Saudi Fund for Development CEO Receives Sierra Leone's Foreign Minister    Public Investment Fund Launches "Savvy Gaming Group"    Diriyah E-Prix 2-Time Champion Sam Bird Sets His Sight on More Triumph in 2022 Diriyah E-Prix    Minister of Islamic Affairs: Kingdom seeks to serve Islam and Muslims around world    Ministry of Health Reports 4,526 New COVID-19 Cases, 5,772 Recoveries in Saudi Arabia    Asian Shares Mixed    [email protected]: Set to become world's technological and economic powerhouse    Royal Commission in Yanbu Achieves Arab Award for Operation and Maintenance    IPA organizes 'Innovation and the Future of Government Work' conference on February 9    NDMC clears 43% of debts due for payment in 2022    Flying car cleared for takeoff, but you'll need a pilot's license    Crown Prince, Chan-o-cha reaffirm need to open a new chapter in Saudi-Thai relations    Dozens feared lost as 'smuggling' boat capsizes off Florida    Netherlands to ease Covid restrictions despite rising case numbers    What the grand Republic Day parade means to India    Unvaccinated man denied heart transplant by Boston hospital    Deputy Ruler of Sharjah witnesses premiere of 'Narratives of the Place'    Sir Elton John postpones US shows after positive Covid-19 test    Bollywood's Shilpa Shetty cleared of obscenity over Richard Gere kiss    Egypt Records 1809 New Cases of COVID-19    Weather Forecast for Wednesday    Commerce Minister: Prime Minister of Thailand visit comes within Saudi Arabia's keenness to strengthen relations with countries of world    Minister of Justice Meets with His British Counterpart    Non-oil exports in Saudi Arabia increase by 26.1%    At least six killed in Cameroon stadium stampede    Al Hilal pays tribute to departing star striker Bafetimbi Gomis    Mauritania Condemns Houthi Terrorist Attacks on Saudi Arabia and UAE    Saudi Stock Exchange Main Index Ends Trading Higher at 12,108 Points    General Court of Audit President Inaugurates 8th Conference for Internal Audit with Int'l Participation    UN chief calls for Olympic Truce to build 'culture of peace' through power of sport    Taylor Swift slams Damon Albarn over songwriting comments    Australian Open: Peng Shuai T-shirt ban reversed after outcry    Cirque du Soleil to establish an academy and regional office in Saudi Arabia    Omani National Football Team Arrives in Jeddah to Meet Saudi National Team    'Bab Al Hara' Director Bassam AlMulla passes away at 65    Saudi Handball Team Loses to Qatar in Main Round of 2022 Asian Men's Handball Championship    Eighth Season of ABB FIA Formula E World Championship to kick off in Diriyah    Riyadh's Qualitative Events Enrich its Winter, Attract World Attention    SFDA: Fat is a Source of Energy and Its Abundance is Linked to Chronic Diseases    Reflections on celebration of Christmas    Royal Commission for AlUla to Hold Custodian of the Two Holy Mosques Endurance Cup 2022, Richard Mille AlUla Desert Polo    Saudi Arabia's Pavilion at Expo 2020 Dubai Organizes a Dance Theatrical Show for Children    Saudi Arabia rebuffs UN resolution on 'sexual orientation'    Kabir Khan eyes on joint Indian – Saudi film projects    Pilgrims Perform Dhuhr and Asr Prayers at Arafat Holy Site    Council of Senior Scholars: Muslim Brothers' Group Don't Represent Method of Islam, rather only Follows its Partisan Objectives, Violating our Graceful Religion    Eid Al-Adha Prayer Performed at the Grand Holy Mosque    Pilgrims Perform Dhuhr and Asr Prayers in Arafat Holy Site    

Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.

When will Saudi organizations get serious about cybersecurity?
Published in The Saudi Gazette on 23 - 04 - 2014

a href="/myfiles/Images/2014/04/23/sr01_big.jpg" title="According to Richard Stiennon, a "devastating breach" is the best motivation for an organization to devote adequate resources to cybersecurity. "
According to Richard Stiennon, a "devastating breach" is the best motivation for an organization to devote adequate resources to cybersecurity.

Molouk Y. Ba-Isa
Saudi Gazette

Richard Stiennon, Executive Editor, SecurityCurrent, and Chief Research Analyst, IT-Harvest, was in Riyadh recently at a private event held by Lumension Security. Stiennon is a veteran of the information security industry and made his name internationally by authoring the book, “Surviving Cyberwar.” In his presentation, Steinnon spoke about countering targeted network attacks. Such attacks are escalating globally, affecting both public and private sector organizations.
Stiennon stated that he is an “optimist,” and believes that while targeted network attacks cannot be completely thwarted, if there is a good enough network defense in place, it can become very expensive for the attacks to succeed. In fact, in such a scenario the attacker would be forced to switch to physical intrusions, including the bribing or blackmailing of employees to gain access.
As the Kingdom is increasingly moving from paper to online systems, local IT staff often struggle to convince higher management within their organizations that more resources must be directed to network security.
Stiennon commented that this struggle is taking place the world over and he has seen that there's little incentive for organizations to harden network defenses if the goal is to strive for best practices or be viewed as compliant with international standards.
“The best motivation is to have a really devastating breach and then the resources will be devoted to properly secure the network and resources” said Stiennon. “Unfortunately, quite often people are let go because somebody has to be blamed for the lack of security. That's repeated over and over again around the world. For instance, recent breaches at South Korean retailers caused the CEOs of those retailers to resign. I am sure the new CEOs will take extraordinary measures to protect those network systems.”
Stiennon advised as well that enterprises have a tendency to “fight the perception rather than fight real battles.” This involves endless meetings and multiple committees, all with the unspoken goal of making it no one's fault if there is a network breach.
“My recommendation is always to assign the responsibility (for network security) to someone, just as you would do in any great project,” he said. “You hire somebody to build a house for you. The general contractor is responsible for building the house at the price you agree to, in the agreed timeframe. If the contractor fails to meet the contract, they are liable and they lose money. It's the same thing with establishing a good cyber defense policy for an organization of any size.”
According to Stiennon, responsibility for network security entails that there will be direct consequences for failure. If it's a military organization, a network breach is the equivalent of falling asleep at your post - with the associated consequence. If it's an industrial or government organization, failing in your duties should involve embarrassment and termination.
With the consequences for failure so grave, few are willing to step up and take responsibility for an organization's cybersecurity. Stiennon believes that no one wants the responsibility because they aren't given adequate resources to mount the best defense. That's why he counsels anyone who is requested to shoulder such a role, to document the conditions for undertaking the assignment, including which technologies must be deployed, the staff to be hired and the training required to get the job done. Those last two points are major issues in Saudi Arabia.
To counter them, he supported the position of demanding that vendors who sell information security solutions locally must also offer local, instructor-led training for those tools. He also thought it was reasonable that the government provides some sort of preferential treatment to Saudi companies who sponsor information security education for their staff. Additionally, at all organizations with more than 1000 employees, Stiennon advocates the formation of dedicated cyber defense teams made up of IT professionals with differing and very advance skill sets. Such teams would be tasked with fighting a continuous, evolving battle against network attackers.
Why an evolving battle? Because the attacks are constantly changing. He pointed to the Heartbleed bug revealed earlier this month.
“The Heartbleed bug is yet another example of unknown vulnerabilities lurking out there,” said Stiennon. “The discovery kicked off a fire drill to find and patch vulnerable systems. According to cybersecurity company Mandiant, they saw a customer's VPN concentrator successfully attacked on April 8, the day after the revelation of the vulnerability.”
Some analysts think the struggle against the Heartbleed vulnerability will go on for years. That's why it's essential that Saudi organizations stop wasting time and resources on blame avoidance strategies for cybersecurity breaches and step up the real fight against network attackers.

Clic here to read the story from its source.