measures they use and use them yourself.
He said 60 per cent of hacking originated inside organisations or was
carried out by former employees.
Most hackers like to attack financial organisations as they are the most
lucrative targets. This activity will grow as the economy grows.
New computer viruses threaten firms in region
Zombies and botnets are the latest threats faced by firms that use the
internet.
Botnets are software robots or bots that run autonomously and
automatically on groups of zombie computers controlled remotely over the
internet by hackers.
These are used to distribute spam e-mail and carry out fraud without the
knowledge of their owners.
And the Middle East is not immune to botnets the worlds number one
emerging internet threat according to web security firm Trend Micro.
David Perry, the companys Global Director of Education, said botnets
were responsible for more than 80 per cent of the worlds spam and
generated fraud worth more than $1 billion (Dh3.67bn) annually.
The number of web-based threats has increased by more than 600 per cent
in the past two years and Trend Micro attributes the growth to
ignorance.
IT users, whether in a professional or consumer capacity, should always
follow responsible, best-practice internet policies to protect
themselves from existing and emerging web threats. said Perry.
Tony Larks, Middle East Communications Director of Trend Micro, said:
The key issue is that company internet security policies are not
enforced effectively in the region and are not conveyed to users. The
biggest concern here is that IT users are not aware of internet threats
the level of awareness is very low.
Larks said in the past 12 months more than five million cases involving
computer viruses had been detected around the world.
The growth in internet threats is such that professional programmers are
working for organised crime gangs and they prefer to remain undetected
for as long as possible. They are playing a longer game, which means
that by the time a virus is detected they might have obtained access to
a great deal of sensitive information, he said.
Internet use in the Middle East has soared by 920 per cent in the past
seven years dwarfing the world average of 265.6 per cent, according to
industry figures.
But the increase has been accompanied by a similar rise in the level of
cyber crime.
Larks said the region had an advantage over other parts of the world as
it did not have a legacy of outdated infrastructure.
Some economies like Europe have an IT infrastructure that is 30 or 40
years old. The cost of upgrading is much more than installing new
software. So the Middle East has the advantage of having the latest
internet security technologies, he said. .( Anjana Sankar)
The Numbers
$1bn: The annual amount of botnet fraud
600%: Increase in the number of web threats
___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
Comments