RIYADH: Companies in Saudi Arabia and globally should be made to attest they have up-to-date cyber defenses, according to the CEO of a leading digital security company which revealed in a research that a third of computer users in Saudi Arabia were targeted by cyber criminals in 2022.
Eugene Kaspersky, CEO and cofounder of Kaspersky, an IT security company with 4,000 employees, told Arab News in an exclusive interview that governments should introduce regulations for cybersecurity systems and require businesses to adhere to the related guidelines in the same way they do for fire hazards regulations.
His comments came after research by his firm showed that since January of this year, as much as a third of users in the Middle East, Turkiye and Africa region were affected by online and offline threats.
Offline threats are malware spread in local networks by USBs or other offline means, whereas online threats are malware or fraud that use the Web.
Saudi Arabia ranked third in the region, with 33.3 percent of users facing such issues, preceded by Qatar at 39.8 percent and Bahrain at 36.5 percent.
When it comes to offline threats, Saudi Arabia had the lowest number with 32 percent affected users. Whereas Egypt, Qatar and Jordan had the highest numbers with 42.4 percent, 33.9 percent and 33.2 percent respectively.
Critical infrastructure industries such as manufacturing, oil and mining, and chemicals were flagged as facing increasingly targeted attacks, with Kaspersky data showing that 43 percent of industrial computers were targeted in the META region in the first three quarters of this year.
Reacting to the research, Kaspersky called for cybersecurity to be added to the key performance indicators of publicly and privately owned companies.
He said: “Twenty-five years ago, computers were typing machines, then they became a part of business procedures and now they are becoming a part of infrastructure management so cyber is becoming more and more incorporated into everything we have.
“We are becoming more and more dependable on cyber technologies.
“Government should be responsible for introducing regulations for cyber systems similar to the regulations implemented on other systems like fire alarms, construction, urban facilities etc., whereby companies will be expected to follow the standards or receive penalties if they fail to do so.”
Comparing the landscape of threats in the Gulf Cooperation Council region to the global level, Kaspersky said it is more or less the same: “Junior cyber criminals who hunt for little fish such as individuals and small businesses, as well as professional criminals who hunt for the big catch like banks and big enterprises, are the same wherever you go.”
He added that quantifying the damage from cyberattacks on national or global economies is not possible because the financial results are not reported, but he can estimate it to be around a portion of 1 percent of the economy, which is already a huge number.
When asked about the recommended budget to be allocated by companies to cybersecurity, Kaspersky stated that budgets vary depending on the sector in which companies operate but on average less than 1 percent of a firm’s operational budget is adequate.
“Security scenarios are needed to understand the risks companies face in case of cyberattacks. Companies should identify the most critical parts of their business and how much it will cost them in case they are under a successful attack and then build a security system around that,” Kaspersky stated.
The weakest link in the chain
In a separate research note, it was revealed that humans were often the weakest link when it comes to security systems, as most viruses would only need a person to click on a wrong link or download a wrong attachment to infiltrate a system or network.
Even though creating awareness through cybersecurity education is important, Kaspersky still believes in developing technologies that can prevent these attacks.
The company has launched a range of products based on its cyber immune approach, which is a means to create solutions that are virtually impossible to compromise and minimizes the number of potential vulnerabilities.
“Cybersecurity education must be done everywhere, even in schools, but I still believe in technologies which will reduce the risk of human factors. I believe in the future we will have smarter technologies to advise people not to make mistakes,” Kaspersky said.
‘Impressed with Saudi Arabia’
Kaspersky has been operating in the Middle East, Turkiye and Africa region for more than 15 years. The company has been collaborating with the Saudi Federation for Cybersecurity, Programming and Drones to raise cybersecurity awareness and build national capabilities.
Founded in 1997, the global cybersecurity and digital privacy company provides security solutions and services to protect businesses, critical infrastructure, governments and consumers worldwide.
The company’s security portfolio includes endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats.
Recent developments include working on a gateway that can be installed on the central unit of cars to protect them from hacking, provide a safe update of both the gateway itself and the car’s electronic components over the air, and allow logs from the car’s internal network to be sent to the security monitoring center.
Earlier this year, Kaspersky opened a new office in Saudi Arabia, within their overall aim to expand their network globally and in the region.
“I am very impressed with how fast Saudi Arabia has transformed itself and how much the country pays attention to cyber transformation. Because of this I have been in Saudi Arabia three times this year, and to be in the same country three times is exceptional,” Kaspersky said.
What’s next?
Kaspersky experts believe that major shifts will occur with regards to the types of targets and attacks scenarios. Next year, bold attackers could even mix physical and cyber intrusions by employing drones to attempt proximity hacking.
Some of the possible attack scenarios include mounting drones with sufficient tools to allow the collection of WPA handshakes used for offline cracking of Wi-Fi passwords, or even dropping malicious USB keys in restricted areas in hope that a passerby would pick them up and plug them into a machine.
Given the current global political climate, Kaspersky researchers also predict a rise in destructive cyberattacks, affecting both the government sector and key industries. It is likely that a portion of them will not be easily traceable to cyberattacks and will look like random accidents.
The rest will take the form of pseudo-ransomware attacks or hacktivist operations to provide plausible deniability for their real authors. High-profile cyberattacks against civilian infrastructure, such as energy grids or public broadcasting, may also become targets, as well as underwater cables and fiber distribution hubs, which are challenging to defend.