Source: 3D generator via Alamy Stock Photo
During the past two years, the vast majority of United Arab Emirates-based businesses have experienced a cybersecurity incident.
According to research from Kaspersky, 87% of companies in UAE have faced different forms of cyber incidents in the past two years. However, 25% of those cybersecurity incidents were caused by the malicious actions of their staff.
Growing Concern of Malicious Insider Threats
Employees conducting malicious online behavior is becoming a major concern for businesses across all industries, with Kaspersky describing them as "the most dangerous of all employees who can provoke cyber incidents."
Kaspersky claims a number of factors enable people to perform malicious behavior against their employers, such as understanding their company's IT and cybersecurity infrastructure, having access to the company network, and using knowledge of their colleagues for launching social engineering attacks.
Jake Moore, global security advisor at ESET, agrees that malicious insider threats are "a significant worry" for businesses, but he stresses that "humans also carry an accidental risk in business situations."
He says: "Accidental threats might include employees inadvertently bringing in malware or enabling data leakage, which can often be mitigated with annual and ad hoc training programs for all staff."
Prepared For Defense?
Although UAE-based businesses are facing high levels of cybercrime, which includes 66% experiencing data breaches, the problem is not getting any better.
A previous Kaspersky study, released in December 2023, shows that 77% of APAC companies don't possess the tools required for spotting cyberattacks. Meanwhile, 87% of firms are plagued by a shortage of cybersecurity talent, making it harder to stop cyber criminals in their tracks.
In the past, security leaders in the UAE have struggled to ensure secure access to remote employee and corporate-owned devices, said Mohammed Al-Moneer, regional senior director for META at Infoblox. He said businesses fear data leaks and cloud attacks "and do not believe they have a firm handle on the insider threat."
In Infoblox's report, only 15% of respondents in the UAE believe their organization is prepared to defend their organization's networks against insider threats.
Gopan Sivasankaran, general manager of the META region at Secureworks, explained that the UAE's booming digital economy and greater use of data makes the country an "attractive" target for both cybercriminals and hostile states.
"The insight from the incident response engagements and active attacks on organizations we've worked on in the Middle East over the last year show organizations in the UAE have been victims to large scale wiper attacks as well as nation-state sponsored attacks," he says.
"Across the Middle East we can see that banking, manufacturing, retail, and healthcare organizations are the most likely to reach out to us for help with a cyber incident," he adds. "But government, hospitality, and transportation are also highly prized targets."