According to an article published by Arab News in the month of March 2021, Saudi Arabia became the target for 7 million cyber attacks only in the first two months of 2021. The article quotes a report which attributes these cyber attacks to remote working due to the Covid-19 pandemic.
The article mentions that more than 22.5 million Brute Force Attacks took place on Remote Desktop Protocols (RDPs) in the year 2020. It is important to mention here that Brute Force Attacks use trial-and-error to gain access through guessing login credentials or encryption keys.
The total number of attacks saw a sharp rise in March 2021 at 2 million from 983,512 in February. This coincides with Saudi government’s announcement of remote working protocols.
However, the report mentions that this rise in the number of cyber attacks was not an isolated phenomenon that only Saudi Arabia faced. Brute Force Attacks against RDPs rose sharply to reach 3.56 billion globally after the world was forced to work remotely.
The article quotes cyber security expert Abdullah Al-Gumaijan who gives out three reasons behind this increase in the number of cyber attacks.
According to him, the first reason for cyber attacks is political tension in the region. “When there’s political tension in the region, cyberattacks immediately rise,” Al-Gumaijan told Arab News.
According to the cyber security expert, the second factor is the realization of the value of these cyber attacks in power display by the cyber criminals. “Also, the utilization of cyberweapons increased due to attackers now realizing the value of such attacks as they continue to prove their power and damage. Therefore, the trends toward investments in cyberattacks are growing.”
The third factor is, of course, the pandemic. As people have started working remotely, the level of security controls has been eased up by organizations. This has opened the door for cyber criminals to access the organization’s environment remotely.
Prevention of Cyber Attacks is a Long-term Cure
It is of utmost importance that organizations find smart ways to evade attempts that are meant to compromise their information and operational security. And when I say smart, it means taking a holistic approach towards cyber security. A holistic approach would include security awareness, multi-layer protection, incident response tools, and outbound email security among many others.
- Awareness: Cyber awareness among employees in an organization can be achieved in various ways. We can categorize them into two – traditional methods and modern methods. Traditional methods consist of the usual cyber security workshops and lectures on cyber security best practices. But how effective do you think these methods are? If people don’t experience the sequence of how a cyber attack unfolds, how will they identify it?
It is because of this reason that organizations are now opting for security awareness tools to impart awareness and training to their employees. It uses modern methodology of simulation and analysis for generating awareness and cyber security training.
- Multi-Factor Authentication (MFA): Multi-Factor Authentication adds an extra layer of protection to the accounts holding sensitive information. Therefore, even if the attacker gets hold of the account credentials, MFA makes sure that the threat actor can’t access the account by cross-verifying the login details with the legitimate owner of the account.
- Incident Response Tools: Incident response tools are imperative for quick detection and consequential elimination of cyber threats that manage to enter the organization’s environment. Phishing Incident Response Tools can be used for detecting and removing phishing emails from the office environment after they are reported by a recipient.
- Email Security: Email security, both inbound email security and outbound email security, forms a big part of the cyber security regime of the organization. However, the methods and tools used for both are different.
Inbound email security can be ensured by using firewalls to block traffic from entering the workspace environment that may pose danger to its information and operations.
Outbound email security is a whole different ball game. Email domain security tools come in handy to ensure outbound email security. KDMARC is one such tool that helps organizations in maintaining their email legitimacy and increase their email deliverability and engagement rate.
You can read more about the current landscape of email security In the Middle East here.
The following have contributed to increase in the number of cyber attacks on Saudi Arabian organizations:
- Geopolitical tensions
- Greater financial gains for threat actors to reap
- Ease of launching cyber attacks with services like RaaS and PhaaS
- Low cost of attack for cyber criminals.
Even with greater activity on the front of threat actors, it is possible to thwart their moves with proactivity on the defenders’ front. If organizations in the region unite and take steps to improve their cyber resilience, watering down cyber threats won’t be a difficult task.
Click the button below to secure your email domain against spoofing for FREE with KDMARC!