Cyber defence in the UAE: protect your people, protect your organisation

In a flash, the world has been thrust into a new way of working.

Employees are working outside of the formalities of the office environment – and many are not used to this. All are facing new logistical and productivity challenges and cybercriminals have wasted no time in leveraging this. By launching campaigns that aim to take advantage of the new reality, cybercriminals are using social engineering to trick users who are typically more distracted than usual.

In fact, Proofpoint researchers have observed an increase in video conferencing company-themed attacks seeking to steal credentials and distribute malware. Despite many businesses restarting office-based work in the UAE, there are still many people relying on online platforms to perform their daily tasks remotely.

The more relaxed home environment may also lend itself to the potential bending of cyber security best practices expected in the office. For example, using personal machines for convenience, using corporate machines for personal activity, poor password hygiene, or failing to properly log in and out of corporate systems.

Then there’s the ever-present danger of phishing. With personal and corporate worlds overlapping, users may be more inclined to click a suspicious link at home than in the more formal setting of the office. And it only takes one absent-minded employee to jeopardise the security of your entire organisation.

A new approach to cyber defence
A recent Proofpoint study found that 82 per cent of organisations in the UAE faced at least one cyber attack in 2019, with more than half (55 per cent) of CSOs and CISOs citing human error and lack of security awareness as one of the biggest IT security risks.

We are seeing organisations in the UAE maturing in the way they approach their cybersecurity strategies. Proofpoint research highlights how UAE companies are optimistic that cyber security will become more of a business priority moving forward, with 50 per cent reviewing their cybersecurity strategy twice a year or more and 69 per cent expecting their cybersecurity budget to rise by 11 per cent or more over the next two years.

Cyber attacks increasingly target people, rather than infrastructure, and this requires a new approach by organisations: one that puts employees at the centre of their cyber threat mitigation plans.

It is vital that organisations in the UAE, as well as across the globe, recognise the human factor threat and embrace a people-centric approach to their overall cyber strategy. A key component of this is a continuous, customised and holistic training program.

Turning employees into your last line of defence
Every cyber attack has a human element to it: any job role can become a target and sometimes all it can take is one click.

Any strong cyber defence must be adaptive, and nothing calls for greater adaptability than a global pandemic. But while upping defences to cope with an increased attack surface may be familiar ground, accounting for a mass change in behaviour and mindset is anything but.

Despite this, 75 per cent of UAE CISOs admitted to training their employees on cybersecurity best practices twice a year or less. Organisations must equip their employees with the knowledge and the tools to defend against all manner of threats. To do that, companies need to ensure they deploy regular and effective security awareness training to educate employees about best practices as well as establish a people-centric strategy to defend against threat actors’ unwavering focus on compromising end users.

Everyone in your organisation must know how to spot and contain a potential threat, and, whether intentional or not, how their behaviour can put your organisation at risk.

While today’s working environment may feel more relaxed, your cybersecurity posture certainly shouldn’t be.

Emile Abou Saleh is the regional director, Middle East, Turkey and Africa for Proofpoint