The UAE and countries around the world need to ensure they improve the cyber threat detection surrounding its critical infastructure, experts have said.
Last year, a global cyberattack using hacking tools widely believed by researchers to have been developed by the US National Security Agency crippled the UK's National Health Serivce.
Hospitals and GP surgeries in England and Scotland were among at least 16 health service organisations hit by a "ransomware" attack using malware called Wanna Decryptor.
Staff were forced to revert to pen and paper and use their own mobiles after the attack affected key systems, including telephones.
Hospitals and doctors' surgeries in parts of England were forced to turn away patients and cancel appointments after they were infected with the ransomware, which scrambled data on computers and demanded payments of $300 to $600 to restore access. People in affected areas were being advised to seek medical care only in emergencies.
With the UAE’s announcement last month it would start sharing data collected by the Government soon, being able to protect that exchange will be crucial to avoid similarly damaging breaches and hacks.
“The dynamics of cyber security have changed a lot,” said Saqib Chaudhry, chief information security officer at Cleveland Clinic Abu Dhabi.
“A decade ago, it was about looking at security from a device-protected perspective. Now it’s more data-centric security – you protect security from the source. We came up with data classification levels, dividing information into four different standards and each level has its own security and guidance.”
Data classification is key to be able to know which assets are confidential or sensitive. "We're doing a lot of large deployment of automated classification of data and data leakage protection," said Farrukh Ahmad, head of cybersecurity Mena at PA Consulting. "You can do lots of things with it and we've seen lots of demand in that space."
Society is becoming richer in data by the day. "We're becoming a society [based] on interoperability and a city of resilience," said Jose Carrera, director of governance, risk and compliance at Darkmatter in Abu Dhabi. "You're a walking marketing piece of information to somebody. But the UAE listens and observes what other countries have done and even if they're a private culture, it's all about privacy, tolerance and how we use it and I feel secure here."
Europe is expected to roll out its strongest data protection act later this year. "Privacy is absolutely critical," Mr Ahmad said. "You need to be able to have a good handle on this going forward – the last thing you want is trust being eroded because then people won't trust the governments and that will affect society."
They called on a mechanism looking at the entire data life cycle to ensure privacy, from collecting and storing it to using, sharing and archiving it. The Dubai Smart Office announced recently it had started to develop such a platform.
"Governments can also create a national way of exchanging data, like in the United States, to help standardise the exchange of information in a secure way," Mr Chaudhry said.
Artificial intelligence can also help secure data. "AI tends to be a good way to manage the amount of data," Mr Ahmad said. "Putting malware around your data doesn't work these days so trying to get a good intel from your network is essential for anomaly detection because, unfortunately, we're not winning this war."
As technology continues to mature at an exponential rate, protecting critical assets will prove paramount. Some of these include space, food and water, especially in the Gulf where countries heavily rely on desalination plants.
“Risk management becomes even more important,” said Dr Marios Efthymiopoulos, associate professor of International Security and Strategy at the American University in the Emirates. “It’s a multidimensional element. You have to take into account a city like Dubai or Abu Dhabi that is developing and growing, which comes with it more safety checks and more security regulations that need to be adopted.”
As the UAE imports around 90 per cent of its food, its transportation should also be strictly monitored for cyber security threats, experts said.
_______
Read more:
Crazy in love: half of UAE online daters have experienced cyber attacks
_______
"We all need it," said Peter O'Connell, an independent security specialist at the International Exhibition for National Security and Resilience in the capital this week. "Food transportation must have certain measures and this comes down to and should be driven by a central point of excellence, which appears to be lacking in many organisations."
Paul Park, director of defence, security and public safety at Etisalat Digital, said more work needed to be done in the field. "With technology today, even if the vehicle doesn't have a clever tracking management system, you can figure out where the driver is, control the AC to preserve whatever is in the truck, or give him another route," he said. "There's no excuse for doing nothing. When you do an analysis to see what is critical, you realise you have to do something about it."