Email Volume Rose During the Pandemic. So Too Did the Number of Email Attacks
UAE highlights regional and worldwide trends in cybersecurity
Eighty-eight percent of UAE-based respondents believe communication technology that aids employees in working together online poses a security risk, the highest level of concern out of any country surveyed in the recently released “The State of Email Security” report for 2021.
Sponsored by Mimecast, a London-based company that specializes in email security, the survey polled 1,225 technology security specialists working in a variety of fields in 10 countries, with the United Arab Emirates acting as the Middle East representative. The study was conducted between February and March 2021 with representatives from companies employing between 250 and more than 10,000 people.
While nearly 90% of the UAE respondents were concerned about the security of online work, so too 70% of respondents from all the countries surveyed were generally concerned about online office communication, which also included Australia, Canada Denmark, Germany, the Netherlands, South Africa, Sweden, the UK, and the US.
A little over half of the survey participants noticed an increase in the number of emails posing security risks over the past year, and 60% said the threats grew more sophisticated.
Mimecast itself recorded a 64% increase in harmful email sent in 2020, during the pandemic, compared to the previous year. It posits that as more employees worked from home, they were more reliant on email, and with increased volume came more attacks.
The UAE has been particularly hard hit by cyberattacks.
Mohamed al-Kuwaiti, the UAE’s Government Cybersecurity chief, said in December that the country had seen, at a minimum, a 250% jump in cyberattacks.
Anuj Jain, CEO of Cybersec Consulting in the UAE, says that within the security field, emails are particularly vulnerable area to attack. “Operating from home, the email communications are more important now than ever. The way attacks are happening, we can see that email is one of the major risks for any organization,” he told The Media Line. “Attackers try to hack the emails which contain confidential email and penetrate the networks.”
“From what I’ve seen this year, the number of email attacks has risen because of a lot of phishing in the market and unwanted emails, which can force users to pay or to lose certain confidential information,” Jain continued. “It’s happening every day.”
Haider Pasha, the UAE-based chief security officer at Palo Alto Networks, Middle East and Africa, said attackers have also exploited the coronavirus pandemic.
“In 2020, we have seen a widespread use of virus-related themes including COVID-19-themed business email compromise campaigns, and on average 1,767 high-risk or malicious COVID-19-themed domain names being created every day, as per our threat intelligence team Unit 42,” he told The Media Line.
Pasha said those sending emails with malicious intent consistently change the subjects of the messages based on what is currently relevant.
“In the early stages of the pandemic, testing kits and PPE were a significant area of focus for attackers. The focus then shifted to government stimulus and relief programs, before pivoting again to the vaccine rollout,” he said.
“As we have seen, attackers continually adapt to the newest trends. As a result, cybersecurity defenses must adapt as well,” Pasha said.
According to Mimecast, 78% of respondents from the UAE had been victims of ransomware attacks in 2020, up 12% from the year before. Almost 30% of Emirati participants who had been impacted by ransomware said the fallout cost them seven days of work or longer.
Fifty percent of UAE respondents said their own companies’ workers presented the greatest security risk, stemming from a paucity of technological awareness.
One step firms can take to make their email more secure is to invest in training, Jain said.
“Until our users are educated to know what is a good or bad email, they will not be able to stop these email attacks,” he said.
Pasha said companies should also put in place certain measures in place to make office email more secure, including “enforcing multifactor authentication and regularly backing up data as a defense against ransomware attacks initiated via phishing emails.”
The rest of the Middle East has also experienced increased threats to email security.
According to the Moscow-headquartered Kaspersky cyber-tech security firm, there were over 2.57 million phishing incidents in the Middle East between April and June of last year. Saudi Arabia suffered the most with a little over 973,000 attacks. The UAE and Egypt, respectively, followed the desert kingdom in the number of phishing emails.
Menny Barzilay, co-founder of Cytactic, the cyber management arm of Herzog Strategic, in Israel, said that in some ways, the Jewish state faces the biggest cybersecurity risk in the region.
“First, the more technology a country utilizes, the more exposed it is. Israel, as a highly technological country, is potentially more exposed than countries with reduced use of tech solutions,” he told The Media Line. “Second, Israel has smart and talented enemies who are actively looking to destroy it. So, while all countries are exposed more or less to the same threat, Israel’s threats are more immediate.”
One way a company can improve cybersecurity is to streamline the process for employees to notify it of potentially harmful email, he said.
“Reporting should be made simpler,” Barzilay said. “By that I mean, create a button that allows any user, with a single click, to send emails that they find suspicious to the security people for review. The easier the process is for the users, the higher the chance that they will report.”
Individuals also face cyber risk on a personal level. However, there are steps people can take to make their email more secure.
“For consumers, it is important to confirm that emails are from a trusted source,” Pasha said. “Individuals must refrain from clicking on links from unknown sources, especially those relating to one’s account settings or personal information, or otherwise trying to convey a sense of urgency.”
Barzilay offers the following words of wisdom:
“A. Stop using your crappy ‘90s email provider and move to one of the big ones like Gmail or Outlook. B. Make sure you use strong authentication [to verify one’s identity], preferably with an authenticator and not text messages. C. Use a unique and strong password for your email account; don’t write it anywhere or give it to anyone. D. Lock your phone with a fingerprint or a strong password. The first thing that a criminal with access to your unlocked phone will do is change your email password. … E. Don’t give third-party apps access to your emails.”