A third of UAE firms hit by cyber security breaches

Dubai: Cyber security is becoming an increasing challenge for firms in the UAE and organisations need to be better prepared to ward off attacks, a KPMG 2015 UAE Cyber Security Survey revealed.

The survey focused on UAE organisations’ readiness and ability to respond to cyberattacks and assessed responses from key sectors in the UAE over a period of two months.

A third of respondents who participated in the survey indicated that they had been hacked in the past 12 months and took between two weeks to a month to recover, KPMG said in a statement on Sunday.

Over half of the respondents that had been hacked didn’t know that they were being targeted by cyber criminals. Furthermore, only 50 per cent of respondents said that they had cyberattack contingency arrangements in place.

Nitin Khanapurkar, partner, KPMG Lower Gulf, said: “The UAE is on the list of the top 10 destinations targeted by cyber criminals and it comes as no surprise that cyber threats have been growing across key sectors like financial services, oil & gas, technology, government, retail, construction and health care.

“The objective of the 2015 KPMG Cyber Security Survey was to assess UAE organisations’ readiness and ability to respond to cyber security threats and the survey has thrown up some interesting insights.”

Many boards in the UAE do not have a comprehensive or accurate view of their cyber risks because threat intelligence and cyber monitoring have often been inconsistently implemented.

The survey also found that more UAE organisations need to better understand their threat profiles — including who, where and why they are likely to be targeted.

According to Kaspersky Security Bulletin Overall Statistics Report for 2015, the UAE has been ranked 19th globally, among countries facing the greatest risk of online infection.

According to the report, 32.58 per cent of Kaspersky Lab product users in the UAE were targeted in 2015. The UAE was also positioned as a “high risk” country with 52.7 per cent infections, in the category reflecting the level of local threats.

To respond to these growing threats, KPMG has created a “cyber incident response” that focuses on actionable results, rules of evidence, with technical security analysis and testing to help organisations stay prepared to deal with a cyberattack.

During this phase, KPMG helps determine the source, method, and impact of a breach, while working with organisations to limit ongoing damage. This is typically a balancing act between investigating and eradicating the threat. Responses can range from allowing the malicious actions to continue in order to facilitate evidence-gathering to an immediate suppression of malicious actions in order to limit damage.

Khanapurkar said that one of the most common causes of a failed response is lack of “adequate preparation”.