Financial institutions across the Middle East have been stress-testing their cybersecurity defenses, but experts warn that rapid digital expansion and a shortage of skilled professionals are leaving banks exposed to increasingly sophisticated attacks.
Simulated Cyber Attacks Reveal Gaps in Financial Security
At the fourth annual Cyber Wargaming exercise in the United Arab Emirates last week, banks and financial firms confronted simulated attacks designed to test their resilience. The event, hosted by the UAE Banks Federation, aimed to expose vulnerabilities and strengthen defenses in an industry that remains a top target for cybercriminals.
Jamal Saleh, director general of the UAE Banks Federation, emphasized the importance of these exercises, pointing to the growing risk posed by advanced cyber threats. “The rapid adoption and deployment of advanced technologies in the banking and financial sector have increased risks related to transaction security and digital infrastructure,” he said.
The urgency is clear. A recent report from the UAE Cyber Security Council and IT services firm CPX found that financial institutions accounted for 21% of cyber incidents in the region, second only to government entities, which faced 35% of attacks.
Ransomware Remains a Major Concern
While distributed denial-of-service (DDoS) attacks have declined, cybercriminals have shifted tactics, targeting financial firms with phishing, identity fraud, and data breaches. Ransomware, in particular, continues to be a significant issue.
According to the “State of the UAE Cybersecurity” report, the number of ransomware groups targeting UAE-based organizations has jumped from 12 in 2023 to 19 this year. Among the most active groups are RansomHub and LockBit.
“The financial sector remains a top target because these institutions have historically shown a willingness to pay ransoms,” said Ray Kafity, vice president for the Middle East, Turkey, and Africa at Halcyon, a cybersecurity firm specializing in anti-ransomware solutions. “These criminals are motivated by profit, and until that changes, ransomware attacks will persist.”
A key concern is the evolving nature of ransomware operations. Many groups now operate under ransomware-as-a-service (RaaS) models, allowing even low-skilled cybercriminals to launch highly effective attacks.
UAE Invests $2 Billion to Strengthen Cyber Defenses
The UAE government has pledged over $2 billion toward cybersecurity initiatives, with a focus on strengthening national defenses, securing critical infrastructure, and modernizing outdated security frameworks.
- A significant portion of this funding is expected to go toward upgrading legacy systems that were not built with today’s cyber threats in mind.
- There will also be increased investment in identity and data security, reflecting a broader shift toward integrated security platforms.
- The financial sector is placing greater emphasis on securing operational technology (OT), ensuring that both IT systems and physical infrastructure are protected.
Osama Al-Zoubi, vice president of Phosphorus Cybersecurity, believes these investments are crucial. “Many banks still rely on systems that were built without considering today’s advanced cyber threats,” he said. “By directing funds toward those systems, institutions can stay current in an environment where attackers constantly adapt.”
Expanding Attack Surface Poses New Risks
The number of exposed and vulnerable digital assets in the UAE has grown significantly over the past year, making financial institutions more susceptible to cyberattacks. A report by CDX found that:
| Year | Exposed Assets in the UAE |
|---|---|
| 2023 | 155,000 |
| 2024 | 223,000 |
The increase in connected devices—from payment terminals to banking apps—has further expanded the potential entry points for cybercriminals.
“Visibility is a major challenge,” said Al-Zoubi. “Financial institutions need broader defenses that keep track of every connected device, from ATMs to employee workstations.”
Adding to the complexity, nearly one-third of UAE-based systems remain vulnerable to a year-old OpenSSH flaw (CVE-2023-38408), highlighting the region’s struggle to patch known weaknesses in a timely manner.
A Geopolitical Battleground for Cybercrime
Beyond financially motivated attacks, Middle Eastern banks also face threats from hacktivists and nation-state actors. Cyber incidents linked to political and ideological motivations have surged, with Saudi Arabia and the UAE bearing the brunt of these attacks. Research from last year found that 66% of cyber threats in the region targeted these two nations.
While some ransomware groups have ties to specific geopolitical interests, most operate independently, driven by financial gain rather than national objectives. “When it comes to ransomware, it’s a worldwide problem, not a geopolitical one,” Kafity said.
The financial industry remains a high-value target, both for criminals seeking quick payouts and for state-backed actors looking to disrupt economies. As cybersecurity threats grow more complex, regional banks are racing against time to strengthen their defenses.
