Dubai: Risk of carding – trafficking of credit cards, bank accounts and personal information online –surged by 400 per cent year-over-year in UAE in 2020, according to Help AG, the cyber security arm of Etisalat Digital.
In terms of cyber risks, data leaks (up 183%), Hacktivism (up 43%), and credential theft (up 4%) have also seen a massive surge.
“We have seen a great increase in DDoS (distributed denial-of-service) happening in in the UAE, both from the perspective of frequency, but also in the size of the attacks that we have seen,” said Nicolai Solling, chief technology officer at Help AG, during a webinar on Wednesday.
A distributed denial-of-service attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
“When we tried to identify the root causes of the actual data leaks, it was very much around people starting to work from home, and maybe some of the processes in place for organizations (that are) not really supporting work from home,” said Stephan Berner, CEO of Help AG.
“Credential theft is actually something where we’ve seen dramatic increases over time,” said Berner. “These high rated threats are an unfortunate reality of the COVID-19 era, hence knowing and guarding against your enemy is now more important than ever before”
Instances of carding, data exposure, and hacktivism have escalated to become the highest rated digital risk categories in 2020, impacting almost all major industry verticals in the Middle East region, the report said.
Impact on firms
For organizations, impacts of these major digital risks range from service disruptions to exposure of private information, loss of reputation and trust established with customers and partners, among other things.
The risks affect a wide audience of stakeholders from board and executive management levels to legal, marketing, risk, compliance and governance. In the Middle East region, some of the top impacted sectors were healthcare, government, aviation, logistics, retail, energy and utilities.
“Digital Risk Protection is all about … proactively being aware of what is being planned against an organization and taking remedial actions. -this is entirely different than the function of an organization’s security applications and infrastructure,” said Solling. “For instance, what would be the role of a bank’s firewall if information about its customers’ credit cards are traded on the dark web? Or can an organization’s content filtering gateway tackle a campaign planned against it by Hacktivist groups?” the technology head added.