Bahrain finance sector 'safe from cyber attacks'
Manama, September 18, 2012
Bahrain's matured financial services sector remains better guarded against cyber threats than its neighbours, who have come under attack, according to an expert.
Information technology practices followed by the banking sector in Bahrain since the last 40 years remain strong, said Elite Technologies Middle East chief operating officer Arun Aravindan.
"External threats are present," he told the Gulf Daily News, our sister publication, ahead of a conference on 'Information security challenges of the 21st century', held at The Diplomat Radisson Blu Hotel, Residence and Spa yesterday.
"Bahrain is better prepared than its neighbours but there is a lot more that needs to be done," he pointed out.
"Many banks here do penetration testing. However, it is unclear how many of them take this seriously. The Central Bank of Bahrain's guidelines state that all locally-listed firms should do such tests," Aravindan noted.
"However, most firms opt for the cheapest service in order to comply with the regulations," he added.
Recommendations given by security firms on vulnerabilities present in the companies tested are rarely implemented, said the expert.
"Most banks are quite advanced in information security but the private sector is very weak.
"Many companies don't have a security function, so from a reputational point of view, these are firms that can be hit and that affects Bahrain's reputation as well.
Government firms are protected but there appeared to be little protection against insider threats, he added.
"Insider threats also need to be addressed as insiders have access to a lot more sensitive data than outsiders have," said Aravindan.
"It could also be documents which contain confidential information. So it's not just IT security but information security as well."
Firewalls and IT infrastructure already in place usually prevent attempts to hack into systems. However, it remains a challenge to prevent sabotage from within firms.
"The firewalls and infrastructure in place are quite strong, so it is difficult to hack in," he said.
"It is usually done by an unsuspecting employee or by someone who wants to do it on purpose.
"An employee can simply bring in a USB flash drive with a worm and do great damage to a company's reputation.
"Saudi Aramco has not lost any money but the reputational damage is much bigger than that," he pointed out.
Qatar's RasGas and Saudi Aramco have been recent victims of a wave of cyber attacks targeting the Middle East.
"The attacks could be part of a larger framework, because two firms being attacked around the same timeframe is suspicious," he said.
"There is nothing stopping them from doing it to Bahrain. Groups such as Anonymous are targeting Bahrain," he said.
"This is not necessarily for financial gain but to damage the reputation of the country and the institutions here," he added.-TradeArabia News Service