The latest news and trends in Saudi Arabian cyber security

An interview with experts on the current status of cyber security in the Middle East

 

The Fleming team sits down with Eng. Naveed Shafeek Ahmed  (Information Security & IT Governance Consultant | General Department for Security Control, National Information Centre, Presidency of State Security, KSA), ), Sultan Altukhaim  (Manager, Information Security Department | Capital Market Authority) Abdirashid Samater  (Cyber Security Advisor | Ministry of Justice) Feras Ismaeel Al Subaihi (Chief Information Security Officer | Abdul Latif Jameel United Finance Company) to discuss:

• How is cyber security evolving, especially in the Kingdom of Saudi Arabia?
• Why does cyber security need to be part of digital transformation?
• What are the weaknesses of machine learning and artificial intelligence in cyber security?
• What can organizations do to be more resilient against cyber attacks?
• How can the skill gap be closed to create a vast pool of highly skilled professionals?

  • Eng. Naveed Shafeek Ahmed
  • Information Security & IT Governance Consultant, KSA
  • General Department for Security Control National Information Centre Presidency of State Security, Saudi Arabia

How is cyber security evolving, especially in the Kingdom of Saudi Arabia?

Cyber security is evolving at a very fast pace in the Kingdom. It is now seen as a distinct branch in security. People who used to converse about 'Information Security' now are talking 'Cyber Security.' This is largely driven by the increased level of attacks in the Kingdom. Tool and technology vendors are also instrumental in enhancing its awareness. It has become a board room discussion topic and a good amount of budgets are allotted across verticals.

Why does cyber security need to be part of digital transformation?

With the increase in cyber attacks and nation-state-sponsored attacks, it is only natural that the threat levels are raised across organizations in the Kingdom. And if someone is looking to transform his business into a digital form, cyber security has to be built in at all levels. In the current era, a digital transformation exercise cannot exist without cyber security.

What can organizations do to be more resilient against cyber attacks?

Organizations can adopt the NIST Cyber Security Framework and work towards conducting a gap analysis against the same to see where they stand. They will need to focus on enhancing and ramping up the 'Detect' and 'Respond' phases of the framework so as to maintain high resilience. High availability, business continuity and disaster recovery plans should become standard and second nature.

How can the skill gap be closed to create a vast pool of highly skilled professionals?

Increasingly, the trend among organizations in the kingdom is to invest in security professionals. The government as well is working towards enhancing cyber security skill sets among its citizens through exchange programs, sponsoring cyber security education abroad, supporting cyber security conferences, etc. Certifications should be attained in cyber security from leading organizations like ISC2, ISACA, SANS, etc. These organizations should hold training and education sessions in the Kingdom to enhance the skill sets of Saudis.

  • Adel A. Algrain
  • Cyber Security Risks Director
  • Saudi Telecom Company

How is cyber security evolving, especially in the Kingdom of Saudi Arabia?

It is more than ever a focused stream on governmental and commercial perspectives. From a governmental standpoint, now it has empowered authority to legislate and enforce the securing of cyberspace in government agencies and critical national infrastructure with a greater focus on attracting and developing local talents. On the other hand, there are more robust regulations and penalties for private organizations which can’t fulfill these security controls.

Why does cyber security need to be part of digital transformation?

Cybersecurity is a key enabler for digital transformation to tackle security and privacy concerns and to build and maintain consumer trust.

What are the weaknesses of machine learning and artificial intelligence in cyber security?

AI technologies still generate false positives and require an expert for fine tuning.

What can organizations do to be more resilient against cyber attacks?

First by fixing the basics, as the majority of cyber disruptions have resulted from lacking fundamental security controls such as the CIS top 20; also, organizations should not invest extensively in end-user awareness at the expense of focusing on detection and prevention technologies.

How can the skill gap be closed to create a vast pool of highly skilled professionals?

Early talent incubation (before college), attractive salary packages, more focus on professional certification sponsored by leading security firms.

  • Sultan Altukhaim
  • Manager, Information Security Department
  • Capital Market Authority

How is cyber security evolving, especially in the Kingdom of Saudi Arabia?

Cyber security's landscape is changing every second. The battle between attackers and defenders is heating up. You either prepare well or get impacted. Saudi Arabia has recently developed major reforms in strengthening its cybersecurity capabilities in both defensive and offensive modes.

Why does cyber security need to be part of digital transformation?

Transformation comes with different yet wider exposure to new technological territories. That's why unprecedented types of risks, attacks, threats and vulnerabilities should be considered in digital transformation.

What are the weaknesses of machine learning and artificial intelligence in cyber security?

The biggest weakness is the false alarm rate. AI is still a developing field with great promise in detecting new types of unknown attacks. However, this advantage comes with a price: more manual analysis.

What can organizations do to be more resilient against cyber attacks?

Organizations should first design their security ecosystem in a layered approach in order to increase resilience and decrease recovery time in case of attacks. Incident response plans should be thoroughly tested and re-designed in order to meet the business operations requirements.

How can the skill gap be closed to create a vast pool of highly skilled professionals?

Hire new grads and train them. Attract local talents with incentives and a challenging work environment. Keep training your staff!

  • Abdirashid Samater
  • Cyber Security Advisor
  • Ex-Ministry of Justice, Saudi Arabia

How is cyber security evolving, especially in the Kingdom of Saudi Arabia?

Shamoon two was wake-up call, and since then most organizations are becoming more serious about cyber security.

Why does cyber security need to be part of digital transformation?

A digital transformation mainly involves improving services via automation, which increases the organization’s surface attack rate. Cyber security is the mechanism for reducing these surface attacks.

What are the weaknesses of machine learning and artificial intelligence in cyber security?

Improving machine learning and reducing the weakness of artificial intelligence is not a magic bullet for all your security solutions. Yes, it can help in some areas, but it lacks the self-awareness which only a human can provide.

How can the skill gap be closed to create a vast pool of highly skilled professionals?

This is a worldwide issue and it is hard to close the gap completely due to ever-evolving security threats, continuous digital transformation (new apps and services) and rapid change in technology.

  • Feras Ismaeel Al Subaihi
  • Chief Information Security Officer
  • Abdul Latif Jameel United Finance Company

How is cyber security evolving, especially in the Kingdom of Saudi Arabia?

Overall, cyber security is a culture and it evolves if there is proactive leadership or if an environment suffers breaches in reactive mode. In Saudi Arabia, we realize how important enabling the security function at the right time is and we have taken a proactive stance by promoting a number of initiatives that have been promoted recently. This will lead to changing the culture in a definite way and make it evolve positively.

Why does cyber security need to be part of digital transformation?

Cyber Security is a seat-belt, helping businesses to approach their targets with fewer interruptions.

What are the weaknesses of machine learning and artificial intelligence in cyber security?

As with any new technology, using AI to enhance cyber security is not an unalloyed good. Loss of control, false positives and the cost of sophisticated processes might be the most important weaknesses, or rather the challenges that I personally expect to overcome while improve the learning curve in this business.

What can organizations do to be more resilient against cyber attacks?

Education, Education and Education, then always keep testing and enhancing the security processes and make a sufficient and sophisticated investment in terms of security governance technology. Try not to complicate the technology; choose the things that can be practically managed.

How can the skill gap be closed to create a vast pool of highly skilled professionals?

I think the Kingdom today is better than ever in terms of security professionals. We have a sure target and we will reach for it. I think that these kinds of events, community initiatives and national committees, as well as investing in youth, are steps towards closing this gap.