UAE organisations report increased cyberattacks during the pandemic: research

According to Sophos’ Phishing Insights 2021 global study, phishing attacks on organisations increased significantly during the pandemic, as millions of employees working from home became a prime target for hackers. The majority (60 per cent) of IT teams in the UAE reported an increase in the number of phishing emails targeting their employees in 2020.

“Phishing has been around for over 25 years and remains an effective cyberattack technique. One of the reasons for its success is its ability to continuously evolve and diversify, tailoring attacks to topical issues or concerns, such as the pandemic, and playing on human emotions and trust,” said Chester Wisniewski, a principal research scientist at Sophos. “It can be tempting for organisations to see phishing attacks as a relatively low-level threat, but that underestimates their power. Phishing is often the first step in a complex, multi-stage attack. According to Sophos rapid response, attackers frequently use phishing emails to trick users into installing malware or sharing credentials that provide access to the corporate network.”

The data also shows that there is a lack of understanding about the definition of phishing. For example, in the UAE, 46 per cent of IT teams identify phishing with emails that falsely purport to be from a reputable organisation and are generally accompanied by a threat or request for information. Fifty per cent believe Business Email Compromise (BEC) attacks are phishing, and almost one-third (32 per cent) believe threadjacking is phishing (when attackers inject themselves into a genuine email thread as part of an attack).

The good news is that most UAE organisations (87 per cent) have developed cybersecurity awareness initiatives to prevent phishing. Respondents reported using computer-based training programs (52 per cent), human-led training programmes (45 per cent), and phishing simulations (37 per cent).

“The ideal would be to prevent phishing emails from ever reaching their intended recipient,” said Wisniewski. “Effective email security solutions can go a long way towards achieving this, but this should be complemented by alert and primed employees who are able to spot and report suspicious messages before they get any further.”

Earlier this year, Sophos acquired Braintrace further enhancing Sophos’ adaptive cybersecurity ecosystem with Braintrace’s proprietary Network Detection and Response (NDR) technology. Without the requirement for Man-in-the-Middle (MitM) decryption, Braintrace’s NDR enables comprehensive visibility into network traffic patterns, including encrypted communication. Braintrace, based in Salt Lake City, Utah, was founded in 2016 and is a privately held company.

Read: Sophos acquires Braintrace to strengthen its adaptive cybersecurity ecosystem

Also read: Web application exploits – ‘biggest cybersecurity risk’: Report