Over 85% of Saudi organisations attribute cyberattacks to vulnerable technology

Tenable has published results of a study that found 86 per cent of Saudi organisations suffered a business impacting cyberattack attributed to vulnerabilities in technology put in place during the pandemic. The data is drawn from ‘Beyond Boundaries: The Future of Cybersecurity in the New World of Work,’ a commissioned study of more than 1,300 security leaders, business executives and remote employees, including 104 in Saudi Arabia, conducted by Forrester Consulting on behalf of Tenable.

The pandemic accelerated remote work for many Saudi organisations. In fact, 91 per cent of organisations now have remote employees, up from just 34 per cent in early 2020. Moving forward, the vast majority of organisations (91 per cent) plan to adopt this remote working model permanently.

To facilitate the new world of work, cloud adoption has surged. Seventy-seven percent of Saudi organisations have moved business-critical functions to the cloud — including human resources (80 per cent) and accounting and finance (60 per cent).

However, this change to working practices has increased organisations’ risks. By their own admission, 63 per cent of Saudi organisations are prepared to support new workforce strategies from a security standpoint, while 67 per cent believe moving business-critical functions to the cloud exposes the organisation to increased cyber risk.

When looking at the impact of this increased risk, threat actors are taking advantage. Ninety-eight per cent of organisations experienced a business-impacting cyberattack in the last 12 months, with 33 per cent falling victim to five or more. Fifty-seven per cent of them said these attacks targeted remote employees.

“Remote and hybrid work strategies are here to stay and so will the risks they introduce unless organisations get a handle on what their new attack surface looks like,” said Amit Yoran, CEO, Tenable. “This study reveals two paths forward — one riddled with unmanaged risk and unrelenting cyberattacks and another that accelerates business productivity and operations in a secure way. CISOs and CEOs have the opportunity and responsibility to securely harness the power of technology and manage cyber risk for the new world of work.”

IT and security teams are quickly rolling out tools for connectivity, collaboration and productivity, while also moving business-critical data to the cloud to support a remote and hybrid working environment. Organisations must reevaluate their approach to maintaining security, aligned to the business, in order to effectively reduce the risks introduced.

“The pandemic has seen the corporate perimeter shattered,” said Maher Jadallah, senior director MENA, Tenable. “Cloud adoption and remote working practices were being cautiously adopted in Saudi, but in the last eighteen months this transition has exponentially accelerated. Attackers have seized on the opportunity, as this study reveals, which means understanding what poses a risk to the business and managing that risk effectively is imperative.”

Earlier this month, Sophos’ Phishing Insights 2021 global study stated that phishing attacks on organisations increased significantly during the pandemic, as millions of employees working from home became a prime target for hackers. The majority (60 per cent) of IT teams in the UAE reported an increase in the number of phishing emails targeting their employees in 2020.

Read: UAE organisations report increased cyberattacks during the pandemic: research