Corporate users were the target of about 38 per cent of the 25,811 financial malware attacks recorded in the UAE during the first half of the year as hackers exploited remote working vulnerabilities amid the Covid-19 pandemic, according to cyber security company Kaspersky.
While the number of financial malware attacks fell, compared to the same period a year ago, the proportion of corporate users singled out by cyber criminals is on the rise, the Moscow-based company said on Sunday.
“As local businesses have continued to adjust to remote work scenarios and the rest of the circumstances surrounding the Covid-19 pandemic, we have continued to witness cyber criminals using this to their advantage, exploiting the situation however they can," said Oleg Kupreev, security researcher at Kaspersky.
"When looking at such statistics, we believe it is evident that cyber criminals are more commonly targeting unsuspecting corporate users in the UAE as a way to compromise corporate systems."
Cyber security threats and greater restrictions in global data flows are among the 10 top geopolitical risks in 2021, consultancy Eurasia Group said in its Top risks 2021 report.
As more people work remotely and stay online for longer due to coronavirus-related restrictions, there will be an increase in their exposure to cyber attacks, the consultancy said.
Companies in the UAE have become susceptible to financial malware attacks as more employees work outside the relative safety of the corporate network, Kaspersky research shows.
This distribution of the workforce makes it more critical to ensure the protection of the personal endpoint devices of people, who need access back-end systems to continue performing their jobs, the company said.
Besides securing these devices, cyber security training of employees is important to defend against the "growing scourge" of financial malware that uses phishing techniques on individual users, Kaspersky said.
“It is especially financial phishing that has become one of the most popular tools used by cyber criminals to make money. It does not require much investment or technical expertise from a hacker and can be propagated quickly," said Mr Kupreev.
"In most cases, successful scammers win access either to the victim’s money or data that can be sold or otherwise monetised. For any business, this points to how important it is to address one of the weakest links in the cyber security chain – that of the individual user. It also signifies the importance of remaining vigilant from a cyber security perspective, especially during difficult operating conditions."
Employees must only install applications from reliable sources, such as official app stores, Kaspersky said.
Beyond the basic cyber security solutions and training, companies must also consider using anti-advanced persistent threat and endpoint detection and response technology to further shore up their network defences.
“With the landscape unlikely to change for the foreseeable future, it is best to combine sophisticated cyber security solutions with continuously evolving training to keep employees appraised of the latest threats, especially when it comes to financial malware,” said Mr Kupreev.