Cybersecurity needs to remain central to KSA’s digital transformation
The Kingdom of Saudi Arabia is making strides with its ambitious plan to leverage digital transformation to grow its economy and deliver vital services to citizens.
And as the country implements digital technologies for a more future-fit economy, public and private sector organizations must ensure adequate cybersecurity policies and measures are in place to protect critical infrastructure and digital services from attack.
Vision 2030 influence on economy
Through its Saudi Vision 2030 master plan, the Kingdom is becoming a rising star on the regional and global stage for embracing digital technologies while at the same time improving cybersecurity at a national level.
The Kingdom boasts an ambitious digital transformation plan designed to support Vision 2030. The first of three strategies kicked off in 2006 and focused on enabling citizens to access government services at any time through safe and easy-to-use electronic means.
Presently it is rolling out a strategy to realize its smart government goals, a process that should be completed in 2024.
The Kingdom has partnered with the private sector to roll out fiber connectivity to more than 3.5 million homes, doubling the internet traffic going through the Saudi Arabian Internet Exchange, boosting web traffic by 30 percent during the pandemic, and increasing the internet speed from 9 megabits per second in 2017 to 109 Mbps in 2020.
Digital transformation issues
Digital transformation efforts are not without risk. The continued rise of cyberattacks perpetrated by criminal organizations and nation-states poses a threat to global digital transformation efforts, and the Kingdom is no exception.
Mimecast’s latest State of Email Security 2022 report found that six in ten Saudi companies received an increased number of email-based threats over the past year, with 90 percent of companies saying they have been the target of an email-related phishing attempt.
Another Mimecast report of 400 IT decision-makers found that more than 68 percent of organizations in the region have had to postpone a digital transformation initiative due to cybersecurity concerns. Sixty-five percent of respondents have even canceled such an initiative outright.
One of the drivers of this increased risk is that digital transformation typically increases the available attack surface. As more business processes become digitized, attackers have greater scope to target and compromise the organization’s systems.
This transformation can expose the organization to a range of risks. Data from the regional study shows that 43 percent of IT decision-makers have reported an increase in cross-site scripting, while 41 percent saw a rise in phishing attacks.
To help protect businesses against attack, the Communications and Information Technology Commission announced the implementation of a regulatory framework to beef up cybersecurity last year. It aims to improve the security posture of organizations in the IT, communications and postal sectors and seeks to ensure companies implement adequate cybersecurity measures that align with global best practices.
Local organizations have welcomed the news and believe the government can play a vital role in their protection. When asked what impact government mandates would have on cyber resilience, 38 percent of Saudi respondents in the State of Email Security 2022 report expect improvements in overall cybersecurity, while 36 percent expect a decreased risk of cyberattacks impacting their business.
Public and private sector organizations should also develop comprehensive cyber resilience strategies that ensure users and critical infrastructure are safe from attack.
Mimecast’s research found that, on average, only 16 percent of Saudi organizations’ IT budgets are allocated to cyber resilience. While this is above the global average, local respondents believe this allocation should be 19 percent. This data may explain why 89% of organizations in the Kingdom say their cyber resilience has been impaired by insufficient funding.
Adopting artificial intelligence and machine learning to bolster cyber defenses is also at low levels, with only 34 percent of local organizations saying they currently use a combination of the two technologies. However, as AI solutions continue to improve organizational defenses, more IT decision-makers are likely to implement some form of AI as part of their security posture.
Critically, as organizations implement new digital solutions, they need to invest in regular and ongoing cyber awareness training to empower employees with knowledge that helps prevent unsafe actions or compromised systems.
Here, the Kingdom is a stellar example, with 44 percent of companies providing ongoing cyber awareness training - nearly double the global average of 23 percent.
By implementing comprehensive cyber resilience strategies, investing in new tools and technologies, and providing continuous training to employees, organizations can protect against attack while contributing to the Kingdom’s broader digital transformation efforts.
• Werno Gevers is cybersecurity specialist at Mimecast.