UAE - Organisations across the UAE are growing increasingly concerned about the threat of cyberattacks, with 84 per cent saying that they are bracing for the fallout from an email-borne attack this year.

According to the latest Mimecast State of Email Security 2022 report, more than two-thirds of companies in the UAE also reported an increased number of email-based threats.

Nearly 95 per cent of the UAE organisations who responded to the research said that they have been the target of email-related phishing attempts. However, 30 per cent reported a decrease in the volume of such attacks, with 20 per cent noting the decrease was 'significant'.

Werno Gevers, regional manager at Mimecast Middle East, said that this is possibly due to the threat actors moving on to other, more targeted methods. “Our data also showed that 54 per cent of organisations reported an increase in business email compromise, while half experienced an increase in internal threats or data leaks initiated by malicious insiders. In a positive sign, all respondents from the UAE either have a cyber resilience strategy or are actively planning to put one in place.”

Mimecast’s research also revealed that companies in the UAE showed greater concern about various email security challenges, than most other countries that were surveyed: 56 per cent are concerned about an increase in the volume of attacks; 48 per cent worry about security-naive employees; and 52 per cent are concerned over the growing sophistication of attacks.

Concerns about cybersecurity are also prevalent in the finance and banking industry, especially given the acceleration towards digital channels in recent years. A new study by Entrust titled, ‘The Great Payments Disruption’ found that consumers in Middle East increasingly prefer digital banking experiences, but are concerned about security.

At 61 per cent, the majority of respondents in the UAE said they prefer to do their banking online in some form – 60 per cent said they prefer using the app from their bank or credit union, while 29 per cent prefer their desktop web browser. However, 94 per cent of respondents in UAE said they were concerned about the potential of banking or credit fraud as banking and credit become more digital.

Over 42 per cent of respondents in the UAE said that they had personal experience with these fraud risks, saying they have received notification of a personal banking or credit fraud in the past 12 months. As a result, 60 per cent of respondents in the UAE decided to change their bank or credit union.

Andey Casey, product marketing manager at Entrust, explained that the banking and financial services space has always been a key target for bad actors, and that the Covid-19 pandemic has dramatically increased the opportunity for data breaches and hacking due to the proliferation of digital and web-based banking interactions.

“One positive coming out of this is that consumers and financial institutions alike have adapted their behaviors, processes, and technology to combat this growing threat, as seen with the rapid growth of multi-factor authentication, contactless payments, and employing digital identity verification to enable remote account onboarding,” Casey said.

Concerns about the future of cybersecurity were also brought under the spotlight recently when South American hacking group Lapsus$ breached Samsung’s data security and were able to steal Galaxy smartphone source code. The tech giant was quick to reassure users that the cyberattack did not affect customer or employee information.

Chris Vaughan, AVP of Technical Account Management for the EMEA region at Tanium, said that the attackers have teased stolen source code taken from various parts of the Samsung network. Some specific parts of the code that have been leaked are key security components for Samsung devices, and this could make cracking and breaking into phones easier, he said.

“I expect attackers to test if biometric security controls such as fingerprint and face ID can be bypassed. This could even be leveraged by law enforcement and could be a privacy concern for Samsung users. We have seen several issues in the past with breaking into phones being challenged, most notably the FBI Apple Encryption Dispute,” he noted.

In theory, this breach could make it easier for malware to be written to exploit phones remotely, and since Samsung is widely used the attack surface could be large and lucrative for cybercriminals. The potential consequences of this breach again highlights the importance of cybersecurity for all organisations, he stressed.

“Protecting any organisation from the impact of a cyberattack comes down to ensuring that there is visibility across the IT estate to identify any problems and to have the control in place so that any issues can be fixed at speed. In the aftermath of an attack, it is important to immediately start the process of damage control, to mitigate the impact as much as possible – and having appropriate back-up and disaster recovery solutions in place is crucial to doing so,” he said.

Similarly, Gevers noted that low levels of preparedness to deal with email spoofing and domain hijacking remain a concern in among UAE organisations.

“Nearly two in five organisations were only somewhat prepared - or not prepared at all - to deal with attacks that spoof their domains or websites, despite respondents experiencing an average of twelve online brand spoofing attacks over the past year,” he said. “Encouragingly, 98 per cent of companies either use or plan to use a brand protection service this year, while 84 per cent plan to make use of DMARC to counter brand spoofing.”

Copyright © 2022 Khaleej Times. All Rights Reserved. Provided by SyndiGate Media Inc. (