Cyber attacks increasingly target people, rather than infrastructure

Proofpoint study reveals that 82 per cent of organisations in the UAE faced at least one cyber attack in 2019
Proofpoint, Cyber security, Security, Telecoms, Networks


Proofpoint has released its latest research highlighting how people-centric cyber attacks are impacting organisations in the UAE. The research revealed that a majority (82 per cent) of CSOs and CISOs surveyed reported at least one cyber attack on their organisation in 2019, while over half (51 per cent) reported multiple incidents.

Account compromise was the leading method of cyber attack in the UAE in 2019, impacting 28 per cent of companies surveyed, followed by credential phishing (20 per cent) and insider threats (17 per cent). Almost one third of respondents (29 per cent) believe account compromise will continue to be the UAE’s biggest cyber threat over the next three years, followed by Distributed Denial of Service (DDoS) attacks (28 per cent) and phishing (19 per cent).

Cyber attacks can have far-reaching and devastating financial and reputational impact for businesses. The research found that financial loss (29 per cent) and data breaches (28 per cent) were the biggest consequences for UAE organisations in 2019, followed by a decreased customer base (23 per cent).

While organisations in the UAE are aware of the risks, many are not fully prepared. In fact, only 21 per cent of respondents strongly agreed their organisation was prepared for a cyber attack, with 43 per cent somewhat agreeing. In terms of where the biggest risks lie, 59 per cent of respondents cited outdated or insufficient cybersecurity solutions and technology, while more than half (55 per cent) believe that human error and lack of security awareness was a risk factor for their organisation.

Though end-users are the front line of defense against cyber attacks, there is a need for better security knowledge and awareness training. Common security errors made by employees according to CSOs and CISOs in the UAE include poor password hygiene (29 per cent), mishandling sensitive information (25 per cent), falling for phishing attacks (24 per cent), and clicking on malicious links (20 per cent). Interestingly, 19 per cent cited criminal insider threats as a growing concern for businesses.

“A people-centric strategy is a must for organisations in the UAE, as cybercriminals increasingly target people rather than infrastructure, with the aim of stealing credentials, siphoning sensitive data, and fraudulently transferring funds,” Emile Abou Saleh, Regional Director, Middle East & Africa at Proofpoint said.

“With our research revealing that 39 per cent of UAE CSOs and CISOs believe their employees make their business vulnerable to cyber attacks, education and security awareness is a mission critical priority and could make the difference between an attempted cyber attack and a successful one. Along with technical solutions and controls, a comprehensive training program should sit at the heart of an organisation’s cyber defense.”

Despite facing a fast-evolving threat landscape, three-quarters (75 per cent) of respondents admitted to training their employees on cybersecurity best practices as little as twice a year or less. Meanwhile, only 23 per cent of organisations in the UAE train their employees more than three times a year.

Organisations in the UAE are optimistic that cyber security will become more of a business priority moving forward, with 50 per cent reviewing their cybersecurity strategy twice a year or more and 69 per cent expecting their cybersecurity budget to rise by 11 per cent or more over the next two years.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.

Editor's Choice

Emerson expands analytics platform for industrial enterprise-level wireless infrastructure management
Plantweb Insight platform adds two new Pervasive Sensing applications that manage wireless networks more efficiently with a singular interface to the enterprise
Digitalisation seen as a competitive advantage by Middle East private businesses
Nearly 80 per cent of private business leaders acknowledge that digitalisation can impact business sustainability
Etisalat introduces Multi-Access Edge Computing architecture delivering best-in-class video streaming performance for 5G networks
MEC architecture achieves performance gains of as much as 90% in video streaming, validating how ultra-low-latency applications will be delivered over 4G and 5G networks

Most popular

Don't Miss a Story