Study finds 82% of UAE
organisations faced at least
one cyberattack in 2019
roofpoint, a leading
P
cybersecurity and compliance
company, has released its
latest research highlighting how peoplecentric
cyberattacks are impacting
organisations in the UAE. The research
revealed that a majority (82%) of CSOs
and CISOs surveyed reported at least
one cyberattack on their organisation
in 2019, while over half (51%) reported
multiple incidents.
Account compromise was the leading
method of cyberattack in the UAE in
2019, impacting 28% of companies
surveyed, followed by credential phishing
(20%) and insider threats (17%). Almost
one third of respondents (29%) believe
account compromise will continue to be
the UAE’s biggest cyberthreat over the
next three years, followed by Distributed
Denial of Service (DDoS) attacks (28%)
and phishing (19%).
Cyberattacks can have far-reaching and
devastating financial and reputational
impact for businesses. The research
found that financial loss (29%) and
data breaches (28%) were the biggest
consequences for UAE organisations in
2019, followed by a decreased customer
base (23%).
While organisations in the UAE are
aware of the risks, many are not
fully prepared. In fact, only 21% of
respondents strongly agreed their
organisation was prepared for a
cyberattack, with 43% somewhat
agreeing. In terms of where the biggest
risks lie, 59% of respondents cited
outdated or insufficient cybersecurity
solutions and technology, while more
than half (55%) believe that human error
and lack of security awareness was a
risk factor for their organisation.
Though end-users are the front line of
defence against cyberattacks, there is a
need for better security knowledge and
awareness training. Common security
errors made by employees, according to
CSOs and CISOs in the UAE, include poor
password hygiene (29%), mishandling
sensitive information (25%), falling for
phishing attacks (24%) and clicking on
malicious links (20%). Interestingly, 19%
cited criminal insider threats as a growing
concern for businesses.
“A people-centric strategy is a must
for organisations in the UAE, as
cybercriminals increasingly target people
rather than infrastructure, with the aim of
stealing credentials, siphoning sensitive
data and fraudulently transferring funds,”
Emile Abou Saleh, Regional Director,
Middle East & Africa at Proofpoint,
said. “With our research revealing that
39% of UAE CSOs and CISOs believe
their employees make their business
vulnerable to cyberattacks, education
and security awareness is a missioncritical
priority and could make the
difference between an attempted
cyberattack and a successful one.
Along with technical solutions and
controls, a comprehensive training
programme should sit at the heart of an
organisation’s cyberdefence.”
Despite facing a fast-evolving threat
landscape, three-quarters (75%) of
respondents admitted to training their
employees on cybersecurity best
practices as little as twice a year or less.
Meanwhile, only 23% of organisations in
the UAE train their employees more than
three times a year.
Organisations in the UAE are optimistic
that cybersecurity will become more of
a business priority moving forward, with
50% reviewing their cybersecurity strategy
twice a year or more and 69% expecting
their cybersecurity budget to rise by 11%
or more over the next two years. u
intelligent DATA SECURITY
www.intelligentciso.com | Issue 27
57