Sophos released findings from its Kingdom of Saudi Arabia (KSA) Cybersecurity Awareness survey 2024. According to the report, 74 per cent of respondents experienced phishing attacks, indicating the need for enhanced email security and employee training. In addition, the survey states ransomware (49 per cent) is the second most common Cybersecurity concern, with 42 per cent of organisations lacking formal response plans, highlighting the need for stronger preparedness to effectively mitigate and respond to ransomware incidents.
Phishing has become a significant threat in Saudi Arabia, with a surge in malware delivery through malicious email attachments and advanced spear phishing attacks. The advent of AI-powered phishing campaigns has further escalated the risk, making traditional defences like employee training insufficient. Businesses must adopt proactive solutions like Sophos MDR, which combines advanced email filtering, real-time detection and incident response to counter modern phishing threats and strengthen security posture.
“Today’s threat landscape is continually evolving, growing more severe and complex, particularly in regions like Saudi Arabia, where digital transformation is rapidly advancing, there is an urgent need to heighten cybersecurity awareness and preparedness,” said Chester Wisniewski, global field CTO at Sophos. “Cybercriminals operate without regard for international borders, and our defences must adapt accordingly. While ransomware attack rates have declined over the past two years, the impact on victims has increased. To combat these persistent threats, organisations in the Kingdom and beyond must adopt a proactive, human-led approach to threat detection and response, leveraging advanced technology and continuous monitoring to stay ahead of attackers.”
According to the survey, 59 per cent of the respondents also utilise Artificial Intelligence tools for cybersecurity. AI has revolutionised the way IT security professionals think about cybersecurity. Advanced AI-powered tools and systems enhance data protection by rapidly identifying behavioral patterns, automating processes, and detecting anomalies providing stronger defences against emerging threats.
Employee training and awareness rank as the most effective AI application across various organisations, followed by threat detection and risk analysis as the second and third most impactful measures supporting cybersecurity efforts. AI still requires human intervention for training and correcting mistakes. A growing concern is the potential for hackers to exploit AI for malicious purposes, such as generating phishing emails and developing malware. In larger organisations with more than 500 employees, 55 per cent of employees are “very concerned” about AI-powered attacks, compared to 33 per cent in medium-sized and 11 per cent in smaller organisations.
The rapid pace of innovation in the cybersecurity landscape makes it challenging for organisations to be prepared for evolving threats and implement cyber controls designed to counter them. Larger organisations, 76 per cent of the respondents with in-house expertise, are better equipped to manage risks, while smaller ones (21 per cent) often lack the resources, making them more vulnerable to attacks. Thirty-five percent of the respondents stated that the most cited skill gaps are in AI/Machine Learning in cybersecurity followed by cloud security (25 per cent). Across all organisations, quarterly training remains uncommon, with only 12 per cent in medium organisations and 19 per cent in large organisations adopting this frequency.
Other key findings from the latest report:
- Phishing reports by employees:Organisations with more than 500 employees have the highest percentage of employees (15 per cent) reporting phishing more than 50 times per month, likely due to advanced monitoring systems and employee training programs
- Organisations with ransomware plan: In organisations with over 500 employees, 89 per cent have implemented a formal ransomware response and recovery plan, demonstrating strong preparedness and recognition of ransomware risks.
- Frequency of cybersecurity training: Small businesses are significantly less likely to provide training, with 61 per cent of small organisations offering no training compared to 20 per cent of medium-sized and just 2 per cent of large organisations
- Budget allocation for cybersecurity from IT: 70 per cent of organisations with more than 500 employees allocate 13 per cent or more of their IT budgets to cybersecurity, showcasing a significant prioritisation of protecting complex infrastructures. 66 per cent of small organisations allocate less than 10 per cent of their IT budgets to cybersecurity
- Compliance with local data policies:Larger organisations invest more in local compliance due to stricter audits, operational risks, and the sensitive nature of the data they manage. Small organisations’ preference for global data centre policies may stem from cost-effectiveness, easier scalability and fewer regulatory burdens compared to larger counterparts.
Discussion about this post