Attackers exploit weak Wi-Fi, third parties and the cloud, costing 42% of organisations in the country over $1 million in breach damages.
Infoblox has unveiled a global report examining the state of security concerns, costs and remedies.
As the pandemic and uneven shutdowns stretch into a third year, organisations are accelerating Digital Transformation projects to support remote work. Meanwhile, attackers have seized on vulnerabilities in these environments, creating more work and larger budgets for security teams.
1,100 respondents in IT and cybersecurity roles in 11 countries – United States, Mexico, Brazil, United Kingdom, Germany, France, the Netherlands, Spain, United Arab Emirates, Australia and Singapore – participated in the survey.
Below are some of the key findings from the UAE:
The surge in remote work has changed the corporate landscape significantly – and permanently.
o 52% of organisations accelerated IT modernisation/ Digital Transformation projects for remote work.
o While networks have gone hybrid to accommodate this shift, security is still catching up. Businesses also added resources to networks and databases (49%) and hired more IT staff (43%), an above average hiring rate compared to respondents from other countries globally.
Organisations have good reason to worry.
o Less than half (44%) of all UAE respondents experienced up to five IT security incidents in the past year.
o Nearly three out of four (72%) said a breach resulted from the security incidents their organisation experienced.
o Successful attacks were likely to have originated from Wi-Fi access points (50%) and third parties (42%).
o 42% of organisations suffered up to US$1 million (AED$3.672 million) in both direct and indirect damages.
Increasing dangers of phishing and Advanced Persistent Threats (APTs)
o While ransomware grabbed headlines, Phishing and APTs were among top attack methods. UAE companies were most likely to fall victim to phishing (56%) or an advanced threat (APT) (50%), followed by ransomware (44%). Successful phishing attacks typically signal the need for better employee awareness training to prevent them from falling for these popular scams.
Organisations are buying cloud-first security tools to protect their hybrid environments.
o UAE organisations are putting more resources toward network protection, data and cloud. A large majority (81%) expects more IT security funding in 2022. Those anticipating a hybrid approach are most apt to adopt DNS security (45%) and secure web gateways (43%).
o DNS is a popular strategy in the UAE to ease the burden on perimeter defences. UAE organisations leveraged DNS in overall security strategies primarily to detect malware activity earlier in the kill chain (51%), find devices requesting connections to malicious destinations (49%), and help block bad traffic to assist other perimeter defences (49%).
Interest in Secure Access Service Edge (SASE) frameworks in the UAE is accelerating.
o As assets, access and security move out of the network core to the Edge with the push for virtualisation, 67% of UAE organisations have already partially or fully implemented SASE and another 24% intend to do so, through either one vendor (42%) or many (58%).
Mohammed Al-Moneer, Regional Director, Middle East, Turkey and Africa at Infoblox, said: “It is heartening to see from the survey that UAE enterprises are laying out bigger budgets towards IT security this year and are realising the importance of DNS security. DNS is becoming a more common target of network attacks. As one of the oldest and most relied-on protocols of the modern Internet, DNS is utilised by almost all other services and protocols, making DNS an appealing target to attackers. Solutions like Infoblox Advanced DNS Protection (ADP) effectively shields organisations from the widest range of DNS DDoS attacks, maintaining service uptime for the organisation.”
“It is also encouraging to see growing interest from regional organisations in SASE frameworks that deliver integrated networking and security across a borderless enterprise from the cloud. SASE is undoubtedly the key to the future of networks and security.”
Providing further insight, Anthony James, VP of Product Marketing at Infoblox, said: “The pandemic shutdowns over the past two years have reshaped how companies around the world operate. Cloud-first networks and corresponding security controls went from nice-to-have features to business mainstays as organisations sent office workers to work from home. To address the spike in cyberattacks, security teams are turning to DNS security and zero trust models like SASE for a more proactive approach to protecting corporate data and remote devices.”Click below to share this article