Digital14, a UAE-based trusted advisor in digital transformation and cyber resilience, has revealed how UAE organisations are high-value targets in its Cyber Resilience Report: The UAE Threat Landscape 2021. Despite the high cost associated with successful cyber breaches, public and private sector organisations need to do more to address critical security threats and protect themselves and their customers from data theft.

“Proactive action costs a fraction of the bill for responding to and recovering from a successful breach,” said Joshua Knight, EVP Cyber Defence at Digital14. “The pandemic has acted as a force multiplier for existing cyber threats, while giving birth to a whole new set of cyber risks. While we have been shifting work practices to new, remote ways of working and relying on personal devices, threat actors have been watching and have switched tactics to exploit this new reality,” he explained.

The UAE has witnessed a 250% increase in cyberattacks in 2020, prompting the UAE Government’s Head of Cybersecurity to describe the pandemic as a ‘cyber pandemic’. Digital14‘s research revealed an exponential surge in phishing and ransomware with 1.1 million phishing attacks in 2020.

“Traditional cyber security approaches are no longer enough. We must augment our security policies with always-on cyber protection as an ongoing process that steadily strengthens and improves enterprise security, rather than a one-time solution,” Knight said.

“Traditional perimeter-based network defence, for example, is obsolete. Not only does the perimeter no longer exist in our newly connected environments, but organisations must also recognise that their networks have most likely already been breached,” Knight added.

UAE Threat Landscape 2021 highlights

Digital14’s Cyber Resilience Report: UAE Threat Landscape 2021, builds on its work with many organisations to defend against targeted cyber-attacks in 2020.  Cyber defence experts evaluated and analysed multiple digital assets in the UAE to give an accurate, in-depth understanding of the country’s current threat landscape.

The report reveals that nation-state cyber threat actors have become more active between 2017 and 2020, growing in number, becoming more sophisticated and increasingly harder to identify. The UAE and the wider Middle East are constant targets of nation-state activities driven by economic and political motivation.

Industry estimates put the cost of a data breach in the Middle East as the second highest in the world at USD6.52 million on average in 2020, just after the United States. Such a breach can inflict short-term financial damage, and affect an organisation’s operations and compliance, while causing reputational damage over the long term, resulting in lost business and competitive disadvantages.

Vulnerability exploitation, the use of previously stolen valid accounts, and supply chain attacks were other prominent threat vectors in 2020.  

Key findings of the report include (references in report):

• In 2020, a total of 249,955 vulnerabilities were found in 800,315 unique instances.^[1]
• Significant numbers of old vulnerabilities, some dating back to 2000, have yet to be remediated within UAE organisations’ networks. These can easily provide an entry point for devastating cyberattacks.
• Over 100 vulnerabilities affecting UAE entities have public exploits that can be abused by even the most unsophisticated threat actors to breach IT and OT environments with minimal effort.
• Password reuse is among the most common weaknesses in UAE organisations.
• The most common incident types are associated with unauthorised access and malicious code.
• Over 1.1 million phishing attacks were observed last year, peaking at moments when UAE residents were restricted to their homes and needed to rely on internet platforms for their daily needs.
• Ransomware increased significantly in 2020, with an industry study showing an increase of 33% in the number of new ransomware families compared with 2019.
• The government and critical infrastructure sectors were among the major sectors targeted in attacks over 2020.

Top cybersecurity recommendations for UAE organisations

Many of the most common causes of cybersecurity threats seen by Digital14 are relatively easy to address and defend proactively with established best practices.  Digital14’s cyber defence experts recommend organisations take eight proactive actions now to avoid the costs responding to and recovering from a successful breach:

1. Patch vulnerabilities immediately as they occur to keep operating systems and components up to date and protect assets from unauthorised access.
2. Adopt a defence-in-depth strategy to investigate, contain, and eradicate materialised threats efficiently and effectively.
3. Perform regular penetration tests to develop an effective security roadmap and strategy.
4. Implement strong password policies and strict rules concerning corporate emails for personal use.
5. Implement multi-factor authentication across all infrastructure as an additional layer of protection.
6. Launch robust, interactive, and regular security awareness programs for staff who are the weakest link in the security chain.
7. Invest in the professional development of cybersecurity staff to stay ahead of sophisticated attack techniques.
8. Implement UAE Information Assurance Standards in regular audits and evidence-based security assessments.

Digital14’s Cyber Resilience Report: UAE Threat Landscape 2021 provides an accurate, in-depth understanding of the country’s current threat landscape with actionable insights and recommendations here.