Infoblox report reveals 66% of UAE organisations experienced data breaches in the past year

Infoblox commissioned a survey in July/August 2022 through independent research firm, CyberRisk Alliance. The report surveyed IT and cybersecurity decision-makers and influencers from 13 countries — including 100 UAE–based organisations of all sizes. UAE respondents ranged from chief executives and directors to analysts and consultants. They were employed in various industries, with most from manufacturing (25%), retail (17%), technology (12%) and business or professional services (11%).

Infoblox, the company that delivers a simplified, cloud-enabled networking and security platform for improved performance and protection, released findings of its 2023 Global State of Cybersecurity Report. The company has identified security and networking trends that encourage the cybersecurity industry to follow its lead in unifying networking and security teams.

“As per the UAE findings of the report, respondents in the country continue to grapple with securing remote employee- and corporate-owned devices, networks and endpoints,” said Mohammed Al-Moneer, Regional Sr. Director, META at Infoblox. “Most fear data leaks and cloud attacks and do not believe they have a firm handle on the insider threat. [Over half] (66%) reported one or more breaches in the past 12 months, most likely from phishing, ransomware or another advanced threat. Financial damage is one of the highest in the EMEA region and system outages or downtime are among the chief fallouts. And despite most anticipating more budget in 2023, few are fully confident they’ll be able to adequately protect remote worker access to their networks or respond to all security alerts — at least without adding more IT staff.”

“Networking and security work better together when they share real-time visibility into application, user and device context,” added Moneer. “Real-time threat protection and more resilient network performance can only happen when networking and security work side by side.”

Findings from the study – commissioned in 2022 – among UAE respondents reveal the following:

1. Since COVID-19 began, many UAE organisations fast-tracked Digital Transformations to support remote workers (61%), boosted support for customer portals to support their workforces or customers (46%) and focused network and security controls on the edge – such as SASE (44%).
2. In the past year, a large share of UAE organisations added remote employee- and corporate-owned mobile devices (59%) and cloud-managed DDI (DNS-DHCP-IPAM) servers (59%) to protect their networks while managing the proliferation and associated security risks from more remote devices on the network.
3. In the next 12 months, UAE respondents said their organisation will be most concerned about data leakage (48%), cloud attacks (40%) and attacks through networked IoT (29%).
4. UAE respondents believe their organisation is least prepared to defend their organisation’s networks against insider threats (15%), direct attacks through cloud services (13%), data leakage (13%), as well as ransomware, supply chain/third-party attacks and attacks through networked IoT, which were mentioned by 11% each.
5. On average, UAE organisations detected more issues resulting from email/phishing attacks compared to any other type.
6. Two-thirds (66%) of UAE respondents reported one or more breaches to their organisation from cyberattacks — most originating from Wi-Fi access points as a result of a remote workforce (41%), third-party and/or supply chain providers (39%), IoT devices or networks (38%) and cloud infrastructure or applications (36%).
7. Phishing was the most common attack method against organisations that were breached, accounting for 62% of attack methods in the past year.
8. Collectively, the estimated average value of UAE organisational losses — including direct and indirect financial losses as well as reputational harm and remediation expenses — resulting from those breached in the past year was roughly 8 million AED (US$2.2 million).
9. UAE organisations used a variety of controls to protect their networked assets in on-premises, cloud-based and hybrid (on-premises and cloud-based) environments. The most prevalent are VPN/access controls (29%) for on-premises; DNS security (48%) and cloud access security brokers, data encryption and secure provisioning and deprovisioning (44% each) for cloud-based environments.
10. On average, most organisations (69%) take up to 24 hours to investigate a threat, with many relying on third-party threat intelligence platforms or services.
11. The DNS provides various security measures to protect organisations and is a key component in virtually all organisations’ security strategies.
12. The top anticipated challenges in protecting against attacks relate to the ability to monitor remote worker access (38%), respond to alerts (31%), shortage of IT security skills (30%) and deal with limited budgets (35%).
13. 62% of UAE organisations indicated their IT security budgets increased in 2022 and 72% said they expected bigger security budgets in 2023 to combat known and new threats.
14. The most popular planned technology purchases include network traffic monitoring/network detection and response (NDR) and threat intelligence (50% each) for hybrid environments; data loss protection, cloud access security brokers (CASBs) and DNS security (39% each) for cloud-based systems; secure provisioning and deprovisioning (27%), VPN/access controls (25%) and endpoint detection and response (24%) for on-premises protection.