Molouk Y. Ba-Isa Saudi Gazette When I opened my Gmail email account on Monday, I found a notice reading, “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now.” The notice was startling and to get more information, I was supposed to click on the hyperlink at the end of the warning. Under the circumstances, I wasn't clicking on anything. Fortunately, I'd already heard about this warning back in June, so I wasn't totally shocked. Google announced back then that it planned to alert people using the Chrome browser, or Gmail or its search engine, when it thought their computers were under threat. In its warning that goes out to users who it perceives are facing security threats, Google noted: “It's likely that you received emails containing malicious attachments, links to malicious software downloads, or links to fake websites that are designed to steal your passwords or other personal information. For example, attackers have often been known to send PDF files, Office documents, or RAR files with malicious contents.” Google doesn't tell how it knows that the malicious links or contents are from state sponsored attackers and not just regular criminals. It doesn't really matter. The bad guys are out there, somewhere, and they'll break into computing resources wherever and whenever they can find a way. It's actually rather decent of Google to worry about the safety of my computer, otherwise I couldn't continue to contribute so much content to their data mining efforts. In fact I wish someone closer to home would care about the security of my computing resources. The recent network meltdown at Saudi Arabia's largest company shows that no one is immune to a security breach. Unfortunately, official reports about that attack and others in the Kingdom are sketchy at best. Rumors abound of course, but not one organization has stepped forward to discuss the nature of that attack and offer official guidance to local companies and individuals on how to protect their data and IT resources from these emerging threats. My family has a bank account in the US. Last year, when we logged into our online banking, that bank offered us free anti-malware software. Even though we have family accounts at three Saudi banks, none of those has ever offered us anything security-related but the most superficial tech safety tips. There is no legislation that forces Saudi companies, financial or otherwise, to reveal if their customer information has been compromised. However, when credit cards are cancelled for illogical reasons or bizarre policies are imposed, it's safe to suspect that security issues of some sort are involved. For instance, certain Saudi banks now demand that customers telephone every month to request that an “e-card,” a low limit credit card issued for online use, will be “opened” so it will be able to be used online. These e-cards have become a hassle for the customer instead of a convenience. And why was this policy implemented? The banks won't tell. Information security isn't a concern that can be ignored anymore. How many times can over 30,000 hard drives be sourced to replace those infected in a cyber attack? We've had warning that more needs to be done. In January 2012, Booz Allen Hamilton released a report in which it asserted that Saudi Arabia ranked last of the G20 nations in its ability to withstand cyber attacks and to deploy the digital infrastructure necessary for a productive and secure economy. The analysts pointed out that of the G20 nations, “The UK, the top performer, scores around three times the amount of points on a scale of 0 to 100 as the worst performer, Saudi Arabia.” Our world today functions because of information technology. Information systems manage everything from potable water creation and distribution to our purchases at the supermarket. When those networks are compromised, life as we know it halts. If we won't become serious about information security, then at least let's warn everyone to stockpile canned tuna and candles and brush up on their penmanship.
