93pc organisations in Saudi Arabia faced a cyberattack last year

Nearly 93 per cent organisations, of 252 surveyed in a study, in Saudi Arabia experienced a cyberattack last year, according to a report.

VMware, an American cloud computing technology company, released the report from the fourth instalment of the Global Security Insights Report, reports arabnews.com.

It was based on an online survey of 3,542 chief information security officers (CISOs), chief information officers (CIOs), and chief technology officers (CTOs) in December 2020 from across the globe.

The average number of breaches suffered by each organisation was 2.47 over the past year while 11 per cent of respondents said their organisations had been breached between 5 to 10 times. The uptick in attacks was mainly due to more employees working from home, highlighting the vulnerabilities in legacy security technology and postures.

The report explores the impact of cyberattacks and breaches on organisations and details how security teams are adapting to these challenges. Accelerated digital transformation has caused security teams to face evolving threats as cybercriminals seize the opportunity to execute targeted attacks exploiting fast-tracked innovation and remote workforces.

In an online press conference, Ahmed El Saadi, VMware’s regional director of sales, Middle East, Turkey, and Africa, said that complexity is the enemy of security. It is an indication that organisations cannot see into the corners where personal mobile devices and home networks have been grafted to corporate distributed IT infrastructure through insecure technologies such as VPNs.

“It is vital that organizations gain visibility of their networks through cloud-based technologies such as Secure Access Services Edge (SASE),” El Saadi said.

Having an infrastructure that can provide a security operations centre, with robust situational intelligence, will give context to threats and help prioritise potential targets and remediate risk with confidence.”

HIGHLIGHT

The average number of breaches suffered by each organisation was 2.47 over the past year while 11 per cent of respondents said their organisations had been breached between 5 to 10 times. The uptick in attacks was mainly due to more employees working from home, highlighting the vulnerabilities in legacy security technology and postures.

The Saudi Data and Artificial Intelligence Authority (SDAIA) and the National Information Center are doing a quite great job in this regard, he said, as they are using advanced cybersecurity technology to ensure secure services.

For his part, Saif Mashat, VMware’s country managing director, Saudi Arabia, said it is vital for organisations in the Kingdom to fully understand their security weaknesses if they are to improve their security posture.

“Many organisations surveyed are already using, or planning to use a cloud-first security strategy, and while they may encounter significant challenges related to cybersecurity, there is room for optimism,” Mashat told Arab News.

“By adopting an intrinsic, cloud-first approach to security, whereby security is built-in, and not bolted-on, organisations will be able to address challenges including ineffective legacy security technology and process weaknesses.”

He added that this will ensure companies in Saudi Arabia are better positioned for success in a fast-changing world, while also supporting the Kingdom’s ambitions to be a digital leader.

The report highlighted a shift that has undoubtedly changed the threat landscape, requiring security teams to transform their cybersecurity strategies and stay one step ahead of attackers.

The report also emphasised that key focus areas for the coming year must include improving visibility into all endpoints and workloads. Responding to the resurgence of ransomware, delivering security as a distributed service, and adopting an intrinsic approach to cloud-first security are also vital for a company’s security.

Moreover, 11 per cent of all breaches were caused by ransomware, which continues to see a rapid escalation.

Ransomware has added an unwelcome tension as multistage campaigns involving penetration, persistence, data theft, and extortion are ramping up the pressure. Attackers are capitalising on the disruption faced by remote workers and in most ransomware attacks, email continues to be used as the most common attack vector to gain initial access, the report said.

The message is being heard as 80 per cent of respondents agreed they need to view security differently than they did in the past due to an expanded attack surface prompted by the coronavirus (COVID-19) pandemic. Apps also topped the list as the most vulnerable point on the data journey, but they are by no means the only area of concern.

The report also found that third-party apps are a common cause of breaches. Of the surveyed professionals, 78 per cent said their ability to innovate as a business depends on them, so it is not surprising that security teams are focusing on sharpening their approach to consuming and developing them.

Some 46 per cent of respondents said they plan to build more security into their infrastructure and apps and reduce the number of point solutions while 38 per cent said they have adapted security to mitigate risk using existing assets.