MY WORKING LIFE
Hussam Sidani, 37, is regional manager for the Gulf at Symantec, a provider of global cyber security solutions for governments, businesses and consumers. He tells us how to be safer online
Hussam Sidani doesn’t wear a police uniform, but he knows how to protect you from crime – the cyber kind.
What are the biggest cybercrime threats we face today? We’ve seen the first malware to be jeopardising human life. In Ukraine, millions of people were left without power for some time because of a cyber attack. We’ve also seen malware that was going to jeopardise the thermostat of a nuclear power station and could have caused a disaster. Recently we’ve seen that new connected cars can be manipulated remotely. Cybercrime clearly is impacting human life in a big way. How much worse is the problem getting each year? It’s advancing at a very rapid pace and it will carry on. The biggest problem is there’s a lot of people who don’t understand the impact of not having the proper security measures on their devices: user ignorance is the weakest link in the whole equation. A small mistake can have devastating impact and the problem is going to get worse as everything becomes more and more connected. How many people are affected by cybercrime each year? We track around 90 million security incidents a year, of which we spotted two million in the UAE. The total amount lost due to online crime in the UAE in the last year was Dh4.9 billion. So it’s a big problem. What are the latest trends in cybercrime? One is ransomware: you receive an email with a link, you click on it and what happens is that malware in the background gets downloaded on the device and will run in the background to encrypt the data on that device. Then, the next time you log in, you will be prompted with a window saying if you want to decrypt your information you need to pay a certain amount of money. A lot of people end up paying and even then they don’t get their data back. How common is that? Last year we spotted 7,400 incidents of this in the UAE, and it’s more than doubling each year. We’ve just recently seen malware on iOS [Apple] devices, too. In the next few years cybercrime is going to be a trilliondollar industry and a lot will come from ransomware. Any other new things you’re seeing? We’re seeing a lot of attacks on social media, especially Facebook. For example, you receive a post from Facebook saying, ‘There’s this video here and it’s something you’re interested in’ and you click on the link, and it will advise you to share this with your friends before you can watch it. Then when you click it, nothing happens. This link has malicious code, you sent it to all your friends, they trusted you and then they click on it, too. It could install malware, it could maybe prompt you to change your password and then as you change your password, an attacker will steal it and will compromise your account or encrypt your hardware for ransom. What else can malware do? It can give the hacker constant connection to that device whenever it’s connected to the internet. They can browse the device looking for information, things like Excel sheets with all your passwords on. There’s no limit to what a hacker can do. And now we even have smart TVs with cameras: malware could impact that, you’re sitting in your living room and the next thing you know, there’s footage of you on the internet. What are the top three things that people should be doing to protect themselves? The first thing is to get a better awareness of how to protect yourself, and also how to review bank and credit card statements, looking for irregularities. There’s lots of useful information online and from service providers that can help. When you download apps you need to make sure you check the terms and conditions; you need to make sure you enforce strong passwords – because very weak passwords are common. Many people feel they are in control of their security when they’re online, but that’s not the case. What can we do to be ‘bulletproof’ online? There is no bulletproof solution: a breach is inevitable, it’s just a matter of time. You can minimise the risks by engaging companies like us and also by staying up to date on internet security. Consumers can better protect themselves for the price of a couple of cups of coffee a month, but you need to improve awareness, too. Any golden opportunities for the criminals? The Internet of Things: it’s the next big thing. In Dubai you hear about smart cities coming up; this needs a lot of devices to be connected and cybercriminals are going after that because there’s a lot of information that will be shared. Who are these cybercriminals? There are different types, each with their own intentions. Some are after money; some are after intellectual property; it has become an industry. They could be sitting anywhere in the world – all they need is an internet connection. Are multinationals getting attacked often? Last year, among the top 100 companies in the world, five out of six were breached. The problem is that someone can go into your network, steal your information and you’ll only find out much later. At Symantec what we try to do is to detect the IOCs: the indicators of compromise. An attack will have indicators that something is going wrong, and if you can spot that, you can prevent the attack. What does your job entail? We not only find the bad guys but block them too. We are taking the fight to cyber criminals by partnering with global law enforcement agencies. We contributed to several investigations and botnet [infected computer network] disruptions, including the takedown of the Ramnit botnet, and the financial fraud botnet, Gameover Zeus.