JEDDAH — Over the last several years, it has become clear that the short list of the world's principal challenges includes cybersecurity and the threat of cyber-crime to governments and private organizations and citizens alike. The Kingdom of Saudi Arabia, as both the world's largest oil producer and with the most Internet users in the Arab world, is investing significant resources towards advancing its cybersecurity capabilities. As more government services, processes and sensitive information migrate to the digital landscape, everything from individual citizens' personal data to more far-reaching information involving entire countries or businesses becomes more vulnerable. A recent Raytheon study on overarching global trends in cybersecurity over the next three years illustrates some of the concerns and potential solutions that digital security experts have identified. It is clear that leaders across the spectrum express are turning more of their focus to cybersecurity. The Kingdom has embraced digital technology in a way that is nearly unparalleled around the world. A recent World Bank report noted that high speed Internet subscription fees typically cost less than 5 percent of the average monthly income in Gulf Cooperation Council (GCC) states. Saudi leaders have led the development of eGovernment services for nearly a decade and have established a single portal for this purpose. As government expands the spectrum of services that will allow citizens and residents to more efficiently complete the administrative aspects of life – from obtaining civil status and travel documents to accessing medical records and mobile e-services – the vulnerabilities multiply. Throughout the Kingdom – and the wider region – the amount of citizen data governments digitally store grows exponentially as data is transferred from hard copy to cloud-based systems.
The same goes for the private sector. With the creation of new digital platforms that are increasingly becoming a part of everyday life, companies, such as those in the telecommunications sector, are handling more and more information about millions of customers. With everything now connected and so much sensitive information being stored, it is imperative for leaders in both the public and private sectors to plan and implement cybersecurity measures that will protect the country, its infrastructure and its citizens. As we move toward the Internet of Things (IoT), where our devices talk to each other and entities store our information to improve our experience, we steadily accrue more and more risk (along with the benefits). In order to keep up with the emerging threats of an ever-more connected world, we will have to be in lockstep with the evolving digital ecosystem, investing in new technology and expertise. IT security leaders in government and business throughout the Middle East have expressed concern about the present and future readiness of cyber security infrastructure. While traditional menaces like malware continue to threaten operating systems with increasing regularity, new and emerging threats from hostile states or even non-state actors regularly engage in cyber sleuthing to gain access to sensitive information to use towards damaging ends. In a recent study by Raytheon, information security experts across the region have pointed to the increased stealth and sophistication of these types of attacks. After analyzing our study's findings, we have concluded that there are three vital areas requiring a prioritized focus, if we are to adequately counter these emerging threats. First is the need for better cyber intelligence capabilities. Many worry about their security framework's ability to integrate data sources into actionable intelligence – meaning their ability to garner the information needed to understand (and prevent) attacks. Cyber intelligence must not be reactive but proactive, allowing us to better understand threats and thus more effectively counter them, as well as better plan for future risks. The three greatest future threats that MENA cybersecurity experts pointed to – zero-day attacks, phishing, and mobile malware – can all be combatted with better intelligence. Second, as technology advances, the recruitment of employees will need to improve, and moreover, updated refresher training for these employees will need to increase in frequency. Finding the right people for complex cybersecurity jobs can be difficult, and making sure these experts remain well-trained and educated on evolving tactics and methods can be even more daunting. Thus, we need to ensure that those within our organizations charged with implementing cybersecurity measures are up-to-date on the latest techniques, and are constantly re-trained to deal with emerging threats. Lastly, with the increasing pervasiveness of the IoT, it is clear that we will have to fortify against the threats that personal devices bring. Employees' unsecure mobile phones and cloud apps have posed a great threat to information security for both governments and businesses alike. It can be hard to regulate, but this is another area where awareness, education and training, as well as new technological security measures, can assist greatly in reducing risk. Saudi Arabia's latest advancements in the IoT will no doubt streamline government services for citizens and foreign nationals alike, allowing for vastly more efficient and convenient interactions with government administration – from driving on the highway to receiving healthcare – thus changing the way people live. These are positive and exciting developments, but the accompanying risk must not be underestimated. As we move forward, it is important for leaders in both the public and private sectors to acknowledge that cybersecurity is no longer a niche competency administered by an organization's IT department, but is a vital interest that leaders at all levels should be involved in. Cyber defense priorities have implications for virtually everything governments and businesses do, and should be viewed as synonymous with risk management at large. Progress has been made, especially in the Kingdom of Saudi Arabia, and the security community has a positive outlook on future cyber readiness. However, the changing landscape calls for increased action, as well as a prioritization at the very top. • The writer is Advanced Solutions Director at Raytheon Intelligence, Information and Services.
