Improving Incident Response in the Middle EastPerspectives from a Saudi Arabian Security Practitioner
Owing to its prominent economic and political position in the Middle East, Saudi Arabia is experiencing a sharp increase in cyberattacks. To keep up with emerging threats, banks and other organizations in Saudi Arabia and throughout the region have had to develop much more mature incident response functions, says Mohammed Almozaiyn, who heads incident response for a leading bank in Saudi Arabia.
"We are living in the age of threat monetization - we have seen many DD4BC - or DDoS for Bitcoin - attacks," Almozaiyn says in an interview with Information Security Media Group. "Ransomware and customized malware are available on the black market, specifically targeting local banks in the GCC [Gulf Cooperation Council] region. The threat landscape for Middle East is very complex and diverse and accelerating very fast." (See: Banking CISO: Lessons from Attacks)
Whereas incident response is only just picking up in other developing markets in India and Southeast Asia, midsize and large banks in Saudi Arabia have established incident response functions within an independent information security body, he says (see: Middle East Practitioners Bullish on New Strategies).
Almozaiyn notes: "Though we haven't gotten to a level where we are innovating yet, maturity ranges between level 1 and level 3; which is that it just exists, up to having a well-established plan and a vision, and based on recognized standards." However, for smaller banks, incident response maturity remains a problem due to lack of resources, security leadership and adequate vision.
In this exclusive audio interview (see audio player link below image), Almozaiyn maps out some of the barriers to effective incident response in the region. He also discusses:
- The threat landscape in Saudi Arabia and the rest of the Middle East;
- Why it's urgent to improve incident response capabilities;
- Specific recommendations for incident response action items.
Almozaiyn has more than 12 years of experience in information security and has successfully delivered several security and network infrastructure deployment projects. He holds several professional security certifications, and his current areas of interest include threat intelligence, privacy and cybersecurity auditing, as well as digital forensics and incident response on the enterprise level.