Infrastructure vulnerabilities a beacon for cybercriminals

Organisations need to conduct regular cybersecurity awareness training to ensure every employee knows how to identify phishing emails, experts said
Organisations need to conduct regular cybersecurity awareness training to ensure every employee knows how to identify phishing emails, experts said

Dubai - Businesses that create cybersecurity awareness for employees, devise plans for response and recovery, and use technology such as AI to stay ahead of the curve will likely emerge better and stronger



by

Rohma Sadaqat

Published: Thu 17 Jun 2021, 8:53 PM

Cybercriminals are increasingly looking to target vulnerabilities that have appeared in organisations across the UAE and Middle East and North Africa (Mena) region to gain access to sensitive data, a trend that has accelerated in the months during the Covid-19 pandemic.

“Cybercriminals are continuously developing new schemes to scam victims and steal personal information for criminal financial gain,” said Brian Pinnock, cybersecurity expert at Mimecast. “One of the most popular, over the last few months, has been to leverage the hype around Covid-19 vaccine rollouts.”

Recently, Mimecast researchers detected vaccine related phishing campaigns that included seemingly legitimate communication from HR departments asking recipients to register for surveys, view supposed vaccination schedules, or log into fake landing pages using their actual login details.

“Any person that makes the mistake of clicking on the links in these e-mails or submitting their real login details to the false websites could not only compromise their own security, but potentially put their entire organisation at risk,” Pinnock said. “This highlights the need for organisations to conduct regular cybersecurity awareness training to ensure every employee knows how to identify phishing emails that could be tricking them into handing over sensitive information. This should be built into any security team’s defense in depth strategy, which ensures cyberattacks don’t make their way into an organisation, by using multiple layers of security, including having a cyber aware workforce.”

Mimecast’s ‘State of Email Security 2021’ report shows that 55 per cent of organisations in the UAE saw an increase in phishing attacks with malicious links or attachments in the last year. The report also found that 50 per cent said that employee naiveté about cybersecurity was one of their biggest challenges, yet only one in five companies provide ongoing cyber awareness training.

“Organisations need to implement effective awareness training programs to protect their staff – and themselves – from attacks like the vaccine themed ones we have seen in recent months,” Pinnock said.

Similarly, Manikandan Thangaraj, VP at ManageEngine, said that cybercriminals are leveraging the pandemic to launch sophisticated cyberattacks. Though there is a slight decrease in ransomware attacks, the rate of data extortion is still on the rise. The sudden shift to remote work and cloud has widened the threat landscape, he said.

“Attackers are exploiting vulnerabilities on remote desktops, platforms and applications,” he explained. “They also launch spear-phishing campaigns and leverage cloud misconfigurations to steal credentials. This extended attack surface has made it difficult for organizations to spot when something goes wrong and even harder to fix it.”

The key to tackling attacks, he revealed, is to build a cybersecurity culture that aligns people, processes, and technology. Businesses that create cybersecurity awareness for employees, devise plans for response and recovery, and use technology such as AI to stay ahead of the curve will likely emerge better and stronger.

“Apart from targeting businesses, the nefarious hackers also prey on individuals,” Thangaraj said. “The GCC region saw an increase in cyberattacks on smartphones during the quarantine. Designing a fake site – such as dub-pay.com in the DubaiCoin incident – that lures the individuals to steal personal information is out at large. Sadly, many people fall for such scams and lose their life savings. Enacting stricter privacy laws and setting up breach investigation department quickly after the incident to analyze the scams might help find the right criminals at the right time.”

rohma@khaleejtimes.com


More news from Tech