RIYADH: American technology firm IBM Security is seeking to tighten Saudi Arabia’s cybersecurity defenses after the Middle East ranked second globally for data breaches, according to the company’s general manager. This comes as the rate and pace of digitalization, building new cities, and the use of technology is booming in the Kingdom which calls for the need of cybersecurity modernization as well, Mary O’Brien explained in an exclusive interview with Arab News. The software company aims to bolster Saudi Arabia’s defenses through various programs, including upskilling the Kingdom’s workforce, ensuring that they are learning from people who have been working in the cybersecurity space for decades, she said. The Middle East ranks second for data breaches mainly because of its valuable commodities which are of great interest to cyber criminals, the general manager disclosed. “We want to be the trusted partner for Saudi Arabian businesses and the public sector as they evolve the business in the country and as they evolve the whole community and landscape as well,” O’Brien said. While the average cost of breach has hit $4.35 million this year across several geographies and industries, the average cost of a data breach in the Kingdom was SR28 million ($7.44 million), O’Brien revealed. The more mature, sophisticated, and faster the security program is, the lower the average cost of the data breach is, she added. As much as 21 percent of investigated cyber-attacks are categorized as ransomware. Weak credentials, phishing emails, and unpatched vulnerabilities are the three top cyber-attacking vectors, O’Brien said. “Those top three attack vectors, whether you"re a large company or a small company, you can do a lot to protect yourself against those kinds of attacks,” O’Brien said in the interview. While the finance industry was historically the most attacked sector across the world, recent years have seen the focus diverted to the manufacturing and energy and utility industries. This is attributed to the fact that cyber criminals are targeting stressed supply chains. As a result of the pandemic, manufacturing industries have been facing stress in their supply chains, and with no tolerance for downtime, if an attack does take place, those firms are more likely to pay a ransom to get back to business as soon as possible. “Attackers are looking for their opportunity to get a payday. So, they’re looking for the maximum disruption in order to be paid,” the general manager said. To avoid weak credentials, employees should use strong passwords, avoid re-using passwords, use strong phrases that cannot be easily predicted, and use multi-factor authentication when applicable such as facial recognition, one-time passwords, or fingerprints. This will make it harder for cyber criminals to steal credentials, the general manager stressed. To deal with unpatched vulnerabilities, companies should patch their software and hardware to keep them up to date, she added. Founded in 2015, IBM Security aims to help its clients in the Kingdom and globally to be educated and trained with regards to cybersecurity and to implement more mature, sophisticated, and faster security programs to avoid potential attacks.