by Lev Matveev, founder of SearchInform

The frequency of cyber incidents in the UAE continues to rise. A recent study by Kaspersky Lab indicates that 87 percent of businesses have faced cyber incidents within the last two years.

Moreover, 2024 has seen a 30 percent uptick in insider attacks, which include both intentional and accidental data breaches, company database theft, and violations of security protocols by employees, including internal fraud and theft. In light of these escalating threats, various strategies are being developed and executed to bolster cybersecurity throughout the region.

What does SearchInform do?

SearchInform specializes in information security, risk management products, and internal threat protection as an MSS provider.

With over 20 years dedicated to producing information security software, our solutions focus on preventing the leakage of sensitive information, protecting against corporate fraud, document forgery, theft, and unfair competition, in addition to combating lobbying tactics.

Our software also aids organizations in maintaining compliance with regulatory standards, such as the Federal Decree Law No. 45 of 2021 Regarding Personal Data Protection.

Moreover, our software is instrumental in detecting resource misuse and streamlining inefficient business processes.

We entered the Mena market in 2019 by selling product licenses and established our own office in Dubai in 2023, providing information security outsourcing services to businesses and organizations in the UAE. This unique approach allows the service provider to manage all tasks related to mitigating insider threats.

We offer software solutions, including DCAP and DLP systems, and allocate an information security analyst to the client. This analyst collaborates with existing systems to provide the client with comprehensive reports. Our services operate on a subscription basis.

Dr Al-Kuwaiti has recently announced the adoption of the new cybersecurity strategy. Does SearchInform support such strategic initiatives?

The complete text of the document is not yet available, but the high-level conversation around cybersecurity in the UAE is a positive indication! Constructing a digital state without a solid information security strategy is akin to building a home without a foundation.

Prior to the adoption of this strategy, Dr Al-Kuwaiti emphasized the importance of data protection, stating, “data is the new oil, and safeguarding it is vital for the integrity and credibility of our digital economy.” Notably, there has recently been a shift in focus towards defending against insider threats, which can inflict the most significant damage. Many successful external attacks occur with the direct or indirect complicity of insiders.

To illustrate my point, in 2023, over 72 percent of organizations in the UAE experienced data loss attributed to internal actions. Additionally, the upcoming State of the UAE Cybersecurity Report 2024, slated for release at the end of 2024, is expected to reveal nearly a 30 percent increase in incidents involving insider threats.

So, are hacker threats being overstated and should we be more concerned about protecting ourselves from insiders instead?

While external threats are significant, the industry has adapted to defend against them. What is truly alarming are internal threats, which have previously gone unnoticed. Thankfully, progress is being made in this area.

How exactly is the situation improving?

In the UAE, the need to protect against insider threats has been underscored by Lt Col Saeed AlShebli, deputy director of the digital security department at the Ministry of Interior.

He points to the implementation of Data Loss Prevention (DLP) and Security Information and Event Management (SIEM) systems as essential measures for protecting against data leaks and harmful user behavior.

The UAE Information Assurance Regulation, issued by the Telecommunications and Digital Regulatory Authority, advocates for DLP implementation to secure against information leaks. Thus, it’s evident that this concern is recognized at the government level.

However, not all organizations have the budget or personnel necessary to deploy these systems. There is a shortage of qualified specialists available to manage such protective solutions, and many organizations lack the experience and funds for an extensive security software rollout.

To enable as many companies and organizations to protect themselves against insider threats and address these ongoing challenges, we have introduced information security outsourcing in the local market.

This service provides comprehensive, turnkey protection, making security both accessible and cost-effective. We view this as an opportunity to advance cybersecurity within the UAE and support strategic initiatives.

How does MSS enhance the security of organizations and businesses in practice?

Given the shortage of specialists and budget constraints, many organizations avoid implementing security software and remain vulnerable to exploitation by dishonest employees. Clients often face the burden of purchasing security software licenses, acquiring necessary hardware, or hiring skilled information security personnel—an expense that can exceed AED 414,000 annually for a company with 100 PCs.

With MSS, payments are subscription-based. For the same organization with 100 PCs, the costs would be approximately AED 14,000 monthly for protection, a much more manageable figure for such an organization.

Our experts deploy the software, including DCAP and DLP systems, in the cloud—either on our side or the client’s, as agreed. An experienced information security specialist engages with the client to identify control priorities and collect essential information about their business processes.

Afterward, ongoing monitoring begins, in which the analyst protects the company’s assets, detects any employee violations, prevents information security incidents, and ensures compliance with regulations.

Every activity is conducted within a secure perimeter, with the analyst signing a Non-Disclosure Agreement (NDA) with the client. Clients have the flexibility to adjust protection priorities or assign new tasks—this service is highly customizable.

This service not only provides exhaustive business protection but also acts as a dependable business partner, critical in today’s environment.

What incidents do SearchInform’s specialists most frequently prevent and detect for local clients?  

Common incidents identified by analysts in various organizations include attempts to leak sensitive or confidential information (including PII, proprietary information, and financial documents); internal fraud (such as forgery of documents or signatures, theft, and kickbacks); misuse of corporate resources and equipment; idleness; internal conflicts and dismissals; and “risky” user behavior.

What are the consequences of internal information security incidents?

For example, leaked PII can enable attackers to execute successful social engineering campaigns. Similarly, the leak of technical details, such as network architecture, could allow external attackers to conduct sophisticated attacks on an organization.

Leaked proprietary information might provide competitors access to advanced technologies, jeopardizing a business’s success or even its survival. Furthermore, confidential data leaks can negatively impact a company’s financial performance. Lastly, breaches involving governmental agencies may pose risks to national security.

What type of incidents would SearchInform’s specialists rank second?

Corporate fraud is a significant issue, with documentation forgery being one of the most serious and frequently identified concerns. An instance includes inflating procurement costs or awarding unjustified bonuses.

A more nefarious scenario could involve forging a legitimate employee’s signature to falsely claim successful completion of prototype testing.

In an outsourcing case study, a company employee engaged in forging bank seals on payment orders. Initially diligent in her role within procurement, she eventually compiled a “collection” of various commercial proposals and devised a fraudulent scheme.

Rather than genuinely collecting partners’ business proposals, she collaborated with one company to lobby for a fee while manipulating others’ proposals using Photoshop to include less favorable pricing.

This created the illusion that the “suitable” proposal was, in fact, the most advantageous, even though this was not true. As a result, the employer faced regular financial losses of tens of thousands of dirhams.

What does “dangerous user behaviour” mean in professional terms?

This term encapsulates a wide range of risks, with many scenarios being unpredictable. Continuous monitoring by an analyst is necessary. For instance, engaging with potentially hazardous websites unrelated to an employee’s tasks may harm their PC.

Interacting with phishing emails can lead to ransomware infection on an employee’s PC, which further impacts the organization’s infrastructure. The same applies to “shadow” software that employees might install on corporate devices without authorization.

In another recent case, our analysts saved a client tens of thousands of dirhams per month by identifying software applications that employees were not actually using. This discovery allowed them to discontinue subscriptions to unnecessary services, generating considerable monthly savings.

Do you think that idleness and misuse of corporate resources are also information security risks?

Although it may not be immediately obvious, the answer is a resounding yes. Systematic idleness can lead to consistent profit shortfalls and unwanted costs linked to maintaining employees who engage in non-work-related activities during business hours.

In a company with 100 employees, typical monthly losses from idleness can exceed AED 250,000. Furthermore, such behavior can demotivate colleagues as well.

What are the risks originating from internal conflicts and dismissals?

A practical example demonstrates this well. An analyst uncovered inefficiencies in one department at a client company, ultimately linking the issue to the department head. The workload distribution was poor, and the manager spent most of his time on unrelated external activities while making inappropriate remarks about his team.

The situation escalated when a key employee with valuable skills began to search for new job opportunities. Our analyst gathered evidence and raised the issue with company management, allowing them to address the problematic supervisor and restore order to the department.

As a result, the company avoided losing a valuable employee, increased departmental efficiency, and retained resources thanks to the service.

What are the essential steps to take in order to safeguard a company against internal threats?

First and foremost, it’s vital to recognize that information security is an integral element of corporate culture. Every employee, from frontline staff to senior management and information security specialists, carries a shared responsibility.

Ensuring that the team remains informed about risks and threats is crucial, as well as conducting awareness initiatives regarding data handling procedures while emphasizing that data is an asset, akin to office equipment and computers.

Moreover, it’s essential to adhere to the practice of “limited data sharing” and avoid the use of unlicensed software. Regarding practical technical measures, the specific steps will differ based on each organization’s unique circumstances, current business processes, and team structure.

Nonetheless, several measures should be universally adopted across all organizations:

• Implement antivirus solutions; ideally, consider adopting an EDR platform instead.
• Classify data within the corporate infrastructure and assign appropriate access rights.
• Secure communication channels for data transmission.
• Limit or prohibit transmitting confidential information through unauthorized channels and restrict using personal communications on work devices.
• Maintain continuous monitoring of all organizational activities.