The UAE Cyber Security Council has raised concerns over widespread data exposure, revealing that nearly 25 percent of publicly accessible files contain sensitive personal data. The warning comes as part of its ongoing awareness efforts, urging individuals and organisations to strengthen basic cybersecurity practices. In its latest advisory under the “Cyber Pulse” campaign, the Council highlighted that poor file-sharing habits continue to expose users to avoidable cyber risks. The findings point to a growing gap between the use of cloud platforms and the understanding of how to secure shared data.

Public Files and Sensitive Personal Data at Risk

The Council’s findings show that a significant portion of files shared openly online contain sensitive personal data such as identification details, financial records, or login information. This raises concerns about how easily such data can be accessed by unintended users. The issue is not limited to publicly shared files. According to the Council, between 68 percent and 77 percent of privately shared files may also be accessible to unintended recipients due to weak access controls or misconfigured sharing settings. This highlights a broader problem where users assume that private sharing automatically ensures security. In many cases, improper permissions or link-based access can lead to unintentional exposure of sensitive personal data.

Cyber Security Council Highlights Encryption as Critical Safeguard

The UAE Cyber Security Council emphasized that encryption remains one of the most effective ways to protect sensitive personal data. Files that are encrypted before being shared or stored online are significantly less vulnerable to unauthorized access. The advisory noted that cloud storage platforms do not guarantee automatic protection of data. Without encryption, sensitive files remain exposed if access controls are bypassed or misconfigured. Alongside encryption, secure account management plays a key role in reducing risk. Weak passwords, reused credentials, and lack of authentication measures continue to be major contributors to data exposure incidents.

Key Cybersecurity Practices Recommended

To address the risks associated with exposed sensitive personal data, the Cyber Security Council outlined several essential cybersecurity practices. Users are advised to use strong and regularly updated passwords and enable two-factor authentication across all accounts. Avoiding public links when sharing sensitive files is also critical, as these links can be easily forwarded or accessed without proper restrictions. The Council stressed the importance of reviewing privacy settings and managing access permissions carefully. Monitoring file usage and access logs can help identify unusual activity and prevent misuse. Additional measures include deleting unused files and inactive sharing links, securing Wi-Fi networks, and keeping devices and software up to date. Users are also encouraged to review application permissions and limit access to only necessary services. When accessing files over public networks, the use of virtual private networks can provide an added layer of security. Regular data backups and secure database management on cloud platforms are also recommended to prevent data loss and unauthorized access.

Awareness Remains Key to Reducing Exposure

The Cyber Security Council noted that many cases involving sensitive personal data exposure are the result of simple, preventable mistakes. Lack of awareness around basic cybersecurity practices continues to be a major factor. The “Cyber Pulse” campaign, now in its second year, aims to address this gap by promoting safer digital behaviour among individuals and organisations. The initiative forms part of broader national efforts to build a secure and resilient digital environment. By encouraging users to adopt stronger security measures and understand the risks of improper file sharing, the Council aims to reduce the exposure of sensitive personal data and improve overall cybersecurity hygiene. The latest findings serve as a reminder that while technology platforms continue to evolve, the responsibility to secure data often lies with users. Simple steps such as enabling encryption, managing access, and reviewing shared content can significantly reduce the risk of data exposure.

The scale of phishing emails cyberattacks is growing, and the UAE Cyber Security Council is making it clear that the threat is far from under control. In a recent warning, the Council told Emirates News Agency (WAM) that more than 75% of cyberattacks now begin with phishing emails or fraudulent messages, underlining how attackers continue to rely on simple, deceptive tactics to gain access to sensitive systems. The advisory, shared with WAM, points to email fraud as a primary entry point for breaches involving personal accounts, financial data, and institutional systems. These messages are often designed to look legitimate, making them difficult to detect at a glance and easy to act on without verification.

Phishing Emails Cyberattacks Continue at Massive Scale

The numbers behind phishing emails cyberattacks highlight why the problem persists. According to the Council, more than 3.4 billion phishing messages are sent globally every day, targeting individuals across sectors and regions. These messages are not limited to basic scams. Many are crafted to steal login credentials, distribute malware, or collect personal information that can later be used in identity theft, extortion, or broader cyber campaigns. The volume ensures that even a small success rate can lead to significant impact. The Council noted that this type of fraud continues to spread widely, often taking advantage of gaps in user awareness and digital behaviour rather than weaknesses in technology alone.

How Phishing Emails Cyberattacks Trick Users

The UAE Cyber Security Council outlined how phishing emails cyberattacks are typically structured to push users into quick action. Messages may request urgent payments, prompt users to verify accounts, or direct them to login pages through embedded links. In many cases, these emails imitate trusted entities such as banks or service providers. Others rely on offers that appear unusually attractive, drawing users into clicking links or sharing information without proper checks. The Council also pointed to common red flags, including emails with spelling or grammatical errors, unclear sender identities, and requests for personal data without valid justification. Despite being widely recognised indicators, such tactics continue to be used because they still manage to bypass user caution.

User Awareness Remains Central to Prevention

The phishing emails cyberattacks trend places significant responsibility on users, particularly as attackers continue to refine how these messages are presented. The Council stressed that individuals and employees remain a primary target, making awareness a critical part of any defence strategy. To reduce exposure, the Council advised users to avoid interacting with suspicious links or messages and to refrain from scanning QR codes in untrusted environments. It also emphasised the importance of keeping login credentials private and enabling multi-factor authentication across accounts. Regular system updates and application patches were also highlighted as necessary steps to limit vulnerabilities that may be exploited following a phishing attempt.

Reporting Plays a Key Role in Limiting Damage

Beyond prevention, the UAE Cyber Security Council underlined the importance of timely reporting in addressing phishing emails cyberattacks. Users who identify suspicious messages are encouraged to report them immediately rather than ignore or delete them. Early reporting allows security teams to analyse patterns, identify ongoing campaigns, and take steps to block further attacks. In large-scale phishing operations, even a single reported message can help trace and disrupt wider activity. The Council reiterated that quick action at the user level can significantly reduce the overall impact of these attacks.

Phishing Emails Cyberattacks Remain a Persistent Threat

The continued dominance of phishing emails cyberattacks reflects a broader trend in the cybersecurity landscape. While organisations invest in advanced tools and systems, attackers continue to rely on methods that require minimal technical effort but deliver consistent results. The Council noted that safety in cyberspace has become an ongoing challenge, particularly as digital communication channels expand. Email remains one of the most widely used platforms, making it a reliable target for threat actors. The warning serves as a reminder that phishing is not a declining threat. It remains active, widespread, and closely tied to how users interact with everyday digital tools.