Latest news with #CybersecurityCouncil
Tahawul Tech
16-05-2025
- Business
- Tahawul Tech
AWS, e&, and UAE Cybersecurity Council launch the ‘UAE Sovereign Launchpad'
Partnership offers sovereign-by-design cloud and AI solutions endorsed by the UAE Cybersecurity Council Amazon Web Services, Inc. (AWS), an Inc. company, and e&, the UAE-based global technology group, have today launched the UAE Sovereign Launchpad, a cloud offering in UAE that is set to accelerate the adoption of cloud and AI services for the UAE public sector and regulated industries. The UAE Sovereign Launchpad, which is powered by AWS, offered by e&, and endorsed by the UAE Cybersecurity Council, paves the way for a new era of public cloud adoption in the UAE that is estimated to add US$181 billion cumulative value to the nation's digital economy by 2033. The UAE Sovereign Launchpad will run on the AWS Middle East (UAE) Region located within the borders of the UAE. e& will manage and implement customers' security and sovereignty controls aligned with UAE Cloud Security policies. In addition, e& will leverage AWS Outposts, a service that allows customers to extend and run AWS services on premises, to meet customers' specific data residency requirements. UAE government agencies, along with customers in healthcare, financial services, education, space, oil & gas, and non-profit sectors, can now access the latest AWS cloud technologies, while addressing the data sovereignty requirements of the UAE Cyber Security Council. UAE public sector and regulated customers can use the UAE Sovereign Launchpad through e& for all workloads except those classified as Secret and Top Secret, combining AWS cloud capabilities, alongside workload management solutions and managed security support provided by e&. This will cover the majority of workloads for organizations in the UAE. 'The UAE Cyber Security Council welcomes the launch of the UAE Sovereign Launchpad and the collaboration between e& and AWS in advancing our nation's digital transformation journey. With the additional security and sovereignty controls designed within the UAE Sovereign Launchpad, the UAE Government and regulated industries can transform and innovate with AWS, while meeting regulatory requirements,' said Dr. Mohamed Al Kuwaiti, Head of the UAE Cybersecurity Council, which spearheads the UAE's cybersecurity regulatory framework. Hatem Dowidar, Group CEO of e&, said: 'Through AWS's UAE Region and e&'s local expertise, this collaboration demonstrates our commitment to enabling secure cloud solutions that meet the requirements of the UAE's government and regulated sectors. The UAE Sovereign Launchpad is the latest development of a US$1 billion-plus strategic alliance between AWS and e& to fast-track cloud solutions in the Middle East, supporting AI deployment and digital transformation across the region. 'The launch of the UAE Sovereign Launchpad, which leverages e&'s security expertise and operations, proves that world-class cloud services can operate within national cybersecurity frameworks. Our strategic partnership with AWS continues to exemplify how global cloud innovation can align with national priorities,' added Dowidar. AWS is architected to be the most secure cloud infrastructure on which to build, migrate, and manage applications and workloads. This is backed by the trust of millions of customers worldwide, including the most security-sensitive organisations like government, healthcare, and financial services. The UAE public sector and regulated customers will now have access to the latest digital technologies, such as AI and machine learning, while addressing their data sovereignty requirements through the UAE Sovereign Launchpad. 'Our collaboration with e& the UAE Cybersecurity Council represents the perfect synergy of secure global cloud innovation and local expertise, demonstrating our unwavering commitment to supporting the 'We the UAE 2031' vision,' said Tanuja Randery, vice president, Europe, Middle East, and Africa, AWS. 'Security is foundational to sovereignty, and we believe it's essential that customers have control over their data and choices for how they secure and manage their data in the cloud. By combining our world-class cloud capabilities with e&'s deep understanding of UAE's regulatory landscape, we've developed solutions that serve UAE's digital transformation while maintaining the required data protection standards.' UAE Cybersecurity Technology Innovation Bureau AWS, UAE Cybersecurity Council, and e& also plan to create the UAE Cybersecurity Technology Innovation Bureau (CTIB). The CTIB aims to advance 'Made in UAE' cybersecurity innovations, strengthening the UAE's global leading position at the forefront of cyber resilience and elevating the nation's digital capacity building in secure-by-design cloud-computing infrastructure. 'The UAE CTIB reflects the constant efforts made by the UAE in the field of cybersecurity and is a result of the directions and visions of the country's wise leadership,' added Dr. Al-Kuwaiti. 'Through the UAE CTIB, we plan to develop an annual program of training workshops, national and international partnerships, start-up incubations, reports and whitepapers, along with strategic R&D and academic collaborations, to accelerate the UAE's digital transformation and cyber pulse agenda.'
Zawya
25-04-2025
- Zawya
ADU hosts cybersecurity day 5.0 in its Al Ain Campus
This annual event brings together students, experts, and industry leaders to shape a secure and resilient digital future. In the presence of His Excellency Dr. Mohamed Al Kuwaiti, Head of the UAE's Cybersecurity Council Abu Dhabi, UAE: Reinforcing its commitment to digital resilience and national innovation priorities, Abu Dhabi University (ADU), successfully hosted the fifth edition of its large-scale cybersecurity awareness initiative, Cybersecurity Day 5.0. Held at ADU's Al Ain campus in partnership with the UAE Cybersecurity Council and Anxinsec Technology, the full-day event brought together leading cybersecurity experts, government representatives, faculty, students, and industry partners to spotlight emerging cyber threats and strengthen cyber resilience through education, talent development and cross-sector innovation. The event kicked off with a keynote address by His Excellency Dr. Mohamed Al Kuwaiti, Head of the UAE's Cybersecurity Council. Additionally, representatives from ADU underscored the importance of raising cybersecurity awareness on a national level. The event also drew strong participation from key players in the cybersecurity landscape, including Anxinsec, CyberE71, Exploit3rs, and other local stakeholders. 'Cybersecurity is not just a technical necessity, it is a strategic imperative for our nation's continued growth and resilience,' said His Excellency Dr. Mohamed Al Kuwaiti, Head of the UAE's Cybersecurity Council. 'It is inspiring to witness the community coming together to create meaningful dialogue and hands-on experiences that reflect our shared national commitment to cultivating a safer cyber environment in the region. ADU's continued commitment to education, innovation, and cross-sector collaboration reflects exactly the kind of national effort we need to strengthen our cyber ecosystem.' The agenda featured thought-provoking panel discussions, expert-led interactive workshops, and cybersecurity-themed competitions designed to challenge students and promote creative problem-solving. Participants from universities across the UAE engaged in practical activities, networked with industry leaders, and explored the latest trends, technologies, and threats shaping the global cybersecurity landscape. Professor Ghassan Aouad, Chancellor of Abu Dhabi University, said: 'In today's dynamic digital world, as cyber threats continue to grow in complexity and scale, so must our approach to building a secure digital ecosystem. Cybersecurity Day is a powerful example of how academia, industry, and government can come together to empower the next generation of cybersecurity leaders. By fostering innovation and critical thinking in our students, we contribute to the UAE's national cybersecurity goals. It's our mission to create platforms where future experts can gain the skills and insights necessary to tackle emerging threats and ensure a resilient digital infrastructure.' As part of its commitment to academic excellence and future-focused learning, ADU recently introduced a diverse range of new academic programs across undergraduate, postgraduate, and doctoral levels. The programs span high-impact fields such as Artificial Intelligence (AI), cybersecurity, cyber law, fintech, digital transformation, and renewable energy among others. These programs aim to equip students with the advanced knowledge and practical skills needed to thrive in an increasingly dynamic economy and contribute to the UAE's long-term national development goals. About Abu Dhabi University: Abu Dhabi University (ADU) is one of the region's leading academic institutions, translating the UAE Government's National Agenda to deliver internationally accredited academic programs and world-class research. Established in 2003, with campuses across Abu Dhabi, Al Ain, and Dubai, the University serves around 8,700 students from over 100 nationalities. The University is home to five colleges across different disciplines including arts and sciences, business, engineering, health sciences, and law, while offering a diverse range of over 50 undergraduate and graduate programs. According to the Times Higher Education (THE) World University Rankings 2025, ADU ranks 191 globally. Additionally, it ranks second in the UAE and 172nd globally for its research quality, and it is among the top three universities in the UAE, while holding the number one position in the teaching pillar. Additionally, THE Rankings has recognized the University's Business and Economics subject area as number one in the UAE and the Arab region. The University has made an impressive performance in THE Young University Rankings 2024, ranking in the 60th position globally among the world's best universities that are 50 years or younger. Furthermore, the University jumped to the 70th place in the prestigious THE Asia University Rankings 2025 and was ranked first in the UAE for graduate employability as per the Global University Employability Ranking 2023-24. Parallelly, ADU ranks in 501 globally, according to the 2025 edition of the QS World University Rankings, advancing 79 places. ADU continues to empower faculty and students with state-of-the-art resources, facilities, and learning opportunities that foster innovation and support research-based problem-solving. The University maintains strong international collaborations with leading academic institutions and public and private sector organizations, with institutional accreditation from the Western Association of Schools and Colleges' Senior College and University Commission (WASC).
The National
17-04-2025
- Business
- The National
UAE can become exporter of cyber security talent, senior official says
The UAE is committed to becoming a "net exporter of cyber security talent", said the head of the UAE's Cybersecurity Council, Mohamed Al Kuwaiti. He is in Washington to meet government and private sector technology officials to discuss sharing techniques in the fight against cyber criminals. 'Our main focus is cyber crime, cyber terrorism and cyber warfare,' Dr Al Kuwaiti told The National on Thursday. Despite the dark and seemingly endless amount of cyber threats around the world, Dr Al Kuwaiti said he was optimistic and referred to the UAE's accolades in the cyber security sector. The 2024 Global Cybersecurity Index gave the country the highest tier one rating – for countries viewed as role models in the sector. Dr Al Kuwaiti said partnerships and the sharing of information and techniques helped the UAE to attain the tier one rating. He said that recipe for a strong cyber defence played a big role in his Washington visit. 'We do these things by partnering with everybody, governments, private sector, NGOs, you name it, and alhamdulillah, that's what took us to be number one in so many cyber security indexes," he added. The UAE also recently announced the creation of a Cyber Security Centre of Excellence, with support from Google. That centre is expected to involve the creation of more than 20,000 jobs and help to attract foreign investment estimated at $1.4 billion by 2030. 'Through this collaboration, we are not only enhancing our national cyber capabilities but also building a robust innovation ecosystem that is projected to help prevent over $6.8 billion in cyber crime-related losses by 2030,' he said. 'This initiative is a cornerstone in our national strategy.' Dr Al Kuwaiti's optimism about the UAE remaining at the forefront of cyber defence comes at a time when many experts around the world are sounding the alarm about a looming cyber security talent gap. In a previous interview with The National, Akshay Joshi, head of industry partnerships for the World Economic Forum's centre for cyber security, said there soon could be a shortage of 3.3 million cyber security professionals. 'The UAE is committed to not only closing the talent gap, but also becoming a net exporter of cyber security talent,' Dr Al Kuwaiti said, adding that the country's recently launched initiatives, such as Digital Strategy 2025, Cyber Sniper and Cyber Future Leaders, have positioned it to bridge the anticipated talent gap. He also said that artificial intelligence, and the UAE's early interest in the technology, would help to limit the effect of the shortfall in talent. 'We strategically leverage artificial intelligence through two key avenues, firstly by automating a broad spectrum of tasks using Agentic AI and AI Agents," he added. "And secondly, we will empower our workforce through the integration of advanced AI systems that enhance their capabilities, elevate efficiency, and enable faster, more informed decision-making across the cyber security landscape.' But Dr Al Kuwaiti was quick to point out, as others in the cyber security sector do, that AI can be a knife that cuts both way, lowering the entry threshold for those who want to commit cyber crimes. 'According to the 2025 State of the UAE Cybersecurity Report, we are witnessing a sharp increase in AI-powered attacks, including hyper-realistic phishing schemes, deepfakes, among other threats,' he said, adding that the UAE has made it a priority to conduct simulated cyber drills, while also equipping government employees with advanced defensive capabilities to protect national infrastructure. However, for all the awareness stemming from cyber crime, cyber threats and nefarious actors seeking to do technological harm, Dr Al Kuwaiti said there were also misunderstandings about how to best approach cyber security. 'One of the most persistent misconceptions is that cyber security is purely a technical issue, to be handled exclusively by IT teams,' he explained. Studies show human error such as weak passwords or unintentional system use remain some of the leading factors contributing to cyber crime vulnerability, he said. 'Another misconception is that only large organisations or certain sectors are at risk, when in fact, any individual or entity with valuable data can be a target,' he added. He said the UAE wanted to foster a sense of cyber security awareness similar to personal hygiene. 'It needs to be in people's DNA to be aware of what they're downloading, the links they're clicking and the information they're sharing,' he said, noting the various points of entry that cyber criminals use. Dr Al Kuwaiti said the UAE Cybersecurity Council was working on awareness and engagement campaigns to instil the idea that cyber security should be a societal priority and not just a technical mandate. 'Our goal is to empower every individual – from CEOs to students – to understand their, role in safeguarding the digital space,' he explained.
TECHx
05-04-2025
- Business
- TECHx
How To Stop Employees From Helping Ransomware Seize Data?
How To Stop Employees From Helping Ransomware Seize Data? Ransomware attacks on organizations with employee involvement are a growing threat to Middle Eastern entities. Yazen Rahmeh, Cyber Security Expert at SearchInform, explained how to address the challenge. What is Ransomware? Ransomware is one of the most common, fastest-evolving and harmful cyberthreats to organizations: 46% of security professionals estimated suffered losses of $1-10 million in terms of ransom fees, lost revenues, and brand of victims paying ransom, only 47% got their data back uncorrupted. Ransomware is a type of malware that infiltrates a device or network, and blocks access to a system or files. However, employee assistance is often required for ransomware to be allowed inside the network. According to data, 36% of companies in the Middle East reported incidents when their own employees consciously or unconsciously helped adversaries by their actions or inaction. There are three ways ransomware can penetrate corporate networks, either through deliberate or accidental employee involvement: phishing attacks, referral systems and compromised credentials. To overcome these threats an organization should neutralize human factors and prevent employees from assisting attackers. 1. Phishing attacks 52,3% of all ransomware attacks last year were the result of email or phishing attacks. Cybersecurity Council recorded over 38 million phishing attacks in the UAE. Phishing attachments mailed to employees continue to dominate as the primary entry point for ransomware, as it is difficult for an untrained employee to detect them, and antivirus (or firewall) often does not recognize phishing as a threat. These malicious attachments can come in various formats such as PDF, ZIP, or Microsoft Office file formats. The key sign of any malicious email is a call for action:open a file, click on a link, scan a QR code, etc. Cybercriminals often masquerade as partners, customers, and even your system administrators and top-managers. Besides, phishing can be contained in advertisements and pop-up notifications, and even on legitimate websites. How to fight? The primary tool is cyber literacy training. When training employees, it is necessary to achieve several goals: to increase staff awareness of modern threats and methods of combating them; to make employees recognize their role in ensuring information security and the impact they have on it by ignoring security rules; to make caring for data protection the responsibility of entire personnel both at work and in their free time. The training should not be a one-off: regular briefings, webinars, training sessions, and newsletters will significantly increase employees' chances to recognize fraudulent communications and not fall for the bait of cybercriminals. An important aspect of training is to explain in detail the mechanisms of attacks and how workers themselves can counter this threat. For example, to ensure that the employee will recognize a phishing email, explain how to verify the sender through the email attributes. To prevent phishing attacks don't refuse to deploy specialized anti-phishing software. There are a lot of such on the market, including those for scanning incoming emails for signs of fraud, suspicious sender addresses and links to known phishing sites. 2. Refferal system This type of ransomware attack implies that the employee colludes with attackers to consciously infect the corporate system with ransomware and receive a reward. To do so, the insider receives from the ransomware operators a so-called referral link, which is specifically accessed from a corporate device. After the criminals receive the ransom, the malicious insider is paid, for example, 10% of the amount. Employees may cooperate with criminals not only out of greed but also out of revenge and resentment against their employer, as well as other interests. According to data, 65% of organisations said that their employees have been contacted by ransomware operators in an attempt to recruit insiders. Most of the employees were offered more than $500,000 for assisting the attackers, and some were offered up to $1,000,000. How to fight? To exclude employee deliberate assistance to hackers, an organization must ensure its internal security system is strong and well-organized. That's why alongside software against external attacks (antiviruses, NGFW), solutions for insider risk prevention must be implemented. The DCAP and DLP class solutions are basic ones to address insider risks. The DCAP system conducts file system audits and restricts access to confidential information, minimizing the risk of transmitting valuable data to intruders. But what's more important in referring to fighting ransomware, the system brings the order to storage and removes valuable data from folders (including publicly available ones) in which it should not be stored. Thus, the solution reduces the chances of ransomware operators to seize valuable data. The DCAP system also creates data smart-backups (backup only files with specific content) in case attackers manage to capture and encrypt data. The DLP system prevents sensitive information transmission (data leaks), so the malicious actors cannot receive data directly from within (ransomware operators might be especially interested in credentials and network topology). It also detects suspicious incoming communications and enables Information Security professionals to investigate incidents. 3. Compromised credentials Credential leaks are another common vector of ransomware attacks on organizations, accounting for 18% of all incidents in the Middle East. With compromised credentials of employees, ransomware operators can move within the network and get access to any device and data. Then, ransomware infiltrates the network, blocking functions of PCs or encrypting sensitive files. Employee credentials fall into the hands of extortionists, in part because they use the same password for personal and corporate accounts, create passwords that are too simple and violate the rules of credentials storage (for example, putting a sticker with the password on the screen). It also happens as a result of data leaks and low level of internal security protection. How to fight? Develop security policy; deploy SIEM-system; The organisation must adopt an internal information security policy that employees must sign and follow. The policy should contain rules for strong password creation, their safe storage, and prescribe using two-factor authentication (2FA), where it is possible and convenient to implement. Among other things, security policy must contain procedures for installing software (if permitted) and non-disclosure agreements on certain types of information (trade secrets, developments, personal data). The SIEM system, in its turn, detects abnormal activity. The UEBA capability of SIEM solutions helps to establish a behavioural baseline of expected activity for all users and entities. In ransomware attacks, when a user account is going to exhibit unusual activity, SIEM instantly identifies such activities as anomalous and alerts the security analysts. The solution is also effective in detecting password-guessing attempts. Conclusion From the nature of ransomware, we can see that, even though such an attack comes from an external source, to be successful, it requires the direct participation of an insider, either malicious or accidental. To minimize risks of employee involvement, a comprehensive security system to protect against internal risks must be built up. Software with the functions mentioned above will become a solid foundation for your information security system and, along with competently organized training, will minimise the risk of not only ransomware attacks but also other types of both external and internal data-related incidents, including data leakage, corporate fraud, theft of tangible and intangible assets and other violations.
TECHx
25-03-2025
- TECHx
UAE Cybersecurity Council Blocks Cyberattacks on 634 Entities
UAE Cybersecurity Council Blocks Cyberattacks on 634 Entities News Desk - Share The UAE Government's Cybersecurity Council has successfully defended against cyberattacks targeting 634 government and private entities. These attacks aimed to leak data from vital and strategic sectors across the UAE. However, the Council responded swiftly using global best cybersecurity practices. Dr. Mohamed AlKuwaiti, Head of Cybersecurity for the UAE Government, told Emirates News Agency (WAM) that a hacker known as 'rose87168' claimed to have breached Oracle Cloud's SSO and LDAP systems. This breach reportedly exposed around six million customer records worldwide, including sensitive user passwords. According to Dr. AlKuwaiti, the breach may have affected up to 140,000 entities globally. Among them, 634 are in the UAE—30 government entities, 13 private organizations, and others from various sectors. In response, the Cybersecurity Council activated emergency systems across the country. It is working closely with relevant authorities to protect the UAE's cyberspace and prevent future threats. The Council also urged all government and private organizations to strengthen their cybersecurity measures. It called for increased cyber readiness and immediate reporting of any suspicious activity. Furthermore, the Council emphasized the need for constant vigilance. As cyber threats evolve, adopting the latest security practices is crucial to defend against advanced hacking and fraud techniques.
