Tenable study highlights high success rate of cyberattacks in Saudi Arabia
Press Release by Tenable Thu 4 Jan 2024
Tenable has found that 40% of cyberattacks against Saudi Arabian organisations in the past two years have been successful.
This situation has led security teams to focus more on reactive measures rather than prevention. Despite 68% of Saudi organisations expressing confidence in their cybersecurity practices to reduce risk exposure, Tenable’s research suggests there is significant room for improvement.
Challenges in Cloud Infrastructure and Resource Allocation
The study, involving 50 Saudi-based cybersecurity and IT leaders, reveals that security teams are overwhelmed with remediating attacks, leaving little time or resources for strengthening defenses against potential threats.
Respondents expressed particular concern about the risks associated with cloud infrastructure, which introduces complexity in correlating user and system identities, access, and entitlement data.
Key findings show that 56% of organisations use multi-cloud and/or hybrid cloud environments, yet 62% cite cloud infrastructure as one of their highest areas of risk exposure.
Public cloud infrastructure (28%), multi-cloud and/or hybrid cloud (20%), and private cloud infrastructure (14%) are seen as the highest perceived risks.
The study also indicates that time constraints and a lack of resources prevent organisations from adopting a more preventive cybersecurity approach.
More than half (68%) believe they would be more successful in defending against attacks if greater resources were devoted to preventative measures. However, 66% report that their cybersecurity teams are too occupied with critical incidents to take such an approach.
Cyber professionals cite a reactive stance partly due to struggles in obtaining a clear picture of their attack surface, including unknown assets, cloud resources, code weaknesses, and user entitlement systems.
The complexity of the infrastructure, reliance on multiple cloud systems, and various web-facing assets create opportunities for misconfigurations and overlooked assets.
60% of respondents mention a lack of data hygiene as a barrier to drawing quality data from user privilege and access management systems, as well as from vulnerability management systems.
Communication gaps at higher organisational levels further complicate cybersecurity efforts. While attackers continuously assess environments, 72% of respondents say they meet monthly with business leaders to discuss business-critical systems, 12% hold such meetings only once a year, and 2% never have them.
Maher Jadallah, Senior Director for Middle East and North Africa at Tenable, said: “Far too many security teams are overwhelmed by the volume of cyberattacks … Firefighting is exhausting and leaves the organization open to unacceptable risks.”
Jadallah advocates for a shift to preventative security and greater involvement of security leadership in high-level business decision-making.
The study was conducted by Forrester Consulting on behalf of Tenable.