A recent study paints a concerning picture of the cybersecurity landscape in the UAE, with nearly all IT security leaders calling for immediate improvements after experiencing major cyber incidents.
The research delves into the challenges faced by CISOs and other high-level security decision-makers following an attack, and it reveals an urgent need for action across three key areas: people, technology, and processes.
A collective call for change
The study’s most striking finding is the universal agreement among respondents on the need for change. 100% of respondents acknowledged the need for improvements after a cyber incident, with over 95% specifically calling for enhanced processes. Notably, all participants agreed that advancements in both people and technology were crucial for bolstering their defenses.
Human factor breaches
The research sheds light on the human factor’s significant role in cyber incidents. A concerning 64% of respondents admitted that incidents were missed due to a lack of resources or essential IT skills within their teams. Meanwhile, 52% pointed to inadequate training as a contributing factor to breaches. Both figures highlight the need for better skills and knowledge interventions within organizations.
Tech gaps expose weak spots
The study also unveiled worrying gaps in technology, leading to less effective cybersecurity measures. For instance, over half (52%) of respondents said that security capability shortcomings contributed to incidents. Another 44% pointed to wrongly configured IT stacks and disabled detection, leaving systems vulnerable to attack. The lack of adequate visibility provided by IT and security tools further compounded the problem, with 40% of respondents struggling to identify and stop intrusions due to limited visibility.
Process flaws hinder efficiency
The research also emphasizes the detrimental impact of inefficient processes on cybersecurity posture. A significant 52% of respondents said they couldn’t execute workflows due to inadequate tools, interfering with their ability to respond to threats effectively.
Manual processes were also identified as a major bottleneck, with 48% of respondents admitting their reliance on manual tasks negatively impacted both mean time to detect (MTTD) and mean time to repair (MTTR).
Furthermore, 44% of respondents cited a lack of documented and implemented processes, while another 44% lamented the lack of context arising from disconnected security controls, creating information silos and hampering effective incident response.
Can XDR turn the tide?
The study also explores the potential of extended detection and response (XDR) as a powerful tool in the fight against cybercrime. 72% of respondents identified XDR as crucial for achieving faster and more efficient threat detection and response.
It’s worth noting that all respondents who did not have XDR deployed at the time of their incident felt that it would have at least mitigated the impact of the breach, and 91% were confident that it could have prevented the incident altogether.
Investing in resilience
This study is a clear call to action for UAE businesses: invest in people, technology, and processes.
At Penta, we’re passionate about optimizing your data and cybersecurity. We are proud to partner with businesses to help them transform their security posture and build resilience against ever-evolving threats.
Contact us today to discuss how we can empower your people and protect your business.