As part of its efforts to lead the digital technology ecosystem, Saudi Arabia is working on developing its cybersecurity system. This will ensure the protection of its data from hackers and maintains its global leadership position.
With the acceleration of digital transformation processes, electronic hacks and data breaches have also increased. This has prompted the kingdom to provide a secure environment for data and digital operations through a solid cybersecurity system.
Due to the COVID-19 pandemic and the emergence of remote work, Saudi companies suffered from millions of cyberattacks. The incidence of attacks has exceeded 22.5 million, costing the Saudi government losses estimated at $6.5 million.
National Cybersecurity Authority
Here comes the important role that the National Cybersecurity Authority (NCA) will play. Established on October 31, 2017, the NCA develops, implements, and manages strategies to protect companies from cybersecurity risks.
It has issued several policies, frameworks, and guidelines related to cybersecurity at the national level. That is to enhance national security and protect the state’s interests, vital infrastructure, and government services.
Therefore, it issued the following guidelines and protocols:
- Organizations’ social media accounts cybersecurity controls
- Essential cybersecurity controls
- Cloud Cybersecurity Controls (CCC)
- Telework Cybersecurity Controls (TCC)
- Critical Systems Cybersecurity Controls (CSCC)
- Operational Technology (OT) Cybersecurity Controls
- Data cyber security controls
- Saudi Cybersecurity Workforce Framework (SCyWF)
- National Cryptographic Standards (NCS)
- Saudi Cybersecurity Higher Education Framework (SCyber-Edu)
- Cybersecurity guidelines for e-commerce consumers
National Cybersecurity Strategy
The National Cybersecurity Strategy was developed to reflect a safe and reliable Saudi cyberspace that enables growth and prosperity. It includes six main themes: integration, regulation, assurance, defense, cooperation, and construction.
The national strategy aims to:
- Have an integrated cybersecurity governance at a national level
- Effectively manage cyber risks at the national level
- Engage in cyberspace protection
- Strengthen national capabilities in defense against cyber threats
- Establish partnerships and cooperation in cybersecurity
- Build local human capital capabilities and develop the cybersecurity industry in the Kingdom
National programs and initiatives on cybersecurity
The Indicative Center for Cybersecurity
This center was launched to issue alerts on the latest and most serious gaps. It also works on raising awareness campaigns and programs, as well as coordinates with other centers. Furthermore, it aims to raise awareness of cybersecurity, avoid cyber risks, and reduce their effects.
Saudi Federation for Cybersecurity
The Saudi Federation for Cybersecurity was launched under the umbrella of the Saudi Olympic Committee. It works on providing activities and programs that contribute to increasing community awareness of cybersecurity, programming, and drones. Moreover, it supports and encourages young people to become professionals in this field to increase local capabilities in this sector.
National Cybersecurity Academy
The Ministry of Communications and Information Technology, in cooperation with the Human Resources Development Fund (Hadaf), also launched this academy. It aims to raise the level of national digital capabilities in various fields of modern technology. This allows Saudi Arabia to keep up with the demands of the digital transformation. It includes the following paths:
National Cybersecurity Academy
The Ministry of Communications and Information Technology, in cooperation with the Human Resources Development Fund (Hadaf), also launched the National Cybersecurity Academy initiative, to raise the level of national digital capabilities in various fields of modern technology and keep pace with the requirements of digital transformation. It includes the following paths:
- Artificial intelligence data analysis
- Cloud Computing
- Web and application development
- Games design and development
- Executive programs
Hasseen Initiative
The Hasseen initiative was launched to enhance cybersecurity at the national level. It is concerned with protecting e-mails from spoofing and unauthorized use. It works on empowering entities to:
- Know the level of implementation of the Hasseen initiative
- Create domain name records
- Survey domain name registries
- Raise awareness among national authorities of the importance of activating domain name documentation and methods of implementing it.
Projects that prompted Saudi Arabia’s interest in cybersecurity:
- Smart cities that are tech-based from construction to implementation
- Launching initiatives to enhance cybersecurity in Saudi Arabia
- Establishing the Saudi Federation for Cybersecurity to provide activities that increase community awareness in this field
Saudi Cybersecurity majors
Saudi universities have also taken an interest in including cybersecurity majors in their universities. Many of them are now granting the following bachelor’s degrees or diplomas:
- Bachelor’s degree in Cybercrime
- Bachelor’s degree in Cyber Operations
- Bachelor’s degree in Artificial Intelligence
- Diploma in Information Security Governance
- Diploma in Cyber Incident Response
- Diploma in Cyber Defense
Cyber security jobs in Saudi Arabia
Saudi Arabia’s eagerness to develop its cybersecurity sector has led to an explosion of various cybersecurity related jobs, some of which include:
1. Cybersecurity director
A cybersecurity director is responsible for implementing and developing security strategies and managing the standards and frameworks.
2. Cybersecurity auditor
A cybersecurity auditor designs, implements, and manages security audits. This evaluates the organization’s compliance with requirements, policy standards, and established controls.
3. Cybersecurity Compliance Manager
The cybersecurity compliance manager monitors cybersecurity compliance across the organization. This position works with internal and external auditors and compliance teams to ensure that policies and standards are effectively implemented.
4. Cybersecurity engineer
The cybersecurity engineer undertakes the task of designing, implementing, configuring, and supervising security systems and networks.
5. Cybersecurity specialist
The cybersecurity specialist monitors computer security risks by assessing the threats and vulnerabilities to which they are exposed. Moreover, this specialist prepares comprehensive reports of assessment results and proposals in order to further enhance the security systems.
6. Senior network security engineer
This position performs several tasks, including troubleshooting and supporting operations. The engineer is expected to recommend solid networks and security devices and maintains security documentation. Moreover, the senior network security engineer also troubleshoots and manages site errors and manages daily operations.
7. Senior Assistant for Cybersecurity
The senior assistant monitors operations and drives improvement in the efficiency and quality of cybersecurity systems. Some of the tasks include conducting efficiency reviews of the implementation of security operations. Additionally, the senior assistant supports the development of plans to transform strategic plans into implementation plans. Assessing risks in information technology and information systems is also one of the important tasks for this job.
Read: UAE companies boost AI investment to strengthen cybersecurity
Awareness campaigns
The NCA launched the National Cybersecurity Awareness Program, which aims to preserve national security. Additionally, it seeks to raise awareness of cybersecurity among all segments of society in Saudi Arabia. It introduces the best practices for protecting society from repeated cyber risks. Furthermore, it is keen to collaborate with national entities in the field of cybersecurity, and unifying their efforts. The program’s launch coincided with Cybersecurity Awareness Month, which is celebrated globally in October every year.
The campaign involves multiple initiatives, events, and specific programs. Moreover, it includes a mobile exhibition that raises awareness of cybersecurity in national authorities.
Furthermore, the initiative includes awareness sessions for national agencies, in addition to awareness bags for more than 850 national agencies. This allows them to educate their employees about cybersecurity. It also includes launching an awareness campaign titled “La Taftah Majalan”, in cooperation with the public and private sectors.
Conferences and forums
Every year, Saudi Arabia hosts the Global Cybersecurity Forum in Riyadh, which is organized by the NCA. This forum is in cooperation with the Saudi Information Technology Company (SITE). This year’s forum was titled “Charting Shared Priorities in Cyberspace”.
During the first two days of November, highly respected decision-makers and CEOs participated in the forum. In addition, a group of distinguished speakers from international governmental organizations as well as academics convened in Riyadh.
The forum included a number of specialized groups that addressed the latest cyberspace issues in vital sectors. These included issues such as supply chains, smart cities, and the future of cyberspace. The groups aimed to raise awareness and explore comprehensive solutions for countries and stakeholders in the public and private sectors.
In numbers
Saudi Arabia leads the region in readiness to confront cyber threats, according to a recent report by Trend Micro.
In its annual cybersecurity report, Trend Micro highlights the increasing rate of cyberattacks on digital infrastructures and individuals in the modern hybrid work environment.
The study revealed that Saudi Arabia experienced around 63 million email threats and over 6.4 million malware attacks. Moreover, more than 17.5 million individuals fell for URL scams.
However, Saudi Arabia recently ranked second in the global cybersecurity index. That is due to its commitment to developing plans to strengthen its cybersecurity.
For more news on technology, click here.
