Dubai: UAE’s organizations have “outdated” cybersecurity approaches, with many being ignorant of the expanding risk landscape and the crippling costs associated with potential breaches, according to cyber security firm Digital14.
“As the UAE marches towards a digital future, organisations are racing to maintain their competitive advantages by adapting new technologies such as cloud computing, artificial intelligence, big data and the industrial Internet of Things,” said Digital14’s report.
“However, the exponential development of a hyper connected, ‘always-on’ digital world has concurrently enlarged the threat surface – while introducing blind spots against existing and emerging hazards,” it said.
UAE has been a very lucrative target for cyber attackers, with cybercrime costing $1.4 billion every year.
Undetected
According to Digital 14, many of the newest threats successfully evade detection using obfuscation techniques.
In the process, an organisation’s data may be compromised for extended intervals of time, with enterprise activity visible to threat actors and to their potential clients. “As numerous incidents have shown, many of these new threats are already active but remain undetected,” said the report.
Getting worse
Over the medium term, openings for cyber criminals could expand in line with the increasing embrace of new technologies and the continuing uncertainty surrounding the COVID-19 pandemic.
“It is therefore incumbent on UAE organisations to prioritise the enhancement of their security posture in order to prevent breaches and potentially irreparable damage – whether financial, reputational or even physical,” said Digital14.
“Organisations and governments in the UAE can no longer view cyber protection as a one-time solution but must see it as an ongoing process that steadily strengthens and improves enterprise security,” the company added.
Vulnerabilities
The Digital14 analysis revealed the following realities about UAE organisations:
1) There are old vulnerabilities, published as early as 2000, that have yet to be remediated within organisations’ networks. These can easily provide threat actors with an entry point for launching devastating cyberattacks.
2) Over 100 vulnerabilities affecting UAE entities have public exploits that can be abused by even the most unsophisticated threat actors in order to breach IT (Information Technology) and OT (Operational Technology) environments with minimal effort. An exploit is a code that takes advantage of a software vulnerability or security flaw.
3) The most common weaknesses coupled with sensitive environments facilitate remote code execution, which provides threat actors with the ability to execute malicious code of their choice within victims’ networks.
4) Password reuse is among the most common weaknesses in UAE organisations.
5) The most common incident types are associated with unauthorised access and malicious code