Cybersecurity strategies to safeguard Saudi digital transformation gains
By Ibrahim Alshamrnie, Chief Security Officer, Huawei Saudi Arabia
Technology has brought immense benefits to Saudi enterprises. The digital transformation it has fostered has launched numerous new business and revenues models while boosting efficiency and reducing costs. PWC estimates that GCC countries could add up to $255 billion to regional GDP by accelerating their digital economies by 2025. Further, technology ensured resilience and business continuity during recent pandemic-led disruptions. But these digital trends have also greatly expanded the cyberattack surface, putting enterprise networks at greater risks of potentially catastrophic cyber-attacks.
How can Saudi organizations ensure that their cybersecurity posture matches their digital transformation ambitions in such an environment?
First is an acknowledgement that Saudi Arabia has done remarkably well in cybersecurity. ITU’s Global Cybersecurity Index 2020 (GCI), a measure of individual countries’ commitment to cybersecurity, ranked Saudi Arabia second, after the US. But the emergence of Saudi Arabia as a major economic, sporting and cultural destination in the last few years has shone the global spotlight on the Kingdom and, inevitably, the unwanted attention of hackers. Further, digital-first mega projects such as NOEM and the Red Sea and other similar projects require novel approaches to cybersecurity.
Therefore, as technology providers, we have an obligation to our enterprise customers to ensure that our products are hardened at the hardware and software layers. A secure-by-design architecture holds that security is not an added-on feature but an intrinsic part of the product blueprint.
Additionally, we need to rethink traditional cyber-defense strategies. Cybersecurity has traditionally been viewed through a technical lens whose oversight is the exclusive preserve of IT security teams. This model is increasingly obsolete given the modern threat landscape. Business leaders must ensure that cybersecurity is deeply ingrained in an organizational culture where everyone plays their part.
We are also encouraged to see Saudi organizations integrate C-level cybersecurity officers to the highest echelons of corporate structure. A CISO can enable the business to excel securely and define a company-wide cybersecurity governance model and framework that can coordinate actions before, during and after an incident. The strategy should also define potential opportunities for collaboration with the rest of the ecosystem. We need to admit that no organization can protect itself in isolation. Attackers commonly breach one firm to target another; this is why collaboration between Saudi organizations within industries, public and private sectors, security companies and law enforcement is critical.
Organizations spend vast amounts of money buying and deploying firewalls, security software and hiring security teams. While all these are important as part of an overall security strategy, empowering employees by awareness and training should remain a priority. Research shows that 22% of data breaches involved social engineering (manipulating employees into performing actions or divulging confidential information), and 96% of these were executed through emails. Empowering staff members also means shifting the mindset where employees are seen as the weak link in your cyber defense strategy. Employees are the last line of defense and can be powerful allies in the war against cybercrime. That is why awareness and education programs should be part of everyday working culture in organizations. Additionally, have a mechanism where employees feel comfortable reporting violations, big or small, with no fear of retribution.
Digital technology has played an irreplaceable role in keeping our lives on track and our businesses open. At the same time, as digital transformation picks up speed, we see growing challenges relating to cyber security and privacy protection. In a digital, intelligent world powered by technologies like 5G, cloud, and AI, maintaining a secure and stable cyberspace is critical to protecting people’s livelihoods. It’s clear that cyber security and privacy protection are becoming necessary capabilities for all organizations, crucial for a properly functioning digital world.
Today, cyber security is a common challenge. All stakeholders, including governments, industry and standards organizations, enterprises, and technology suppliers have a shared responsibility to confront this challenge. We call on all stakeholders to establish a set of globally recognized security standards and conformance mechanisms.
At Huawei, we walk the talk. Security is an integral part of Huawei’s digital platform, providing resilient end-to-end network security capabilities that ensure the security of customer data and applications. Our comprehensive layered security architecture effectively protects customers assets at the application, platform, connection and terminal layers. Huawei’s products and solutions have been widely used by 211 Fortune 500 enterprises, helping them achieve digital transformation while keeping their networks secure.
