Some government services and airport operations were among those hit by the cyber outage in the Emirates
A large screen in the Dubai Metro is out of function on July 19, 2024, amid a massive global IT outage. AFP
Ordinary PC users can move on following the global IT meltdown last week but businesses and governments will have to start reviewing their backends and look at options to be safer, Dubai-based cybersecurity experts told Khaleej Times on Wednesday – less than a week after a software update by cybersecurity firm CrowdStrike affected nearly 8.5 million Microsoft devices worldwide.
“Residents should be personally more careful about scammers and cyberhackers,” noted Rayad Kamal Ayub, managing director of Rayad Group; and Irene Corpuz, GRC (Governance, Risk, and Compliance) and Cyber Policy Advisor based in Dubai. They both noted the massive tech failure that caused travel chaos and affected major industries around the world, was not a cyberattack.
In the UAE, some government services were among those hit by the cyber outage. Some flights and airport operations in the country were affected too, but the authorities’ swift response cushioned the impact.
Stay up to date with the latest news. Follow KT on WhatsApp Channels.
Ayub, managing director of Rayad Group, noted, “most of the 8.5m devices affected by last week’s global IT outage are up and running. But there are two major concerns that must be highlighted following the CrowdStrike crash: First, the societal risks of industrial consolidation in the tech industry.”
“CrowdStrike is one of the largest companies in the cybersecurity market. Microsoft has a stranglehold on the business computing marketplace. Organisations run on Windows. If there are only a handful of large cybersecurity companies supplying and regularly updating millions of desktop corporate PCs, then there is an attractive potential for massive disruption,” he explained
Rayad Kamal Ayub
Ayub continued: “Second major concern is that a single error by a single tech company can cause so much disruption. Imagine what a determined adversary could do?
This is what the SolarWinds hack did back in 2020, when US and worldwide government departments were affected, as well as corporations such as FireEye, Microsoft, Intel, Cisco and Deloitte.”
Ayub underscored “government authorities and business owners need to stop viewing cybersecurity services as merely a cost or expense but instead realise it as an essential investment in their entity’s future.”
On a brighter note, Ayub said: “Fortunately with technology advances we would be able to stop tech failures and businesses could take steps to secure data of the customers."
“The UAE government is extremely vigilant about its data and now the most critical data of residents are stored within the country with backups,” he added, noting: “Residents should be personally more careful about scammers and hackers. Think of them as modern-day highly skilled thieves who could break into your personal space.”
Irene Corpuz, who is also the founding partner and board member at Women in Cybersecurity Middle East, said: “Expect thorough investigations and remediation efforts to continue in the coming days.”
“While automatic updates are crucial, businesses must review their deployment processes. Users should not fear updates but should ensure proper testing and backup protocols,” she underscored.
Irene Corpuz
Corpuz noted the CrowdStrike meltdown has shown that even top security firms can have vulnerabilities – shaking their credibility and putting client data at risk.
“Right now, the priority is transparent and clear communication and quick fixes to regain the trust of clients and the industry,” she added.
Corpuz shared the following tips to prevent any CrowdStrike meltdown from happening again:
ALSO READ:
Angel Tesorero is Assistant Editor and designated funny guy in the newsroom, but dead serious about writing on transport, labour migration, and environmental issues. He's a food lover too.