26 September, 2021

UAE businesses improve security measures, but ransomware vulnerabilities created by COVID-19-driven IT transformation will last another two years, finds Veritas survey


On average, UAE organisations need an additional $2.52m and 34 new IT staff each to shorten the vulnerability lag and ensure protection in the next 12 months

UAE organisations have made strong progress in their data protection efforts, with 58% saying that their security measures have kept up with their COVID-led digital transformation initiatives over the past 18 months, according to new research from Veritas Technologies, the global leader in enterprise data protection. This is compared to just 43% in last year’s 2020 Ransomware Resiliency Report.

However, there is still significant work to be done. The Veritas Vulnerability Lag Report, which surveyed 2,050 IT executives from 19 countries, including 100 from the UAE, discovered that UAE businesses could still be at risk of ransomware and other data loss incidents that result from the IT security vulnerabilities introduced by their COVID-driven business transformation for another two years. And in order to reduce their vulnerability lag faster and extend their protection to the new technology that they’ve deployed since the start of the pandemic, the average UAE organisation would need to spend an additional $2.52m and hire 34 new members of IT staff.

For organisations to protect themselves against vulnerability to data threats, such as ransomware, their production and protection environments must evolve in parallel: as each new solution is introduced into the organisation’s technology stack, protection capabilities need to be extended to cover it. But all too often, the need to innovate at speed throws this balance out of kilter, creating a vulnerability lag, where systems and data are left unprotected and open to attack.

“Over the last 18 months, businesses have been dealing with the consequences of an event they couldn’t have seen coming. To their credit, they did everything they could to make the best of a bad situation. And the survival of many companies is due to the way in which IT teams supported the necessary transitions, including the massive shift to remote working,” said Johnny Karam, Managing Director & Vice President of International Emerging Region at Veritas. “Unfortunately, as a result of their rapid transformation, many organisations are now lagging behind when it comes to protecting their IT environment, leaving them badly exposed to digital risk. The good news is we’re starting to see UAE businesses begin redress the balance, with 21% confident that they will be able to close the gap this year. But there is still a long way to go.”

Lack of clarity around cloud services and data

Cloud environments are most at risk while this vulnerability lag persists: 77% of UAE respondents implemented new cloud capabilities or expanded elements of their cloud infrastructure beyond their original plans as a result of the pandemic. And 50% of respondents said that they had gaps in their protection strategy here.

Many of the UAE-based IT experts responding to the survey lack clarity about which cloud solutions have been introduced at their companies. Just 46% said they could accurately state the number of cloud services they were now using. They also lacked clarity about the data they might need to protect, with the average respondent admitting that 38% of the data their organisation was storing is “dark” – that is to say, they don’t know what it is – and that a further 49% is Redundant, Obsolete or Trivial (ROT).

Karam said: “In order to properly protect their data, businesses need to have a thorough understanding of the value and location of their data. So, before cloud data sets can be properly protected from threats like ransomware, IT teams need to know exactly what data sits in which cloud services. Worryingly, more than 50% don’t even know how many cloud services their companies are using, let alone what they are.”

Closing the gap to reduce downtime and ransomware risks

The report also highlighted the impact that this vulnerability lag is having on the respondents’ business operations. 99% of UAE respondents stated that their organisation had experienced downtime in the last 12 months. And, on average they had been the victims of 4.2 ransomware attacks that had caused disruption and downtime to their businesses.

However, the global respondents who had managed to eliminate all vulnerabilities and reported no remaining gaps in their technology strategy had, on average, experienced around five times fewer downtime-causing ransomware attacks than those businesses that still had one or more gaps to close.

Karam said: “The UAE is a global hub for talent, expertise and innovation, and the ‘Projects of the 50’ brings with it the great promise of ushering in the next phase of growth for the country. This will be achieved when businesses are able to direct their newly hired talent to focus on innovation projects that help to fulfil the country’s aspirations, rather than on ‘catching up’. Modernising data protection can play a key role in freeing up skilled IT team members to work on transformation projects by allowing Artificial Intelligence (AI) and Machine Learning (ML) to shoulder more of the burden. Also, selecting a single data protection platform that can operate across the entire data estate – both in your data centre and the public cloud - can radically reduce the time and effort required to manage data protection.”

Please visit our website to read the full Veritas Vulnerability Lag Report: https://www.veritas.com/form/whitepaper/vulnerability-lag.