Official blog



Economics and financial markets

Konstantin Tserazov: Cybersecurity and Data Protection – Global Challenge and Gulf Countries

On April 24, U.S. President Joe Biden signed a law aimed at TikTok, requiring its parent company ByteDance to sell its interests or face a U.S. ban within a year. ByteDance opposes this, claiming it infringes on the free speech of 170 million U.S. TikTok users and plans to legally challenge it. This highlights the growing concerns over data protection, potentially straining U.S.-China relations, with the handling of user data by TikTok at the center of the issue.

The question remains contentious: is it possible to create a barrier between U.S. users' data and data collected and analyzed at the heart of TikTok in China? Is it practically feasible and meaningful? Is the U.S. government justified in its pursuit to protect American personal data?

All these questions are vital for any country in the world dealing with similar issues: data protection and cybersecurity. Gulf countries are also paying considerable attention to this matter.

Internet of Finance

The Internet has created a sense of convergence in information flows. Social media has become integrated into finance as platforms where people spend significant time sharing personal information. The concept of open banking is rooted in the principle of ubiquitous information flow. The increasing immersion of humanity in the vast information landscape results in extensive data accumulation whenever individuals connect to the Internet.

Consequently, the Internet has evolved into the Internet of Money or Internet of Finance, making data protection and cybersecurity critical concerns for investors and financial services users.

Data protection practices and cybersecurity risk management are now essential components of any country's business environment, with artificial intelligence (AI) technologies playing a leading role in this realm.

AI and Oil

For Gulf countries like Qatar, Saudi Arabia, the U.A.E., and Oman, the strategic application of AI to monitor cybersecurity risks is a naturally sustainable practice, given their abundant oil resources. This is due to the significant energy requirements of AI technologies, with the latest generation chips consuming 700 Watts per hour, exceeding the power consumption of a typical 4-person household. Modern neural networks rely on millions of such chips.

It is foreseeable that in the next two years, the West may face challenges in meeting the escalating energy demands of AI. While solar, hydro, and wind energy sources are viable options, the rapid advancement of AI technology suggests a resurgence in oil consumption. Gulf countries are poised to play a pivotal role in driving AI innovation.

The Escalating Dangers of Cybercrime in the Digital Era

In today's digital era, data's expansion serves as both a boon and a bane for individuals. While it streamlines processes and enhances efficiency, it simultaneously opens the door to potential financial jeopardy due to cybercrime. The adeptness of cybercriminals in harnessing the vast pools of digital information to illicitly access personal financial assets marks a grave concern for personal economic security.

The surge in economic crime poses a multifaceted threat, leading not only to severe financial repercussions for individuals but also tarnishing the reputations of nations and financial bodies. Particularly at risk is the banking sector, which has seen a pivot from conventional physical thefts to intricate cyber intrusions over the last decade. This shift, propelled by the digital transformation of banking operations, renders digital monetary assets and sensitive data increasingly vulnerable to cyber incursions.

The cyber threat landscape is primarily navigated by two adversarial entities: criminal syndicates and government-backed operatives. The former usually aims at financial institutions to pilfer funds, pilfer data, or execute fraudulent schemes. Among their tactics, ransomware is prevalent, effectively holding a bank's operational systems hostage in exchange for payment. Conversely, state-sponsored entities seek data that could furnish a competitive edge to national interests.

AI and Cybersecurity

Financial entities today grapple with a spectrum of cyber threats, from DDoS attacks and phishing scams to malware viruses. The evolving sophistication of cybercriminal acts necessitate a detailed comprehension of the primary vectors of cyber threats. Such insight is pivotal in formulating robust cybersecurity strategies, thereby safeguarding against the operational and reputational damage wrought by these digital hazards.

This makes it more difficult to detect and prevent such crimes using traditional methods. This has created a need for more innovative solutions. By using advanced algorithms, AI can quickly and efficiently identify anomalous behavior, such as suspicious transactions, making it possible to detect these types of crimes.

In recent two years, AI is used to address such threats in Gulf banks. Among other things, they have invested large sums of money to develop customer service tools such as chatbots and efficient credit assessment tools. In addition, they have begun to apply AI to strengthen and streamline cybersecurity. By applying AI in cybersecurity work, banks can detect threats faster and more accurately to counteract cyberattacks.

Meanwhile, cybercriminals also have access to AI technology. This results in new types of attacks and threats, leading to new challenges for the banking sector of Gulf countries. Gulf banks compete with each other, and by maintaining an effective cybersecurity system, one can help ensure the usability of products and customer confidence. To outpace cybercriminals, local banks are keen to use neural networks.

Machine Learning Algorithms

The use of Machine Learning (ML) algorithms is a powerful solution for managing the increasing complexity in network traffic and security-related events. These algorithms have the capacity to analyze and understand users' network activities, identify malicious web traffic, and detect unusual behavior that may indicate attacks.

Through careful exploration and testing of various ML options, the most suitable architecture for the task and data can be identified, enabling effective learning and the ability to capture relevant patterns and features. In this way, an efficient method can be created to detect network intrusions. Experimentation and development of AI models based on ML are crucial to addressing current threats and maintaining an up-to-date level of protection.

Data quality is also a crucial factor for training AI models and benefiting from their analytical capacity. Banks handle large amounts of data of various types, making maintaining high quality a challenge. Furthermore, banks need AI specialists with relevant expertise.

Cybersecurity Risk Management and Recommended Measures

Gulf banks' cybersecurity risk management is based on five key points: • Confidentiality: prevents unauthorized disclosure of information. • Integrity: prevents unauthorized alteration of information. • Availability: prevents unauthorized withholding of information. • Traceability: activities within a system should be traceable to a user. • Non-repudiation: prevents data sent or received from being denied.

The most recommended measures for banks' clients in the region are: • Software Updates: Keeping systems updated minimizes the risk of known vulnerabilities. • Antivirus: To protect against malicious software that can steal login credentials. • Backup: To minimize the risk of losing essential information. • Passwords: Passwords should be complex, changed regularly, and kept confidential to maintain effectiveness. • Education: All individuals in contact with computer systems should be educated in cybersecurity to maintain a good standard.

The Legal Framework

In data protection, Gulf banks follow the spirit of GDPR - General Data Protection Regulation. On the 25th of May 2018, the GDPR was introduced by the European Union. This legal construction is the world's largest of its kind, impacting not only entrepreneurs within the EU but all financial businesses worldwide that target EU citizens. Since Gulf countries are keen to attract more wealthy investors from the EU, the local regulators created legal frameworks similar to GDPR to a familiar degree.

In the U.A.E., the Personal Data Protection Law (PDPL) that came into effect on 2 January 2022 became the milestone in developing the legislation in accordance with new tech development and the pace of digitalization of life.

On 7 September 2023, Riyadh formally published the amended local Personal Data Protection Law (PDPL). Saudi business entities have until 14 September 2024 to adjust their practices to become compliant with the PDPL.

More Information, More Risks: IoT Devices Move into Focus

Gulf banks look ahead. They know they must provide comprehensive data protection and cybersecurity risk mitigation for users. These risks deepen as the Internet of Finance gains access to more personal information of bank users, via social media for example, which has become a strong concern for policymakers worldwide. But technology continues advancing. A new challenge to address is the Internet of Things (IoT).

The number of connected IoT devices has risen dramatically. Gulf banks have the right technological and organizational foundations in place to secure their IoT devices. In addition to the technological framework, it's equally important to ensure staff undergo adequate training and stay informed about optimal cybersecurity practices related to IoT systems employed in the financial sphere. Considering the human element is essential because a lack of awareness can create security vulnerabilities that cybercriminals could potentially exploit.


Return to articles



No comments yet.