Saudi Arabia is affected by the same type of cyber attacks as the rest of the world. But the geopolitical situation in the region means there is a different set of criminals – and they are highly motivated.
Politically motivated cybercriminals targeting Saudi Arabia often focus on basic industries. “We see attacks that target sectors like oil and gas, as well as energy, more than others,” said Safwan Akram, Director of Security Services at Help AG, a cyber security consultancy in Saudi Arabia. “These sectors comprise a significant portion of the state’s economy, and adversaries use these attacks to gain access to confidential information and disrupt operations at the national level.”
According to of the World Economic Forum Global Cyber Security Outlook 2022, the three biggest concerns for cybersecurity professionals anywhere in the world are ransomware, social engineering and malicious insider attacks. Of the three, ransomware is the fastest growing threat.
Malicious actors now offer ransomware as a service (RaaS), enabling hackers to easily launch a ransomware attack. RaaS now comes with a triple cyber extortion attack – including file encryption to hold information hostage, data theft to potentially reveal personal information, and distributed denial-of-service (DDoS) attacks to disrupt network availability and render infrastructure useless.
Many of the attacks targeting Saudi Arabia are DDoS-related, and are about creating a nuisance for the organization or country. Some other attacks focus on penetrating an organization’s defenses for espionage purposes. Although most espionage is very targeted, it often affects others that are not the direct target.
On top of global trends making most countries more vulnerable to cyber attacks, Saudi Arabia has another reason to feel threatened – its accelerating reliance on digital technology. Digital transformation is also a key pillar of the country Vision 2030 It plans to diversify its economy through an increased focus on innovation. While creating new opportunities for states, this strategy also introduces cyber and operational risks by creating an expanded attack surface.
Role of National Cyber Security Authority
Fortunately, Saudi Arabia has not stood idly by as cyber threats have grown. In 2017, its government established an authority to regulate cyber security – National Cyber Security Authority (NCA), which mandates certain controls and standards around essential services, security, critical infrastructure, cloud and social media. These measures are being mandated for government agencies and key enterprise sectors to help these organizations shape their cyber security posture. The NCA conducts an annual review of each entity.
On 8 August 2022, NCA announced the launch Cyberic Program for Cyber Security Sector Development, which is considered as one of the key enablers of the country’s National Cyber Security Strategy. The new program aims to improve national capabilities by developing local skills and ultimately local cyber security technologies.
In the first phase of CyberIC, NCA will support over 40 startups through the Cyber Security Accelerator and establish over 20 startups through the second edition of the National Cyber Security Challenge. In addition, about 10,000 Saudis will receive training in the cyber security sector through CyberIC.
The Saudi government has conducted many bootcamps to prepare fresh graduates for the market, mastering various areas of cyber security. They are given the opportunity to specialize in the defensive side of cyber, but also in the offensive side – ie red team and penetration testing. There is also specialist training in governance, risk and compliance.
All these initiatives and programs are being undertaken by the government to raise national awareness on cyber security and empower people, to start a career in the growing field and contribute to the country’s security posture.
As part of efforts to improve cyber security at the national level, the NCA has issued regulations and policies in line with international best practices. “NCA has succeeded in developing practical approaches to cyber security and developing best practices that enable enterprise organizations and government agencies to build a culture of security and secure their digital roadmap” Nikolai SolingChief Technology Officer at Help AG.
“A unique challenge for Saudi Arabia is that a large number of national companies are much larger in size than other countries in the region, with a workforce of several thousand people. This sometimes makes it difficult to be agile. Solutions must be purchased and installed and visibility into organizational networks and infrastructure must be continuously maintained – and that can be challenging.”
But Saudi Arabia does not stand alone in tackling cyber security threats – the NCA is working with other countries. In July 2022, just before US President Joe Biden’s visit to Saudi Arabia, the NCA was signed A new Memorandum of Understanding (MOU) Further advance their existing cooperation with the United States through a formal process to share more cyber threat information and best practices.
The growing need for cyber security
Cyber security challenges are expected to become more sophisticated and difficult to address in the short to medium term. Ransomware is a good example – ransomware attacks in the region are on the rise, with 56% of Saudi organizations targeted in 2021, up from 17% in 2020. Study Sophos. Cybercriminals make easy and substantial money in RaaS delivery, which means they will be highly motivated and highly funded to ensure the revenue stream continues, he said.
“If you just look at the economics, it’s a scary picture,” Solling told Computer Weekly. “Organizations are starting to realize that if you’re in an environment where threats are ever-present and the motivations of cybercriminals are ever-increasing, you have to think differently about your cybersecurity in the sense that you can’t. And focus only on prevention.
“Of course, you need to get all the basics right. You need to implement a solid cybersecurity strategy and a robust business continuity plan that incorporates security controls at every step while partnering with trusted security providers that act as an extension of your internal security team. However, you also need to consider the fact that no one is 100% immune, and therefore start thinking about how your plan should change to follow a comprehensive and structured approach that includes preventive, intelligence and reactive methods, thereby significantly reducing The impact will diminish. Any potential threat.”
Soling added: “What we’re seeing now is that customers are starting to shift their mindset from focusing on preventing everything to preventing as much as possible. But we also need to plan to minimize the impact. It’s time to move from cyber security to cyber. To move towards resilience.”
In addition to protecting their users and assets, companies and government agencies must comply with increasing regulations around cybersecurity. This is proving difficult as many organizations tend to focus on their core business and treat cybersecurity as an afterthought rather than an essential component embedded by design.
This, combined with the transition from a product-based to a service-focused model, is making it increasingly profitable for organizations to outsource security operations to a managed security service provider (MSSP), which will allow them to contract on a service-level basis. Agreement (SLA)-based offering. This not only saves them time, but also gives them access to the right and necessary skills, as MSSPs continue to invest in technology, knowledge and talent.
According to Help AG’s Akram, the main reason companies seek Managed Security Services (MSS) is cost. The cost of creating an in-house Security Operations Center (SOC) involves huge investments in various areas, from hiring security professionals to preparing physical facilities and performing continuous security operations.
This leaves companies facing unexpected costs related to operating expenses, upgrades and capacity expansion, where MSSPs play a critical role, providing service and budget forecasting.
According to Akram, the second reason why companies are looking for MSSPs is to find the right talent in the market. The imperfect cybersecurity position currently stands 2.72 million Globally, that makes it more difficult for businesses to run their own SOC. Partnering with the right MSSP saves security leaders from this headache. Akram said, “We hire security professionals for every job. “We have that diversity in our team, so we can deliver our services with the highest quality and while meeting customer needs and compliance requirements. “
Soling added: “As cybercriminals become more professional, defenders need to play their game as well. MSS has been around for a long time as a concept, but an increasing number of consumers are now starting to realize the need for it.
“What we are handling is more sensitive and that is why we are building a relationship of trust with the client. MSS can be deployed on-premise, cloud or a combination of the two.
“We started from UAE and then moved to Saudi Arabia. To meet various compliance requirements, we had to make an investment to have all our services, including analysts, available locally. Some data regulations require us to provide services within the country to deal with specific sectors dealing with sensitive data – one being the BFSI. [banking, financial services and insurance]”
Phased approach to managed security services
Akram says: “The most basic service starts as 24/7 monitoring, where you monitor the customer’s environment for threat and malware alerts. Then you start to have more add-ons to increase your coverage in terms of detection or response – covering endpoints and networks, then move on to brand protection, or digital risk protection as a big umbrella that will monitor your identity as a social organization. . Media, Dark Web and Search Engines.
“You monitor the use of domains and check for possible impersonation You monitor data leakage, for example, the dark web or the credentials of users on the Internet in general. Then you start talking about advanced services to detect anomalies in user behavior, trying to automate processes.
“We have an angle where clients outsource the management of project cyber security controls. We administer, configure, maintain the various cyber security controls that the products will already have in the customer’s environment. Sometimes customers get to the point where they want the MSSP to take care of everything.”
Soling added: “One of the first things customers look for in a service provider is MSSP reachability. They don’t just want a call center. They want to be able to contact the service provider and talk to them about concerns.
“Customers need to be aware that just because they sign up with an MSSP doesn’t mean they can let their guard down. They are still targets. The only difference is that with an MSSP, the response to an attack is much better than what they would normally do.”
One of the most important services an MSSP can provide is a set of tests to find holes in an organization’s cybersecurity defenses. One of the techniques for doing this is a red teaming practice, where a service provider hires hackers who attempt to breach defenses. While the red team attacks, a blue team defends and responds. Then the two groups work together to discuss the results. The mixed team is called the purple team – a mix of red and blue teams.
“Doing these types of tests is an ongoing part of a mature response operation,” Soling said.