IT Security and Data Privacy


Minimising security breaches by strengthening our cyber capabilities

Data privacy and security is another important material issue for our Group, especially with our growing online presence. As a result, we are constantly enhancing our cyber security and aligning our IT operations with international standards and practices to ensure that we protect and secure the privacy of our employees and customers.

Key Stories


Enhancing our IT security

Cybersecurity threats are now more complex, harmful and costly to recover from. The Khaleej Times reported 23.4 million malware attacks in UAE in Q1 2019 alone.

To enhance our IT security, our IT Services brought in SentinelOne, a next generation anti-virus that uses artificial intelligence and behavioral analysis to block a full spectrum of modern malware, spyware and ransomware. SentinelOne learns the way we typically use our devices so it can mitigate any unusual or suspicious activities that may be an attack. We are now able to enjoy better protection with less inconvenience because SentinelOne does not require frequent computer reboots. It lets devices run faster by scanning documents as soon as we open them for speedier security.

In order to tackle the challenges that arose from the varying maturity levels of our cybersecurity systems across the countries in which we operate, we also formulated an IT security strategy at the Group level. The newly introduced strategy includes a roadmap up to 2021, along with KPIs and goals to achieve its implementation. This strategy focuses on three main areas: people, process, and technology, that aim to help develop our people’s IT literacy, solve any technical issues we encounter, and to ensure the security of our data.

  • Our People focus area mainly incorporates IT training, security modules for back-office users and IT security awareness, informing our people on potential issues such as phishing campaigns.
  • Our Process focus area involves improving on areas where we have found maturity gaps, such as our access controls, commissioning and reviews, ensuring that correct access control over critical applications is given to appropriate personnel.
  • The third focus area, Technology, includes targets around implementing our newly acquired next-generation anti-virus solution, through which we aim to enhance the security of our backend systems, controls, and applications.

Fortunately, we have not experienced critical security breaches in 2019. We attribute this success to our IT security and IT Operations team’s ongoing commitment towards improving our systems.

Ensuring data privacy

In the effort of enhancing our data security and customer privacy, we have made progress towards adhering to the European Union’s General Data Protection Regulation (GDPR). The GDPR is a regulation introduced by the European Union on data protection and privacy for individuals. Although GDPR is not a regulation in the countries we operate, we are committed to adhering the universal best practices. It is of value to our stakeholders and helps us build trust with them. So far, we have accomplished 8 of the goals set out by the EU GDPR and are striving towards accomplishing the full set of goals in the upcoming years.

Case Study: Game of Threats, an IT Security training tournament

The cyberworld is dark and full of terrors, and with the rise of powerful hackers and identity thieves, it's important that our Group is vigilant and educated to defend against these data attacks.

In 2019, our IT Services team launched Game of Threats, a tournament to educate employees on identifying a malware virus or phishing email as well as learn more about the Group's cybersecurity policies. Armed with buzzers, the Starks, Lannisters, Targaryens and other Houses must battle for a prize to be the winner of each Game of Threats session.

Season One, the 2019 season and first season of many to come, includes advanced technical questions geared towards IT Services. Season 2 and the other upcoming seasons will be tailored to all our people, incorporating more general questions that aim at enhancing IT literacy for even the most IT illiterate. Nonetheless, Game of Threats does not only impact the IT illiterate. It is geared towards changing the mindset of our people by enabling them to understand the importance of IT security in their professional as well as in their personal lives. By doing so, we aim to pave the way for an easier implementation of technology and of associated tools. In the past, we encountered several challenges where we observed many instances of phishing emails. We are currently proud to claim that our people are increasingly aware of the value of the data that they hold and that they are increasingly protecting it.

This mindset has been enabled by our Game of Threats program, and notably because of the interactive nature of the tournament. The Kahoot application, a mobile platform using multiple choice questions, allows teams with different levels of digital literacy compete against each other. The winning teams were awarded with Mall of Emirates gift vouchers and T-shirts. Looking forward, we are planning to roll-out a program that covers the most critical functions of our Group, including Accounts, Human Resources and Payroll. Seasons 3 will cover the remainder of our people which include our back-offices and stores in all countries where we operate.

Contact us