Date : 15 September 2008

I read a few months ago in an article that about 60% of phishing attacks globally were targeting the Middle East. Observing people from Dubai Karachi and London, I see different attitudes to security. I am from Karachi and have been in Dubai for the past 1 year. I have come to note some differences in the way people think and behave. Karachi is currently a very insecure place since I left and has gotten worse over the last 1 year. Dubai to be in the top 10 globally in public security. I think one of the reasons that the Middle East is targeted more in Phishing attacks is because the people feel secure and do not worry too much about being conned as people from other parts of the world which are more insecure publicly. So what is the issue. Well the issue is that Dubai is targeting areas of tourism, finance and reexport to stay away from being dependent on oil. What needs to be done is make Dubai people and especially those working in the financial sector that their subconscious lax attitude to computer security could be the target of a lot of losses. So what are the practical steps to be taken :

  1. People need to do their confidential work on computers NOT connected to the Internet. Copy files through the USB if possible or sneakernets.
  2. Files copied from a secure computer need to be done in such a way that the secure computer is not set to automatically execute any software existing on the USB. Better yet it should automatically format the USB before use automatically instead of executing it blindly. This shall reduce the chances of viruses piggybacking on USBs and other media to secure computers.
  3. Make people aware of the risks associated with doing transactions on the Internet specifically with computers which are insecure. Insecure computers are those which can run external softwares without asking for permission of the user/owner of the computer first.

Now one may balk at the idea (email) continue … ideal situation : have three computers. One for public work like chatting and browsing one for serious work (email and transactions) secure computer Purely secure for confidential work no connections at all.