Companies in the UAE are urged not to 'stick their heads in the sand' when they are maliciously attacked by IT hackers, experts say.
Senior security executives said the UAE should be more transparent in tackling IT security issues and details of hacking or any security-related attacks should be disclosed to the public.
A number of hacking incidents in the UAE recently has prompted several firms and individuals to demand for more information.
Earlier this year, a statement from the Central Bank of the UAE said thieves operating in the UAE have compromised an ATM machine and stolen bank card details over a seven day period.
The gang is understood to have installed a card reader inside the ATM to read card data, along with a video camera to record PIN numbers. The Central Bank statement warns that the thieves were able to copy data of all the cards used in the said ATM during the period 19-25 February 2008.
The statement however did not mention where the hacked ATM was or which bank it belonged. Attempts by the media to obtain more information were in vain leaving concerned consumers clueless.
Currently, an international investigation is under way to find hackers believed to have stolen information from financial servers in the UAE to make fraudulent credit and debit card purchases in the US.
A circular issued by the US Embassy in Abu Dhabi advised all American citizens in the UAE that in recent days it has received numerous reports of US citizens in the UAE who have been victims of credit and debit card fraud.
"To date, all of the reported fraudulent charges have been made from the United States. We are aware of no fraudulent transactions originating in the UAE," it said.
The circular recommended that all Americans frequently check the balances and purchases on your credit/debit cards to identify potential instances of fraud in a timely manner; verify the amounts of their personal liability with their financial institutions in case of fraudulent transactions; and report instances of credit/debit card fraud immediately to their bank or financial institution.
According to Justin Doo, Trend Micro's regional director for the Middle East and Africa, what most people do not know is IT threats – even in a safe country like the UAE – are real and the effects on firms and individuals are substantial.
Some attacks have already been successful, but the media and the general public have not been provided the details.
"We have a culture of non-disclosure in this region and I think it's working against us," Doo told Emirates Business. "The more we don't talk about it, the more people become less aware of the real danger of an insecure IT environment."
Doo said when large organisations get hacked and lose a thousand records but still choose to say nothing, the harder it becomes for the general public to understand the problem. "It will also be harder for small businesses to realise that they need to protect their network environment," he said.
Salem Al Shair, eServices Director of Dubai eGovernment added that an ostrich approach would only worsen the situation. "We have to be transparent. We cannot stick our heads in the sand and pretend that nothing has happened," he said. "When a hacking incident happened to us we brought it to the press ourselves. Nobody knew about it. Even the department concerned was not aware of it. We found out before they did. We started working on it with the police and we put a press release ourselves."
Dubai eGovernment last year announced that it has successfully thwarted an attack by hackers attempting to corrupt data and damage government websites. According to Al Shair, no financial or personal information was accessed or damaged.
He said not only the crucial data were corrupted such as the nominees, the online application, the previous winners but the information and the website programmes were lost.
The Internet Security Threat Report (ISTR), volume 12, released by Symantec Corp concludes that cyber criminals are increasingly becoming more professional – even commercial – in the development, distribution and use of malicious code and services. The ISTR found that the UAE ranks 40th as an originator of cyber attacks, six places higher than in March 2007.
Vinod Vasudevan, chief technology officer and director at security company Paladion, said the country's burgeoning banking industry marked it out as a target for hackers.