FINAL WORD

The figures speak . In the third quarter of 2022 , the United Arab Emirates saw the largest increase in the number of cyber-incidents in the Asia region .

The figures speak . In the third quarter of 2022 , the United Arab Emirates saw the largest increase in the number of cyberincidents in the Asia region – 151 % compared to the same period last year , according to a report from Checkpoint . And earlier in the year , national media reports were citing a Sophos study that found 59 % of UAE organisations had been hit with ransomware in 2021 , up from 38 % the previous year . Of course , many still pay up rather than face days or weeks of downtime . This not only encourages ransomware gangs to hit the same targets ; it encourages them to up their game , encrypting backups and exfiltrating crown jewels .

Cohesity ’ s findings from our own recent research shed light on how we can take back control and stand tall against threat actors . Cyber-resilience has become a hot topic in the wake of pandemic lockdowns when the region ’ s stakeholders felt the pinch of uncertainty more keenly than ever . Wake-up calls not only forced many to reevaluate their positions on Business Continuity ; they also focused business leaders ’ minds on broader matters of risk posture and compliance maturity . Which brings us back to cyber-resilience .

Many have a false sense of security when it comes to attack scenarios , despite the plethora of headlines telling sad tales of those who were of a similar mindset – until hit by a costly incident , that is . We found that many businesses believed their backup infrastructure was sufficient to recover completely if attacked within the next 24 – 72 hours . But when we look further , a more nuanced and less comforting story emerges . Here are three signs that suggest a security posture is not up to scratch .

1 . Lack of alignment between IT and security

The security team must stick to security and the IT team must focus on backup and recovery . If one considers a modern threat like ransomware , it becomes immediately apparent that this view is outdated . The two disciplines need to become one , or at least collaborate , to ensure that the organisation has a plan to recover in the event of an attack .

We found that 31 % of SecOps decisionmakers considered collaboration with IT to be some degree of weak and 13 % of IT decision-makers agreed . But cyber-resilience is far greater when IT and security teams work together , bound by the same goals and KPIs . If they jointly take ownership of strategy and policy , looking at each through the holistic lens of the NIST Cyber Security Framework ( identify , protect , detect , respond and recover ), they will win more than they lose .

2 . Overconfidence in recovery capabilities

We found 90 % of teams thought they could recover data after an attack . We think this represents a risky overconfidence , especially in light of other findings , such

INTELLIGENT TECH CHANNELS 67