The UAE Cybersecurity Council (CSC) reports: since the beginning of 2025, over 12,000 data breaches have been recorded through public access points — about 35% of all cyber incidents. The trend has been growing: around 20% in 2022, ~28% in 2023, and a third of all attacks today. This is not about “tourist carelessness” but a systemic problem affecting banks, e-commerce, corporate accounts, and personal correspondence.
The scale of the problem: official statistics CSC
According to CSC, the most common consequences of connecting to open networks are account compromises (e-mail, messengers, cloud services), interception of payment data, and theft of session tokens. A separate category involves access to corporate resources through employees’ personal devices, after which attackers move further within the internal network (lateral movement). The geography of risk points is predictable: airports, hotels, malls, cafes, coworking spaces, and conference zones. Leaks are also recorded on “guest” networks in business centers where Wi-Fi is configured without client isolation.
Why are public Wi-Fi networks so dangerous?
The main risk is the lack of proper encryption and control. Open networks transmit traffic in unencrypted form or use weak configurations. Against this backdrop, classic techniques operate:
- Evil Twin/access point spoofing. A clone of the network with a similar name is created; the device connects automatically.
- Sniffing and session interception. Cookies/tokens are stolen, after which the attacker accesses the account without a password.
- ARP-spoofing and DNS-spoofing. Traffic is redirected to fake websites where logins and card data are entered.
- Captive portals with script implementation. When authorizing in the “guest” network, malicious code infiltrates the device.
- Non-obvious device risks. Auto-syncing of applications, open shared access to files, and outdated OS versions.
Even HTTPS is not a panacea if the user ignores certificate warnings or installs a “fake root” certificate for the sake of “free internet.”
Practical recommendations from cybersecurity experts
For private users:
- Always-on VPN. Ideally, protocols with auto-reconnection and traffic blocking in case of disconnection.
- Only HTTPS. Browser with HSTS/HTTPS-only; do not ignore certificate errors.
- Disable auto-connect to Wi-Fi and sharing. On the phone — MAC address randomization.
- 2FA and hardware keys. FIDO2/Passkeys for email, banks, clouds — this drastically reduces the effect of password theft.
- Personal hotspot. Where possible, use eSIM/4G modem instead of the “free network.”
- Hygiene after connection. Changing passwords for critical services, logging out of sessions on all devices, and checking statements.
For business:
- Guest network ≠ corporate. Strict segmentation, client isolation, and prohibition of routing guest traffic inside.
- WPA3-Enterprise with 802.1X and certificates. No shared passwords in the office.
- Zero-Trust and MDM. Access based on the principle of least privilege, corporate profiles on BYOD, and a mandatory always-on VPN.
- EDR/XDR and monitoring. Tracking anomalies, alerts for logins from non-standard subnets/ASN, logging.
- Training and phishing simulations. Quarterly training, clear action checklists on the go.
- Response plan. Contacts of SOC/lawyers, device isolation procedure, notifications to clients and partners.
What threatens cybercriminals in the UAE?
The legal field is strict. Significant fines, imprisonment, and deportation for foreigners are provided for unauthorized access, traffic interception, malicious code injection, and data theft.
If you have become a defendant in a case or, on the contrary, a victim, it is critically important to receive support from specialists: specialized cyber crime lawyers develop a defense strategy, interact with law enforcement agencies and digital forensics experts, help comply with procedural deadlines, and minimize damage.
How to improve business cybersecurity in the UAE?
A legally competent and technically mature protection model is a combination of policy, technology, and audit.
- Access policies. Mandatory corporate VPN/SASE for remote sessions; prohibition of access to critical systems outside trusted channels.
- Audit of Wi-Fi infrastructure. Regular pentests for Evil Twin/rogue AP, checking client isolation, and disabling insecure ciphers.
- DLP and encryption. Data protection on devices and in the cloud, control of copying to external media.
- Logs and retention. Storage and correlation of authentication events, accesses, and network anomalies for quick incident reconstruction.
- Vendor management. Requirements for contractors (cleaning, security, coworking tenants) regarding the secure configuration of guest networks.
- Accounting for legal risks. Ready-made templates for notifications to data subjects and counterparties, a procedure for evidence recording, and agreements with an external SOC/IR contractor.
What to do if you have already connected to a “free network” and have doubts?
- Immediately disconnect and remove the network from “trusted”.
- Run an antivirus/EDR scan, update the OS and applications.
- Change the passwords for email, banks, corporate services, and enable 2FA/Passkeys.
- Ensure the termination of active sessions (log out on all devices) and revoke OAuth tokens.
- Check bank transactions, enable payment alerts.
- If work accounts are affected, notify the Information Security (IB) department according to the established procedure and document the incident.
Output for users and companies
Public Wi-Fi — convenience with a high cost of mistakes. For individuals, basic measures (VPN, 2FA, connection discipline) address 80% of risks. For a company, systematic approaches are key: segmentation, access policy, monitoring, and trained employees. And when an incident does occur, response speed and a proper legal strategy are just as important as technical measures. In the UAE ecosystem, there are already legal frameworks and expertise — it’s important to use them: explore practical guidelines in the material UAE cyber crime and involve specialized cyber crime lawyers before the damage becomes irreversible.
