Dubai has been experiencing a surge in cyberattacks over the past decade, with the United Arab Emirates (UAE) consistently ranking as the country with the second highest cyber-breach rate from 2018 to 2022. These attacks have resulted in significant financial losses, with the UAE losing over $32 million to cyberattacks and data breaches during this period.
One notable incident occurred in 2019 when Binu Manaf, the CEO and managing director of Dubai’s Cheers Exhibition, received an alarming email informing him that the company’s ongoing clients were being asked to pay outstanding payments into an overseas account instead of a local bank in Dubai. Despite efforts to undo the damage, one of the company’s Russian clients had already remitted over $50,000 into the fraudulent overseas account, making it one of the most elaborate phishing attacks in Dubai’s history.
The UAE has become an attractive target for cybercriminals due to its rapid digital transformation and status as one of the Gulf countries making significant strides in digital innovation. The growing reliance on digital infrastructure and technologies has presented new opportunities for attackers to exploit vulnerabilities and gain unauthorized access to sensitive information.
In response to these increasing cyber threats, Dubai has implemented comprehensive cybersecurity strategies to protect both government and citizen data. The first phase of the cybersecurity strategy was launched in 2017, with the establishment of the Dubai Electronic Security Centre (DESC) as a core body to protect Dubai’s digital infrastructure. This phase focused on five main domains: Cyber-Smart Nation, Innovation, Cybersecurity, Cyber Resilience, and International Collaboration.
The domain of Cyber-Smart Nation aimed to raise cyber awareness among residents and develop the necessary skills to manage cybersecurity risks. The DESC worked closely with the public sector, schools, and universities to increase the number of cybersecurity experts in the emirate by incorporating cyber-specific subjects and courses into curricula.
The Innovation domain focused on promoting research and development in cybersecurity to establish a secure cyberspace. With Dubai being a smart city heavily reliant on technologies like the Internet of Things (IoT), this domain aimed to address the risks associated with these technologies and ensure their secure implementation.
The Cybersecurity domain aimed to build a safe cyberspace by providing controls to protect the confidentiality, integrity, availability, and privacy of data within Dubai. This phase also saw the release of the Information Security Regulation (ISR) version 2, which urged the private sector and Critical Information Infrastructure (CII) organizations to implement security standards into their information security management systems.
The domain of Cyber Resilience focused on maintaining the flexibility of Dubai’s cyberspace, ensuring the continuity and availability of IT systems and expertise during cyberattacks. A platform was established to facilitate the exchange of information about cyber incidents and support their management effectively.
Lastly, the International Collaboration domain emphasized partnerships between local and international entities to achieve cybersecurity objectives. It also involved the development of cybersecurity legislation and regulations to address various forms of cybercrime.
Building upon the success of the first phase, Dubai recently launched the second phase of its cybersecurity strategy on July 12, 2023. This phase aligns with Dubai’s overall digital transformation goals under the Dubai Digital Strategy. It aims to strengthen cybersecurity across four main domains: Cyber-Secure Society, Incubator for Innovation, A Resilient Cyber City, and Cyber Collaboration.
The Cyber-Secure Society domain focuses on cultivating cyber skills among Dubai’s residents and ensuring accessibility to cybersecurity tools and resources. This is crucial as cybersecurity education and awareness play a pivotal role in preventing and mitigating cyber threats.
The Incubator for Innovation domain promotes a cybersecurity research and innovation ecosystem to ensure the security of emerging technologies in Dubai. This domain acknowledges the importance of staying ahead of evolving cyber threats and leveraging innovative solutions to defend against them effectively.
A Resilient Cyber City domain emphasizes the governance and resilience of Dubai’s cyberspace. By implementing robust cybersecurity measures, Dubai aims to swiftly manage cybersecurity incidents and crises, minimizing their impact and ensuring the continuity of critical systems and services.
The final domain, Cyber Collaboration, aims to foster collaboration and knowledge-sharing between local and international cybersecurity organizations. By staying informed about global cybersecurity trends and best practices, Dubai can enhance its cybersecurity capabilities and protect its citizens effectively.
Overall, Dubai’s commitment to cybersecurity is evident through the implementation of these comprehensive strategies. By addressing key areas such as cyber awareness, innovation, data protection, resilience, and collaboration, Dubai aims to create a secure digital environment for its residents and businesses. As cyber threats continue to evolve, it is essential for Dubai to remain vigilant and proactive in its efforts to combat cybercrime and safeguard its digital infrastructure and citizen data.