Good preparation, not prediction key component vs cyber-attacks


Saudi Gazette

— The Kingdom of Saudi Arabia becomes more and more involved in technological revolutions. This can be clearly shown in the necessity of individual’s having electronic devices and personal accounts on social media and the average hours of searching information online. In this regard MENA Information Security Conference which was held in Riyadh last Nov. 21 addressed cyber security challenges on the Internet of Things.

“It is time to think on the national level on the procedures must be taken regarding cyber-attack. It is as important as defense system,”Dr. John J. Midgley, Managing Director, Deloitte Consulting said in the press conference.

“There must be cooperation between governmental authorities in concern like Ministry of Interior and Ministry of Economy, the military and commercial companies. Each of them has a crucial role to play to ensure that National cyber policy is achieving the set goals,” he added.

He emphasized that the main role must be to be well prepared not predict whether there is going to be an attack or not. “So we study capabilities not intentions.”

“We are focusing now no developing solutions for targeted attacks. From what have seen and from our statistics in Saudi Arabia and in the region, we realized that the number of targeted attack is increasing and it is being number one threat,” Amir Kanaan, General Manager, Kasper Sky Comp, told Saudi Gazette.

There are two attacks can happen: the known which is an attack that has signature on it. if an individual or entity receive it, the computer will be able to catch it and delete it while the unknown attack which does not have a signature for it, In this case, the computer become unable to catch it nor delete it. this because the antivirus was not able to know it.

“In that case, you need to have a new kind of technology which is the anti-targeted attack the ATP technology or APTS advanced system which offload the document inside an operating system, to enable the device and the system to identify the virus and know it. We launched few years ago, and there are different versions,” he explained.

There is no 100% security in cyber. “With every technology created and launched. There become new risks of virus and cyber-attacks. The actual job is to what processes to follow if you are attacked. So you do not get damage. It is called incident’s response. It is a process a company can create with a team of people, so if the attack happens. They can do whatever needed to reduce its threat and impact,” he stressed.

He believed that one of the best procedures must be taken is increase awareness among employees and to enhance capabilities. That awareness must be correlated with latest strategies.

“Saudi Arabia is one of the countries that has been hugely invested in cyber security and created a new entity to deal with cyber-attacks. With have cooperation with different governmental entities. The national cyber security center has started to spread awareness and identify what the threats are. Having a strategy on awareness, on mitigating the threats, and deploying new technologies, invest in people to provide good incident’s response, put processes are always keys to deal with cyber-attacks.