Companies in UAE and the region should consider insuring their data against cyberattacks, industry executives said on Wednesday.
“Users need to be given clear training on phishing attacks and how to handle social engineering attacks because we are dealing with emails daily. The first layer is a human firewall which should be very strong," said Noorul Huq, group head of information technology at Sergas.
Along with seminars and workshops for users, a clear policy must be in place on how to contain in cases of data compromise, and an analysis must be carried out by the forensic team, Huq added.
"Data insurance is one thing which needs to be considered and it should be insured so that we get at least part of damages covered, if not completely."
While speaking at a FutureSec Summit 2024 organised by Khaleej Times, he said public and financial sectors are primarily being targeted and there is a need for security measures such as using strong passwords and application-based authentication.
“We are hearing of cloning of sims, so sms can be easily tracked down. Hackers are one step ahead of us. There is a lot of protection that we need to do like firewalls. We need to have zero trust where you don’t trust anybody by default,” Huq said, during the panel discussion on “Navigating data protection in a complex regulatory landscape”.
Rohit Bajpai, head of internal audit, Gulf Islamic Investments, said personal data protection law (PDPL) in the UAE has reshaped the regulatory landscape because it is very aligned with the European Union’s General Data Protection Regulation (GDPR) and helped in increasing innovation and investments in data privacy technologies.
“This has ultimately resulted in sectors like fintech and e-commerce greatly benefitting from this initiative. Secondly, in terms of cross-border data transfer, PDPL has shown the way for other regions to have their own regulations and that has helped unify the regulatory framework. Ultimately it boils down to increased consumer and stakeholder confidence because they know that their data is protected, privacy considerations are maintained and it is a much more secure environment in terms of data protection and data privacy,” he said.
Bajpai called for having data protection and assessment done on a regular basis for high-risk activities. “I think a human firewall is needed if we have training and awareness imparted right from the top level. There needs to be a realisation at the board level that data privacy is non-negotiable to safeguard our business.”