The UAE has been an early innovator in digitisation, so it comes as no surprise that the nation is leading the charge in the realm of cybersecurity. Last year, UAE authorities revealed that the country has prevented more than 71 million cyberattacks in the first three quarters. Despite the rapid advancements in technology, the UAE continues to take proactive measures to protect businesses against cyberattacks.
However, it would be naive to assume these cyber threats are not simultaneously evolving. According to a recent report from World Economic Forum (WEF), cyberattacks continue to be a major concern for governments and private companies worldwide. A recent study conducted by Veritas found that 40 per cent of organisations worldwide have suffered actual business damage from data security threats like ransomware.
Regionally, governments are looking at cybersecurity and data risks at both a corporation and national level. The UAE’s Personal Data Protection Law came into effect last year, as the first federal law to be drafted in partnership with major technology companies in the private sector. The UAE government has also introduced the second cycle of the Dubai Cyber Security Strategy, to establish a safe and secure cyberspace and strengthen the city’s digital infrastructure.
So, It’s no surprise to see real-world enterprise leaders are proactively responding to the increasing levels of threat, too.
How can your business follow suit and stay protected in our ever-evolving economic and technological landscape? Let’s take a look.
Security budgets and strategies must grow in size and complexity
The research shows that organisations have, on average, increased their data protection budgets across all IT environments. In the UAE, funds allocated to safeguard on-premise data centres have risen by 32 per cent, while resources for both public and private cloud environments have grown by 29 per cent and 35 per cent respectively.
This increase in budgets will likely go towards the implementation of various data protection strategies. Most organisations have implemented a whole manner of different strategies, from the popular malware detection (90 per cent) and multi-factor authentication (84 per cent) to the lesser-used immutable storage (86 per cent) and network isolation through air-gap solutions (84 per cent).
Nearly three-quarters of all those surveyed have implemented each data protection strategy shows the seriousness with which organisations are taking the threats to data security.
IT security teams require extra personnel
Data protection budgets aren’t the only area that has seen an increase over the past 12 months. UAE organisations have also increased their team sizes in data protection and data security, by 93 per cent and 94 per cent respectively.
Against the backdrop of economic turbulence and a challenging business landscape, it may seem strange that organisations have prioritised hiring extra employees. But, on the other hand, it speaks to a level of proactivity and prioritisation that is rightly being placed on these risks despite the wider global economic landscape. F
or organisations to best protect themselves, and avoid financial or reputational damage, having adequate staffing is an important part of the security equation.
With these extra workers in place, 98 per cent of organisations in the UAE, now feel they have enough staff to help them remain protected against data security threats. This confidence perhaps comes from the significant investment these companies are making in technology and talent.
Only time will tell, however, whether this is the case.
AI advancements offer unmissable security opportunities
Beyond new staff, many organisations are looking to capitalise on the exponential development and potential of artificial intelligence. AI offers an ever-growing number of data security possibilities. Today, solutions are available using AI algorithms to look out for suspicious and anomalous network activity, highlight unusual levels of traffic, and detect unauthorised devices. AI-empowered solutions are already available to mitigate cyber risks in real-time.
As a result, more than 77 per cent of organisations across the UAE have already implemented or explored AI to support their security teams and boost security efficiencies.
Another impactful evolution resulting from changes imposed by data security threats has been the shifting focus of workers’ technical roles. Both senior executives and IT practitioners agree that their team and individual responsibilities have become more focused on compliance, security regulations, and managing workloads over the last year.
With AI now able to take on increasing numbers of day-to-day security responsibilities, organisations will be able to shift human expertise to more impactful areas. Perhaps even more importantly, human workers also need the capacity to prepare for the worst—the event that a cyberattack successfully slips through defences and breaches sensitive business data.
Recovery plans and rehearsals are more crucial than ever
In the event of a breach, organisations must act quickly using a well-laid-out, defined, and complete recovery plan. This document should contain detailed instructions on how to respond to a data loss incident or cyberattack, so its impact can be minimised and normal operations soon resumed.
Veritas research has uncovered that while 60 per cent of organisations in the country have a data recovery plan in place, more than a third (36 per cent) admit that it’s only a partial plan. Most worryingly of all, 4% of businesses—in which staff, customers, and stakeholders have placed great trust to store, protect, and even recover their sensitive data—have no plan ready at all for the year ahead.
Similarly, most organisations only perform automatic rehearsal and manual recovery exercises on their data and critical applications every four weeks on average. They must be carried out more regularly to ensure fast recovery from threats and remain up to date with constant changes to data, processes, and technologies. When it comes to the avoidance of financial and reputational repercussions, strong preparation is ultimately equally important as the data security defences themselves.
Risk levels are escalating—are you ready?
During the scramble to tackle the overwhelming threats to data security, organisations must also remember that risk can come from anywhere: emerging technologies, competition, a scandal or a crisis with the brand, among others. When presented with these different risk categories, businesses must realise that their organisation is perhaps more at risk than they initially thought. So, while data security is an important first step, they need to equally remain wary of the wider world of threats. Enterprises are striking back—but the battle is nowhere near over yet.
