I didn't have the stomach to write anything with the massacres and genocide going on next door- and I can't contribute as those on social media have done in exposing the heinous war crimes. This is just a short note on our weak cyber defences.
Cybercrime is trending higher all across the globe. Companies are suffering from cybercrime attacks where their locally hosted servers get hijacked; and your average Mo falls for phishing attacks via email or WhatsApp.
It’s nearly a daily occurrence we see a local company posting that they had nothing to do for something circulating on social media
Since most of our banking takes place on the digital sphere; and our savings are stored in 0s and 1s, I wanted to check if local banks had the best security IT can offer… and oh boy!
This is the cyber report for the Amman Stock Exchange for e.g.
I checked for 4 main cyber security aspects among the biggest and most important financial institutions in Jordan:
1- SSL certificates (any data, such as your login password, you enter on that website is encrypted and cannot be intercepted). Anyone can easily check this when they see a lock 🔒 in the address bar
2- Email spoofing records (SPF, DMARC, DKIM): if all these policies are set in place correctly, basically no cybercriminal can send an email using the same domain as a bank for example (commonly called phishing scams)
3- Email encryption (MTA-STS, TLS2)
4- BIMI record: this is not very important, but could help with brand image and marketing. The domain owners can get a verified certificate for ~1000 JODs. BIMI is basically allowing companies to have their logos in the email
Results
Amman Stock Exchange and Social Security need to update their email security protocols.
Amongst the banks, Bank al Etihad seems to have things in order but might need to consider increasing email encryption and BIMI. Jordan Kuwait Bank is the worst amongst the top 6 banks (why is arabbank.jo different than arabbank.com?).
I trust all institutions hurry in upgrading their IT infrastructure and security.
I hope this doesn’t attract the wrong type of attention to the cracks in our digital firewall 🧿
Links: to check if your domain is up to standards, I recommend the UK’s national cybercrime security centre https://checkcybersecurity.service.ncsc.gov.uk/email-security-check/form