infographic
Cyberattacks increasingly
target people, rather than
infrastructure, with more than
half (55%) of CSOs and CISOs
citing human error and lack of
security awareness as one of the
biggest IT security risks.
PROOFPOINT STUDY FINDS
82% OF ORGANISATIONS IN
THE UAE FACED AT LEAST ONE
CYBERATTACK IN 2019
Proofpoint, a leading cybersecurity
and compliance company, has
released its latest research
highlighting how people-centric
cyberattacks are impacting
organisations in the UAE. The
research revealed that a majority
(82%) of CSOs and CISOs surveyed
reported at least one cyberattack on
their organisation in 2019, while over
half (51%) reported multiple incidents.
Account compromise was the
leading method of cyberattack in
the UAE in 2019, impacting 28% of
companies surveyed, followed by
credential phishing (20%) and insider
threats (17%). Almost one-third of
respondents (29%) believe account
compromise will continue to be
the UAE’s biggest cyberthreat over
the next three years, followed by
Distributed Denial of Service (DDoS)
attacks (28%) and phishing (19%).
Cyberattacks can have far-reaching
and devastating financial and
reputational impact for businesses.
The research found that financial loss
(29%) and data breaches (28%) were
the biggest consequences for UAE
organisations in 2019, followed by a
decreased customer base (23%).
While organisations in the UAE
are aware of the risks, many are
not fully prepared. In fact, only
21% of respondents strongly
agreed their organisation was
prepared for a cyberattack, with
43% somewhat agreeing. In terms
of where the biggest risks lie, 59%
of respondents cited outdated or
insufficient cybersecurity solutions
and technology, while more than half
(55%) believe that human error and
lack of security awareness was a risk
factor for their organisation.
Though end-users are the front line
of defence against cyberattacks,
there is a need for better security
knowledge and awareness training.
Common security errors made by
employees according to CSOs and
CISOs in the UAE include poor
password hygiene (29%), mishandling
sensitive information (25%), falling for
phishing attacks (24%) and clicking on
malicious links (20%). Interestingly, 19%
cited criminal insider threats as a growing
concern for businesses.
“A people-centric strategy is a must
for organisations in the UAE, as
cybercriminals increasingly target people
rather than infrastructure, with the aim of
stealing credentials, siphoning sensitive
data and fraudulently transferring
funds,” said Emile Abou Saleh, Regional
Director, Middle East and Africa at
Proofpoint. “With our research revealing
that 39% of UAE CSOs and CISOs
believe their employees make their
business vulnerable to cyberattacks,
education and security awareness is a
mission critical priority and could make
the difference between an attempted
cyberattack and a successful one.
Along with technical solutions and
controls, a comprehensive training
programme should sit at the heart of an
organisation’s cyberdefence.”
Despite facing a fast-evolving threat
landscape, three-quarters (75%) of
respondents admitted to training their
employees on cybersecurity best
practices as little as twice a year or less.
Meanwhile, only 23% of organisations in
the UAE train their employees more than
three times a year.
Organisations in the UAE are optimistic
that cybersecurity will become more of
a business priority moving forward, with
50% reviewing their cybersecurity strategy
twice a year or more and 69% expecting
their cybersecurity budget to rise by 11%
or more over the next two years. u
Emile Abou Saleh, Regional Director, Middle
East and Africa at Proofpoint
22 Issue 28 | www.intelligentciso.com