Insider threat incidents key issues for data loss, cyberattacks

Unpatched vulnerabilities a haven for threat actors
Insider threat incidents key issues for data loss, cyberattacks
Insider threat

The UAE Cybersecurity Council recently called for businesses to practice greater vigilance against potential cybersecurity threats, a clear reminder that cybersecurity is an ongoing challenge that needs prioritization.

“We’ve seen very promising progress here in the UAE, including a 70 percent decrease in cyberattacks in early 2023, a testament to the UAE government’s forward-thinking and collaborative approach to managing cybersecurity threats,” Hamid Qureshi, Regional Sales Director, Middle East, Africa and South Asia at Entrust.

“We recommend a zero-trust approach, based on the principle of ‘never trust, always verify’, which seeks to proactively defend against an increasingly complex threat landscape.”

Over half of organizations experienced an insider threat in 2022, according to Gurucul’s 2023 Insider Threat report. It found that 75% of respondents said they feel moderately to extremely vulnerable to insider threats, 8% more than the previous year. Organizations are also struggling with insider threats in the cloud and often don’t have the necessary technical capabilities in place to detect and prevent them.

CISOs and Insider threats


Proofpoint, Inc., a  prominent cybersecurity and compliance company, recently published its annual Voice of the CISO report.

75% of CISOs (Chief Information Security Officers) in the UAE and 55% of CISOs in Saudi feel at risk of a material cyberattack, compared to respectively 44% and 27% the year before.

57% of CISOs in UAE and 49%in KSA feel unprepared to cope with a targeted cyberattack.

“Years of sustained remote and hybrid working has resulted in an increased risk around insider threat incidents, with research revealing that nearly all CISOs in Saudi Arabia agree that people leaving the organization contribute to data loss,” said Emile Abou Saleh, Regional Director, Middle East and Africa at Proofpoint.

When it comes to the kinds of threats occupying the minds of the world’s CISOs, four major categories lead the way:

  • Email fraud (33%)
  • Insider threats (30%)
  • Cloud account compromise (29%)
  • DDoS attacks (29%)

For most, data loss came about as a result of an operating system (OS) vulnerability on an endpoint, server or device (36%), an external attack (35%), system misconfiguration (35%) or negligent insider (34%).

CISOs increasingly assume that more employees are exposing data on purpose believing it is emanating from the Great Resignation and more recently, mass layoffs.

A late 2022 Acronis report also saw social engineering attacks jump in the last four months of 2022, accounting for 3% of all attacks. Leaked or stolen credentials, which allow attackers to easily execute cyberattacks and ransomware campaigns, were the cause of almost half of reported breaches in H1 2022.

Read: Gartner’s 9 cybersecurity trends for 2023

Royal Ransomware


The Royal ransomware group has been recently involved in high-profile attacks leveraging multi-extortion tactics against critical infrastructure including healthcare and manufacturing. The group comprises former members of the Conti ransomware group,

Unit 42, cyber security services from Palo Alto Networks, said Royal ransomware extends beyond financial losses to small businesses and corporations. Since 2022, Royal Ransomware has claimed responsibility for impacting 157 organizations, including 14 organizations in the education sector. It is involved in high-profile attacks against critical infrastructure, including 8 healthcare institutions since it was first observed in September 2022 and 14 manufacturing organizations, and publicizing claims of attacking 26 additional manufacturing organizations in 2023.

It compromises victims through search engine optimization (SEO) poisoning. The group made demands of up to $25 million dollars in Bitcoin.

Insider threat

Ransomware threats


Ransomware continues to be the number one threat to enterprises and businesses including government, healthcare and organizations in other sectors. The ransomware market was dominated by 4 players, mainly LockBit,  Hive, BlackCat, and Black Basta.

There is a shift towards more data exfiltration as the main actors are continuing to professionalize their operations. Most of the large players have expanded to MacOS and Linux and are also looking at the cloud environment.

New zero-day vulnerabilities and old unpatched ones are the top vectors of attack to compromise systems.

Cost of breaches


Prominent cyber protection company Acronis’ recent Cyber Threats Report found that the average cost of data breaches was expected to surpass $5 million per incident in 2023.

The report found that threats from phishing and malicious emails have increased by 60% and the use of MFA fatigue attacks (MFA: Multi-factor Authentication) is on the rise.

Candid Wüest, Acronis VP of Cyber Protection Research said. “Organizations must prioritize all-encompassing solutions when looking to mitigate phishing and other hacking attempts in the new year. Attackers are evolving, using some of the tools, like MFA, that we rely on to protect our employees and businesses against us.”

Middle East and Africa cybersecurity landscape


As the Middle East region continues to grow its digital ecosystem, solid cybersecurity strategies remain a top priority. According to security analysts, breaches in Saudi could reach an average of $7 million as the country continues to report 1 out of 5 attacks to be ransomware.

In the UAE, targeted organizations lost over $1.4 million in ransomware in 2022, forcing over 40% of the impacted companies to shut down, according to Acronis.  

For more on cybersecurity, click here.