In an interview with Integrator Media, Naji Salama, CEO at IT Max Global discusses the UAE’s strategic investment in data security, which is set to reach $1.8 billion in 2024, a significant 15% increase from the previous year. The discussion highlights the critical drivers of this growth, including heightened cyber threat awareness, evolving regulatory frameworks, and the ongoing digital transformation across industries. She also sheds light on the substantial financial impact of cybercrime in the region, revealing losses estimated at $1.4 billion annually. Naji delves into prevalent fraudulent schemes targeting financial document handlers and emphasize the importance of integrating AI and machine learning to mitigate cyber risks.

With data security being a global issue and concern, what do you think is the value of UAE spending on data security in 2024 and how does this compare from last year (2023)?

There is a much stronger focus on data security spending here in the UAE. Projections show the UAE will reach around US$1.8 Billion dedicated to data security in 2024. That is a significant jump, with a growth rate of about 15% compared to last year.

There are a few key drivers behind this increase. First, there’s a heightened awareness of cyber threats. Businesses are more aware than ever of the potential damage cyberattacks can cause. Regulatory requirements are also playing a role,with stricter data protection laws coming into effect. And finally, don’t forget the ongoing digital transformation across many sectors. As companies move more of their operations online, the need for robust data security becomes even more critical.

The increase in data security spending reflects a strong commitment from UAE Government and businesses to safeguarding their digital assets. It is a positive trend, and it shows that companies are taking the cyber threat seriously.

What is the value of cybercrime losses suffered by companies in the UAE every year?

Unfortunately, it is difficult to pinpoint an exact figure. There are so many factors at play, and many cyber incidents go unreported. However, based on industry reports, estimates suggest cybercrime losses could be in the billions of dirhams annually. One recent estimate we’ve seen is US$1.4 billion. This highlights the importance of robust cybersecurity measures.

What are the most prominent fraudulent schemes targeting UAE employees dealing with financial documents?

In the UAE, we find that employees dealing with financial documents are increasingly targeted by sophisticated phishing and Business Email Compromise (BEC) schemes. Phishing is a deceptive practice where attackers impersonate legitimate entities. Business Email Compromise (BEC) is when cybercriminals fake (spoof) an email’s sender address to pose as executives or trusted partners, instructing employees to transfer funds or share confidential data. One recent case we have had to deal with was for a large enterprise where cybercriminals posing as the CEO had managed to get someone in finance to wire north of 500,000 AEDs to their account. We’ve also noticed that ransomware attacks have become more prevalent, where malicious actors encrypt crucial financial documents and demand a ransom for their release. On top of the robust security countermeasures provided to our customers, we also provide interactive security training for personnels. We believe that educating employees about these schemes is essential in mitigating these risks.

What are the best directions of data insurance services in UAE 2024?

Data insurance is certainly evolving rapidly, and we are seeing some exciting developments here in the UAE. One of the key areas I see is a move towards more comprehensive coverage. In the past, data insurance might have just focused on data breach notification. But today’s businesses need protection from a wider range of threats. We’re talking ransomware attacks, business disruptions due to cyber incidents, and even privacy violations. The best data insurance products will offer that broader shield.

Integration with cybersecurity solutions is a critical trend in data insurance. Direct links between data insurance and security infrastructures can offer discounts for strong security or bundled services, boosting cybersecurity resilience. With the rise of cloud computing, data insurance must adapt to address unique cloud security challenges. As the market matures, expect more standardized policies, increasing transparency and consistency. These trends make data insurance more valuable and relevant.

How are AI and machine learning technologies integrated into the tech companies’ environment to reduce cybercrime?

AI and machine learning are becoming game-changers in cybersecurity. For example, these technologies allow the security experts at IT Max to analyze vast amounts of data – such as security, hardware or network logs – in real-time, helping to identify suspicious activity and potential breaches much faster. They can also be used to develop adaptive security systems that can learn and adjust to new threats as they emerge. Additionally, AI can automate many routine security tasks, freeing up IT teams to focus on strategic initiatives and incident response.

In short, I would say AI has allowed companies and security providers like IT Max mount much more proactive and adaptive defenses against cybercrime.

What are the most significant weaknesses of enterprises and companies causing increased cyberattacks?

There are a few key areas.  One is unpatched vulnerabilities.  If companies do not keep their software and systems updated with the latest security patches, they are leaving gaping holes for attackers to exploit. This is why “patch management” is one of our core managed security services, where we handle this on behalf of our clients as seamlessly as can be. Another big issue is weak password management.  Employees often reuse weak passwords across multiple accounts, making them easy targets for brute-force attacks and/or leaks over the dark web or other channels used by malicious actors.

Some companies, more often the smaller ones or the ones without a dedicated cybersecurity team, simply don’t have adequate security measures in the first place. This could mean lacking firewalls, intrusion detection systems, or other essential security controls. That’s why it is crucial for such entities to partner with a managed security provider such as IT Max.

Larger enterprises face unique threats, with numerous entry points for attackers. Inadequate segmentation in complex IT infrastructures enables lateral movement within networks. The biggest challenge is a lack of awareness, as data breaches often stem from human error or exploitation. Untrained employees can fall prey to malicious links or inadvertently share sensitive information, highlighting the necessity of investing in cybersecurity education.