Attackers cost 42% of organisations over $1 million in breach damages

Infoblox, a provider of DNS management and security services, has released a global report that examines the current state of security concerns, costs, and solutions. Organizations are accelerating digital transformation projects to support remote work as the pandemic and uneven shutdowns enter their third year. Meanwhile, attackers have exploited vulnerabilities in these environments, causing security teams to work harder and spend more money.

The survey included 1,100 IT and cybersecurity professionals from 11 countries: the United States, Mexico, Brazil, the United Kingdom, Germany, France, the Netherlands, Spain, the United Arab Emirates, Australia, and Singapore.

Below are some of the key findings from the UAE:

The surge in remote work has changed the corporate landscape significantly – and permanently.

• 52% of organisations accelerated IT modernization/ digital transformation projects for remote work.
• While networks have gone hybrid to accommodate this shift, security is still catching up. Businesses also added resources to networks and databases (49%) and hired more IT staff (43%), an above average hiring rate compared to respondents from other countries globally.

Organisations have good reason to worry.

• Less than half (44%) of all UAE respondents experienced up to five IT security incidents in the past year.
• Nearly three out of four (72%) said a breach resulted from the security incidents their organisation experienced.
• Successful attacks were likely to have originated from Wi-Fi access points (50%) and third parties (42%).
• 42% of organisations suffered up to US$1 million (AED$3.672 million) in both direct and indirect damages.

Increasing Dangers of Phishing and Advanced Persistent Threats (APTs)

• While ransomware grabbed headlines, Phishing and APTs were among top attack methods. UAE companies were most likely to fall victim to phishing (56%) or an advanced threat (APT) (50%), followed by ransomware (44%). Successful phishing attacks typically signal the need for better employee awareness training to prevent them from falling for these popular scams.

Organisations are buying cloud-first security tools to protect their hybrid environments.

• UAE organisations are putting more resources toward network protection, data, and cloud. A large majority (81%) expects more IT security funding in 2022. Those anticipating a hybrid approach are most apt to adopt DNS security (45%) and secure web gateways (43%).
• DNS is a popular strategy in the UAE to ease the burden on perimeter defences. UAE organisations leveraged DNS in overall security strategies primarily to detect malware activity earlier in the kill chain (51%), find devices requesting connections to malicious destinations (49%), and help block bad traffic to assist other perimeter defences (49%).

Interest in Secure Access Service Edge (SASE) frameworks in the UAE is accelerating.

• As assets, access and security move out of the network core to the edge with the push for virtualization, 67% of UAE organisations have already partially or fully implemented SASE and another 24% intend to do so, through either one vendor (42%) or many (58%).

“It is heartening to see from the survey that UAE enterprises are laying out bigger budgets towards IT security this year and are realising the importance of DNS security. DNS is becoming a more common target of network attacks. As one of the oldest and most relied-on protocols of the modern Internet, DNS is utilised by almost all other services and protocols, making DNS an appealing target to attackers. Solutions like Infoblox Advanced DNS Protection (ADP) effectively shields organisations from the widest range of DNS DDoS attacks, maintaining service uptime for the organisation,” says Mohammed Al-Moneer, Regional Director, Middle East, Turkey & Africa at Infoblox.

“It is also encouraging to see growing interest from regional organisations in SASE frameworks that deliver integrated networking and security across a borderless enterprise from the cloud. SASE is undoubtedly the key to the future of networks and security,” he says.

Providing further insight, Anthony James, VP of Product Marketing at Infoblox comments, “The pandemic shutdowns over the past two years have reshaped how companies around the world operate. Cloud-first networks and corresponding security controls went from nice-to-have features to business mainstays as organisations sent office workers to work from home. To address the spike in cyberattacks, security teams are turning to DNS security and zero trust models like SASE for a more proactive approach to protecting corporate data and remote devices.”