The Top Digital Threats Facing Organizations in the Region

Top threats

• Of nearly 30,000 critical risk alerts identified by Help AG in 2023, the dominant threat categories were found to be Credential Theft (49%) and Brand Abuse (39%), while Data Leakage and Phishing represented 10% and 1.5% of use cases respectively.
• Cyberthreats majorly impacted the Education (36%), Aviation (29%), and Healthcare sectors (15%), which represented a combined 80% of targeted organizations in the GCC.
• Organizations in the Government (8%), Investment (7%), and Banking and Finance (4%) sectors followed, as transactions in these sectors became increasingly digitized.
• There was a 42% jump in Distributed Denial-of-Service (DDoS) attacks in 2023, with Help AG recording 213,434 attacks of this nature.
• The longest DDoS attack lasted for over 5 days, while the largest attack by bandwidth logged in at a record-breaking rate of 461.5 Gigabits per second (Gbps).
• 40% of DDoS attacks targeted the Government sector in 2023, followed by 29% for the Telecoms sector, 9% for Aviation, and 5% for Oil & Gas.
• The Financial and Telecoms sector experienced the largest DDoS attacks by volume, logging in at 461.5 Gbps and 302.2 Gbps, respectively.

• Trends in cybersecurity investment

• In 2023, cyber defense investments doubled amid the continuing digital transformation surge, with GCC enterprises and governments exhibiting growth in:

Cybersecurity Estate Consolidation: 100+% growth in technology and vendor relationships consolidation.

Managed Cyber Defense: Investment skyrockets due to the increasing complexity of the digital threat landscape.

Cybersecurity Advisory: 2x growth in investments due to the growing regulatory compliance requirements.

DDoS Protection: Complementing classic DDoS protection with adaptive solutions.

• Investments spanned preventative, detective, responsive, and predictive controls.
  • Multi-factor authentication implementations rose by 16%, while patch management processes saw a 13% increase, highlighting critical efforts to thwart threat actors and maintain system integrity.
  • Implementation of web application firewalls increased by 9%, and identity access management also grew by 9%, indicating a strengthening of web and identity security frameworks.
  • Privileged access management saw a 10% increase, enhancing security for critical server access, and dedicated data activity monitoring rose by 15%, reflecting growing concerns over data privacy and protection.