Illustration by Joaquin Kunkel

How Safe is Your Data in the UAE?

The Norse Live Attack Map marks the UAE as one of the top three frequently attacked countries from cyberattacks. Should the UAE populace be worried?

Apr 28, 2018

In January 2015, the international cybersecurity company Norse Corp released an updated version of their Norse Live Attack Map. The visuals are striking: on a dark map contoured with country outlines, colorful meteor-like sparks shoot each other at unbelievable speeds across countries and all over the world. These sparks represent cyber attacks happening in real time, and the map is a dramatic demonstration of Norse Corp actively gathering intelligence on these attacks as they are being carried out. Once the visual effect of the comet-like cyber attacks flying across the screen fades, one realizes something: at the bottom of the screen, on the list of most frequently attacked countries, the UAE is invariably in the top three.
The question of cybersecurity in the UAE is new, but it is something that security professionals and businessmen are rapidly growing aware of. Mohamed Amine Belarbi, NYU Abu Dhabi alumnus and co-founder of a cybersecurity firm based in the UAE, found that this growing awareness of cyber threats has opened up a space for entrepreneurs like himself.
“Cybersecurity is a growing market poised to reach 10 billion USD in the Middle East alone in 2019,” he said.
“Cyber attacks are on the rise and the cost of breach and cybersecurity negligence run in the millions of dollars for companies in the MENA region. Not only are IT infrastructures vulnerable and not on par with global standards, but the lack of cybersecurity education and training make employees and individuals the weakest link in the cybersecurity chain,” said Belarbi.
Belarbi took advantage of this gap in the market. Using his access to “stellar profiles” in the security community and ethical hacking groups, he co-founded VUL9, a boutique cybersecurity firm, in 2016. The demand for his services is high.
“We are talking [about] unauthorized access to databases with millions of user records, access to financial transactions, ability to destroy or leak data, capability to install backdoors or even wipe out entire applications and IT infrastructures,” he said. “When costs for failure are high, clients are ready to invest heavily in security, and that’s the fear we capitalize on and exploit to drive business.”
Belarbi finds two things particularly striking about the cybersecurity field in the UAE. One is that the UAE, compared with the rest of the region, has embraced public-private partnerships in cybersecurity ventures. The other is that the market here is mature: in the UAE, people understand the value of cybersecurity and, more importantly, are willing to pay handsomely for it.
The fact that the UAE contains this growing knowledge base also means that it is a growing base for research about cybersecurity. The Center for Cyber Security at NYUAD is one of these research hotspots.
“The center will act as a catalyst to improve cybersecurity in the UAE and enhance its regional and global competitiveness in this field,” the website announces, against a backdrop of NYU purple and white. Although it was established relatively recently, the Center is already involved in various projects, ranging from aviation security and chip security to research on cryptography.
Christina Pöpper, Assistant Professor of Computer Science at NYUAD, is part of the Center’s faculty and works on digital forgetting.
“We are interested in developing techniques that will enable better control over the data that [is] out there, that’s on blogs, that’s on online social networks, any kind of data that's just out there in the online world. Now that we have so much information online, it is interesting to think about the fact that there is some information that we don’t want to leave online forever, so how do we make it go away again from the online world?” she explained.
Digital forgetting is only one of several projects that the Center is currently involved in. The Center is made up of a diverse range of faculty, postdoctoral students, interns and undergraduates, which means that the center is quite interdisciplinary in its work. Pöpper emphasized that research ideas at the Center are born out of the diverse interests of its faculty.
For this research to translate into an actual increase in cybersecurity measures, it requires legal and infrastructural backing. But, as Pöpper emphasizes, the law is not always clear; especially in our international, interconnected world, the problem is not just that there aren’t clear laws, but also that there is no consensus on which set of laws to follow for a particular attack. Pöpper cited the example of a few European countries where people can contact companies like Google and request that their private data be removed from the internet.
“What I’m interested in, from the research side, is to think about what means we have to facilitate this process,” she said.
“So currently these things are being decided by individuum, case by case, which doesn’t scale very well. So the question is, as computer scientists, how can we develop techniques that make this process easier? Or, in the first place, prevent the data from showing up there?”
But despite her work on privacy of data, Pöpper does not think that there is much for the average person living in the UAE to worry about.
“There are many different forms of cyber attacks ... it can be data breaches, it can be credit card information that is stolen, it can be that access to infrastructure is gained by the attacker … there’s such a variety of attacks,” she said. “For the average user, what do they care about? The first thing I think about is, how secure is my online banking, for example. In my opinion, the average user doesn’t have to worry about the potential insecurity here more than in other countries. Based on these attacks, I don’t think that the situation in the UAE is worse than in any other country.”
Belarbi, however, has a different view of the issue. He suggests that we differentiate between the UAE in terms of government entities and the private sector.
“On a governmental level we read constantly about high level cooperation between the UAE and leading cybersecurity and defense contractors from the U.S. alongside U.S. law enforcement agencies, so when it comes to surveillance, national security and military capabilities the UAE is more likely to be top tier, cybersecurity wise. Private sector wise, it’s a mix,” he said.
“We have encountered … leading companies with massive customer data and user records who were exposed and could have been easily breached should a hacker have decided to target them. The takeaway is that any entity, government or private, can be breached, and any data can be compromised, from citizen and expatriate personal data sitting in government-managed IT infrastructures … it’s just a matter of whether the reward [for] the breach is appealing enough to the hacker to justify [their] time and efforts.”
Shreya Shreeraman is Senior Features Editor. Email her at
gazelle logo