Latest news with #FutureSecSummit
Khaleej Times
9 hours ago
- Business
- Khaleej Times
Triple extortion, AI phishing: UAE banks face evolving cyber threats
From hyper-personalised phishing emails to ransomware attackers leaking stolen data before encryption, cyber threats in the banking and financial sectors are growing faster than many institutions can adapt. At the FutureSec Summit 2025, hosted by Khaleej Times in Dubai on Wednesday, cybersecurity leaders warned that even tightly regulated sectors, such as BFSI (Banking, Financial Services, & Insurance), are now facing more complex, intelligent, and coordinated cyberattacks. "More than 95 per cent of cyber incidents still begin with social engineering," said Hala Elghawi, Regional Cybersecurity Risk Specialist. "Phishing emails have become highly sophisticated, especially with AI-generated spear phishing. These are tailored to specific individuals, making them incredibly hard to detect — even by trained professionals." Elghawi added that traditional ransomware attacks have evolved into what experts are calling triple extortion tactics: "Attackers now first exfiltrate data and leak it online, then encrypt systems, and finally demand ransom. If companies hesitate, they escalate by threatening to publish or sell the data. The pressure is intense." She also pointed to the rising availability of malware-as-a-service platforms, which have made it easier and cheaper for less technically skilled actors to launch serious attacks. Regulation, culture, and AI While regulation in the UAE is evolving rapidly, experts emphasised that compliance alone is not enough. "The Central Bank of the UAE took a very forward-looking step in 2024 with two key regulations," said Rohit Bajpai, Head of Internal Audit at Gulf Islamic Investments. "One was the introduction of open finance rules, extending data-sharing frameworks to insurance firms under customer-consent models. The second was a regulatory sandbox that allows firms to safely test AI and digital tools in a controlled environment." These shifts, he noted, create an environment that fosters innovation without compromising risk controls. But according to Linoy Kidd, Chief Information Officer at HSBC MENAT, the human element remains just as critical: "Cybersecurity must be part of the organisational DNA. It's not just about XDR or MFA. It's about accountability at every level, first line, second line, and third line of defence," she said. "Training, awareness, and a culture of vigilance are just as important as technology." Multi-cloud chaos Expanding the conversation beyond finance, Georges Farah, Head of Container Security for Kaspersky (Middle East, Turkey, and Africa), echoed that the shift to hybrid and multi-cloud environments is creating serious visibility challenges. "With every additional cloud provider, you get more flexibility but also more blind spots," Farah said. "Only about 51% of organisations today say they have fully unified visibility across their infrastructure. That's where attackers thrive." He cautioned against a common mistake: trying to enforce the same low-level configurations across different cloud providers. "You need a top-down approach," he explained. "Start with master policies in plain English, what data needs to be protected and why—then translate those into cloud-specific tools and configurations. Automate what you can, but make sure it's strategic, not reactive." Despite the evolving threat landscape, speakers expressed optimism that AI could be as much a solution as a risk if adopted correctly. "Machine learning lets us detect threats faster, identify patterns, and even automate containment," said Elghawi. "Instead of replacing people, it should free them to focus on strategy and innovation."
Khaleej Times
10 hours ago
- Khaleej Times
UAE: How AI-powered traffic cameras are making roads safer in Abu Dhabi
While many see cybersecurity as a matter of protecting data locked away in servers and for law enforcement agencies in the UAE, it's increasingly becoming a matter of protecting people in their daily life. Speaking at the FutureSec Summit 2025, hosted by Khaleej Times in Dubai, Dr Hamad Khalifa Al Nuaimi, Telecommunications Specialist at Abu Dhabi Police, explained how artificial intelligence is already embedded in the emirate's traffic systems, and how it's reducing accidents before they happen. 'Critical systems aren't just in back-end servers anymore, they're on the roads,' Dr Al Nuaimi said. 'In Abu Dhabi, if you're driving dangerously, like weaving between lanes or tailgating, AI-powered cameras will detect that in real time and flag it. These violations aren't just about issuing fines. They're about preventing collisions before they happen.' The system, he said, goes beyond speed monitoring. It captures behavioral patterns, from sudden zig-zagging to unsafe braking distances,and automates the detection of high-risk driving. These smart interventions, backed by AI, are helping to shift the role of policing from reactive enforcement to proactive safety. 'The goal is to make the roads safer, not just to punish drivers,' he added. 'This is how we're using AI technology to protect lives.' Dr Al Nuaimi emphasized a shift in how authorities define 'critical systems.' Traditionally thought of as IT networks or protected data centres, these systems now include public-facing platforms embedded into daily life. 'When people talk about cybersecurity, they often imagine someone hacking a server behind a firewall,' he said. 'But in Abu Dhabi, our critical systems are outside, on the highways, roundabouts, and city intersections. Cybersecurity means protecting the real-world systems that citizens interact with every day.' This expanding definition of critical infrastructure reflects a broader national strategy that integrates public safety, smart city technology, and digital resilience under one umbrella. Building for the future Echoing this vision was Professor Dr. Hossam Mohamed Nabil, a cybercrime investigation expert at the Dubai Police Academy, who delivered a closing session at the summit on the importance of national resilience. 'Cybersecurity is no longer just a matter of reacting to threats,' he said. 'It's about building resilient systems that can adapt to change, whether it's a ransomware attack, a pandemic, or the arrival of quantum computing.' Reflecting on the early days of the Covid-19 pandemic, he noted how national systems were forced to rapidly digitise everything from education to law enforcement. That experience, he said, was an unintentional but essential stress test for national resilience. 'We had to switch overnight to platforms like Zoom to keep education going. That kind of forced digital transition showed us how unprepared we were, and how quickly we could adapt under pressure.' Dr Nabil stressed that future threats, including AI-generated attacks and quantum computing, will require strategic planning, regulation, and strong public-private collaboration. 'Resilience doesn't happen overnight. It comes from building a security culture, training the workforce, and having the tools in place before the threat arrives,' he said. As Dr Al Nuaimi concluded, 'Security is not just a system behind a screen. It's every camera, every sensor, every smart decision that keeps people safe, sometimes before they even know they were at risk.'
Khaleej Times
11 hours ago
- Health
- Khaleej Times
Life-or-death risks: Rising ID theft, deepfakes can cost lives, experts in Dubai warn
As artificial intelligence tools become increasingly accessible, cybersecurity experts are sounding the alarm about how AI is now being weaponised to commit identity theft, biometric spoofing, and healthcare fraud — threats that could carry life-threatening consequences. Speaking at the FutureSec Summit 2025 hosted by Khaleej Times in Dubai on Wednesday, specialists from the healthcare, retail, and government sectors highlighted how deepfakes, spoofed identities, and gaps in digital infrastructure are exposing both companies and individuals to serious risk. "In the world of digital identity, this isn't just an administrative issue. It has life-or-death consequences," said James Wiles, Chief Information Security Officer for Cigna Healthcare MEA. "If you're misidentifying a patient, whether through identity theft or an error, that could result in the wrong drug being administered or a wrong diagnosis." Wiles detailed how cybercriminals have increasingly targeted healthcare systems across the Middle East, Africa, and the Americas, leveraging fake identities to submit fraudulent insurance claims. Stay up to date with the latest news. Follow KT on WhatsApp Channels. "We've seen cases where stolen identities were used to file multiple false claims, up to $100,000, before the fraud was flagged," he said. "That money is almost impossible to recover. And with AI now enabling video and voice deepfakes, the problem is only escalating, especially in telehealth." The FutureSec Summit 2025, hosted by Khaleej Times in Dubai, brought together leading voices from government, healthcare, retail, and technology under the theme "Innovation, Resilience, and Ethical Vigilance." The one-day event explored how AI and cybersecurity intersect in a rapidly digitising world, with a sharp focus on identity as the most vulnerable access point in modern digital ecosystems. Weakest links The discussion highlighted that identity is now the weakest link in digital ecosystems, particularly in contexts where remote services, such as telehealth or e-commerce, are involved. While large institutions may have the resources to adopt advanced defences, smaller entities, such as clinics or pharmacies, remain vulnerable. "We are only as strong as the weakest link in our ecosystem," Wiles added. "Our systems may be advanced, but if a clinic can't authenticate patients properly, say, through weak video identification, attackers will exploit that." To address this, he said, AI and machine learning are now being used not just to attack but also to defend. "We're using AI to track anomalies: IP changes, VPN access, behavioural patterns, even typing styles. But applying these tools across the full chain, from the insurer to the clinic, is the real challenge." For Dee Deu, Director of Information Security at Chalhoub Group, the stakes lie not just in financial risk but also in consumer trust, especially as identity-based breaches increasingly impact the retail sector. "Our customers are our brand. When there's a data breach or identity compromise, the damage to trust is massive," she said. "We're seeing a shift in how identity access is being handled and how it impacts every touchpoint with the consumer." Chalhoub Group, a luxury retailer operating across seven countries, has already conducted internal campaigns to educate staff on the power and threat of deepfakes. "We've run simulations using deepfakes to train staff and audit our own defences," Deu said. "But beyond technology, the fundamentals remain. If you're not getting basic cybersecurity controls right, AI will just magnify the problem." She also highlighted the dual responsibility companies now hold, both in using AI for operational efficiency and in ensuring that the very AI being adopted is secure and unbiased. "We must secure the AI we adopt just as much as we secure against external threats. This isn't just about protecting systems. It's about educating people, internally and externally, so they can recognise evolving risks and respond." Borders don't exist online Representing the public sector, Jacob Mathew, Technology and Cybersecurity Leader at a UAE government entity said the Emirates is "ahead of the curve" when it comes to regulation, pointing to federal laws and data protection frameworks already in place. "We have laws like Federal Decree-Law No. 45 on personal data protection and No. 34 on cybercrimes, which give us a strong foundation," Mathew said. "But deepfakes and AI-fueled identity theft aren't confined by geography. These are global threats, and we need international cooperation, maybe even through the UN, to establish unified standards and responses." He praised initiatives like the European Union's AI Act, which mandates risk classification and AI content tagging. However, he emphasised that awareness and education are just as critical.
