Tenable, the Cyber Exposure company, has published results of a study that found 86% of Saudi organisations suffered a business impacting cyberattack attributed to vulnerabilities in technology put in place during the pandemic
The data is drawn from ‘Beyond Boundaries: The Future of Cybersecurity in the New World of Work,’ a commissioned study of more than 1,300 security leaders, business executives and remote employees, conducted by Forrester Consulting on behalf of Tenable.
The pandemic accelerated remote work for many Saudi organisations. In fact, from 34% in 2020, now 91% of organisations have remote employees. Majority of the organisations (91%) plan to adopt this remote working model permanently. About 77% of Saudi organisations have moved business-critical functions to the cloud. However, this change to working practices has increased organisations’ risks. By their own admission, 63% of Saudi organisations are prepared to support new workforce strategies from a security standpoint, while 67% believe moving business-critical functions to the cloud exposes the organisation to increased cyber risk. About 98% of organisations experienced a business-impacting cyberattack in the last 12 months, with 33% falling victim to five or more.
“Remote and hybrid work strategies are here to stay and so will the risks they introduce unless organisations get a handle on what their new attack surface looks like,” said Amit Yoran, CEO, Tenable. “This study reveals two paths forward – one riddled with unmanaged risk and unrelenting cyberattacks and another that accelerates business productivity and operations in a secure way. CISOs and CEOs have the opportunity and responsibility to securely harness the power of technology and manage cyber risk for the new world of work.”
IT and security teams are quickly rolling out tools for connectivity, collaboration and productivity, while also moving business-critical data to the cloud to support a remote and hybrid working environment. Organisations must re-evaluate their approach to maintaining security, aligned to the business, in order to effectively reduce the risks introduced.