Cyber attacks remain a concern for UAE businesses

PHOTO

The UAE currently hosts at 155,000 vulnerable cyberassets, 40 per cent of which are over five years old, a report showed on Monday.

This is was key finding in the report titled State of the UAE — Cybersecurity Report 2024, issued by the UAE Cyber Security Council and CPX Holding, a leading provider of digital-first cyber security solutions and services. The report offers an in-depth analysis of the cyber threat landscape facing the UAE, emphasising the critical need for advanced cyber security measures in response to the increasing complexity and sophistication of cyber threats.

This vulnerability, coupled with the surge in advanced cyber attacks such as ransomware, underscores the essential need for robust cyber defences in a region that is at the forefront of AI-driven technological innovations and geopolitical significance.

The government, energy, and information technology sectors emerged as the most targeted by cyber threat actors. Despite the evolving threat landscape, traditional attack vectors such as business email compromise (BEC) and phishing remain prevalent, posing a continuous threat. “These methods are likely to become more sophisticated with the integration of AI tools, enhancing social engineering efforts, phishing lures, and the deployment of deep-fake technology to deceive victims,” the report said.

The shift in attack vectors is notable, with a nearly 30 per cent increase in Insider Threat-related incidents and an 18 per cent increase in Drive-by-Downloads, largely driven by a rise in the use of Infostealing Malware and Spyware to acquire organisational credentials. This trend is corroborated by the high occurrence of malicious code, accounting for 22 per cent of all cyber incidents in the UAE, the report noted.

The report identified remote access and network vulnerabilities as prime targets for cyber threat actors, facilitating unauthorised system access without physical network presence. Remote technologies, essential for IT remote system monitoring, managed service providers, IT help desks, and software-as-a-service (SaaS) providers, remain a high risk in 2024, constituting 23 per cent of attack surface exposures in the UAE. Network vulnerabilities, on the other hand, are particularly susceptible to malware attacks, social engineering, and potential misconfiguration.

Distributed denial of service (DDoS) attacks persist as a significant threat to UAE organisations, with 58,538 attacks recorded during the year.

The UAE faces a diverse array of cyber threat actors, each with distinct motivations and methodologies, the report said. These range from nation-state threat actors, eCrime groups, to hacktivists. Nation-state actors are typically motivated by espionage or destructive purposes, investing significant time, money, and manpower to compromise specific targets. The majority of incidents, 86 per cent, targeted large organisations within the UAE, it added.

Dr. Mohamed Al Kuwaiti, head of cyber security for the UAE government, said: “In an era marked by increasingly sophisticated cyber threats that pose significant risks to our national security, the imperative for collective vigilance and strategic action has never been greater. The entire ecosystem should engage proactively in reducing the UAE’s vulnerability to these threats. This report serves as an urgent call to action for all stakeholders to unite in enhancing our cyber security measures, thereby protecting our digital infrastructure and securing the economic well-being and safety of our nation.

“Ransomware attacks will continue to make headlines, with the UAE and the broader Middle East region being prime targets. Additionally, we are witnessing a rise in Distributed Denial of Service (DDoS) attacks against UAE organizations, particularly against our critical infrastructure, amid a challenging geopolitical climate that amplifies cyber threats.”

Hadi Anwar, executive director – strategic programs, CPX, added: “The latest cyber security report not only underscores the dynamic and evolving nature of cyber threats but also sheds light on the economic vulnerabilities at stake. The economic fallout from cyber incidents, as detailed in our analysis, necessitates a unified approach to bolster our national defences. Policymakers, companies, and individuals must collectively engage in strengthening our cyber security posture. This involves not just adopting advanced technologies and practices but also fostering a culture of cyber awareness and resilience. CPX is at the forefront of this mission, working closely with the UAE Cyber Security Council, to equip organisations with the necessary knowledge, tools, and strategies to safeguard against these threats, setting a new benchmark in cyber security excellence.”