Tenable has published results of a study that found 86% of Saudi organizations suffered a business-impacting cyberattack attributed to vulnerabilities in technology put in place during the pandemic. The data is drawn from “Beyond Boundaries: The Future of Cybersecurity in the New World of Work,” a commissioned study of more than 1,300 security leaders, business executives, and remote employees, including 104 in The Kingdom of Saudi Arabia, conducted by Forrester Consulting on behalf of Tenable.
The pandemic accelerated remote work for many Saudi organizations. 91% of organizations now have remote employees, up from just 34% in early 2020. Moving forward, the vast majority of organizations (91%) plan to adopt this remote working model permanently.
To facilitate the new world of work, cloud adoption has surged. Seventy-seven percent of Saudi organizations have moved business-critical functions to the cloud — including human resources (80%) and accounting and finance (60%).
However, this change to working practices has increased organizations’ risks. By their own admission, 63% of Saudi organizations are prepared to support new workforce strategies from a security standpoint, while 67% believe moving business-critical functions to the cloud exposes the organization to increased cyber risk.
When looking at the impact of this increased risk, threat actors are taking advantage. Ninety-eight percent of organizations experienced a business-impacting cyberattack in the last 12 months, with 33% falling victim to five or more. Fifty-seven percent of Saudi organizations said these attacks targeted remote employees.
“Remote and hybrid work strategies are here to stay and so will the risks they introduce unless organizations get a handle on what their new attack surface looks like,” said Amit Yoran, CEO, Tenable. “This study reveals two paths forward — one riddled with unmanaged risk and unrelenting cyberattacks and another that accelerates business productivity and operations in a secure way. CISOs and CEOs have the opportunity and responsibility to securely harness the power of technology and manage cyber risk for the new world of work.”
IT and security teams are quickly rolling out tools for connectivity, collaboration, and productivity, while also moving business-critical data to the cloud to support a remote and hybrid working environment. Organizations must reevaluate their approach to maintaining security, aligned to the business, to effectively reduce the risks introduced.
“The pandemic has seen the corporate perimeter shattered,” said Maher Jadallah, Senior Director Middle East & North Africa, Tenable. “Cloud adoption and remote working practices were being cautiously adopted in Saudi, but in the last eighteen months, this transition has exponentially accelerated. Attackers have seized on the opportunity, as this study reveals, which means understanding what poses a risk to the business and managing that risk effectively is imperative.”
Forrester Consulting conducted an online survey of 20 security leaders, 37 business executives, and 47 remote workers (i.e., full-time employees working three or more days from home) in The Kingdom of Saudi Arabia. These are a subset of a wider study of 426 security leaders, 422 business executives, and 479 remote workers as well as six telephonic interviews with business and security executives, to explore shifts in cybersecurity strategies at large enterprises made in response to the pandemic. The study was fielded in Australia, Brazil, France, Germany, India, Japan, Mexico, Saudi Arabia, the UK, and the US in April 2021.