The interactive session provided practical training in digital asset protection, arming participants with essential skills to identify and neutralize modern cyber threats. Attendees explored the complex relationship between external cyberattacks and internal security vulnerabilities, with particular focus on preventing common but costly mistakes.

Through real-world scenarios, the SearchInform team demonstrated how seemingly minor actions – like clicking a phishing link or processing unauthorized transactions – can trigger devastating ransomware infections or enable sophisticated “fake director” financial fraud schemes. The training emphasized proactive defense strategies to help participants avoid becoming unwitting accomplices in security breaches.

“Our experience in the UAE market demonstrates that stakeholders from both the private and public sectors prioritize information security. In response, SearchInform experts are actively promoting cyber literacy and eager to share their knowledge and experience. The training we delivered at Skyline University College exemplifies effective collaboration between business and educational institutions, underscoring that private enterprises can significantly contribute to enhancing organizational security and implementing strategic governmental initiatives,” commented Artem Volodin, CEO of SearchInform UAE.

The representatives from the university community also underscored the significance of collaboration with pertinent organizations in the training and development of effective cyber security strategies.

“Training proves most effective when it is delivered by an expert with a profound understanding of the subject and extensive practical experience. This was once again reaffirmed by SearchInform experts during the seminar. I would also like to acknowledge the engaging manner in which the material was presented, along with interesting examples and case studies that captured the audience’s attention throughout the event,” stated Eng. Ahmed Farah, Head of IT from Skyline University College.

Customer and supplier data, transactions, pricing, etc.—all of these are vital assets for retailers. In the wrong hands, this asset can turn into a business killer. Employees often, whether intentionally or not, become insiders and cause serious incidents that result in data leakage or fraud. How can retail companies protect themselves and their customers from increasing insider threats? This is the issue we are going to explore today.

Figures Don’t Lie
The fact that insider threats are becoming more frequent is confirmed by various studies. Searchinform’s 2023 Research on InfoSec Incidents in SMEs shows that all surveyed entities experienced insider incidents last year. The number of reports about such cases in the world increased from 66% in 2019 to 76% in 2024. The study by the UAE Cyber Security Council and CPX highlights a 30% increase in insider threat incidents within the Emirates.

Given that retail is the third-biggest sector of the UAE economy, its security is of great importance. The 2023 UAE Retail Report by Adyen reveals that, while 68% of businesses claim to have effective anti-fraud measures, 44% of UAE retailers faced cyberattacks or data breaches last year. Fraud victims increased by 39% compared to 2022.

The Adyen report also shows that 18% of UAE consumers regularly leave online stores without purchasing due to security concerns, while 29% prefer stores with a higher security level. Thus, implementing strong security measures pays off not only financially but also in terms of reputation and customer loyalty.

DLP, The Rescue Ranger
Research shows that employees usually cause internal security breaches unintentionally. For example, many people do not view sending the personal data of staff members to a non-corporate email as something serious. Meanwhile, companies face data leaks and subsequent penalties from regulators.

Malicious insiders who collect and leak sensitive information outside the corporate perimeter for personal gain are less common; they are responsible for about 25% of such incidents. Despite their lower frequency, these cases are the costliest, averaging $701,500 per incident. Organizations must be prepared to protect against both unintentional and malicious insider threats.

So, what measures should retailers implement to effectively prevent insider incidents and keep their businesses and customers safe?

One of the basic tools to address such threats is a Data Loss Prevention (DLP) system. DLP is a practical solution for businesses seeking to strengthen their defences against information leaks and corporate fraud. These types of systems comprehensively monitor all popular data transfer channels, thoroughly analyze incoming and outgoing information, detect and prevent violations by blocking unauthorized transmissions outside the corporate perimeter, and provide administrators with detailed reports.

Advanced versions of modern DLP systems can offer extra features, such as detecting complex corporate fraud schemes, equipment theft, working for competitors, poor performance, and more. Next-gen DLPs have capabilities for eliminating problems that previously were impossible to solve, for example, protection against malicious insiders taking photos or screenshots of corporate device screens. These kinds of solutions also provide control over messengers protected by end-to-end encryption.

However, not all companies, especially small ones, can afford to maintain an in-house DLP. Even if the organization has sufficient budgets to purchase software licenses and required hardware, the system still requires a qualified administrator. This comes at an extra cost, what’s more, there’s a severe lack of information security officers on the market. If you need a solution without a huge financial burden and HR-related issues, the Managed Security Service (MSS) with integrated next-gen DLP can be a perfect choice.

A dedicated information security officer will configure the service according to your requirements, maintain it, ensure monitoring, prevent incidents, notify you about the violations and provide comprehensive reports on what’s happening in the company. Meanwhile, you retain full control over the processes and decide on the steps to be taken. This approach ensures comprehensive protection without overwhelming your budget.

How DLP Protects Retail: Real-Life Cases
Now let’s take a look at some of the cases from SearchInform experts’ practice. In all of them, companies managed to identify intruders and violations using the DLP system.

Case #1: Good Old Kickbacks
A car dealer deployed a DLP system to detect episodes of corporate fraud. Due to the security policies set up for identifying kickback attempts, a couple of malicious insiders within the organization were caught red-handed.

One of the sales managers tried to deceive a client by falsely claiming she was ineligible for discounts and then offered her a “special” discounted price in exchange for a kickback. He applied a standard discount available to all clients, presented it as a beneficial deal, and requested a 2% cash payment for himself and his superior.

Another manager colluded with competitors by sending overpriced quotes to customers and passing their contacts to a rival dealership. There, clients were offered the same cars for 6–7% less but were asked to partially pay in cash. The cash payment was meant to be a reward for the tipster.

The first scheme would have cost the dealership $900 per transaction, totalling $225,000 per year, with the risk of lawsuits. The second scheme would have resulted in a monthly loss of $400,000 due to client outflow. Thanks to DLP monitoring and analysis of these insiders’ social media chats, IS officers could prevent fraudulent activities with serious consequences.

Case #2: Friendly Leak
An IS analyst at a retail company detected an attempt to leak information. As it turned out, the sales manager and the director of a competitor company were buddies. They came up with a simple fraud scheme: the sales manager was supposed to pass information about potential customers on to competitors for a certain amount of money. With the help of a DLP system, the information security analyst detected the employee starting to copy the customer base to an external hard disk. This became the basis for launching an investigation that prevented the incident.

Thanks to the DLP system, the company managed to avoid damage that would have been estimated at millions of dollars.

Case #3: Great Fraud Wall
One day, a retail company received a letter from its Chinese supplier. Foreign colleagues were requesting payment for purchased equipment. There was also a warning that the bank account details had changed and the money needed to be transferred to a new account. This aroused suspicion among the IS department specialists, and they initiated an investigation using DLP. It was discovered that an employee had received a message with the real account details but attempted to replace them with fake data. The employee was fired. The company successfully avoided financial losses.

The invoice from the Chinese supplier amounted to $370,000. Had the incident not been uncovered, the company would have lost that money and faced a serious misunderstanding with its foreign partner.

Case #4: The Calamoo-ty
A small organization that sells dairy products deployed a DLP system for testing. They set up a file containing the company’s budget, expenses, and revenue for search and tracking, with access restricted to top managers. Suddenly, one of the employees uploaded the document to her laptop and emailed it to a colleague. The investigation revealed that she had been accessing the commercial director’s computer during her spare time to view his files. The employee was dismissed, and her supervisor received a briefing on the importance of protecting confidential data from unauthorized access.

The leak of this file could have not only intensified competition with existing enterprises but also provided a basis for new competitors to enter the dairy market. The potential damage from such an incident was estimated to be approximately $850,000.
_________

As can be seen from the cases, Data Loss Prevention systems play an important role in protection against internal threats. This also was highlighted by Saeed Al-Shebli, Deputy Director of Digital Security at the Ministry of Interior of the UAE, in his latest column. He pointed out that DLP solutions enhance security by preventing users from copying, transferring, or leaking data.

The partnership will empower Green Circle to deliver comprehensive protection against internal threats, such as data breaches and unauthorized access. SearchInform’s DLP solutions are specifically designed to address the unique security challenges faced by organizations in the region.

“SearchInform’s solution ensures protection against corporate fraud attempts, and intentional or accidental data leaks, along with monitoring employee activities, revealing idleness during work hours, cooperating with competitors, corporate equipment theft, and much more. Our clients have been feeling the need for such a comprehensive solution for a while. Now we are providing it. Also, with this solution integrated into our managed services, customers can achieve full compliance with key regulatory frameworks in the KSA, including the National Cybersecurity Authority’s Cybersecurity Controls, the Data Governance Maturity Guideline from the Communications, Space & Technology Commission, and the Personal Data Protection Law (PDPL) issued by the Saudi Data & Artificial Intelligence Authority (SDAIA),” said Mohammad Alkhudari, Green Circle CEO.

To cater to the specific needs of the Saudi market, SearchInform has enhanced its technology with additional security policies tailored for Saudi Arabia. These policies cover sensitive personal information, including IBAN numbers and Saudi ID details, as well as corporate infrastructure data. This ensures a more thorough analysis and detection of potential risks and suspicious activities.

“The Saudi market is a very fast-growing market in terms of data protection. We are confident that over the next year or two, this partnership will lead to significant business growth. As internal threats are on the rise, it is critical for companies to strengthen their defences. Our collaboration with Green Circle marks an important milestone in elevating the overall data protection standards of KSA organizations,” commented Sergey Ozhegov, SearchInform CEO.

Both companies believe that the comprehensive DLP solution, combined with Green Circle’s managed security services, will be a valuable asset for Saudi Arabian customers. The partnership will also address the critical shortage of cybersecurity professionals in the region by providing managed services for deployment, configuration, and administration.

This survey involved business executives, information technology and security (IT, IS) professionals, and Chief Information Security Officers (CISOs) from both public and private sectors. The research aimed to evaluate the current state of corporate protection and identify priorities in ensuring information security amid the region’s unique challenges. Notably, 80% of respondents reported an increase in their information security budgets over the past year, reflecting a growing recognition of the need for robust security measures. Only 22% of respondents reported budgets haven’t changed, no one reported a decrease in budgets.

SearchInform’s findings indicate that while many organizations have implemented basic cybersecurity measures such as Antivirus, Next-Generation Firewalls (NGFW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) and Endpoint Protection Systems (EPS); there is still a significant gap in the deployment of more advanced systems like Data Loss Prevention (DLP) and Security Information and Event Management (SIEM). These tools are critical for real-time monitoring and internal threat protection, yet only 29% of companies have implemented DLP, and a mere 5% have adopted SIEM systems.

Lev Matveev, Chairman of the Board of Directors at SearchInform, commented on the survey results, stating, “The increasing reliance on MSS highlights the ongoing shift in how organizations are approaching their cybersecurity needs. Outsourcing provides access to specialized expertise and technology, which is particularly vital in regions facing a shortage of skilled information security professionals.”

The research also revealed that internal threats are coming to the fore. More than half of respondents admitted experiencing one or more information security incidents, caused by insider actions. “To effectively combat internal threats, increasing the cybersecurity literacy of employees will reduce the risk of undesirable incidents. The second measure is the implementation of protective solutions that help prevent both accidental and deliberate incidents, such as data leaks, corporate fraud cases, theft, kickbacks and bribery, illicit access to confidential data, etc. In this regard, the integration of DLP and DCAP systems is necessary. DCAP-class systems that perform corporate file system analysis, classify data stored in the organization, handle the task of distributing access rights, and prevent the risk of data leakage and misuse at the initial stage. These are important components of the protective system, and the concept of DCAP systems is highly recommended by Gartner experts,” Matveev commented.

As the demand for MSS continues to grow, SearchInform’s local subsidiary in the UAE has seen strong interest from both businesses and governmental organizations, underscoring the importance of managed services in addressing the region’s complex security challenges. The global MSS market size is expected to grow from USD 30.6 billion in 2023 to USD 52.9 billion by 2028, with a Compound Annual Growth Rate (CAGR) of 11.5%.

75% of information security experts consider insider threats more dangerous than hacker attacks. This is proven by the SearchInform survey conducted annually. Insider threats include data loss, fraud, theft, kickbacks, business on the side, etc. These are serious risks for any business, resulting in major financial losses, reputational damage and fines from law enforcement agencies. Nevertheless, many companies still do not ensure reliable protection against insider threats.

The reasons are the following:

• Hardware and software for data protection are costly
• The market lacks data security experts
• SMEs cannot compete with large enterprises to engage professionals.

According to our 2022 survey, one-third of companies recognize an acute shortage of information security experts and cannot ensure protection in-house. Therefore, in 2019 we decided to launch a managed security service based on our protection solutions, which gives the opportunity to use them without hiring security specialists.

The SearchInform service provides protection against data breaches, internal fraud, document forgery and other violations by employees. It solves the tasks of monitoring employee working hours, compliance with legal and regulatory requirements, and many more.

We take on all tasks that are usually handled by in-house security staff. Our experts install and maintain security software, customize security policies for effective control, constantly monitor the situation in the company, detect incidents and investigate them. The client receives detailed and visual reports, as well as emergency alerts if it is required to take urgent measures and prevent an incident.

Availing the service, the client does not need to hire a security expert and therefore does not need to spend on social benefits, vacations or sick leaves. The client’s business remains protected if a security employee resigns or takes an unpaid leave. At the same time, our analyst has diverse work experience, knows the solutions well and has all the necessary competencies to work with them.  Since we are unacquainted with the client’s employees, our expert will be impartial and will not take anyone’s side. All this allows the clients to save time and money.

When do companies really need MSS?
According to our observations, the service is the best choice for companies with 30-500 employees and without an in-house IS department.  When the staff number increases, top managers can no longer control everything and face a high risk of incidents.

Here are a few common situations when you should choose managed security service.

1. A company does not have internal security officers or lacks the budget to form a security department. Our service was originated to make data security more affordable. It significantly reduces the company’s costs, as there is no need to purchase software licenses, hardware, or hire a full-time information security officer. 
2. Full-scale protection is required immediately. Companies often turn to managed security services after an incident has already occurred. It becomes clear that to prevent this in future, it is necessary to implement special security software, purchase additional equipment, and hire a data security officer. These steps will take a lot of time. The service will start protecting your business within 1-2 days.
   
3. A company is not sure that the purchase of security systems will pay off eventually. Our service is an opportunity to test them in real conditions and assess whether they are worth purchasing in each specific case. One first month of the service is free.
4. A company wants to conduct a security audit and get a complete picture of the corporate security. The service allows you to quickly find out what data is stored, where exactly it is stored and whether there are access rights violations. As far as the first month, our expert detects cases of corporate fraud, document forgery and other violations, as well as cases of idleness, business on the side or work for competitors. 
5. For compliance with regulatory requirements. More and more regulations are being adopted or waiting to be adopted. SAMA, GDPR, and DCC incentivize companies to take measures to ensure data security. Some regulations, such as the UAE Information Security Regulation issued by the United Arab Emirates Telecommunications and Digital Technology Authority, even stipulate the use of DLP as a means of preventing data loss. To avoid the risk of hefty fines or lawsuits for non-compliance, you can use our managed security service.

I believe that outsourced data security should soon become as widespread as outsourced accounting or IT services. It is just a matter of time.

SearchInform offers a free trial version for one month! 

During this month, clients can assess whether the service really meets their needs. According to our experience, 100% of companies discover some kind of problems during the trial, ranging from the idleness of their employees to corporate fraud and confidential data leakage. 70% of companies that request a free trial continue to work with us.

Request a free trial of the service for one month!

Contact us for more information:
Email: uae@searchinform.com
Office Address: 10C-15, I-Rise Tower, Hessa Street, Barsha Heights, Dubai, UAE.

– Sponsored Content

Today, the amount of digital data is growing steadily. At the same time, the information is often more valuable than physical assets and therefore becomes a subject of interest for intruders. To protect your company, it seems like you don’t need much: an onboard IS specialist, advanced protective software and the hardware required. But, if it’s so simple, why is the number of data breaches and cases of corporate fraud increasing year after year? I see several reasons for this:

1. For small and medium-sized businesses it’s often too expensive to purchase the protective software and equipment required. Even large companies do not always allocate sufficient budgets for information security issues, and for SMBs, the situation is much more complicated. Paying a one-time fee of several hundred thousand dirhams for software, and equipment and hiring a specialist on staff is an impossible task for SMEs.
2. There is a shortage of information security specialists on the market. According to SearchInform statistics, 1/3 of companies’ executives admitted this problem.
3. Information security is much more skewed towards protection against external threats – viruses, hackers, and DDOS attacks. Internal risks are underestimated, although there are convincing statistics, revealing, that in 2022, more than 72% of companies in the UAE experienced information security incidents due to their employees’ actions.

How to ensure protection against data leaks without having an in-house Information Security Department?
To make information security more accessible to all organizations, regardless of size or revenue, we at SearchInform launched the internal threat protection outsourcing service in 2019. We take on all the tasks – from software installation and configuration to providing a professional IS analyst who monitors the situation in the client company, provides reports and prevents IS incidents.

Our service enables to:

• Ensure protection against data leaks;
• Detect cases of fraud, document forgery, etc.;
• Monitor employees’ activities;
• Detect cases of third-party employment and work for market competitors;
• Comply with regulatory requirements;

and much more.

I’ll focus on the most common incidents that our outsourcing analytical experts detect in customers’ companies, often during the first month of service usage.

Data leaks
More than 90% of companies face data leaks, one of the most dangerous types of data-related incidents. The most frequently leaked types of data are customer databases, technical information (e.g. drawings) or know-how, followed by accounting and financial documents. Clients’ and customers’ personal data is one of the most sensitive types of data leaked.

Case: the information security analyst detected an attempt to send a passport scan to an external email account. He prevented the operation of document sending and investigated the incident. It turned out that the hotel employee had an acquaintance who bought passport scans and IDs to confirm identity on online casino resources, carsharing services, etc. The employee intended to send passport scans in order to receive a monetary reward.

Inefficient use of working time and idleness
It’s easy to calculate how much a company loses if its employees spend 60% of their paid working hours on social media. Are you ready for such expenditures? In addition, the idleness of individual employees affects the entire team’s morale.

Job search
Employees have the right to search for jobs, but if they do so, the employer should be aware of it to either retain the employee by offering him/her new terms and conditions or to prepare for the employee’s replacement. If dismissal is unavoidable, the employee’s access rights to confidential data should be reconfigured to prevent information leaks.

Document forgery, corporate fraud and theft
Overall, in 86% of companies, fraud attempts were detected. Kickbacks, bribery and document forgery are also widely spread. Our analysts identify not only cases of data falsification in documents (e.g., suppliers’ quotations), but also cases of executives’ signatures forgery. Unfortunately, it is not very difficult to forge documents today – most intruders use Photoshop for this purpose. As a result, companies suffer financial losses and, in some cases, experience reputational damage.

Case: A manufacturing enterprise was losing $97,000 to $120,000 per month as a result of pipe theft. The company executives requested an investigation. Our outsourcing IS analyst revealed the fraud scheme by obtaining duplicate waybills: one for 3, and the other for 4 pipes. 4 pipes were transported through the VCC, one was unloaded along the road, and only 3 pipes were delivered to the client.

Violations of access rights distribution
Such incidents are detected in most companies. Improper data storage and misconfiguration of access rights are among the most serious incidents. If employees outside of the financial department have access to financial documents, sooner or later, the data leak will occur.

Side companies and third-party employment
Employees moonlight during paid working hours; they often use insider data to work for market competitors or to start their own businesses to compete with their employers.

As a result, on average 70% of clients continue to work with us after a free trial month.

When communicating with potential customers, I make a simple argument: information security is an investment that pays back many times over. In most companies, the cost of InfoSec outsourcing will not just be recouped, the customer will get a benefit, due to the identification and elimination of fraudulent schemes, business pain points such as employees’ side companies, work for market competitors, third-party employment and staff idleness.

Request more information and get a one-month free trial of the SearchInform service: https://ae.searchinform.com or write to us at uae@searchinform.com

– Partner Content