Educate, Educate, Educate

Marwan Abdulla Bin Dalmook, senior vice president - Technology Security & Risk Management, Operations, at UAE telecoms provider du, says that the key to battling cyber threats is education, not only of the end user, but of enterprise and governments too

Tags: Emirates Integrated Telecommunications Company
  • E-Mail
Educate, Educate, Educate
By  Georgina Enzer Published  November 6, 2013

Cyber attacks in the Middle East region are increasing due to political instability, and a large number of in-country targets that could lead to high financial gain if the attacks are successful. The key to stopping these attacks is always education, according to regional telecom provider du.

“We, at du have to make sure we are raising awareness of cyber security with our governments, as well as smartphone and personal device users who access both personal and enterprise data in the cloud.  We need to make sure that they understand how to secure their environment,” explains Marwan Abdulla Bin Dalmook, senior vice president, Technology Security & Risk Management, Operations, at regional telecoms provider, du.

According to du, the amount of viruses and malware within the du network proves that cyber criminals are increasing their interest in the UAE. Add this to the surge in BYOD users in the region, and the large number of financial targets within the country with high monetary returns from successful hacks, such as big banks and financial institutions, and it is clear why the UAE is seeing an increase in attacks.

“So far we have seen an increase of malware and viruses here in the UAE because we have seen an increase in technology innovations, and users themselves have more access to the network, which by default will increase the scale of the cyber security problem,” Bin Dalmook states.

According to du, several large cyber security incidents have happened this year in the UAE, such as the RAK Bank- Bank of Muscat hack, which stole $45 million in a matter of hours. Hacks such as this have caused big enterprises to take a more serious and cautious approach to IT security, data storage and data access. IT security vendors and suppliers are also initiating conferences and meetings to raise awareness, both internally and externally, on how to better protect the entire enterprise IT infrastructure.

“We would like to see more work from the enterprises in educating their employees on better security practices. Security is one ecosystem; you need everyone to work together to have better security practices in place,” says Bin Dalmook.

Attack reporting

Another important aspect of IT security is the sharing of attack information between enterprises within a similar vertical. This security breach information sharing has proven successful in countries such as the US and Europe to help combat attacks, but is still not mandated here in the UAE.

Du has its own in-house reporting system where customers can report attacks and cyber crime, but due to privacy laws and regulations, that attack information cannot be shared with other customers or enterprises to help them to more effectively secure their IT environment.

“We receive complaints from different institutes or users from around the world saying ‘we have been attacked by a specific IP that belongs to du’. If we work that backwards, we check and see that the hacker is maybe an institute, an enterprise, or an end user who probably does not know he has been hacked and, from their machines, they have been attacking different destinations,” explains Bin Dalmook. “We do not give out attack information because of the law and because we protect the privacy of our customers and their information. We are limited in sharing this information. We go back to the end user and ask them to clean their devices, to look at their security practices and if the attack is continuous from their side, or there are repeated instances of them attacking others we are obliged to cut their lines or remove their service because it is part of our contract.”

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code