Over 223,800 assets hosted within the UAE are potentially exposed to cyber-attacks, with half of the critical vulnerabilities remaining unaddressed for over five years. This exposure, coupled with the surge in advanced cyber-attacks, underscores the absolute necessity of robust cyber defenses in a region that is at the forefront of AI-driven technological innovation and geopolitical significance. The report examines key trends shaping the current cybersecurity challenges, including misconfiguration, which represents 32% of the cyber incidents, followed by improper usage and unlawful activity at 19%.

H.E. Dr. Mohamed Al Kuwaiti, Head of Cyber Security for the UAE Government

The government, finance, and energy sectors are the most targeted by cyber threat actors., ,In 2024, drive-by downloads remained a prevalent method for initial entry vectors used by threat actors, with phishing and web server compromises also of concern. These methods are becoming more sophisticated with the integration of AI tools, enhancing social engineering efforts, phishing lures, and the deployment of deepfake technology to deceive victims.

The trend is compounded by the financial repercussions of data breaches, with the Middle East, including the UAE, recording the second-highest data breach costs globally, reflecting the economic targets of cyber threat actors against the backdrop of Gulf prosperity. eCrime also remains a significant threat, with the number of ransomware groups operating in the UAE witnessing 58% growth. On a positive note, from the first half of 2023 to the first half of 2024, the UAE experienced a drastic decrease in distributed denial of service (DDoS) attacks from 58,538 to just 2,301.

H.E. Dr. Mohamed Al Kuwaiti, Head of Cyber Security for the UAE Government, said, “As we stand on the cusp of a new era powered by emerging technologies, the rise in AI-driven attacks and widening cyber capabilities demand stricter vigilance to secure the future. The path forward requires international collaboration, innovation, and commitment. Together, we will continue building a secure and prosperous digital UAE, where innovation flourishes, opportunities thrive, and our systems remain resilient in the face of any challenge.”

Hadi Anwar, Chief Executive Officer, CPX, added, “The latest cybersecurity report delves into the strategies, policies, and innovations that are shaping the UAE’s digital transformation while addressing the complexities of protecting critical infrastructure and sensitive data. The country’s remarkable progress in cybersecurity reflects a commitment to creating a secure environment where digital advancements and national resilience go hand in hand.”

Hadi Anwar, CEO of CPX

The report also provides an overview of the unique cybersecurity challenges faced by the UAE, including a surge in AI-powered threats, the sophisticated tactics of cybercriminals, and advanced persistent threats (APTs), where state-sponsored actors integrate AI into their attack frameworks. The document emphasizes the need to enhance the country’s defense capabilities and foster a culture of cybersecurity awareness across all sectors. Compiled by CPX’s team of cybersecurity experts, the report acts as a strategic guide for government entities, businesses, and individuals, providing actionable insights to navigate the complexities of a new AI era.

Key best practices to mitigate cyber risks highlighted in the document include:

1. Launch cybersecurity awareness and education initiatives: Crucial for educating government employees, businesses, and the general public about cybersecurity best practices
2. Run regular cybersecurity audits and compliance checks: Key to maintaining the integrity of critical infrastructure and essential services in the UAE in line with international standards
3. Create an asset inventory: Essential for identifying network anomalies and threats missed by traditional defenses
4. Set up a 24/7 Security Operations Center (SOC): A proactive approach to continuous monitoring and analysis of the organization’s security posture
5. Implement Endpoint Detection & Response (EDR): Vital for enabling security analysts or threat hunters to identify compromises effectively and maintain historical process execution records
6. Establish a robust cyber threat intelligence function: Important for delivering critical insights on new and emerging risks to facilitate real-time adjustments to security postures, enhancing overall resilience
7. Develop AI governance frameworks: A cornerstone of ensuring safe and ethical use of AI within the organization

As the UAE continues to lead in digital transformation, addressing cybersecurity challenges requires a concerted effort from government agencies, private sector entities, and individuals to ensure the resilience and security of the nation’s digital landscape.

Huawei experts will participate in keynotes, discussions, and panels throughout the event. Aloysius Cheang, Chief Security Officer, Huawei UAE, will recommend a “return to basics to address cybersecurity challenges of the future” in a keynote on the first day. Meanwhile, Ashraf Esmat Khalil, Head of Solution Architect, Huawei Cloud Middle East, will participate in a panel discussion titled, “Safe or unsafe? Why is cloud security important for business?” and Hulk Zhang, Principle Cybersecurity Engineer, Huawei UAE will participate in the panel discussion titled,  “Future of Cyber Security: Challenges, best practices, and effective strategies to create Cyber-Safe Society.”

Aloysius Cheang, Chief Security Officer, Huawei UAE, said, “Even in the era of advanced threats and highly sophisticated threat actors, going back to the basics and leveraging hard-wired technical capabilities and experience is often the difference between success and failure. The improved efficiency and accuracy acquired through practice and repetition help reduce the margin of error and streamline processes and procedures in any cyber defense activity.”

In his keynote, Aloysius will highlight the importance of recognizing cybersecurity as a critical business enabler and the need for cybersecurity professionals, especially the Chief Information Security Officer (CISO), to get it right. Cybersecurity professionals need to treasure the opportunity given to the CISO in the new digital age where cloud computing heralds a new era and computing is entrenched as a basic utility. Further, IT is hitting the mainstream and IT and security experts are moving into executive management teams and the board as part of corporate strategic goals.

Therefore, building the necessary framework that will allow for solid capacity-building for the youth in the cybersecurity domain is a pre-requisite in today’s digital world, as is upgrading and upskilling for experienced hires or anyone considering a mid-career switch.

“We are committed to adopting open and verifiable security standards such as GSMA NESAS /3GPP SCAS for 5G Security, GSMA 5G Security Knowledge Base, and OIC 5G Security Framework. We have in-depth experience collaborating with our customers on advanced tech and industry 4.0 solutions, including 5G, Cloud, AI, and IoT for major industry verticals. Our expertise and solutions are developed and delivered by observing security-by-design and privacy-by-design principles that will allow our customers to safeguard their digital future,” Aloysius said.