INFOGRAPHIC
Proofpoint study finds 82% of
organisations in the UAE faced at
least one cyberattack in 2019
Cyberattacks increasingly
target people, rather than
infrastructure, with more than
half (55%) of CSOs and CISOs
citing human error and lack of
security awareness as one of
the biggest IT security risks.
Proofpoint, a leading cybersecurity
and compliance company,
has released its latest research
highlighting how people-centric
cyberattacks are impacting organisations
in the UAE. The research revealed that
a majority (82%) of CSOs and CISOs
surveyed reported at least one cyberattack
on their organisation in 2019, while over
half (51%) reported multiple incidents.
Account compromise was the leading
method of cyberattack in the UAE in 2019,
impacting 28% of companies surveyed,
followed by credential phishing (20%) and
insider threats (17%). Almost one third
of respondents (29%) believe account
compromise will continue to be the UAE’s
biggest cyberthreat over the next three
years, followed by Distributed Denial of
Service (DDoS) attacks (28%) and
phishing (19%).
Cyberattacks can have far-reaching and
devastating financial and reputational
impact for businesses. The research found
that financial loss (29%) and data breaches
(28%) were the biggest consequences for
UAE organisations in 2019, followed by a
decreased customer base (23%).
While organisations in the UAE are aware
of the risks, many are not fully prepared.
In fact, only 21% of respondents strongly
agreed their organisation was prepared for a
cyberattack, with 43% somewhat agreeing.
In terms of where the biggest risks lie, 59%
of respondents cited outdated or insufficient
cybersecurity solutions and technology, while
more than half (55%) believe that human
error and lack of security awareness was a
risk factor for their organisation.
Though end-users are the front line of
defence against cyberattacks, there is a need
for better security knowledge and awareness
training. Common security errors made by
employees according to CSOs and CISOs
in the UAE include poor password hygiene
(29%), mishandling sensitive information
(25%), falling for phishing attacks (24%)
and clicking on malicious links (20%).
Interestingly, 19% cited criminal insider
threats as a growing concern for businesses.
“A people-centric strategy is a must for
organisations in the UAE, as cybercriminals
increasingly target people rather than
infrastructure, with the aim of stealing
Emile Abou Saleh, Regional Director, Middle
East and Africa at Proofpoint
“
WHILE
ORGANISATIONS
IN THE UAE ARE
AWARE OF THE
RISKS, MANY
ARE NOT FULLY
PREPARED.
credentials, siphoning sensitive data and
fraudulently transferring funds,” said Emile
Abou Saleh, Regional Director, Middle East
and Africa at Proofpoint. “With our research
revealing that 39% of UAE CSOs and CISOs
believe their employees make their business
vulnerable to cyberattacks, education and
security awareness is a mission critical
priority and could make the difference
between an attempted cyberattack and a
successful one. Along with technical solutions
and controls, a comprehensive training
programme should sit at the heart of an
organisation’s cyberdefence.”
Despite facing a fast-evolving threat
landscape, three-quarters (75%) of
respondents admitted to training their
employees on cybersecurity best practices as
little as twice a year or less. Meanwhile, only
23% of organisations in the UAE train their
employees more than three times a year.
Organisations in the UAE are optimistic that
cybersecurity will become more of a business
priority moving forward, with 50% reviewing
their cybersecurity strategy twice a year or
more and 69% expecting their cybersecurity
budget to rise by 11% or more over the next
two years. •
28 INTELLIGENTCIO www.intelligentcio.com