30 days after WannaCry - what can the UAE financial services sector learn?
Source: Booz Allen Hamilton , Author: Charles Habak, Wayne Loveless
Posted: Mon June 12, 2017 11:35 am

UAE. WannaCry or Wcry represents the latest version of a growing threat called Ransomware – a tailored piece of malware designed to exploit specific vulnerabilities in the operating systems of its victims’ computers.

Malware outbreaks are not infrequent, but Wcry spread so rapidly that it revealed vulnerabilities in the business planning, employee preparation and internal procedures of organizations all over the world. A majority of affected systems were running outdated versions of software, with no access to updates because the vendor had phased out support to these legacy systems.

The financial services industry sector is no stranger to the phenomenon of outdated software. Many of today’s financial systems still run on UNIX based platforms developed in the 1980s and 1990s, which often are no longer supported by vendors.

What the financial sector can learn from the Wcry fallout is the importance of investing in a sound risk management framework that involves technology change management as well as updated software – all of which could have prevented Wcry.

Investing in a sound backup and continuity plan can also enable organizations to quickly rebuild and recover systems in the event of a cyber-attack or ransomware impact and eliminate any need to pay ransom. Most law enforcement agencies and cyber experts would caution against paying the ransom as it may open the victims up to further exploitation and potential identify theft.

Financial services organizations and their leadership have a duty to protect their customers’ financial interests as well as their own institutions. This begins with a dedicated cyber agenda at the Board level along with the formation of a cybersecurity action committee reporting directly to the CEO.

Bank-wide vulnerability assessments across all of the business units that are C-level driven and business-aligned should be prioritized. Additionally, a dedicated cyber security business unit should be formulated with the goal of assessing and implementing new types of capabilities, processes and functions to combat growing threats.

Finally, encouraging bilateral and multilateral communication mechanisms with other banks in the marketplace, and interfacing with regulators to inform of threats and share information of potential breaches as well as threat intelligence from local, regional, and international partners can provide the contextual understanding needed to proactively defend institutions from future threats.

Written by: Charles Habak: Vice President at Booz Allen Hamilton MENA; Wayne Loveless: Principal at Booz Allen Hamilton MENA

About Booz Allen Hamilton
Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. In the Middle East and North Africa (MENA) region, Booz Allen builds on six decades of experience partnering with public and private sector clients to solve their most difficult challenges through a combination of business strategy, digital innovation, data analytics, cybersecurity and resilience, operations, supply chain, organization and culture, engineering and life-cycle project management expertise. 

With regional MENA offices in Abu Dhabi, Beirut, Cairo, Doha, Dubai and Riyadh, and international headquarters in McLean, Virginia, the firm employs more than 23,300 people and had revenue of $5.80 billion for the 12 months ended March 31, 2017.

To learn more, visit mena.boozallen.com. (NYSE: BAH)

 

MIDDLE EAST BUSINESS COMMENT & ANALYSIS

date:Posted: November 22, 2017
UAE. Results announced at the Knowledge Summit 2017 in Dubai; The index identifies knowledge as an integral part of human life, affecting its social, economic and cultural aspects, as well as an engine for comprehensive and sustainable human development.
date:Posted: November 22, 2017
UAE. Ascertaining the impact VAT will have on a business and the changes required is an essential step in any VAT implementation process, businesses told at ACCA, Thomson Reuters event.
date:Posted: November 21, 2017
UAE. ICA Conference in Dubai to discuss importance of GCC sovereign wealth funds.
UAE. The panel explored the differences between a knowledge city and a "wise city"; Wise cities, distinguish themselves from their counterparts by successfully implementing knowledge and technology in a consistent framework, thereby becoming new centres of power.
dhgate