The majority of businesses in the United Arab Emirates experienced a cybersecurity issue at some point in the last two years.
According to Kaspersky data, 87% of UAE businesses have experienced different kinds of cyber attacks over the past two years. However, 25% of those cybersecurity incidents were caused by malicious behaviour on the part of their employees.
Growing concern about malicious insider threats
Employees engaging in malicious online activities are becoming a serious concern for businesses across all industries, with Kaspersky identifying them as "the most dangerous of all employees who can provoke cyber incidents."
Kaspersky claims a number of factors encourage individuals to engage in illicit activities against their employers, including understanding their firm's IT and cybersecurity infrastructure, access to the company network, and taking advantage of colleagues' knowledge to launch social engineering attacks.
Jake Moore, global security advisor at ESET, concurs that malicious insider threats are "a significant worry" for businesses, but he emphasises that "humans also carry an accidental risk in business situations."
He further elaborates: "Accidental threats might include employees inadvertently bringing in malware or enabling data leakage, which can often be mitigated with annual and ad hoc training programs for all staff.”
Although UAE-based companies are facing high levels of cybercrime, which includes 66% experiencing data breaches, the problem is not getting any better.
A previous Kaspersky study, published in December 2023, found that 77% of APAC companies lack the tools required to detect cyberattacks. Meanwhile, 87% of businesses have a cybersecurity talent shortage, making it more difficult to halt cyber criminals in their tracks.
Security officials in the UAE have previously struggled to maintain safe remote access to employee and corporate-owned devices, according to Mohammed Al-Moneer, Infoblox's regional senior director for META. He stated that firms are concerned about data leaks and cloud attacks "and do not believe they have a firm handle on the insider threat."
Merely 15% of participants in the UAE, according to the Infoblox report, feel that their company is equipped to protect its networks against insider attacks.
Gopan Sivasankaran, general manager of Secureworks' META region, explained that the UAE's thriving digital economy and increased use of data make it an "attractive" target for both hacker groups and hostile states.
"The insight from the incident response engagements and active attacks on businesses we've worked on in the Middle East over the last year show organisations in the UAE have been victims to large scale wiper attacks as well as nation-state sponsored attacks," he said.
