• | 1:00 pm

Most UAE employees put their organization at risk, says report

92% of surveyed organizations experienced at least one phishing attack in 2023, compared to 86% the previous year.

Most UAE employees put their organization at risk, says report
[Source photo: Pankaj Kirdatt/Fast Company Middle East]

From data breaches and ransomware attacks to identity theft and phishing scams, cybercrime continues to evolve, posing significant challenges to individuals, businesses, and governments worldwide. 

A new report by Proofpoint paints a concerning picture of cybersecurity in the UAE, revealing that 83% of employees knowingly engage in risky behaviors, potentially exposing their organizations to ransomware attacks, data breaches, and financial losses.

While the global frequency of successful phishing attacks has dipped slightly, the UAE has seen a rise, with 92% of surveyed organizations experiencing at least one such attack in 2023, compared to 86% the previous year. 

This concerning trend is further amplified by a 44% increase in reports of financial penalties and a staggering 300% increase in reports of reputational damage from such attacks.

The report challenges traditional assumptions about cybersecurity awareness. Notably, 86% of working adults admitted to risks like password sharing or clicking suspicious links, and 97% acknowledged the inherent dangers. In the UAE, this translates to 83% of employees consciously taking actions jeopardizing their organization’s security.

While 90% of security professionals advocate for more training and stricter controls, nearly all surveyed employees (94%) favor simplified, user-friendly security measures.

Furthermore, the report exposes a concerning knowledge gap. Despite virtually all employees (97%) acknowledging cybersecurity risks, 94% of UAE security professionals believe Multifactor Authentication (MFA) offers absolute protection from account takeover, while over one million attacks bypass MFA frameworks monthly.

The UAE also witnessed a rise in Business Email Compromise (BEC) attacks, impacting 85% of organizations in 2023 (up from 66% in 2022). This increase and similar trends in Japan and South Korea are attributed to the rise of generative AI, allowing attackers to craft more convincing and personalized emails in multiple languages.

Ransomware remains a significant threat, with 77% of UAE organizations experiencing successful infections in 2023 (up from 70% in 2022). 66% of UAE IT professionals reported multiple ransomware attacks, and 80% of impacted organizations paid the attackers, often regaining access only after repeated payments.

Despite the evolving threat landscape, only a small fraction of UAE organizations (13% and 21%, respectively) educate their users on recognizing and preventing Targeted Online Attacks (TOAD) and generative AI threats.

“Individuals play a central role in an organization’s security posture,” says Ryan Kalember, Chief Strategy Officer of Proofpoint. “Knowing what to do and doing it are two different things. The challenge is now not just awareness, but behavior change.”

The Innovation By Design Summit is in Doha on April 24. Attendance at the summit is by invitation only. Delegates can register here to receive their exclusive invite.

More Top Stories: