Post Published On: May 17, 2018
Mohammed Abukhater, VP Sales, MEA, FireEye International (Middle East), elaborates on strategies that regional banks can undertake to safeguard against potential security threats.
What potential threats are banks in this region exposed to? What are the cybersecurity risks that financial institutions may not be aware of?
Middle Eastern banks are in the spotlight for hackers who have a focus on credit card fraud. The hacker doesn’t have to necessarily attack the bank directly to gain access, but cracking into a network is enough to get customer’s data. As hackers get smarter and smarter, it’s crucial for banks to invest in proper intelligence systems to avoid a breach.
What kind of strategies would you suggest to banks here to best protect themselves from possible attacks?
There are few practical and action-oriented suggestions for the banking industry to consider for protection.
1. Migrate data to the cloud: Cloud computing is here to stay with an estimated 80-85 per cent of companies migrating to the cloud. For banks of any size or history, the cloud offers powerful benefits reducing the entry points for hackers and having stringent safety measures in place.
2. Spend time on patching: It is important to get briefed on the volume and criticality of unpatched software vulnerabilities in the banking organization. Spending time to figure out who has primary responsibility for applying the patches and then track and report to senior management on the progress is key.
3. Training: Hackers are getting smarter and smarter every day. It’s crucial for everyone in this industry to stay up to date. The development of skills and awareness are integral to combating cyber threats, so we need to improve capacity-building and the education of all employees.
4. Engage with the Government: As governments continue to play an integral role in a company’s compliance with cyber laws, more collaboration and alignment with them will be imperative.
Financial institutions are generally aware of fundamental measures they should take to protect themselves from an attack. Is there anything that you think has been overlooked by banks in this respect?
It goes without saying, cyber attacks are a hazard affecting all aspects of the financial sector from the integrity of data, consumer confidence, reputation and – most of all – the bottom line. Financial institutions shouldn’t overlook investing in intelligence-led security to understand the threats they will face, stay ahead of them, and properly secure all levels and functions of their business.
How do you assess/rate the level of security of banks in the Middle East?
The level of security in each region is diverse, and the maturity of each market in the financial sector varies. KSA and UAE are bigger markets that are seen investing heavily in cyber security, but other countries in the Middle East need to follow suit. The financial sector in the region is now irreversibly dependent on interconnectivity and the Internet.
What do you regard as the highest standards of security and how far are Middle Eastern banks from this benchmark?
Today, cybersecurity involves not only the protection of information in the form of digital data, but also the associated networks, computers and portals that transport and enable access to this data. The highest standard is to have a holistic approach to security. The government of UAE and Saudi Arabia are implementing strong security measures to ensure that the region is creating a secure environment.
Both these countries have strong central bank regulations that every financial institution need to comply with. The KSA government specifically put security procedures across the region and it is necessary for all the banks to invest in these before venturing into any services and transactions for consumers.