Welcome to the Saudi Arabia focus edition of Law Update.
One of the key markets in the Middle East and North Africa (MENA) that continues to lead from the front is the Kingdom of Saudi Arabia (KSA). As the largest country in the Middle East and the 18th largest economy in the world, the progress KSA continues to make is underpinned by its Vision 2030 that envisions developing the country as an investment powerhouse and hub that ultimately connects Asia, Europe, and Africa. Given Saudi Arabia’s significance to the regional economy, our team of experts have prepared a range of pertinent articles that provide insights into new laws, regulations, and the legal landscape in the Kingdom.
This edition will provide you with an up-to-date guide on matters such as; the framework issued by the Saudi Central Bank on IT governance, the anti-corruption landscape under Vision 2030; we also provide practical tips for dispute avoidance. This is only a snapshot; there are many more articles within the KSA focus section for you to read, which we hope you will find valuable and enjoyable.Read the edition
June – July 2017
With this type of software, a victim could be locked out of his computer or other electronic devices until a certain ransom is paid to the hacker. The victim receives a request to pay a sum of money, in order to be able to access their locked data. The device remains blocked pending the payment of the specified ransom, hence the name “ransomware”. Even if the victims pay the requested amount, this does not guarantee that access will be restored.
Global Cyber Attacks
Last month, the world witnessed one of the biggest global cyber attacks ever recorded. “WannaCry”, a ransomware, affected numerous international services. Sources argue that it affected 100,000 entities over 150 countries, including Taiwan, Ukraine, United Kingdom, Russia, India, China, Romania, Italy, Brazil, Egypt and others. The entities affected included FedEx, Spain’s Telefonica, Renault, and some NHS hospitals whose services were slowed down and patients’ appointments had to be canceled.
Recent cases in the Middle East
In less sophisticated fraudulent acts, criminals simply impersonate others and request payment of money from third parties in lieu of offering a service or a commodity. Many of other cyber crimes commence by a simple email or even a private message on social media platforms.
In one case, a customer received a fraudulent email from a business’ head of office requesting the customer to transfer funds to a specific bank account. The customer, unaware of the fraudulent scheme, transferred the funds to the specified bank account and received nothing in return.
In another case, a branch manager received an email purporting to be from the CEO of the company, requesting the branch manager to connect the CEO to the local travel agency so that he could book tickets for business trips. The branch manager complied with the request and unknowingly connected the fraudster via email to the travel agency who then booked 35 plane tickets for various people. Later on, the branch manager and the travel agency discovered that the real CEO never made such requests and that the previous correspondence was made with someone who impersonated the CEO’s identity. A total of 35 passengers flew between two countries with the business and the travel agency left to pick up the costs.
There have also been a number of other incidents where criminals attempted fraud by establishing websites and emails almost identical to those of legitimate businesses, with the aim of impersonating them and deceiving third parties.
In the UAE, the relevant authorities, including the public prosecution offices, are very effective in deterring cyber crimes. Moreover, a new department, the Federal Public Prosecution for Information Technology Crimes, specialised in information technology crimes, was established earlier this year. In a previous Law Update Articles, we explained how this signifies the UAE’s determination to safeguard individuals, the community and the Emirates from these types of crimes.
Given the difficulty in locating and identifying cyber criminals, the key is to have in place protective measures against cyber attacks, particularly ransomwares and other viruses that reach devices through the internet or when downloaded mistakenly through a malicious file. It is thus recommended to:
In the unfortunate event your company is impacted by cyber crime, report it as soon as possible to the authorities. Cyber incidents and viruses that may seem insignificant to you (if for example it affected an old PC) are nevertheless worth reporting to the authorities as every piece of information helps authorities to assess the magnitude of the attack and can assist in tracking and combating the virus before it spreads further.
Al Tamimi & Company’s Litigation and TMT teams regularly advise on cyber security issues. For further information please contact Nick O’Connell (email@example.com) or Omar Khodeir (firstname.lastname@example.org).