- Security teams being ‘overwhelmed’
- Lack of access to specialised tools
- Skills shortage being addressed
Twelve years after hackers brought oil production at Saudi Aramco to a halt for more than a week, Saudi Arabia is still susceptible to cyberattacks, a study had found.
A survey of 8,000 private sector companies in 30 countries by Cisco AI Readiness Index revealed that the number and impact of attacks was rising and most IT officials lacked the necessary expertise to deal with them.
Despite 93 percent of Saudi businesses having an artificial intelligence (AI) strategy in place or under development, 70 percent of the companies admitted to lacking the necessary tools to protect against AI-enabled cyberattacks.
In 2022 alone, the kingdom detected a total of 110 million cyberthreats, as reported by Trend Micro’s annual cybersecurity report, more than double the 54 million detected in 2021.
The cyberattack on Saudi Aramco’s facilities in 2012 did not affect oil production but it wiped out data on 30,000 computers and it was nearly five months befor the oil giant re-established a secure network.
Ramprakash Ramamoorthy, director of AI research at the Indian IT management company ManageEngine, cautioned that government agencies and the oil and gas sectors in the kingdom are prime targets for AI-powered cyberattacks, where bad actors use social engineering tactics such as creating fake profiles to gain trust and distribute spyware.
- Mena cybersecurity spend grows to $3.3bn to fight AI crime
- Fighting cybercrime in the age of quantum computing
- Half of UAE businesses feel at risk from data attacks
AI-powered cyberattacks are capable of crafting convincing messages by analysing communication patterns, posing significant challenges for organisations.
Maher Jadallah, senior director at Tenable, told AGBI: “Security teams are being overwhelmed by the sheer volume of cyberattacks they have to react to, rather than focusing efforts on reducing risks,”
Vishal Pala, a senior engineer at the US-based cybersecurity company Barracuda, said that there may be a potential gap in the understanding of the techniques used by adversaries to manipulate AI systems.
“Limited access to resources such as specialised tools and expertise needed to assess and defend against these attacks could also be a reason,” Pala said.
Like many other countries, Saudi Arabia is also facing a severe skill shortage. A report last year by the American cybersecurity company Trellix found that two thirds of security leaders in the kingdom and the UAE believed their organisation lacked the right people and resources.
However, the skill deficit is being addressed and the demand for cybersecurity roles is surging, with four out of the top ten fastest-growing job roles in the kingdom being cybersecurity-related, a LinkedIn data release last year said.
The Saudi government is also investing heavily in initiatives to support research programmes and enhance digital skills to train 100,000 youths in the field.
“Cybersecurity indeed needs increased focus in Saudi Arabia,” Pala said.