The world’s governments and police authorities are at war with a breed of criminal able to wreak havoc on businesses and personal lives from across the globe while sitting in a pair of pyjamas in a dimly lit bedroom somewhere in the middle of nowhere. Damage can be caused with one email and can spread to millions of computers within minutes. Hackers are doing a roaring trade with Dh3.86 billion being stolen from 3.72 million consumers in the UAE in the past year, according to the 2017 Norton Cyber Security Insights Report.
Put simply, cyber-crime victims are often victims of their own device. They are more likely to use the same online password across all their accounts, or use different passwords but save them on their computer’s web browser. Other mistakes include outdated defence/anti-virus systems, leaving computers on standby, clicking on emails that the victim is not 100 per cent certain are legitimate, clicking on emails where the sender cannot be trusted or opening an attachment from an unknown source.
Legislation has been in force in the UAE since 27 August 2012, codifying the full range of cyber-crimes that can be committed and the resulting penalties that range from imprisonment for up to 5 years and fines of up to AED3,000,000. Crimes include but are not limited to the following:
· breach of privacy;
· disclosure of confidential information; and
· intentionally capturing, or intercepting, communications through a communication network without permission.
If the figures stated above are anything to go by, clearly, even with this legislation in place, cyber-crime is flourishing. The problem is that many of the perpetrators of these crimes can easily hide their identity and are/or are based in other areas of the globe.
1. Cybercrime is real. On a corporate level, companies should be dealing with such issues at board level making continuous investment in and developing defence systems. Companies should initially make an assessment of the current anti-cybercrime systems which they already have in place. Such systems should be proportional to the size of the company, the number of employees and the sector/industry in which it is active.
2. Having completed the initial assessment, the company should implement or improve systems already in place in order to prevent as far as possible any cyber-attacks. This might involve updating any anti-virus software being used or installing a better firewall system.
3. Finally but maybe most importantly, adequate checks and training should be implemented with respect to all employees. The greatest source of cyber compromises are reportedly insiders or former staff members. It is commented that a new concept of ‘Know Your Employee’ (KYE) should be implemented by boards, compliance officers and IT staff. This would require businesses to undertake a risk assessment of their workforce in the context of cyber security.