cybersecurity awareness

Is Cybersecurity Awareness in Saudi Arabia a Challenge?

May 07, 2021

Being in one of the fastest developing countries in the Middle East, the people and organizations in Saudi Arabia are adopting advanced communication technologies in their daily lives at an increasing pace. But the rapid adoption of these advanced technologies and their use in the development of digital space in businesses situated in Saudi Arabia has also given rise to various security risks. Malicious actors are targeting the information exchange involved in every day and business-related technologies. Multiple studies suggest that nearly 95% of the businesses in Saudi Arabia were targeted or attacked by threat actors in 2019. One of the reasons behind these growing attacks is that the business and marketing strategies are not aligned with the security strategies and layout. Surveys suggest that a lack of security awareness and limited understanding of security risks leads to a sharp increase in cyberattacks. Hence, cybersecurity awareness in Saudi Arabia has become imperative to build a secured tomorrow.

Except for CERT regulations, there exist very little to no specific approach (or model-based approach) for security awareness in a country in the Middle East. There are less than 60 CREST-certified security service providers or vendors that cater to the security needs of the entire Middle East, let alone Saudi Arabia. The Saudi Arabia Ministry of Communications and Information Technology has collaborated with information technology companies to train over 56,000 people in IT skills and provide jobs as part of its employment program. With the lack of e-security services that aims at securing the organization's network and information through vulnerability assessment and penetration testing, it could be inferred that the security awareness among employees and application users is lacking, and the increase in manpower (without proper cybersecurity training) will also increase the potential risk of human error. Studies have also found that though the IT knowledge and skills of employees working in the information technology sector were good, their corresponding awareness regarding threats associated with cybercrime and best security practices were limited.

What Is Cybersecurity Awareness Training?

The knowledge of impact (both negative and positive) on digital security resulting from the action, response, or behavior of an individual in the digital landscape could be defined as cybersecurity awareness. Being the first line of defense in the cybersecurity chain, the awareness among the users , is equally important to securing the technical elements in the cybersecurity infrastructure of an organization. Hence, organizations need to increase awareness among its employees and application users regarding different threats to them, such as social engineering and phishing attacks, along with their mitigation techniques. The lack of cybersecurity awareness among the employees may induce vulnerabilities in the organization's digital landscape. This will not only jeopardize the state of information security but also causing financial loss, and loss of reputation for the organizations, upon the occurrence of a breach.

What Is Security e-Learning?

Security eLearning is the learning and acquiring knowledge related to cybersecurity through digital means such as online learning. The EC-Council Aware program provides eLearning for a wide range of security topics, including training and education videos, online resources, simulation training, learning management system (LMS), gamification of security programs, and integrated platform with various modules. The benefit of eLearning involves relaxed and self-paced learning, access to open-source material and resources, and an attentive learning environment with interactive videos.

What Topics Should Be Included in Cybersecurity Awareness, Education, and Training?

Based on the organizations' compliance requirements towards information security and the job role of the employee being trained, the awareness training program may vary. But the core security concepts remain the same, where the employees are trained to avoid, report, and mitigate malicious attempts that may lead to a vulnerability in the security architecture. Some of the key security awareness training include:

  • Management of sensitive information such as payment card details, patent, information-related business development or practices, personal information, security information or credentials, etc.
  • Usage of the Internet such as malicious sites, online credential or password management, cookie management, click-baiting, application downloads, etc.
  • Managing communication-related issues such as malicious or spam emails, call identification and monitoring, communication forwarding or response, flagging and quarantine, etc.
  • Physical security such as access card management, USB or disk management, physical authentication, etc.
  • Platform and device-based security training like mobile device security, cloud security, social media use, desktop/laptop security, etc.
  • Knowledge about different types of threats and attacks such as phishing, vishing, social engineering, malware (viruses, worms, trojans, spyware, adware), ransomware, etc.
  • Remote working awareness regarding public wi-fi, VPN (a virtual private network), MFA (Multi-Factor Authentication), data backup and management, device and software updating, etc.

Cybersecurity Awareness Using EC-Council Aware

EC-Council Aware consists of various features and solutions related to cybersecurity awareness. Apart from providing interactive learning and simulation training, Aware also assists with continuous monitoring and assessment to increase the security awareness of your employee against various threats. EC-Council Aware incorporates cybersecurity awareness training into its application to help the users, employees, contractors, temporary workers of your organization train themselves against threats such as phishing, smishing, and vishing, with the help of the simulation-based training. Its key features include

  • Automatic enrollment and customizable e-learning
  • Advanced & automated reporting for both users and management that monitors progress
  • Interactive learning with training materials prepared by industry experts
  • Awarding and challenging features such as the ‘Leader Board’ that enable users to participate actively
  • Live quiz sessions with friends and peers adding a competitive aspect among the employees.
  • Provides a wide range of Phishing simulations for all email, SMS,call-based phishing attacks to test employee's susceptibility towards different social engineering attacks.
  • ‘CheckAPhish’ helps test the employees' awareness knowledge while providing the employers with certain visibility into their organization's risk behavior.

With a massive amount of cyberattacks being targeted at businesses in Saudi Arabia, it’s time for the nation to consider cybersecurity awareness as a mandate. It is of prime importance for businesses in Saudi Arabia to establish a protocol for the adoption and implementation of Security education and awareness training programs that focuses on interactive learning and simulation training. The aim of the security awareness programs should revolve around helping individuals and employees of an organization to spot cyber threats easily. A detailed cybersecurity awareness training ensures fewer human errors and a fortified cyberinfrastructure.