Digital and financial innovation have been priorities of the UAE government for a long time. Furthermore, the pace of innovation is accelerating in many directions, with the UAE establishing a pioneering presence in the metaverse and piloting the CBDC (central bank digital currency) Aber project alongside Saudi Arabia.
Cautious openness to cryptocurrencies and heavy financial and digital innovations investments are not free from challenges, especially when they need to meet high standards regarding Anti Money Laundering (AML) and cybersecurity.
The number of financial frauds and cybercrimes – ransomware attacks in particular – skyrocketed during the Covid lockdowns, and their frequency is still rising. Cybercriminals are targeting critical sectors, such as energy, logistics and financial services, as well as infrastructures to leverage their power and maximise their benefits through eventual ransom payments.
This trend is reshaping the job market, where top management is now not only expected to achieve qualifications such as CFA, ACCA or CPA but also IS Auditing, i.e., CISA (certified by ISACA) or CISSP (certified by ISC²).
The risk cannot even be easily transferred through insurance as the policy premiums are currently too expensive due to challenging risk assessments that prevent an accurate measure of the ever-evolving cyber risk.
The truth is that no matter the logical steps, such as two factors authentication, and physical measures, like keeping the servers safe and protected, that can be implemented, human error is at the base of most successful cyberattacks. Systems vulnerabilities are patched immediately, antiviruses and malware software are constantly updated. However, in most organisations, someone still unconsciously shares passwords and exposes unprotected devices to cyber-criminals.
There are many recent high-profile cases that provide a stark warning that governments and organisations must learn from in order to build a more secure digital society.
Direct attacks on critical infrastructures and sectors
The Colonial Pipeline Ransomware Attack (May 2021) led President Joe Biden to declare a state of emergency on the US East Coast, where gas distribution was interrupted for six days. In this case, an exposed password for a VPN Account allowed the cybercriminals to compromise the billing system.
Attacks on critical infrastructure subcontractors
Denmark’s train network was interrupted by a ransomware attack launched against an IT subcontractor’s software testing environment, leading train drivers to stop the trains for most of the day on Saturday 29 October 2022. The US Federal Government was similarly hacked in 2020 through an IT system (Orion) provided by SolarWind.
Cyber-attack surface extended to the Internet of Things devices
Even the safest IT infrastructure is not free from threats, as Internet of Things (IoT) smart devices can become trojan horses in the systems. IoT designers and manufacturers are not legally required to safeguard their technology, making it simple for malicious software to infect each tiny, low-powered device and be exploited for various illegal activities.
The quantum threats
The quantum race, at the moment, is witnessing the US and China as the two major competitors. This technology will make digital cryptography completely exposed to hacking. Given the power of quantum computers, the current cryptographic algorithms, which are expected to keep us safe to be potentially decrypted in thousands of years, could be hacked in seconds.
Crypto fraud and fintech scandals
The recent collapses of the FTX currency exchange (early November 2022) and the consequent panic selling generated by media demonstrated how easy it is to enter into unregulated payment systems, but how difficult it is to revert to traditional money After another big crash of Terra-Luna, in May 2022, they also confirmed again that cryptocurrencies are un-backed by any assets and are essential pieces of codes created for dubious reasons. One of the most popular uses of cryptocurrencies is related to digital barter of illegal activities, including ransom requests which ground their trust as a matter of convenience – they are easier, anonymous, and undetected compared to the traditional financial transactions. Greed leads an alternative popular use of cryptocurrencies, given their volatility, making them appealing to speculators.
The Wirecard scandal, discovered in Germany in June 2020 and exposed by some brave journalists of the Financial Times, demonstrated how policymakers, including Central Banks, still struggle to identify fraud and to keep up with regulating financial innovation. In that case, Wirecard was not monitored as it was classified as a technology company instead of a financial services provider.
The world’s strongest digital fortress
Earlier this year, His Excellency Dr Mohamed Al-Kuwaiti, the UAE government’s Head of Cybersecurity, discussed the National Cybersecurity Strategy, which he said would help to “build the UAE into the strongest digital fortress in the world”. This was followed recently by ‘We the UAE 2031’, which outlined plans to make the UAE one of the top three countries in the Global Cybersecurity Index.
The UAE is well positioned to achieve this goal, which will require a comprehensive approach involving the public, private, and academic sectors. There are several key areas to focus on.
It is important to promote IT fraud awareness, that usually compromises even the most advanced controls. Elements of cybersecurity should be taught from primary school education, which is already making intense use of tablets and other smart devices.
It is crucial to closely monitor cryptocurrencies and other similar digital assets, including NFTs, which are often used for illegal activities. Bitcoin, in particular, is very popular and trusted on the dark web.
Regulators must be adaptive, swift in their responses, and thorough in their monitoring of financial innovations to ensure financial stability and public trust. It is critical to enforce the highest cybersecurity standards for accounting information systems even more than operations.
Integration between digital and quantum cryptography is necessary, particularly for financial services. IBM is already offering quantum-safe cryptographic services. Additionally, it is important to procure reliable partners and suppliers with top cybersecurity standards.
By excelling in these areas, by attracting the world’s top companies, and by producing the best talent, there is no reason why the UAE cannot build the world’s most secure digital society.
