Infoblox has released the findings of its 2023 Global State of Cybersecurity Report. The company has identified security and networking trends that encourage the cybersecurity industry to follow its lead in unifying networking and security teams.
Mohammed Al-Moneer, Regional Sr. Director, META at Infoblox commented, “As per the UAE findings of the report, respondents in the country continue to grapple with securing remote employee- and corporate owned devices, networks and endpoints. Most fear data leaks and cloud attacks and do not believe they have a firm handle on the insider threat. 66% reported one or more breaches in the past 12 months, most likely from phishing, ransomware or another advanced threat. Financial damage is one of the highest in the EMEA region, and system outages or downtime are among the chief fallouts. And despite most anticipating more budget in 2023, few are fully confident they’ll be able to adequately protect remote worker access to their networks or respond to all security alerts—at least without adding more IT staff.”
“Networking and security work better together when they share real-time visibility into application, user and device context,” added Mohammed. “Real-time threat protection and more resilient network performance can only happen when networking and security work side by side.”
Findings from the 2022 study among UAE respondents reveal the following trends:
1. Since the COVID-19 pandemic began, many UAE organizations fast-tracked digital transformations to support remote workers (61%), boosted support for customer portals to support their workforces or customers (46%), and focused network and security controls on the edge – such as SASE, secure access service edge (44%).
2. In the past year, a large share of UAE organizations added remote employee- and corporate-owned mobile devices (59%) and cloud-managed DDI (DNS-DHCP-IPAM) servers (59%) to protect their networks while managing the proliferation and associated security risks from more remote devices on the network. Also, 55% added smart kiosks or similar devices to support remote customers or clients.
3. In the next 12 months, UAE respondents said their organization will be most concerned about data leakage (48%), cloud attacks (40%) as well as attacks through networked IoT (29%).
4. UAE respondents believe their organization is least prepared to defend their organization’s networks against insider threats (15%), direct attacks through cloud services (13%), data leakage (13%), as well as ransomware, supply chain/third-party attacks and attacks through networked IoT, which were mentioned by 11% each. They did not seem confident in workers’ or suppliers’ ability to maintain high security standards, especially with organizations transitioning from on-premises to cloud services.
5. On average, UAE organizations detected more issues resulting from email/phishing attacks compared to any other type. Respondents estimated their organization detected issues resulting from roughly 27 email/phishing attacks in the past 12 months, as well as 17 ransomware attacks, 15 network attacks, 15 device/ endpoint attacks, 14 application attacks and 14 cloud attacks in the same period.
6. Two-thirds (66%) of UAE respondents reported one or more breaches to their organization from cyberattacks—most originating from Wi- Fi access points as a result of a remote workforce (41%), third-party and/or supply chain providers (39%), IoT devices or networks (38%) and cloud infrastructure or applications (36%).
7. Phishing was the most common attack method against organizations that were breached, accounting for 62% of attack methods in the past year, followed by advanced threats (APTs) (53%) and ransomware (51%).
8. Collectively, the estimated average value of UAE organizational losses— including direct and indirect financial losses as well as reputational harm and remediation expenses—resulting from those breached in the past year was roughly 8 million UAE dirham (USD $2.2 million). Organizations that were victims of breaches mostly experienced system outages or downtime (49%), data lockouts due to ransomware (41%) and other malware infections (39%) or data manipulation (38%).
9. UAE organizations used a variety of controls to protect their networked assets in on-premises, cloud-based and hybrid (on-premises and cloud-based) environments. The most prevalent are VPN/access controls (29%) for on-premises; DNS security (48%) and cloud access security brokers, data encryption and secure provisioning and deprovisioning (44% each) for cloud-based environments.
10. On average, most organizations (69%) take up to 24 hours to investigate a threat, with many relying on third-party threat intelligence platforms or services. To aid their investigations or threat hunts, security teams mostly rely on vulnerability information (44%), DNS queries and response (43%), open-source intelligence (39%) and network flow data (38%).
11. The Domain Name System (DNS) provides various security measures to protect organizations and is a key component in virtually all organizations’ security strategies. Respondents reported their organization most typically uses DNS in its strategy to help with the following: protecting against threats like DNS tunneling, data exfiltration and domain generating algorithms that other security tools might miss (61%); helping detect malware activity earlier in the kill chain (57%); blocking known bad destination requests to reduce the burden on perimeter defenses (55%); and informing them of devices making requests to connect to malicious destinations (51%).
12. The top anticipated challenges in protecting against attacks relate to the ability to monitor remote worker access (38%), respond to alerts (31%), shortage of IT security skills (30%) and deal with limited budgets (35%).
13. A majority (62%) of UAE organizations indicated their IT security budgets increased in 2022, and 72% said they expected bigger security budgets in 2023 to combat known and new threats.
14. The most popular planned technology purchases include network traffic monitoring/network detection and response (NDR) and threat intelligence (50% each) for hybrid environments; data loss protection, cloud access security brokers (CASBs) and DNS security (39% each) for cloud-based systems; secure provisioning and deprovisioning (27%), VPN/access controls (25%) and endpoint detection and response (24%) for on-premises protection.