The latest Mimecast State of Email Security 2022 report reveals that more than two-thirds of companies in the UAE reported an increased number of email-based threats.
Eighty-four percent of organisations in the UAE are bracing for the fallout from an email-borne attack in the year ahead amid a growing volume of threats.
“Companies in the UAE showed greater concern about various email security challenges, than most other countries we surveyed,” says Werno Gevers, regional manager at Mimecast Middle East. “Fifty-six percent are concerned about an increase in the volume of attacks, 48% worry about security-naive employees, and more than half (52%) are concerned over the growing sophistication of attacks. This comes at a time when more than eight out of ten organisations reported increased use of email, making email security a top priority for businesses and their IT and security teams.”
Threats are becoming more targeted
Nearly all UAE organisations that responded to the research have been the target of email-related phishing attempts (94%), but interestingly 30% reported a decrease in the volume of such attacks, with 20% noting the decrease was ‘significant’.
“This is possibly due to threat actors moving on to other, more targeted methods,” says Gevers. “Our data also showed that 54% of organisations reported an increase in business email compromise, while half experienced an increase in internal threats or data leaks initiated by malicious insiders. In a positive sign, all respondents from the UAE either have a cyber resilience strategy or are actively planning to put one in place.”
Greater employee awareness improves resilience
A large part of the success of a cyber resilience strategy depends on the conduct of employees. Encouragingly, 46% of UAE companies provide ongoing cyber awareness training, twice the global average of 23%.
“Cyber awareness training is one of the most effective ways of strengthening an organisation’s overall cyber resilience and should be a top priority for business leaders,” says Gevers. “Efforts by organisations in the UAE are paying off: only 66% of respondents were concerned about employees oversharing company information on social media, far below the global average of 81%, while more than one in ten believed there was no risk at all to employees using personal email.”
The importance of government mandates
Organisations are also noting the impact of government efforts to build greater cyber resilience to protect citizens and critical infrastructure from cyberattacks. UAE respondents expected high levels of changes in their organisation as a result of government mandates for cyber resilience. “Forty-two percent expect improvements in the overall level of cybersecurity in their business, and more than a third anticipate lower risk of cyberattacks impacting their business,” says Gevers.
Adequate budgets for advanced protection
In general, UAE respondents noted satisfactory budget allocations for cybersecurity, with an average of 17% of IT budgets going toward cyber resilience against a desired 19%. “Investment into strengthening the overall security posture by securing key business applications will likely continue in the year ahead, with 92% of companies saying additional safeguards are needed for Microsoft 365,” says Gevers. “This may partly be because 82% of organisations experienced a Microsoft 365 outage in the past year, with more than a third citing severe impact from an outage.”
Brand protection still needs attention
Low levels of preparedness to deal with email spoofing and domain hijacking remain a concern in among UAE organisations. “Nearly two in five organisations were only somewhat prepared – or not prepared at all – to deal with attacks that spoof their domains or websites, despite respondents experiencing an average of twelve online brand spoofing attacks over the past year,” says Gevers. “Encouragingly, 98% of companies either use or plan to use a brand protection service this year, while 84% plan to make use of DMARC to counter brand spoofing.”
Discussion about this post