UAE successfully defends and deters malicious cyberattacks

The country's Cybersecurity Council and experts call on public and private sectors to be on alert all the time against cyberattacks

Read more...
by

Waheed Abbas

Published: Sun 7 May 2023, 1:18 PM

Last updated: Sun 7 May 2023, 2:43 PM

The UAE has successfully defended and deterred malicious cyberattacks by proactively, professionally and efficiently responding to attacks targeted at national digital assets and strategic sectors.

The UAE Cyber Security Council stressed that all the country enjoys a highly developed digital infrastructure and national task forces work to strengthen the country's digital space in accordance with best practices and international standards in this regard.

Advertising
Advertising

The UAE, according to Mohammed Hamad Al Kuwaiti, head of cyber security in the UAE, successfully deters over 50,000 cyberattacks per day which target strategic national sectors with the banking, financial, health, oil and gas sectors being the most targeted.

The UAE is ranked fifth position worldwide in the Global Cybersecurity Index of the International Telecommunication Union of the United Nations. Global cybersecurity firm Trend Micro said in its latest report that it detected and blocked over 42 million e-mail threats, prevented more than 17 million malicious URL attacks, and 492,110 URL hosts and 25 million malware attacks.

However, the Council and cybersecurity experts called on public and private sectors to exercise the utmost caution against any attacks and activate the cyber emergency response system to proactively prevent possible malicious attacks.

Tips to protect against cyberattacks:

  • Installing a home-based anti-virus solution
  • Ensure the anti-virus solution is up to date
  • All accounts should have a unique, complex password
  • Consider using a personal password manager
  • Apply security updates to your operating system, browser regularly
  • Do not open email attachments or click links from unknown sources
  • Maintain an asset inventory of all devices, virtual machines, applications and identities
  • Ensure vulnerability, patch and configuration management is applied to all assets
  • Ensure all access using privileged accounts (root, administrator, superuser, database owner, etc.) is managed and access is strictly protected using multi-factor authentication
  • Remove administrator access from all end users and ensure that all applications operate under a model of least privilege
  • Most malware needs administrative access to infect a device and if administrative access is removed, then the vast majority of attacks can be thwarted
  • Implement a cyber security training programme for all employees, staff, volunteers, and contractors

“The rapidly advancing technology landscape brings with it an increased risk of cyber threats, and businesses must take steps to strengthen their digital infrastructure,” said Rasheed Al Odah, managing director for KSA, South UAE, Bahrain and Levant, and MEA at Trend Micro.

Morey Haber, chief security officer at BeyondTrust, said all UAE businesses should exercise caution against cyberattacks and the current risks have fundamentally not changed in the last few years, however, the threats that target local organisations have increased from organised cyber criminals.

“While no business or government entity can truly protect against 100 per cent of cyberattacks, security best practices can protect most organisations from a wide variety of attacks,” he said.

He advised companies to consider using cyber security frameworks like CIS Control Self-Assessment Tools to build a model for their entity and audit the effectiveness of their security controls and processes.

“This can help ensure that your organization has the appropriate security posture to defend against a myriad of common cyber-attack vectors, and personnel are educated on the risks, threats, and mitigation procedures as a part of daily operations,” he said.

Haber added that every organization and individual always consider the recommendation to "trust but verify" for every correspondence that may request some form of transaction, be it financial, information inquiry, or even password reset.

Vibin Shaju, vice-presidents, Solutions Engineering EMEA, Trellix, advised firms to keep the security operation centre on alert to look for abnormal spikes in traffic from new IP addresses and regions.

“Make sure all key admin authentications are covered with multi-factor authentication. Do not ignore chances of targeted attacks, when the corporate resources are focused on volume-based attacks,” he added.

“Defacement of websites is common during cyberattacks and it is important to lock down any changes including access to control panel and DNS management during periods of high alert. If you have a web application firewall implemented,” Shaju added.

ALSO READ:

Waheed Abbas

Published: Sun 7 May 2023, 1:18 PM

Last updated: Sun 7 May 2023, 2:43 PM

Recommended for you