Complex Made Simple

Saudi Arabia’s rapidly evolving Cybersecurity challenges

Saudi is under attack from rogue cyber elements. Is the regulatory environment able to cope with this?.

Advanced Persistent Threat (APT) 33, also known as Elfin, has focused 42% of all activity on Saudi Arabian targets Saudi's National Centre for Cybersecurity has created mandatory guidelines for all government and private sector organizations No cybersecurity defence system should ever be considered completely impenetrable

By: Faiz Ahmad Shuja Co-Founder at SIRP, a Security Orchestration, Automation and Response (SOAR) platform that helps organizations effectively manage their security operations 

 Saudi Arabia is one of the highly targeted countries for cyber attacks; as the Kingdom has progressively adopted innovative digital practices, its attractiveness as a cyber target has also increased. Behind this trend are nefarious attacker groups who prioritize high-value targets with financial and political motivations. No longer the reserve of amateurs, this new breed is slick, organized teams who employ the most sophisticated techniques in their arsenal.

The New Age of Espionage

Advanced Persistent Threat (APT) 33, also known as Elfin, has focused 42% of all activity on Saudi Arabian targets. The notorious espionage group display a dogged-persistence in adapting their tactics to get access to the infrastructure of choice and employ bespoke malware which can be tailored to meet their needs. The aim of groups like Elfin usually is to focus on creating command and control infrastructure, although direct attacks are also a possible threat.

Read more: The no casualty cyber warfare between the US and Iran is on

 The Oil & Gas sector is a high-priority target for such groups, with petrochemical plants particularly at risk. By deploying command and control methods, the aim is to fly under the radar of cybersecurity defence systems for as long as possible.

 Sitting on the network for a number of months means the advanced malware can slowly infiltrate various systems to monitor communications and activity to expose sensitive information. Such approaches have also shown the ability to take control of key controls like emergency shut-down protocols, which could result in major, if not total, damage to the plant.

Saudia Arabia implements robust mandates 

 In an attempt to keep ahead of this modern form of warfare, Saudi Arabia has taken strides in developing consistent cybersecurity frameworks. Currently, the top-ranked Arab country in the UN’s Cybersecurity Index, Saudi Arabia’s National Centre for Cybersecurity (NCSC) has created mandatory guidelines which all government agencies and private sector organizations that own, operate, or host sensitive national infrastructures, must adhere to, such as 24/7 security operations centres. This builds on the progress of the Saudi Arabian Monitoring Authority (SAMA) who issued a cybersecurity framework, setting standards to protect the financial sector back in 2017.

Any country needing to improve security frameworks must have top-level support from the authorities to make it work. Not only does this allow for regulation and control, but key cooperation agreements can be put in place with other nations. Saudi Arabia has recognized the importance of working with global nations and the World Economic Forum to keep up to speed on the latest threats.

Through all of these efforts, Saudi Arabia is committed to adopting the latest technologies and supporting cybersecurity skills training in local teams. As a result, the country’s cybersecurity industry has a market value expected to reach $5 billion by 2022.

Read more: Cyber security risk is at critical levels, with people the biggest risk

 Improving Response Time to Cyberattacks

Even with these initiatives in place, no cybersecurity defence system should ever be considered completely impenetrable. Defence strategies should always prepare for the worst by having detection and response mechanisms in place. If these aren’t part of plans, organizations risk having an advance malware sitting on sensitive infrastructure for months on end. Investments in incident response and security orchestration & automation technologies help to tackle the problem of identifying and responding to advance attacks quickly.

Reducing response time is key to reducing collateral damage, as the technologies of both parties constantly strive for the upper hand in the long-game.