As it becomes clear that Saudi Arabia's future is digital, companies and public entities are increasingly revisiting their technology strategies to keep pace with progress. Digital transformation is gathering steam in a country in the throes of economic reform, and technology spends are expected to reach $34.5 billion this year, up 1% on 2018, according to IDC figures. And as organizations – both public and private – head for the cloud, another important consideration continues to emerge: that of cybersecurity. How can enterprises innovate as required while managing to stand up to evermore devious attack methods? Does the answer lie in machine learning? Or something simpler? On a recent trip to Saudi Arabia, Diana Kelley, Microsoft's Cybersecurity Field CTO, urged businesses to walk before they run on the issue of cyber-defense. "Sometimes people just forget the basics; and the basics can help us quite a bit to outwit attackers," she said. When covering the basics, Kelley cited multi-factor authentication as the top priority and advised Saudi organizations: "if you haven't turned it on personally or for your company, turn it on now, because if someone steals your credentials – your username and password – then if you have multi-factor authentication, they still won't be able to get into your account". She also advised that companies ensure updates to operating systems and applications are installed regularly and that backups are diligently maintained, to ward off common attacks that exploit well-known vulnerabilities. The global security threat landscape has changed in recent months. Microsoft's Security Intelligence Report recorded a 73% drop in ransomware attacks between January and December last year, with Saudi Arabia's monthly encounter rate dropping to just 0.08%. Rapidly replacing ransomware in the top spot are crypto-mining attacks, where cybercriminals hijack computers to mine virtual currencies. Cryptojacking incidents are in ascendency across the Middle East and Africa, recently reaching an encounter rate of 0.14% in Saudi Arabia. IDC predicts Saudi Arabia will spend more than $400 million on security in 2019, a time when it has never been more important to, in Kelley's words, have the right "cybersecurity hygiene and cybersecurity strategy". "When you are transforming into a truly digital organisation, you have to think about attackers coming at countries like Saudi Arabia," she said. "Making sure that data is protected and properly encrypted is vital. Also, make sure access to that data has been appropriately implemented, so only the people who need to see that data have access to it." Kelley also spoke of cloud security and the perception gaps between IT decision-makers reluctant to relinquish control of digital estates to third parties, and the reality – where cloud providers use internal economies to spend at scale on cybersecurity, arguably more than non-specialist companies can afford. "The cloud can be seen as something scary, because there's a sense that we won't have the same controls that we have on premises," Kelley said. "The reality is, we have controls in the cloud. And the cloud is actually a cybersecurity imperative, because with the power of the cloud, we are able to look at signals internationally and learn from them." Microsoft's security strategy, on which it spends around $1 billion annually, includes a security graph of data gathered from around the world that helps the company to build machine-learning models of malicious behaviors. When applied to new scenarios, these models enhance detection and response times. Microsoft also releases an annual Security Intelligence Report, based on the 6.5 trillion signals processed daily by its Azure cloud platform. Security information and event management (SIEM) is a technology that has been around for many years. It is designed to gather behavioral information on attacks and build a knowledge base that can be used for future mitigation. Microsoft Azure Sentinel is described by Kelley as "the first cloud-native SIEM". "Sentinel was designed to address one of the biggest problems we've been hearing from customers," she said. "They were event monitoring on premise, but now they're in the cloud. So, how do they handle on what's going on in their new environment? Sentinel was designed to bring that information together, so there's alert and analysis in a single space." In addition to its infrastructure investments, Microsoft has recruited a team of "threat-experts", working out of its 24-7 Security Operations Centre. On the back of its heavy annual investment, the company also continually adds features to its security portfolio, such as the release just weeks ago of Windows Defender Advanced Threat Protection for Mac OS X. "We strongly believe that a secure ecosystem is an innovative ecosystem and we will continue to invest deeply in our market-leading security provisions to ensure that every individual and organization in the Kingdom, the region and the world can achieve more," said Kelley. – SG
