RIYADH: Cyberattacks hit 95 percent of businesses in the Kingdom last year, according to a new survey, as a cybersecurity expert warned that there was a lack of awareness in Saudi Arabia about the seriousness of such attacks and what people could do to protect themselves.
More than 800 global business and cybersecurity leaders took part in the survey, including 49 from the Kingdom. It was commissioned by a cybersecurity firm, Tenable Inc., and carried out by Forrester Consulting.
According to the study, 85 percent of Saudi survey participants had witnessed a dramatic increase in the number of business-impacting attacks in the past two years. The effects of the attacks were serious, with organizations reporting loss of customer or employee data, ransomware payments and financial loss or theft. Around 61 percent of security leaders in Saudi Arabia said the cyberattacks also involved operational technology.
Cybersecurity expert Abdullah Al-Jaber said the primary reason that most of these cyberattacks were successful in the region was due to a lack of awareness about the gravity of these incidents and the ways that people could protect themselves against them.
“A lot of cybersecurity attacks happen because of a lack of cybersecurity awareness in a company’s employees,” he told Arab News. “Many attacks start from phishing campaigns and lead to major incidents, similar to the attack that happened recently on Twitter,” he said, referring to a Bitcoin hacking scheme that happened on the social media platform last month.
Al Jaber recommended educating employees about proper internet security, keeping work and personal internet browsing and email access on separate devices if possible, and avoiding unsafe behavior such as pirating music, movies, and TV shows.
“Improving cybersecurity awareness to employees is key for companies to make sure they don't open any malicious links or files that might lead to an incident. Also, understanding the environment and which systems are exposed to the Internet and making sure those systems are hardened and protected. The National Cybersecurity Authority (NCA) has published frameworks for organizations to follow, which help many organizations in improving their cybersecurity maturity,” he added.
He also recommended choosing complex passwords for email access and enabling two-factor authentication protocols whenever possible for added security.
The Tenable poll showed that fewer than 50 percent of the security leaders who took part said they are framing cybersecurity threats within the context of a specific business risk. For example, although 96 percent of respondents had developed response strategies to the COVID-19 pandemic, 75 percent of business and security leaders said their response strategies were only “somewhat” aligned.
Al-Jaber warned that these attacks could be dangerous for many reasons and not only because of the financial impact they could have on companies, as many factors came into play in terms of phishing scams.
“Some of the impact caused by cybersecurity attacks are the loss of sensitive information such as customer or employee personal identifiable information, financial loss, and even to the company’s reputation. A company that is known for being more vulnerable to cyberattacks might have less of a value on the stock market or to potential investors,” he said.
A royal decree requires all organizations to improve cybersecurity standards and procedures to protect their networks, systems and electronic data, and commit to the adoption of policies, frameworks, standards, controls and guidelines issued by the NCA.