Something is terrifying below the glamorous and chaotic cyberworld. Look at this local data if you’re still not convinced about the dangers that lurk in digital interactions and transactions. It is a fact that the public sector in the United Arab Emirates is subject to approximately 50,000 attempts at cyberattacks every day.
In the first three quarters of last year, the nation prevented over 71 million attempted cyberattacks. Around 87% of UAE-based businesses experienced various cyber events, with 25% of them being the result of employees’ wilful harmful behaviour.
Such was the extent of the danger that Dr Mohammed Al Kuwaiti, the head of the Gulf country’s Cybersecurity Council, had to call on organisations (both public and private) to remain vigilant against hackers.
The Cybersecurity Council, established by the UAE government in 2020, has been busy from day one. As of November 2023, it was fending off over 50,000 cyber-attacks daily. There were successes, as the ransomware attacks in the UAE declined by more than 70% at the start of 2023, compared with the same period in 2022. However, according to a report from cybersecurity firm Proofpoint in 2023, about two in three businesses (64%) in the country were still experiencing ransomware attacks.
Iran’s Daring Attempt In 2023
Things got heated up in the beginning of 2024, as Iranian state-backed hackers interrupted TV streaming services in the UAE to broadcast a deepfake newsreader delivering a report on the Gaza conflict. As per Microsoft analysts, the hacking operation, run by the Islamic Revolutionary Guards, a key branch of the Iranian armed forces, had disrupted streaming platforms in the UAE with an AI-generated news broadcast branded “For Humanity”.
“The fake news anchor introduced unverified images that claimed to show Palestinians injured and killed in Israeli military operations in Gaza. Analysts at Microsoft said the hacking group, known as Cotton Sandstorm, published videos on the Telegram messaging platform showing it hacking into three online streaming services and disrupting news channels with the fake newscaster,” reported Guardian on the incident in February 2024.
Though wealth and connectivity may make some nations more appealing to attackers than others, all nations are equally vulnerable, when it comes to dealing with cyber-attacks. It makes sense that the UAE, which bills itself as a worldwide centre of innovation and business, is leading the charge on the digital revolution, which comes with a unique set of difficulties, especially in the area of cyber security. Regrettably, the quick adoption of digital technology also attracts the attention of increasingly skilled cybercriminals, exposing holes in the system.
The UAE Digital Government Strategy 2025, which is somewhat ambitious, is guiding the country towards a future that prioritises digitalisation and inclusivity. This plan aims to create smart, resilient cities, as outlined in the Smart Dubai 2021 Strategy and combines 64 digital projects arranged among six pillars.
It promises to revolutionise public services through the Unified Digital Platform. However, a plan is only adequate if everyone involved is willing to take on the challenge. The swift proliferation of technologies like artificial intelligence, cloud computing, and operational technology expands the attack surface and gives cyber criminals more avenues for exploitation.
Survey Paints A Grim Picture
According to a January 2024 research from Kaspersky, 87% of companies in the UAE have faced different forms of cyber incidents in the past two years. Although businesses in the Gulf nation are facing high levels of vulnerability against the threat actors, the problem is not getting any better.
A December 2023 study from the same cybersecurity company, showed that 77% of APAC (Asia-Pacific) companies don’t possess the tools required for spotting cyberattacks. Meanwhile, 87% of firms are plagued by a shortage of cybersecurity talent, making it harder to stop cyber criminals in their tracks.
In the past, security leaders in the UAE have struggled to ensure secure access to remote employee and corporate-owned devices, said Mohammed Al-Moneer, regional senior director for META at Infoblox, while interacting with the Dark Reading. The official also mentioned businesses fearing data leaks and cloud attacks “and do not believe they have a firm handle on the insider threat.”
Gopan Sivasankaran, general manager of the META region at Secureworks, explained that the UAE’s booming digital economy and greater use of data makes the Gulf nation an “attractive” target for both cybercriminals and hostile states.
“The insight from the incident response engagements and active attacks on organisations we’ve worked on in the Middle East over the last year show organisations in the UAE have been victims to large scale wiper attacks as well as nation-state sponsored attacks,” Sivasankaran remarked.
“Across the Middle East we can see that banking, manufacturing, retail, and healthcare organisations are the most likely to reach out to us for help with a cyber-incident. But government, hospitality, and transportation are also highly prized targets,” he added further.
An inclusive and comprehensive digital governance structure is necessary as the Gulf country grapples with the challenges of data protection and integration as it continues to adopt cutting-edge technologies to diversify and modernise its economy. The UAE must handle the risks related to cross-border data flows as a global hub, including adhering to international data protection laws.
Inclusion is a key component of the UAE’s strategy, which guarantees that no one is left behind by digital government programmes. Adopting transparent procedures and emphasising accessibility for all demographics—particularly the old, the disabled, women, and children—are part of this.
The UAE seeks to use cutting-edge technologies to foresee and proactively address disasters under the resilience dimension. This entails strengthening government operations and disseminating information about cybersecurity best practices and hazards to the general public and companies.
The plan also establishes national digital priorities and encourages cross-sectoral cooperation. Deep digital technology integration is necessary at all governmental levels. To improve engagement and convenience, the UAE plan highlights the significance of creating digital services around people’s needs with a focus on user-driven services. All policy procedures must undergo digital transformation, and continual experimentation is required to keep up with the rapid improvements in technology.
The data-driven aspect acknowledges the importance of data in improving public services. To avoid security lapses and maintain public confidence, it is crucial to handle this data ethically and securely. By emphasising proactiveness, the plan seeks to improve interactions with government services through the use of technologies such as the UAE National Digital ID. This lowers administrative barriers and calls for sophisticated security measures to prevent identity theft and unauthorised access.
Ensuring top-notch digital infrastructure and integrated services that cater to user needs are among the main goals of the UAE’s digital strategy. It is essential to commit to improving digital skills and making sure laws are ready for the digital transition. To successfully manage risks, attaining these goals necessitates a comprehensive cybersecurity infrastructure that keeps up with technological changes.
Although the UAE’s Digital Strategy 2025 provides a strong basis for a digital future, it also necessitates the improvement of cybersecurity measures in tandem. It is critical to address the lack of qualified cybersecurity specialists and improve the current digital infrastructure to prevent and withstand advanced cyberattacks. The UAE won’t be able to safeguard its goals for digital transformation against the constantly changing cyber threat landscape until then.
The goal of the strategy is to make the nation a global leader in innovation, the digital economy, and public services. But like any big digital transformation plan, it has its share of difficulties, especially with cybersecurity. To guarantee that the technological innovations it encourages do not turn into weaknesses, the approach will need to change to meet the escalating cybersecurity requirements. Achieving this goal mostly depends on creating and maintaining an extensive cybersecurity framework that outlines best practices, standards, and reactions to cyberattacks.
To guard against growing cyber threats, the UAE’s strategy must keep creating strong cybersecurity frameworks. This includes technical advancements as well as legislative and regulatory frameworks that are flexible enough to adjust to the constantly evolving nature of cyber threats and the requirement for dynamic response tactics. Along with constant attention and development, the UAE’s proactive approach to cybersecurity strategy updates and international collaboration is essential to managing these dangers.