Johnny Karam, Managing Director & Vice President of International Emerging Region at Veritas, delves into the alarming global rise in credential theft and what nations like the UAE are doing to combat this.
The notion of having our identity stolen and used maliciously is a concern that anyone – in UAE or anywhere else in the world – should have in our society today. The vulnerability, the unknowing, and the anxiety around who and why someone would do this, and what they may use it for, is very real. This is bad enough in our personal lives, but when that identity includes administrative credentials to the core cyber resilience solution of a national government organisation, or global multi-national business the impact can be even more devastating.
In both the corporate and public sector, malicious credential theft is on the rise, fueling a huge increase in incidents via compromising privilege escalations. According to a 2024 IBM report, attacks leveraging valid credentials surged by a staggering 71% year-over-year last year, with other reports suggesting credential theft accounts for 49% of cyber security incidents across the country.
While the UAE is leading the charge on integrated legislative and protection policies, like the Cyber Pulse Initiative to enhance public awareness of suspicious online activities and the best possible mitigation steps, due to their extensive access to sensitive commercial, personal, and competitive organisational datasets, system administrators are being targeted even more specifically than ever before.
Cybercriminals are simultaneously designing more complex attacks to gain their credentials and launching them even more effectively with the help of AI-driven processes. Whether it’s GenAI-generated phishing schemes, using video deepfakes, or taking advantage of other new-fangled ways of impersonation, stealing or just plain convincing employees to unwittingly hand over credentials has become a favoured approach whether targeting the entire spectrum of a workforce from C-level executives, to end users, or system admins.
A Fundamental Shift
This alarming trend underscores the urgent need for heightened vigilance and specialised security measures. The rise of advanced session hijacking techniques means relying solely on enterprise-wide Single Sign-On (SSO) solutions is no longer enough. Organisations must fortify their data protection infrastructure with dedicated security controls such as Multi-Factor Authentication (MFA), Multi-Person Authorisation (MPA), Privileged Access Management (PAM), and other robust defences. Safeguarding against credential theft is paramount in defending your organisation’s most precious asset: its data.
A few years ago, concepts like immutability, anomaly detection, and malware scanning were key focal points in hardening data protection defences. These are now considered to be fundamental. These capabilities have forced threat actors to shift more towards going after “soft targets” by taking advantage of phishing, social engineering, MFA fatigue, and other credential-based attacks to log in, not break in, to your infrastructure.
Defence plans must adapt to keep up with the rapidly accelerating threat landscape. While Veritas research showed that the average UAE company hired between 14-16 new staff members across their data protection and data security teams last year, we are seeing a critical point of change with how these expanded teams can continue to effectively safeguard the exponential growth in the value, volume, and vulnerability of corporate data. The wider this gap becomes, the higher the likelihood of a major security breach, lengthy downtime, and/or data privacy compliance risks.
Strengthening Cyber Resilience with New AI-Powered Solutions
Veritas has introduced the industry’s first self-defending data protection solution – an innovative and automated defence against user behaviour-based ransomware attacks. Veritas NetBackup and Veritas Alta™ Data Protection now actively and continuously monitor admin user behaviour and adjust defences such as multi-factor authentication and multi-person authorisation challenges dynamically when anomalies in administrative behaviours are detected. This adaptive, self-learning, self-defence solution is a first for enterprise data protection.
Adaptive, self-learning defence solutions are now a critical part of enterprise data protection and must be adopted to have any chance of maintaining corporate compliance while avoiding devastating reputational damage to any organisation of a major data breach.
Entropy Anomaly Detection
Another critical aspect of this process is time series data anomaly detection. In basic forms, this has been available in the market for quite some time. This technique establishes stable baselines by analysing patterns from backups over multiple weeks, while continuously learning granular data characteristics unique to the protected asset changes. This learning strategy is agnostic to any ransomware type and is referred to as zero-shot learning.
What’s new is the significant improvements to the scale and capability of how this is done. Our solutions allow individuals to detect anomalies online as backups occur, with near-zero impact on performance while at the same time eliminating the need for additional resources or incurring expensive cloud computing costs associated with post-hoc analysis.
This patent-pending innovation helps reduce the time to find and flag potential anomalies for further investigation – particularly important in limiting the potential scope of impact of any breach.
With the rise in ransomware and cyber-attacks means all organisations, across UAE and worldwide, must view being targeted not as an ‘if’ but as a ‘when’. Whatever level of investment in additional staff and training, these tools must also be considered a necessity for any operational resilience to combat the rise of corporate user identity theft and malicious usage.