Ever since the start of the pandemic, organizations in the UAE have been at the receiving end of many cyber attacks. This bombardment of cyber attacks can be attributed to the sudden transformation of remote work culture. Organizations’ compromised IT security infrastructure was a result of working from remote locations. Cyber attackers have tried to exploit this opportunity to the fullest.
Because of the potentially valuable data that can be obtained through such attacks, cyber attackers have targeted the financial sector in particular. Threat actors have thoroughly misused the vulnerabilities arising from the use of VPNs.
A cybercrime report published by KPMG in 2020 revealed that businesses are expected to invest heavily in cyber security. But no level of cyber security infrastructure is good enough if there is no cybersecurity awareness among the employees of the organization.
Statistics on Cyber Attacks in the UAE
- According to a blog by Internation Security Journal, there were 311 attacks in a week per organization in 2021, while in Kuwait and Saudi Arabia, there were 409 and 392 attacks respectively.
- It is believed that due to remote working, cyber attacks in the UAE have increased by 190%. Brute force attacks were 15.8 million on RDP (Remote Desktop Protocol).
- Not only in UAE, but the whole Middle East has reported over 2.57 million phishing attacks in 2020.
- The UAE experienced a 250% increase in cyber attacks in 2020, led primarily by phishing and ransomware attacks.
- An article by ITP.net has revealed that, according to a report, 72% of the CISOs in the UAE feel unprepared to deal with a cyber attack.
- In 2020, UAE lost $1.4 billion due to cyber attacks.
Notable Cyber Attacks in the UAE
The Central Bank of the UAE (CBUAE) conducted a real-time cyber attack simulation exercise. This was done to test the preparedness and resilience of the country’s banking sector against any potential cyber threats. In addition to this, the UAE Banks Federation is also using the medium of webinars to promote best practices in data privacy and protection.
Modern technology cannot guarantee complete security until and unless the employees are aware enough to detect an attack. The problem starts with manual error or negligence.
In a research, it was found that victims of cyber attacks in the UAE have suffered a financial loss of around $746 million in the duration of 12 months between September 2020 to August 2021. In the same report, it was also noted that there were around 166,667 victims amounting to a loss mentioned before.
Most Prevalent Types of Cyber Attacks in UAE
In 2019, during the rise of Covid-19, there was a sharp rise in the number of cyber attacks and the authorities of the nation started focusing on developing a robust cyber security infrastructure with strong regulations.
It has been found that many cyber attacks in the UAE are politically motivated. There have been cases in the past that showcased the involvement of state-sponsored threat actors and political activists.
According to an article by Gulf Business, 74% of organizations in the UAE and Saudi Arabia are concerned about brand exploitation. However, another article in Gulf News revealed that 69% of the Forbes ‘Top 100 Middle East Companies’ have a Domain-based Message Authentication, Reporting & Conformance (DMARC) record in place. This means that almost 31% of these organizations are at risk of email fraud.
Ransomware continues to be the leading cause of cyber infrastructure issues in organizations. In comparison to 2019, there was an increase of 33% in ransomware attacks 2020. In the last 2 years, 37% of the organizations in the UAE had suffered ransomware attacks.
In 2020, there were over 1.1 million phishing attacks. These attacks spiked during the lockdown phase when everyone was adopting remote working culture. This duration also saw a surge in internet users to facilitate the requirement of office work and socialization.
Cyber Attacks in UAE: 2020 versus 2021
In 2021, the weekly cyber attacks on organizations have increased by 40% in comparison to 2020. The cost of data breaches in the UAE was 69% higher than the global average in 2020.
In 2021, UAE faced 311 weekly attacks per organization, while in 2020, it was 182 weekly attacks per organization.
UAE Government Strategy to Fight Against Cyber Attacks
The UAE government is taking necessary steps to build infrastructure that could support and facilitate cybersecurity. The government has pledged to adopt cybersecurity standards and regulations for government agencies. The vice president of the UAE emphasized marking cybersecurity as a sovereign priority. The government has allocated $79 billion for the next five years, from 2022 to 2026. The leadership of UAE characterizes the futuristic thinking which is meant to safeguard against cyber attacks.
UAE has also initiated multiple steps under the National Cybersecurity Strategy to incorporate policies for creating a safe and robust cybersecurity infrastructure. These strategies are meant to empower businesses to secure themselves from cyber attacks. In accordance with this strategy, more than 40,000 cybersecurity professionals will be trained and several students will also be guided to follow the cybersecurity domain.
The UAE government has incorporated some online portals and platforms where one can report cybercrimes. For example, the eCrime website, Dubai police (Aman Service), etc. An authoritative department of the UAE has developed the “UAE information Assurance Regulation” which will provide a minimum level of protection to cyber infrastructure and will develop a reliable digital environment.
Solutions against Cyber Attacks
When it comes to the security of organizations, some of the following ways can go a long way in preventing cyber attacks-
- Check for cyber vulnerabilities in the organization by conducting periodic VAPT.
- Restrict or ban the use of removable media in the organization as that can be used to insert malicious content in the systems.
- Encourage employees to use strong passwords and restrict any sharing of such passwords within or outside the organization.
- Back up all the sensitive information/data offline from time to time. This can limit the damage from an attack.
- Limit the access to sensitive information to very few employees.
- Update software from time to time and remove dormant software and hardware to minimize the risk of corruption.
- Run a cyber attack simulation attack campaign to assess the level of cyber awareness in the organization. Awareness training tools like TSAT can be used for this purpose.
- Secure the organization’s email domains with authentication protocols like DMARC, SPF, and DKIM. Anti-spoofing and domain-monitoring tools like TDMARC can help you monitor all three of these email authentication protocols.
- Implement multi-factor authentication (MFA).
Countrywide Cybersecurity Awareness Should be the Goal
The United Arab Emirates is a centre of focus in the Middle East due to its infrastructural development and tourism. The country is set to incorporate immense development of cyber infrastructure. The government in the country is already set to give special emphasis on cybersecurity and they have pledged huge investments.
With increasing concerns and activities, the organizations must focus on increasing awareness of their employees and at the same time, incorporate security protocols. Cybersecurity awareness training for employees will be the stepping stone for increasing cyber vigilance among employees.