According to new research from Veritas Technologies, UAE organisations have made significant progress in their data protection efforts, with 58 percent reporting that their security measures have kept up with their COVID-led digital transformation initiatives over the last 18 months. This compares to only 43% in last year’s 2020 Ransomware Resiliency Report.
There is, however, still a lot of work to be done. According to the Veritas Vulnerability Lag Report, which surveyed 2,050 IT executives from 19 countries, including 100 from the UAE, UAE businesses could be vulnerable to ransomware and other data loss incidents for another two years due to IT security vulnerabilities introduced by their COVID-driven business transformation. The average UAE organisation would need to spend an additional $2.52 million and hire 34 new IT staff to lower their vulnerability lag faster and extend their security to the new technology they’ve deployed since the start of the pandemic.
Organizations must evolve their production and protection environments in lockstep to protect themselves against data threats like ransomware. As new solutions are added into the organization’s technology stack, protection capabilities must be extended to cover them. However, the requirement to innovate quickly frequently throws this balance out of whack, resulting in a vulnerability lag in which systems and data are left unprotected and vulnerable to attack.
“Over the last 18 months, businesses have been dealing with the consequences of an event they couldn’t have seen coming. To their credit, they did everything they could to make the best of a bad situation. And the survival of many companies is due to the way in which IT teams supported the necessary transitions, including the massive shift to remote working,” said Johnny Karam, Managing Director & Vice President of International Emerging Region at Veritas.
Further said, “Unfortunately, as a result of their rapid transformation, many organizations are now lagging behind when it comes to protecting their IT environment, leaving them badly exposed to digital risk. The good news is we’re starting to see UAE businesses begin to redress the balance, with 21% confident that they will be able to close the gap this year. But there is still a long way to go.”
While this vulnerability gap remains, cloud environments are the most vulnerable: As a result of the epidemic, 77 percent of UAE respondents installed new cloud capabilities or expanded cloud infrastructure components beyond their original plans. And half of the respondents admitted that their security approach had flaws in this area.
Many of the UAE-based IT experts who responded to the study were unsure which cloud solutions had been implemented at their firms. Only 46% claimed they could accurately state how many cloud services they were currently using. They also lacked understanding about the data they would need to secure, with the typical respondent revealing that 38% of the data their company stores is “dark” – meaning they have no idea what it is – and another 49% is redundant, obsolete, or trivial (ROT).
Karam said: “In order to properly protect their data, businesses need to have a thorough understanding of the value and location of their data. So, before cloud data sets can be properly protected from threats like ransomware, IT teams need to know exactly what data sits in which cloud services. Worryingly, more than 50% don’t even know how many cloud services their companies are using, let alone what they are.”
The impact of this vulnerability latency on the respondents’ business operations was also underlined in the research. In the previous 12 months, 99 percent of UAE respondents said their company has suffered downtime. And, on average, they have been the victims of 4.2 ransomware attacks, resulting in company damage and downtime.
However, firms that had successfully eliminated all vulnerabilities and reported no remaining gaps in their technology plan had seen about five times fewer downtime-causing ransomware attacks than those with one or more holes to fix.
Karam said: “The UAE is a global hub for talent, expertise, and innovation, and the ‘Projects of the 50’ brings with it the great promise of ushering in the next phase of growth for the country. This will be achieved when businesses can direct their newly hired talent to focus on innovation projects that help fulfill the country’s aspirations rather than on ‘catching up’. Modernizing data protection can play a key role in freeing up skilled IT team members to work on transformation projects by allowing Artificial Intelligence (AI) and Machine Learning (ML) to shoulder more of the burden. Also, selecting a single data protection platform that can operate across the entire data estate – both in your data centre and the public cloud – can radically reduce the time and effort required to manage data protection.”
