PHOTO
Cybersecurity has come to the fore in the Kingdom after a recent spate of breaches, underscoring the need for greater investment in protective measures and skills development to help thwart hackers.
In mid-August 23 government websites were breached over the course of two hours, exposing state education, health, sports, and municipal and traffic websites, among others.
The Saudi national behind the attacks did not harvest any data and access to most of the hacked sites was restored soon after the breach occurred, officials later confirmed.
Unlike previous malicious breaches, such as the so-called Shamoon assault on energy giant Saudi Aramco in 2012, according to local media, the alleged hacker in the latest attack believed he was performing a social service, seeking to highlight weaknesses in cybersecurity measures rather than access data or disable systems.
The 2012 breach, where a virus infiltrated some 30,000 Saudi Aramco hard drives, disabled many of the company's workstations, compromising information and requiring the costly replacement of technology infrastructure. Seemingly in reference to the strike, the August 15 attack occurred on Shamoon's third anniversary.
Security expenditure on the riseAccording to global market intelligence firm IDC, ICT spending in Saudi Arabia is expected to rise by 4.6% this year, climbing to nearly $37bn. Along with greater investment in cloud computing and analytics, reinforced security systems and support services could also feature prominently on corporate shopping lists in the near future.
Cybersecurity spending is rising sharply, according to Mohammed Alabbadi, general manager for Cisco Saudi Arabia, who added that the segment has become one of the company's top-three growth areas as cyberthreats increase in complexity.
"Cyberthreats have grown as hackers have improved in terms of speed and sophistication," he told OBG. "The security industry needs to offer capabilities for detecting, preventing and recovering from attacks, and businesses need to deploy integrated solutions as opposed to point products."
Need for heightened awarenessThe need for improved protection and risk-awareness also extends to the private sector. While cybersecurity levels vary across the Saudi economy, the financial sector is regarded as better shielded against risk. However, according to industry participants, despite the fact that the nation's banks are seen as having strong firewalls, these institutions will likely need to continually re-evaluate existing practices in the face of ever developing threats.
As is also true of regulatory measures, investments in cybersecurity are often reactive, with the public and private sector typically increasing spending in response to an attack, rather than proactively erecting and upgrading defensive barriers.
According to the latest Microsoft Security Intelligence Report, Saudi Arabia had nearly double the worldwide computer malware infection rate. "We need to tackle cybersecurity more effectively and protect Saudi data and critical infrastructure," Samir No'man, CEO of Microsoft Saudi Arabia, told OBG.
Saudi Arabia's perspective may be changing in the wake of the August 15 breach and a cyberattack earlier this year on the country's Ministry of Foreign Affairs.
According to Abdulaziz Al Helayyil, IDC's regional director, there is a growing awareness of threats to cybersecurity among local firms. "Companies are willing to pay top dollar to guarantee their security," he told OBG. "This will continue to be one of the most important areas in the IT industry for years to come."
Next generation expertsWhile demand for security measures is on the rise, with a spike in ICT hiring observed following the Shamoon attack, a shortage of skilled local experts could hamper the building of defensive measures, warned Al Helayyil. "There is a huge need for Saudi ICT professionals, and if a proper plan is put in place we can address this shortage, which will also create high-quality job opportunities for Saudis," he said.
According to Eugene Kaspersky, chairman and CEO of software security firm Kaspersky Lab, the shortage of experts is one of the greatest challenges to Saudi Arabia's cybersecurity. "The problems in Saudi Arabia are the same as all over the world: there's a deficit of highly skilled software engineers in IT security," he told local media in August.
With growing day-to-day reliance on technology and the strong emphasis on ICT in the Saudi economy, the need for adequate infrastructure and training for cybersecurity professionals is expected to increase in the coming years.
© Oxford Business Group 2015
