Proofpoint, a cybersecurity and compliance company, has released its latest research highlighting how people-centric cyber attacks are impacting organisations in the UAE
The research revealed that a majority (82 per cent) of surveyed CSOs and CISOs reported at least one cyber attack on their organisation in 2019, while over half (51 per cent) reported multiple incidents.
Account compromise was the leading cyber-attack method in the UAE in 2019, affecting 28 per cent of surveyed companies, followed by credential phishing (20 per cent) and insider threats (17 per cent).
Nearly one-third of respondents (29 per cent) believe that account compromise will continue to be the biggest cyber threat for the UAE over the next three years, followed by Distributed Denial of Service (DDoS) attacks (28 per cent) and phishing (19 per cent).
Cyber attacks can have a far-reaching and devastating financial and reputational impact on businesses. The research found that financial loss (29 per cent) and data breaches (28 per cent) were the biggest consequences for UAE organisations in 2019, followed by a decreased customer base (23 per cent).
While end-users are the frontline defence against cyber-attacks, there is a need for better knowledge of security and awareness training. Common security errors made by employees in the UAE according to CSOs and CISOs include poor password hygiene (29 per cent), mishandling sensitive information (25 per cent), dropping due to phishing attacks (24 per cent), and clicking on malicious links (20 per cent).
Interestingly, 19 per cent have cited criminal insider threats as a growing concern for businesses.
“A people-centric strategy is a must for organisations in the UAE, as cybercriminals increasingly target people rather than infrastructure, intending to steal credentials, siphon sensitive data, and fraudulently transferring funds,” Emile Abou Saleh, regional director, Middle East and Africa at Proofpoint said.
“With our research revealing that 39 per cent of UAE CSOs and CISOs believe their employees make their business vulnerable to cyber attacks, education and security awareness is a mission critical priority and could make the difference between an attempted cyber attack and a successful one. Along with technical solutions and controls, a comprehensive training program should sit at the heart of an organisation’s cyber defence.”
Despite a rapidly evolving threat landscape, three-quarters (75 per cent) of respondents admitted to training their employees as little as twice a year or less on best practices in cybersecurity. Meanwhile, only 23 per cent of UAE organisations, more than three times a year, train their employees.
With 50 per cent reviewing their cybersecurity strategy twice a year or more and 69 per cent expecting their cybersecurity budget to rise by 11 per cent or more over the next two years , organisations in the UAE are optimistic that cybersecurity will become a business priority.