Dr. AbdulRahman Bin Saad AlJadhai serves as Chief Executive Officer at ELM Information Security Company.

What are the most critical IT security issues facing Saudi Arabia currently?

Saudi Arabia has its fair share of cyber-attacks given its political and economic role in the region and globally. Therefore, there were wake-up calls throughout the last few years and they have helped both the private and public sectors to be much more prepared. We are now improving our national strategies and regulations to encourage and unify our efforts in this space. Cyber security professionals agree that risk controls are very costly, but are not visible to the outside world. Therefore, proper policies would support these controls to take place defending our critical infrastructure.

The availability of qualified professionals in this field is a challenge. We need to build and develop a complete eco-system to get more qualified engineers. This requires close cooperation between the market and the educational institutes to better align with the demand on these special skills.

How will the rise in IoT change Saudi’s IT security landscape?

Saudi Market is excited about IoT technologies and its applications. It is still in its early stages and it is going to grow rapidly in the coming few years. Nonetheless, IoTs will widen the threat landscape since they are heavily relying on communications between each other and with their backend platform. I would not say that it would change IT security landscape; however, it would put more emphasis on cyber security resilience approaches to embed security by design and to be better prepared to bounce back with minimal damage.

Are threats from inside the organization as harmful as external threats?

As per last years’ security reports, insider threats are 60% greater than external. Lately, most of the attacks have some elements to utilize an insider to enable the attacker to be successful. Given that technologies have become very advanced in protecting external threats, attackers have opted to rely on social engineering people inside the organization. Moreover, in today’s world with a rapid increase of communications and mobility, it has become very hard to differentiate between internal and external threats, which makes cyber resiliency approaches much more relevant.

What measures can companies take to protect their organization internally?

It depends on the value of the company’s assets. It can be as big as special insider threat management program/unit that includes policies, technologies, and educational exercises or it can be as little as an awareness program with proper drills to make sure that people have the proper level of awareness.

As KSA turns to big data to drive economic diversification, how could IT security be compromised?

People are always faced with the old dilemma of open vs. closed data access. Open data concepts encourage participation and enhance the quality and the value derived from the data, however, as we move toward this we must employ all controls to make sure that the wealth of the country (the data) is safe.

Could the GCC see a rise in computer viruses in the future?

Yes, it could rise; however, threats are coming in many other forms and approaches using multiple platforms such as smart phones, industrial control systems, and IoTs. Therefore, the threat landscape is growing in ways that make it hard to predict.

What basic measures can companies take to ensure they are protected?

Every organization has to take cyber security threats seriously by establishing a risk register for all cyber risks and develop proper phase and achievable plan to implement risks’ controls. In Addition, they should have the cyber security team as independent as possible with proper reporting structure. Cyber security is a never ending game and all organizations should have a continuous oversight of its security and not when an incident occurs.

What benefits have you gained from being a part of the GCC BDI community?

I am glad to have such organization in the region. We have developed a board effectiveness program that was inspired by a workshop we had with GCC BDI. In addition, a number of our board members have attended GCC BDI training which has helped improve the effectiveness of our board. The uniqueness of BDI is that it understands the local context and that by itself is a huge plus.

For more information, visit www.elm.sa