Latest news with #ITLeaders
National Post
09-07-2025
- Business
- National Post
68% of Organizations Under Attack: New Report from CoreView Reveals Microsoft 365 Security Risks
Article content WASHINGTON — CoreView today announced the release of its new research report, 'The State of Microsoft 365 Security – 2025 Survey,' which reveals alarming insights about the challenges of managing Microsoft 365 environments. Conducted globally, the report includes insights from IT and security professionals across the US, Canada, UK, Australia, France, and Germany, highlighting crucial statistics that underscore the urgent need for enhanced security measures: Article content 49% of IT leaders mistakenly believe that Microsoft backs up their configurations automatically, leaving them vulnerable in the event of a disaster. 51% of respondents have over 250 over privileged Entra applications with read-write permissions, posing significant security risks. 68% of organizations face cyberattacks daily, highlighting the critical need for robust security protocols. Despite the fact that 99.9% of account compromises occur in accounts lacking Multi-Factor Authentication (MFA), only 41% of organizations have implemented MFA effectively. Article content 'In a landscape where 49% of IT leaders mistakenly believe their configurations are backed up by Microsoft, and 68% of organizations are facing constant cyber threats, it's crucial for businesses to reevaluate their security strategies,' says Simon Azzopardi, an expert in cloud security. 'This report serves as a wake-up call, urging organizations to invest in comprehensive security tools and practices.' Article content The report outlines six major pain points that organizations face when securing their Microsoft 365 systems, offering insights into areas such as tenant management, excessive application privileges, and the misconceptions surrounding data backup processes. Key Findings: Article content Tenant Dilemma: Most organizations operate multiple tenants due to complexities related to data security and operational efficiency. Privilege Risks: As the number of applications continues to grow, the associated security risks escalate, requiring tighter governance over permissions. Backup Misconceptions: Many organizations are underprepared, assuming backup solutions are in place when, in reality, they are vulnerable to data loss during an incident. Configuration Tampering: The necessity of detecting configuration changes is emphasized, as many organizations remain unaware of ongoing tampering risks. Article content Availability of the Report Article content The 'State of Microsoft 365 Security – 2025 Survey' is now available for download from CoreView's website. It is an essential resource for IT leaders and decision-makers tasked with safeguarding their organizations in a rapidly evolving threat landscape. Article content About CoreView Article content CoreView empowers organizations to secure, manage, and optimize complex Microsoft 365 environments, including some of the world's largest tenants. The platform provides enterprise-grade cyber resilience tailored for diverse needs, whether managing multiple tenants or consolidating into a single environment. CoreView simplifies administration, strengthens security, and identifies opportunities to reduce costs across your Microsoft 365 landscape. Article content Article content
Yahoo
09-07-2025
- Business
- Yahoo
68% of Organizations Under Attack: New Report from CoreView Reveals Microsoft 365 Security Risks
WASHINGTON, July 09, 2025--(BUSINESS WIRE)--CoreView today announced the release of its new research report, "The State of Microsoft 365 Security - 2025 Survey," which reveals alarming insights about the challenges of managing Microsoft 365 environments. Conducted globally, the report includes insights from IT and security professionals across the US, Canada, UK, Australia, France, and Germany, highlighting crucial statistics that underscore the urgent need for enhanced security measures: 49% of IT leaders mistakenly believe that Microsoft backs up their configurations automatically, leaving them vulnerable in the event of a disaster. 51% of respondents have over 250 over privileged Entra applications with read-write permissions, posing significant security risks. 68% of organizations face cyberattacks daily, highlighting the critical need for robust security protocols. Despite the fact that 99.9% of account compromises occur in accounts lacking Multi-Factor Authentication (MFA), only 41% of organizations have implemented MFA effectively. "In a landscape where 49% of IT leaders mistakenly believe their configurations are backed up by Microsoft, and 68% of organizations are facing constant cyber threats, it's crucial for businesses to reevaluate their security strategies," says Simon Azzopardi, an expert in cloud security. "This report serves as a wake-up call, urging organizations to invest in comprehensive security tools and practices." The report outlines six major pain points that organizations face when securing their Microsoft 365 systems, offering insights into areas such as tenant management, excessive application privileges, and the misconceptions surrounding data backup processes. Key Findings: Tenant Dilemma: Most organizations operate multiple tenants due to complexities related to data security and operational efficiency. Privilege Risks: As the number of applications continues to grow, the associated security risks escalate, requiring tighter governance over permissions. Backup Misconceptions: Many organizations are underprepared, assuming backup solutions are in place when, in reality, they are vulnerable to data loss during an incident. Configuration Tampering: The necessity of detecting configuration changes is emphasized, as many organizations remain unaware of ongoing tampering risks. Availability of the Report The "State of Microsoft 365 Security - 2025 Survey" is now available for download from CoreView's website. It is an essential resource for IT leaders and decision-makers tasked with safeguarding their organizations in a rapidly evolving threat landscape. About CoreView CoreView empowers organizations to secure, manage, and optimize complex Microsoft 365 environments, including some of the world's largest tenants. The platform provides enterprise-grade cyber resilience tailored for diverse needs, whether managing multiple tenants or consolidating into a single environment. CoreView simplifies administration, strengthens security, and identifies opportunities to reduce costs across your Microsoft 365 landscape. For additional information and to request a copy of the report, please contact Anna Michniewska at View source version on Contacts Anna Michniewska at
Tahawul Tech
08-07-2025
- Business
- Tahawul Tech
Lenovo's ‘Work Reborn' report highlights the importance of hyper-personalisation in the workplace
Lenovo's 2025 'Work Reborn' report has offered a compelling blueprint for organisations seeking to harness Gen AI through comprehensive digital workplace transformation. Based on a global survey of 600 IT leaders, the report identifies critical barriers, strategic imperatives, and actionable recommendations that are highly relevant to the region's ambitions. As the UAE and Saudi Arabia continue to lead the Middle East's digital evolution, the future of work is undergoing a profound transformation. National strategies such as Saudi Vision 2030 and the UAE's Digital Government Roadmap are driving innovation across sectors, with Generative AI emerging as a key enabler of productivity, personalization, and strategic growth. Over 80% of IT leaders globally recognize Gen AI's transformative potential, yet 89% acknowledge that its benefits cannot be realized without a foundational shift in the digital workplace. Gen AI excels in automating routine tasks, enabling hyper-personalised support, and enhancing employee experience. In the context of the UAE and Saudi Arabia—where hybrid work models and digital-first policies are gaining traction—Gen AI can be a powerful tool to unlock workforce potential and drive innovation. However, the report reveals that only 39% of organisations are actively transforming their workplaces, while 60% remain in planning or have yet to begin. This signals a significant opportunity for regional enterprises to lead by example. One of the most significant challenges facing digital workplace transformation is the lack of strategic vision. According to Lenovo's research, 55% of IT leaders cite the absence of a clear roadmap that links transformation efforts to broader organisational goals. In the Middle East, this gap can be bridged by aligning transformation initiatives with national digital agendas such as Saudi Vision 2030 and the UAE's Smart Government Strategy, as well as sector-specific objectives. Additionally, competing IT priorities—namely cybersecurity, sustainability, and Gen AI adoption—often divert attention and resources away from workplace transformation. However, as the report emphasizes, digital workplace transformation should be viewed not as a competing initiative but as a foundational enabler of these priorities. Finally, the complexity of transitioning from legacy systems to agile, cloud-based platforms presents considerable risk. Organisations must proactively address concerns related to skill gaps, cross-functional alignment, and employee resistance through robust change management and strategic planning to ensure a smooth and effective transformation journey. Understanding and empowering employees is central to transformation success. The Middle East's workforce is notably diverse, encompassing digital natives, seasoned professionals, and a growing number of hybrid workers. Lenovo's report emphasizes the importance of hyper-personalisation—designing tools and support systems that adapt to how individuals work, rather than forcing them into rigid structures. By engaging employees to identify their needs and preferences, organisations can create personalized digital experiences that boost productivity, enhance engagement, and improve retention. Digital workplace transformation should be positioned not as a standalone initiative, but as a strategic enabler of other critical IT priorities. Lenovo highlights that 89% of IT leaders see transformation as key to unlocking Gen AI's potential. It also strengthens cybersecurity by modernising device management and supports sustainability through practices like device reuse and emissions reduction. By framing transformation as the foundation for achieving broader goals, organisations in the UAE and Saudi Arabia can secure executive buy-in and ensure cross-functional alignment. To execute transformation effectively, organisations must adopt flexible financial models and seek expert guidance. As-a-Service models for devices and IT support convert large capital expenditures into manageable operational costs, offering scalability and agility—especially important in dynamic markets. Additionally, partnering with experienced digital workplace specialists can help navigate complexity, accelerate implementation, and avoid common pitfalls. Lenovo also stresses the importance of robust change management and training programs to ensure employees are equipped to embrace new technologies and workflows, driving long-term success and measurable impact. The vision of 'Work Reborn' is not a distant aspiration—it is an achievable reality for UAE and Saudi organizations willing to lead with purpose, invest in people, and embrace innovation. By transforming the digital workplace, enterprises can unlock Gen AI's full potential, enhance operational resilience, and create a future-ready workforce that thrives in a rapidly evolving landscape. The time to act is now. With the right strategy, partners, and mindset, the Middle East can set a global benchmark for digital workplace excellence
Al Bawaba
26-06-2025
- Business
- Al Bawaba
Nearly Half of Companies in the UAE Opt to Pay the Ransom, Sophos Report Finds
Sophos, a global leader of innovative security solutions for defeating cyberattacks, today released its sixth annual State of Ransomware report, a vendor-agnostic survey of IT and cybersecurity leaders across 17 countries that studies the impact of ransomware attacks on businesses. This year's survey found that nearly 50% of companies globally paid the ransom to get their data back – the second highest rate of ransom payment for ransom demands in six years. While 43% of organizations in the UAE that had data encrypted paid the ransom, 30% of them paid less than the original demand. Globally, in 71% of cases where the companies paid less, they did so through negotiation – either through their own negotiations or with help from a third party. In fact, while the median global ransom demand dropped by a third between 2024 and 2025, the median global ransom payment dropped by 50%, illustrating how companies are becoming more successful at minimizing the impact of the median ransom payment in the UAE was 1.33 million dollars, although the initial demand varied significantly depending on organization size and revenue. Across the globe, the median ransom demand for companies with over $1 billion in revenue was five million dollars, while organizations with $250 million revenue or less, saw median ransom demands of less than $350, vulnerabilities were the number one technical root cause of attacks in the UAE, while 49% of ransomware victims said adversaries took advantage of a security gap that they were not aware of – highlighting organizations' ongoing struggle to see and secure their attack surface. Overall, 54% of UAE organizations said resourcing issues were a factor in them falling victim to the attack, with one third citing a lack of expertise and 30% reporting a shortage of the report reveals that the impact of ransomware attacks on data in the UAE remains significant. In 55% of the attacks, data was successfully encrypted, surpassing the global average (50%). In 43% of those cases, data was also stolen, much higher than the 28% global rate. Despite this, 98% of affected organizations recovered their data, with 68% using backups and 43% opting to pay the ransom, highlighting both strong recovery strategies and ongoing challenges. 'For many organizations, the chance of being compromised by ransomware actors is just a part of doing business in 2025. The good news is that, thanks to this increased awareness, many companies are arming themselves with resources to limit damage. This includes hiring incident responders who can not only lower ransom payments but also speed up recovery and even stop attacks in progress,' says Chester Wisniewski, director, field CISO, Sophos.'Of course, ransomware can still be 'cured' by tackling the root causes of attacks: exploited vulnerabilities, lack of visibility into the attack surface, and too few resources. We're seeing more companies recognize they need help and moving to Managed Detection and Response (MDR) services for defense. MDR coupled with proactive security strategies, such as multifactor authentication and patching, can go a long way in preventing ransomware from the start.' Additional Key UAE Findings from the State of Ransomware 2025 Report: • Exploited vulnerabilities were the most common technical root cause of attack, used in 42% of attacks. They are followed by malicious emails, which were the start of 23% of attacks. Compromised credentials were used in 18% of attacks • Business impact of ransomware- Excluding any ransom payments, the average (mean) bill incurred by organizations in the UAE to recover from a ransomware attack in the last year came in at $1.41 million, below the $1.53 million global average. This includes costs of downtime, people time, device cost, network cost, lost opportunity, etc. - Organizations in the UAE recovered swiftly from ransomware attacks, with 63% fully recovered up to a week, notably above the 53% global average. 15% took between one and six months to recover, below the 18% global average. • Human impact of ransomware on IT/cybersecurity teamsIn organizations where data was encrypted:- 40% reported increased pressure from senior leaders.- 37% say the team's workload has increased since the attack.- 42% report increased anxiety or stress about future attacks. - 18% have experienced team member absence due to stress/mental health remains a major threat to organizations in the UAE. As adversaries continue to iterate and evolve their attacks, it's essential that defenders and their cyber defenses keep pace. Sophos recommends the following best practices to help organizations defend against ransomware and other cyberattacks:• Take steps to eliminate common technical and operational root causes of attacks, such as exploited vulnerabilities. Tools like Sophos Managed Risk can help companies access their risk profile and minimize their exposure.• Ensure all endpoints (including servers) are well-defended with dedicated anti-ransomware protection.• Have an incident response plan in place and tested for when things go wrong. Have good backups and practice restoring data regularly.• Companies need around-the-clock monitoring and detection. If they do not have the resources in-house for this, they can work with a trusted managed detection and response (MDR) for the State of Ransomware 2025 report comes from a vendor-agnostic survey of 3,400 IT and cybersecurity leaders in organizations that were hit by ransomware in the previous year. Organizations surveyed ranged from 100 – 5,000 employees and across 17 survey was conducted between January and March 2025, and respondents were asked about their experience of ransomware over the previous 12 months. Sophos will be releasing additional industry findings throughout the year. © 2000 - 2025 Al Bawaba (
Arabian Business
25-06-2025
- Business
- Arabian Business
UAE companies pay $1.33mn median ransom as cybersecurity threats rise
Nearly half of companies in the UAE chose to pay ransoms to cybercriminals in 2024, according to Sophos's sixth annual State of Ransomware report. The cybersecurity firm's vendor-agnostic survey of IT and cybersecurity leaders across 17 countries reveals that 43 per cent of UAE organisations with encrypted data paid the ransom, with the median payment reaching $1.33 million. The report, which surveyed 3,400 IT and cybersecurity leaders in organisations hit by ransomware over the previous year, shows that 30 per cent of UAE companies that paid ransoms negotiated amounts lower than the initial demand. Most UAE firms recover ransomware data Globally, 71 per cent of companies that paid reduced amounts achieved this through negotiation, either independently or with third-party assistance. 'For many organisations, the chance of being compromised by ransomware actors is just a part of doing business in 2025,' said Chester Wisniewski, director of field CISO at Sophos. 'The good news is that, thanks to this increased awareness, many companies are arming themselves with resources to limit damage.' Exploited vulnerabilities emerged as the primary technical root cause of ransomware attacks in the UAE, accounting for 42 per cent of incidents. Malicious emails initiated 23 per cent of attacks, whilst compromised credentials were used in 18 per cent of cases. The report highlights that 49 per cent of ransomware victims said adversaries exploited security gaps they were unaware of, demonstrating organisations' ongoing struggle to identify and secure their attack surface. Resource constraints affected 54 per cent of UAE organisations that fell victim to attacks, with one-third citing lack of expertise and 30 per cent reporting staff shortages. The impact on data remains severe in the UAE, with 55 per cent of attacks successfully encrypting data, surpassing the global average of 50 per cent. In 43 per cent of these cases, data was also stolen, significantly higher than the global rate of 28 per cent. Despite these challenges, 98 per cent of affected organisations recovered their data. Recovery methods included using backups (68 per cent of cases) and paying ransoms (43 per cent of cases). Ransomware recovery costs below global average Excluding ransom payments, the average cost for UAE organisations to recover from ransomware attacks reached $1.41 million, below the global average of $1.53 million. These costs encompass downtime, personnel time, device replacement, network restoration, and lost opportunities. UAE organisations demonstrated swift recovery capabilities, with 63 per cent achieving full recovery within one week, notably above the global average of 53 per cent. Only 15 per cent required between one and six months to recover, below the global average of 18 per cent. The attacks significantly affected cybersecurity personnel in organisations where data was encrypted. The survey found that 40 per cent reported increased pressure from senior leadership, whilst 37 per cent experienced increased workloads following attacks. Stress levels rose substantially, with 42 per cent reporting increased anxiety about future attacks and 18 per cent experiencing team member absences due to stress or mental health issues. Whilst median global ransom demands dropped by one-third between 2024 and 2025, median payments fell by 50 per cent, indicating companies' growing success in minimising ransomware impact. Ransom demands varied significantly based on organisation size, with companies exceeding $1 billion in revenue facing median demands of $5 million, whilst organisations with $250 million revenue or less saw median demands below $350,000. Wisniewski emphasised that ransomware can be prevented by addressing root causes: 'exploited vulnerabilities, lack of visibility into the attack surface, and too few resources.' He noted increasing adoption of Managed Detection and Response (MDR) services for defence. Sophos recommends several practices to defend against ransomware: Eliminating common technical and operational root causes such as exploited vulnerabilities Ensuring all endpoints have dedicated anti-ransomware protection Maintaining tested incident response plans and regular backup restoration practices Implementing round-the-clock monitoring and detection capabilities
