UAE companies are getting savvy to phishing scams, survey finds

Ninety-four per cent of UAE businesses experienced phishing attacks but most have a plan in place to avoid further harm

epa07261864 ILLUSTRATION - A person sits in front of a computer screen in Moers, Germany, 04 January 2019. Reports on 04 January 2019 state personal data of hundreds of German politicians, celebrities and journalists have been hacked and posted online. The compromised data reportedly includes credit card details, private chat protocols and contact information. The data was allegedly shared via a Twitter account under the name G0d (@_0rbit) prior to Christmas 2018, which has been suspended in the meantime.  EPA/SASCHA STEINBACH
Powered by automated translation

Ninety-four per cent of UAE businesses experienced phishing attacks, in line with the international average, according to a new survey, as more companies take control of their cyber security strategies so as not to fall victim to such attempts.

Phishing typically comes in the form of fraudulent emails that aim to obtain personal information of victims, such as credit card details and sensitive data like usernames and passwords.

"Sixty to 70 per cent of hackers use phishing as the first step before launching a major offensive," Jeff Ogden, Mimecast's general manager for Middle East and India, told The National.

Phishing emails may also secretly install malicious software, or malware, in victims' computers. Such nefarious installations may be a virus or spyware designed to collect more information which could lead to further fraud.

The UAE was the only country in the Middle East to be included in Mimecast's State of Email Security 2019 report. Over 1,000 IT professionals, working at companies with 250 employees or more, were part of the survey conducted throughout most of last year, 10 per cent of them from UAE firms.

The survey found that 77 per cent of email impersonation attack victims had money or valuable data stolen in the UAE, compared to a global average of 73 per cent. In impersonation attacks, cyber criminals try to get payment approvals by impersonating a supplier in the supply chain.

“Bad boys send emails to companies’ top management requesting approvals of fake invoices. In many cases, invoices are paid, resulting in real tangible losses to the enterprises,” said Mr Ogden.

The most exposed employees in UAE organisations included the top brass - chief executives, chief financial officers and chief information officers.

Six in 10 UAE companies claimed to have a cyber security strategy in place, while the same number of organisations reported business disruption after encountering a phishing attack.

High staff turnover in the UAE is deterring companies from investing in cyber training for all employees, Mr Ogden said.

“During the interviews, many CIOs admitted that they avoid investing in improving employees’ cyber resilience because of high staff turnover rate in the UAE compared to the global average. They consider it waste of money.”

Despite this area for improvement, Mr Ogden said the UAE is performing well in terms of preparedness, required to keep business running in case of a cyber attack. He cautioned vigilance, however, as companies become more tech-savvy.

“We feel more secure about our cyber strategies then the actual reality and it makes us more vulnerable,” he said. “Businesses are becoming more open, tech-savvy and connecting with countless entities in the supply chain that can make them susceptible.”