Tenable®, the company specializing in Exposure Management, emphasized today that 40% of cyberattacks on Saudi Arabian organizations over the past two years were successful. This trend compels security teams to allocate time and resources reactively addressing cyber threats rather than proactively preventing them. Despite 68% of Saudi organizations expressing confidence in their cybersecurity practices’ ability to reduce risk exposure successfully, there is room for improvement. These insights stem from a 2023 survey commissioned by Forrester Consulting on behalf of Tenable, involving 50 cybersecurity and IT leaders based in Saudi Arabia.
The survey revealed a heightened concern among respondents regarding the risks associated with cloud infrastructure, primarily due to its intricate nature in correlating user and system identities, access, and entitlement data. Although 56% of organizations use multi-cloud and/or hybrid cloud environments, 62% of respondents identify cloud infrastructure as one of the highest risk areas. Public cloud infrastructure (28%), multi-cloud and/or hybrid cloud (20%), and private cloud infrastructure (14%) were ranked in descending order as the most perceived risks.
Time emerged as a critical factor for security teams, with 68% of respondents believing their organizations would better defend against cyberattacks if more resources were allocated to preventive cybersecurity. Nevertheless, 66% of respondents indicated that their cybersecurity teams are too engrossed in addressing critical incidents to adopt a preventive approach, emphasizing the urgent need for a shift in strategy.
Cyber professionals attributed their reactive stance to organizational challenges in obtaining an accurate overview of their attack surface, including visibility into unknown assets, cloud resources, code weaknesses, and user entitlement systems. Infrastructure complexity, incorporating multiple cloud systems, various identity and privilege management tools, and numerous web-facing assets, introduces opportunities for misconfigurations and overlooked assets.
Communication gaps at the highest levels exacerbate cybersecurity challenges, with 72% of respondents reporting monthly meetings with business leaders to discuss critical systems. However, 12% hold such meetings only once a year, and 2% never engage in such discussions. Maher Jadallah, Senior Director Middle East & North Africa at Tenable, stressed the need for security teams to shift focus from reactive firefighting to preventative security, involving security leadership in high-level business decision-making.
The study’s detailed findings, along with recommendations for addressing challenges and transitioning from a reactive to a preventive security posture, are available in a whitepaper.
