UAE Firms Neglect IT Training, Risking Security

As per the findings from Kaspersky’s Business Digitization survey, merely 18% of companies operating in the UAE have organized cybersecurity training for their employees. Shockingly, 9% of businesses have not provided any IT-related training, neglecting even fundamental IT functions. This lack of training poses severe risks to organizational cybersecurity, as employees without adequate digital skills and knowledge might unwittingly engage in activities such as opening phishing links or downloading ransomware on corporate devices, leading to financial and reputational losses.

Recognizing the demand for training among UAE employees, 8% express a desire for more regular cybersecurity training. This need is particularly pronounced among employees in construction, engineering, education, and hospitality sectors. Emphasizing the importance of a “human firewall” in preventing cyber incidents, Emad Haffar, Head of Technical Experts at Kaspersky, notes that 95% of cybersecurity threats result from human error. Consequently, Haffar advocates comprehensive cybersecurity training for all employees, irrespective of their position within the organization.

To address this gap in digital skills and enhance cybersecurity preparedness, Kaspersky recommends several measures:

1. Conduct regular assessments to identify the most crucial digital skills needed for business operations.
2. Implement cyber literacy courses and training programs, leveraging tools like the Kaspersky Automated Security Awareness Platform—an online learning resource focusing on relevant cybersecurity topics.
3. Raise awareness among employees about emerging cyber threats such as phishing, scams, and ransomware attacks, providing guidance on how to recognize and avoid them.
4. Ensure the effectiveness of endpoint protection solutions, including antivirus and anti-malware software.
5. Employ Endpoint Detection and Response (EDR) solutions to attain real-time visibility into endpoint activities, facilitating the detection, investigation, and response to security incidents on individual devices.
6. Implement Extended Detection and Response (XDR) solutions to integrate and analyze data from various security sources, including endpoints, networks, email, and cloud platforms. This holistic approach enables security teams to detect and respond to threats targeting different organizational components.