As cyber threats continue to threaten various organizations across the globe, an expert in ethical hacking sheds some light on the importance of investing in cybersecurity to fight the expertise of professional hackers. Aftab Alam, a certified ethical hacker and cybersecurity instructor at Jeddah Community College at King Abdulaziz University, sheds some light on the topic. SG: What is ethical hacking? How is ethical hacking being practiced in Saudi Arabia as opposed to other countries around the world? AA: A certified ethical hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system. Ethical Hacking is a common practice globally and Saudi Arabia is a part of that cyber security community. The EC-Council, the global leader in cybersecurity trainings and certifications, has certified more than 200,000 professionals globally. SG: What is currently the awareness level of people who regularly use the Internet in terms of security? AA: Organizations do not adequately address employee and insider vulnerabilities, nor do they assess the security practices of third-party partners and supply chains. Most industries do not strategically invest in cybersecurity and ensure that it is aligned with their overall business strategy. Only 20% spend on security training for new hired employees. 76% is spent less on security incidents including hacking incidents when the employees are trained on cyber security. Yet 54% do not provide security training for new recruits. People who regularly use the Internet need to be very aware of basic security awareness while using any electronic device. Users represent over 95% of an organization's workforce. They are often left out of the security consideration. In a poll, less than 1% of companies have a policy requiring all their workforce to be security trained! As cybersecurity incidents multiply in frequency and cost, the cybersecurity programs of any organization across the globe do not rival the persistence and technological expertise of their cyber adversaries. SG: What needs to be done? AA: Security awareness levels need to be increased immediately across corporate, government and universities and all sectors of industries. This can be done by doing mass scale events in Saudi Arabia. The EC-Council does this with certification and a security track from basic security awareness to high-end cyber security professional programs. Cybersecurity experts are more than essential in every corporation across all industries. It is not only IT; it is strategy, compliance, leadership and finance. SG: What are the major cyber threats faced in Saudi Arabia? AA: Major threats in Saudi are malware. This includes on computer systems and networks, hacking and defacing of websites of large and prominent corporates, data and information loss for the country. The recent incident of the Shamoon virus has shown how Saudi Arabia has come under attack from the cyber-security threat. SG: From an academic perspective, why do students need to know about cyber security? AA: Like other regions, students in Saudi Arabia who use devices like laptops, smart phones, iPad's daily are exposed to all vulnerabilities. If they are not aware of safe usage, they will be faced with threats like cyber abuse, loss of data and personal danger through social engineering and social media. Another major advantage is the tremendous job opportunities for students to make a career in cyber security as there is a shortage of professionals. They need professional certifications in additions to university education to be ready in the industry and employable.
