Staying Safe in the Evolving Threat Environment
Nicolai Solling, Chief Technology Officer, Help AG shares insights on how to stay safe in the evolving threat environment.
Cyberthreats are constantly increasing in volume and sophistication as attackers become increasingly skilled and organised. A successful breach can cause business disruption, financial loss, and reputational damage, making it vital for individuals and organisations to be informed regarding the biggest threats and security best practices.
According to Help AG’s State of the Market Report 2023, social engineering attacks remain the most prominent threat in the region. In a social engineering attack, an attacker manipulates the victim into willingly giving up sensitive information or money, often by pretending to be a trusted person or entity. One common type of attack within this umbrella is business email compromise, wherein the attacker sends an email pretending to come from a trusted source. Specifically, we have observed a trend of executive impersonation in the GCC, especially on social media networks. The impersonation of a company executive – for example, C-level or senior management – is used to solicit sensitive information and documents from staff.
Business email compromise is part of a broader attack category called phishing. Among UAE organisations that experienced an attempted phishing attack in 2022, 86% of these were successful, according to data from Proofpoint.
Another major threat is ransomware attacks, whereby the attacker uses malware to lock and encrypt the user’s data, then demands money to unlock the data. Ransomware attacks have been on the rise, and we predict this trend will continue, largely thanks to their high rates of success, which can be attributed to their relative simplicity and their significant, immediate impact on an affected business. Alarmingly, statistics show that 30-40% of UAE-based small organisations do not survive a ransomware attack.
For organisations Distributed Denial-of-Service (DDoS) attacks pose a significant threat. It is when an attacker floods a server with internet traffic in order to disrupt operations. In 2020-2021, we observed a 37% year-on-year increase in DDoS attacks, and while it appears the volume of attacks has currently peaked, the numbers for 2022 remain high, as we have detected over 150,000 DDoS attacks in the UAE alone. This type of attack is a relatively cost-effective method that remains as one of cybercriminals’ favorite ways to create huge disruptions and financial ramifications for the targeted organisations.
This all may seem intimidating, but there are steps you can take as an individual to safeguard yourself and your data. Keep your passwords unique and strong; have different passwords for all your accounts so that if an attacker is able to hack into one account, they cannot easily penetrate the rest. Since it is impossible to remember that many passwords by heart, you can opt to use a password manager. Moreover, if the app or service allows it, make sure you always enable two-factor authentication, which ensures you are identified not just by a username and password, but also with a multi-factor authentication service such as an SMS sent to your phone.
It is also crucial to protect your email. This is one of the most important ways we all communicate and identify ourselves in our professional and private lives, and most people tend to use email to transfer sensitive information and documents. Never open links or attachments from an unknown sender as they could potentially download malware on your device or direct you to a phishing website. Additionally, make sure you know how to check the actual email address of the sender, to ensure they are who they say they are. An attacker may make it seem like the email is coming from a trusted brand, but a look at the sender’s email address may reveal it is inauthentic.
If you do end up clicking a link, make sure you do not provide any sensitive or financial information. For example, no financial institution will ever ask you to provide account details, passwords or credit card information via email. To protect yourself from malicious attachments, make sure to regularly update your software to the latest version, download antivirus software, and install patches.
The last, and maybe most important piece of advice is to stay vigilant and skeptical. Malicious online actors do not discriminate. They cast their nets far and wide, looking for vulnerabilities in both behavior and technology to exploit. And once they’ve breached your defenses, they can take over your digital footprint with ruthless efficiency.
That’s why vigilance is key. Human error is behind most cyber breaches, so education and awareness are vital to protecting you and your family in this digital era. Security always starts with you, so it’s important to be cybersmart, and take control of your digital journey!