Dubai’s GEMS Education confirms being target of cyberattack

Dubai-headquartered GEMS Education has confirmed that it has been the target of a cyberattack.

“We became aware of a recent cybersecurity incident, at which time we immediately enacted our cybersecurity response plan,” Dino Varkey, group chief executive of GEMS Education, the UAE’s largest education operator, said in an email sent to the parents. “Thanks to our robust business continuity plans, impact to our operations has been minimal. As our investigation is still ongoing, we have not yet confirmed whether any of your or your family’s personal and financial data specifically has been unlawfully accessed as part of this cyberattack. It may be some time before we can determine the full extent of the incident,” he added.

The exact scope and disruption cause by the cyberattack is not yet clear. However, when contacted, GEMS confirmed the incident, while adding that it was working to resolve the matter.

“We can confirm that GEMS Education has unfortunately been the target of a cyberattack in recent days,” a spokesperson for the education operator told Gulf Business. “We have enacted our well-rehearsed cybersecurity response plan and our IT team is ensuring that all our systems are safe and secure. We have engaged the necessary third-party expertise to assist us in our investigation and in the meantime all our schools remain open and running as normal.”

According to a Data Protection Trends Report 2022 by Veeam Software that surveyed 3,000 IT decision-makers and global enterprises, 86 per cent of UAE organisations suffered ransomware attacks in 2021, making cyberattacks one of the single biggest causes of downtime for the second consecutive year.

Per attack, organisations in the UAE were unable to recover 34 per cent of their lost data on average. Also, 81 per cent of UAE organisations were unable to recover at least some of the data they had lost.

Read: Data protection remains a challenge for nearly 90% of organisations – report

The report also revealed that 80 per cent of UAE organisations have a protection gap between how much data they can afford to lose after an outage and how frequently their data is backed up. A similar percentage of them reported a gap between their expected service-level agreements and how quickly they can return to productivity.

Among those surveyed, 98 per cent of UAE organisations experienced unexpected outages over the last 12 months on average, while 17 per cent of local organisations’ data is left completely unprotected.