Mohammed Abukhater, VP Sales—MEA at FireEye International (Middle East) discusses potential cybersecurity threats to banks and strategies to address them with Banker Middle East.
What potential threats are banks in this region exposed to? What are the cybersecurity risks that financial institutions may not be aware of?
Middle Eastern banks are in the spotlight for hackers who have a focus on credit card fraud. The hacker doesn’t have to necessarily attack the bank directly to gain access but cracking into a network is enough to get customer’s data. As hackers get smarter and smarter, it’s crucial for banks to invest in proper intelligence systems to avoid a breach.
In terms of potential threats, is there anything that is specific to this region?
Both Muscat and RAK banks were targeted by hackers this year, resulting in the loss of millions of dollars. This happened because the hackers were able to get into the card-processing systems. What is important to learn from this attack is the hackers used traditional techniques but managed to manipulate the system to gain access to the data of these banks.
What kind of strategies would you suggest to banks here to best protect themselves from possible attacks?
There are few practical and action-oriented suggestions for the banking industry to consider for protection.
1. Migrate data to the cloud: Cloud computing is here to stay with an estimated 80-85 per cent of companies migrating to the cloud. For banks of any size or history, the cloud offers powerful benefits reducing the entry points for hackers and having stringent safety measures in place.
2. Spend time on patching: It is important to get briefed on the volume and criticality of unpatched software vulnerabilities in the banking organisation. Spending time to figure out who has primary responsibility for applying the patches and then track and report to senior management on the progress is key.
3. Training: Hackers are getting smarter and smarter every day. It’s crucial for everyone in this industry to stay up to date. The development of skills and awareness are integral to combating cyberthreats, so we need to improve capacity-building and the education of all employees.
4. Engage with the government: As governments are continuing to play an integral role in a company’s compliance with cyber laws, more collaboration and alignment with them will be imperative.
Financial institutions are generally aware of fundamental measures they should take to protect themselves from an attack. Is there anything that you think has been overlooked by banks in this respect?
It goes without saying, cyberattacks are a hazard affecting all aspects of the financial sector from the integrity of data, consumer confidence, reputation and— most of all—the bottom line. Financial institutions shouldn’t overlook investing in intelligence-led security to understand the threats they will face, stay ahead of them, and properly secure all levels and functions of their business.
How do you assess/rate the level of security of banks in the Middle East?
The level of security in each region is diverse, and the maturity of each market in the financial sector varies. KSA and UAE are bigger markets that are seen investing heavily in cyber security, but other countries in the Middle East need to follow suit. The financial sector in the region is now irreversibly dependent on interconnectivity and the internet.
What do you regard as the highest standards of security and how far are Middle Eastern banks from this benchmark?
Today, cybersecurity involves not only the protection of information in the form of digital data, but also the associated networks, computers and portals that transport and enable access to this data. The highest standard is to have a holistic approach to security. The governments of UAE and Saudi Arabia are implementing strong security measures to ensure that the region is creating a secure environment. Both these countries have strong central bank regulations that every financial institution needs to comply with. The KSA government specifically put security procedures in place across the region and it is necessary for all the banks to invest in these before venturing into providing any services and transactions for consumers.