The Central Bank of the UAE Runs Cyber Attack Simulation to test the Banking Sector’s Resilience
The Central Bank of the United Arab Emirates (CBUAE) ran a cyber attack simulation on the country’s banking sector to test its resilience against potential cyber attacks.
The CBUAE believed undergoing such an exercise was essential to safeguard the UAE’s economy from the threats emanating from the cyber space. The UAE Bank Federation (UBF) also participated in this exercise. This attack simulation was a part of the CBUAE’s mandate to ensure stability and resilience of their financial system.
They intend to do this using sophisticated technology and processes that can ensure safety against cyber threats. The bank organizations attacked during this exercise were exposed to real-time cyber attack sequences. This was done to help them assess their risk posture and apply defense mechanisms according to the need.
This awareness generation exercise was conducted in order to promote international best practices of cyber security. CBUAE encouraged the participating banking institutions to reinforce their cyber security measures against such attacks.
The Central Bank also assured them of the support of best-in-class Information Technology infrastructure to put such measures in place. The UAE Bank Federation has also used the medium of webinars to create cyber security awareness among these institutions.
Cyber Threats for Banking Institutions
Cyber attacks targeting banks can occur in different forms. Some of the common kinds of cyber security threats for banks are as follows -
- Malware — Malware has grown immensely as a threat against banks in the recent past. With ease of use and procurement, malware has become a frontline tool for cyber criminals for gaining access to entire banking networks and stealing confidential user data. According to Bitglass Financial Breach Report, in the year 2019, the malware was responsible for 75% of all data breaches in the banking sector.
- Social Engineering — Social Engineering attacks use the vulnerabilities in human behavior to gain access to a company’s servers. In the banking sector, social engineering is widely used to gain access to employees’ login credentials.
- Data Manipulation — In a data manipulation attack, the perpetrator makes undetected changes to the data in a target system for their personal gain. These attacks are thrown in huge numbers at banking institutions as they can change how data is recorded.
- Web Application Attacks — As most of the banking operations have gone online, web application attacks in this sector have affected the functionality of institutions.
Cyber Security Measures for Banks
According to the best practices, a portion of around 4–10% of the IT budget of a company should go to cyber security. In fact, some of the larger banks have tripled their cyber security expenditure in the last five years. This can be effectively supplemented with the following measures -
- Awareness Training Tools like ThreatCop can be used to test individual and group vulnerabilities in the bank against different attack vectors. This uses cyber attack simulation followed by awareness training sessions to inform the employees about these threats.
- Discovering vulnerabilities through VAPT can provide an idea of how easy or difficult it is to penetrate the systems of an organization. As a result, it can help banking institutions effectively upgrading their cyber security infrastructure to block any penetration attempts.
- Planning responses in cyber emergencies using real-time scenarios can help in avoiding surprises during real cyber attacks.
- Using measures like Web Application Firewall, Encryption, Bot Filtering, etc. can ensure web application security against threats such as SQL Injection, Cross Site Request Forgery and Denial of Service (DoS) attacks, etc.
- Using updated versions of anti-malware software and getting rid of obsolete software and hardware in the organization can reduce the risk of corruption of systems.
- Using Multi-Factor Authentication can prove to be one of the most effective measures to fend off threats arising from human errors.
- The use of Biometrics for access into very sensitive areas of information, in addition to MFA, can prove to be an extra layer of protection.
- Implementing KDMARC can help in securing the domains of an organization against forgery and spoofing.
Banking institutions handle very sensitive financial information about their clients. Such information has to be protected at all costs for the maintenance of client relationships and the organization’s reputation. Robust cyber security infrastructure is an asset for an organization as it can help prevent leakage of time and money through cyber security breaches. Therefore, the expenditure of attention and money on cyber security infrastructure should be done proactively by banking institutions.