Ahead of its participation at Black Hat MEA that will be held from 15 to 17 November 2022 in Riyadh, Cisco has revealed the results of its recent consumers’ security survey in the Kingdom of Saudi Arabia KSA. The study revealed interesting trends about device security amid the significant acceleration of digitization across KSA.
Fady Younes, Cybersecurity Director, EMEA Service Providers and MEA, commented: “Cisco consumer survey in KSA is giving us a tremendous insight into general approach to security when the private and the public are blending in the hybrid workplace. While the pandemic has accelerated the hybrid work model and the remote access to business data, we have identified many red flags consumers should pay attention to. We have noticed that unconscious insider threats are becoming an increasingly common part of the attack chain. Even the smallest of data leaks can lead to huge implications on the cyber-safety of individuals.”
“With the line between work and home permanently blurred, we are seeing that the habits used for personal activity are increasingly applied to work ones – a huge threat to organizations for whom reputation is invaluable. While organizations can’t erase human error, they can certainly mitigate it. Businesses should also be holding data securely in the cloud and allowing access based on zero–trust principles – aligning all access with individual needs and contexts,” he added.
Using Personal Devices for Work
With the advent of hybrid work and against a backdrop of intensified cyber threat, the research was conducted with the aim of understanding attitudes to cybersecurity in the home. The results in Saudi Arabia reveal the huge number of people who frequently use their personal devices for work tasks such as sending emails (67%) and frequently making business calls (66%). Only 35% have never chatted about work tasks on their personal device or worked on a business document.
Of over 1,006 polled consumers in KSA, the majority have three or more connected devices and all respondents share at least one connected device with someone else in the house. Amid a global surge in cybercrime at all levels, respondents do appear concerned about the threat of attack, with 73% saying they’re worried about their personal devices being hacked. With the number of connected devices shared in the home, 72% have updated their password in the past 6 months – the highest percentage across Europe, the Middle East, and Africa (EMEA).
Risk is not only a factor at home, as so many people now work in public spaces or check-in on work tasks on the move. The always-on mentality of so many means people are risking shortcuts to connectivity. In KSA, 56% of respondents frequently use public networks for personal tasks and 61% use them for basic work tasks.
Misunderstanding Security Measures
Usernames and passwords have never been a particularly effective technique for keeping cyber threats away. Adding zero–trust principles, including multi-factor authentication (MFA) to accounts, are very simple methods for adding a strong extra layer of protection to system access.
However, 29% in KSA do not use or do not know what MFA is. As nearly every smartphone now has a fingerprint or facial scanner, consumers are choosing to use biometrics instead of passcodes to unlock and log in to applications on their personal devices. Organizations have an opportunity to leverage this technology, which is already in employees’ pockets, to drive the adoption of strong zero–trust principles framework at work.
Inconsistent Education Opportunities
A major challenge in closing the gaps in cybersecurity is educating millions of people at a consistent level. When asked where they seek advice about online and device security behavior, the answers were stacked predominantly towards asking friends and family (50%) or via social media (48%).
Subjective advice and opinions on cybersecurity can mean a deficit in genuinely robust measures. For the average, person it may seem unlikely their home Wi-Fi will be hacked, or that someone will steal their data while on a public network. However, it only takes one opportunist and a very short window of time to access and harvest the information they need.