Over the past few years, the Middle East region has experienced substantial growth in the digitisation of various sectors, including BFSI. This resulted in a rebound in cyberattacks, making cybersecurity a key topic for the next decade.
Digital bank scams are becoming more complex with the onslaught of malicious bots, leading to account takeovers and financial fraud through a variety of cyberthreats.
In 2022, global cyberattacks increased by 38 per cent compared to 2021, while the UAE saw an increase in weekly attacks on the organisation by 178 per cent in Q2 2022, indicating the need for investment in cybersecurity.
GCC cybersecurity overview
The GCC cybersecurity market is projected to register a CAGR (Compound Annual Growth Rate) of 5.9 per cent during the 2017–2030 forecast period, due to high levels of cyberthreats. Geographically, the UAE accounted for the largest market for advanced cybersecurity solutions with more than 35 per cent market share in the GCC cybersecurity market owing to expansion of the BFSI sector over the past few years. Saudi Arabia closely follows the UAE, accounting for 30 per cent market share in the GCC cybersecurity market, and is growing at a healthy rate on the back of a growing oil and gas sector.
IBM’s in-depth study of more than 500 actual data breaches in 17 countries over the past year shows that the Middle East ranks second in terms of the average cost of security breaches among the regions surveyed. The study on organisations surveyed in the Kingdom of Saudi Arabia (KSA) and the UAE suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic. Some of the most popular types of cyberattacks include phishing, scam, malware and ransomware.
Phishing mails, messages or chats are designed to trick the receiver into visiting a malicious website, opening an infected attachment, or gain access to the local network. According to Akamai Threat Research, phishing and credential stuffing attacks remain a major threat to financial service organisations and customers.
Ransomware is a critical cyber risk to banks, where attackers negotiate for a ransom. The banking industry is very attractive as a target for ransomware gangs because of the valuable customer information they possess.
Distributed Denial of Service (DDoS) attacks make use of multiple infected computers to execute fake requests to the institution’s systems and network. In 2020, the financial sector experienced the highest number of DDoS attacks.
Other cyberattacks types on the list include SQL Injections, Local File Inclusion, Cross-Site Scripting, and OGNL Java Injections.
Cybersecurity for banks
Most banking organisations offer access to their services through mobile applications, making mobile devices vulnerable for cyberattackers to tap into the customer's personal information.
There is a need for effective protection of user personal data, identity and access management. Applications with a strong level of authentication can effectively prevent, detect or combat cyberattacks.
Comarch has developed software that is based on biometric authentication (2FA/MFA), passwordless access and strong cryptography, to help companies create secure and seamless identity environments.
The dramatic increase in cyberattacks is an eye opener for all financial institutions in the Middle East, and forcing them to rethink the whole cybersecurity space.
Victims of cyberattacks are not only the institutions, but also their clients. Hackers use increasingly more sophisticated methods to take over personal data and financial resources. Regional CISOs are well aware of the threats associated with cybersecurity, and they are taking necessary steps to decrease it. However, financial institutions should work closely with state-of-the-art technology providers to mitigate the threat of attacks on sensitive information of their customers, including retail and business banking customers.
- The writer is Business Development Manager, Comarch