A recent study revealed that Saudi companies are integrating artificial intelligence technologies into their cyberdefenses after incidents of electronic hacking, costing an estimated $588,000 in losses in 2023, according to American company Cisco.
While this figure may seem small, global hacking losses reached $3 trillion in 2015 and are projected to soar to $10.5 trillion this year and next.
Cybersecurity threats in Saudi Arabia primarily involve phishing, ransomware, and social engineering. Hackers are employing advanced techniques such as ChatGPT, machine learning, and automation, as evidenced by the development of a variant of the 2019 malware Infostealer, facilitated by ChatGPT, according to cybersecurity company Check Point.
Saudi Arabia’s National Cybersecurity Authority and its partners have made significant strides in protecting the Kingdom’s digital infrastructure, reflected in its high ranking in the World Bank’s digital maturity index, rising from 46th in 2017 to second in 2023.
A correlation exists between reduced corruption and digital transformation, with the least corrupt countries like Denmark, Finland and New Zealand leading in digital transformation. Conversely, the most corrupt nations, such as Chad, Afghanistan and Haiti, lag in digital adoption. Electronic transactions offer greater security against tampering compared to paper-based systems, but any disruption can result in substantial financial losses.
For example, Amazon estimates its revenue at $17 million per hour. This means that a one-hour outage would cost the company the same amount. The 2023 World Economic Forum Annual Report in Davos alarmingly indicated that 91 percent of business leaders and cybersecurity experts believe that a major cybersecurity incident is likely to occur in 2024 and 2025. This is due to the instability of global geopolitics caused by the Russian-Ukrainian crisis, trade disputes between the US and China, and the unstable and confusing situation in the Middle East.
As a result, tech giants like Apple, Google and Microsoft are working to replace passwords on their platforms with a new technology called “FIDO” or “passkey.” This technology verifies a person’s identity by sending a code to an additional phone number they own, using a personal identification number, or by registering using biometric data (fingerprints or facial recognition). The latter is already implemented by the Saudi National Access Platform, although it is optional and not mandatory.
According to local statistics in 2023, more than 45 million government transactions are conducted monthly through the Nafath platform in the Kingdom. There are over 430 applications and platforms linked to it, posing a challenge. If one of them is breached by cybercriminals, they can access sensitive and important information and data.
The consequences of a major cyberattack on Saudi Arabia could be devastating. In 2022, Costa Rica declared a state of emergency after a cyberattack crippled a range of government services and caused millions of dollars in economic losses. In 2007, Estonia, the first country to be targeted by a large-scale cyberattack, suffered damage to 58 government and private websites. Estonia has since become a leading adviser to NATO on cybersecurity matters, recognizing the potential for cyberwarfare as a tool for state aggression.
The inverse relationship between reliance on technology and the increasing risks of breaches is evident. Data from the American firm CrowdStrike shows that successful cyberattacks peaked during the COVID-19 crisis, with remote work and study patterns, reaching 1,161 in 2020 and 1,365 in 2021, compared with 400 in 2019 and between 795 and 960 in 2022 and 2023.
As we approach the Hajj season, the Hajj processes are largely dependent on digital systems. Disrupting them could lead to operational chaos, airport congestion, problems with pilgrim movement, and data leaks of citizens, residents, and foreign pilgrims. The best solution is to establish specialized cybersecurity forces at the national level, using a combination of intellect and muscle to track down hackers and fortify systems, in addition to enacting legislation to criminalize cybercrime and treat offenders as corrupters on Earth, on par with highwaymen and drug smugglers, and punish them accordingly.
— Dr. Bader bin Saud is a columnist for Al-Riyadh newspaper, a media and knowledge management researcher, and the former deputy commander of the Special Forces for Hajj and Umrah in Saudi Arabia. X: @BaderbinSaud