Cyber security risks in Saudi Arabia and the recent incident at Saudi Aramco demonstrate that the oil and gas industry is one of the most attractive targets for cyber-attacks, a senior official of a developer of software solutions for monitoring and managing information flows.

“The industry forms the basis of the country’s economy and so the security risks here are much higher. Companies within the oil and gas industry possess industrial secrets such as field data and confidential financial and project documentation that are the objects of intellectual property and should be reliably protected from external attacks as well as insider threats,’ said Alexander Zarovsky, international business chief at InfoWatch.

“You can imagine the volume of possible damage in Aramco’s case as it is the state-run oil company whose 260 billion barrels of crude oil alone would value it at over $8 trillion, or 14 times the market value of Apple Inc.” The attack on Saudi Aramco in the August incident was said to have damaged 30,000 computers.

InfoWatch, currently the only data leak prevention (DLP) vendor with integrated detailed Arabic morphology and special Arabic templates in its solutions, said  Saudi companies overall are aware of cyber security risks and more than 50 per cent are ready to raise the level of their corporate IT security.

Zarovsky: kingdom a promising market

About prospects of large-scale deployment of DLP solutions in the kingdom, Zarovsky said: “We mainly stake on the government sector and the companies of high enterprise segments. The key factor of DLP systems’ efficiency is preliminary classification of all corporate data. According to expert estimation, up to 80 per cent of modern corporate data are unstructured and need to be analysed and classified into different categories of confidentiality. This means a big part of consulting which is a long-term and expensive process is what we call ‘Pre-DLP’.  Otherwise the DLP system will have low efficiency and be almost useless. Thus DLP solutions are mainly in demand by high enterprise companies.”

InfoWatch has two pilot projects in the kingdom for DLP solutions, one in the government sector and the other in a financial organisation. “In general, even though more companies are implementing DLP solutions, we must say it’s quite a slow market.

The most attractive economic sectors for InfoWatch here are government, finance, aviation, telecom, and construction. We consider Saudi Arabia as a long-term strategic market where InfoWatch has a five-year plan of development.”

Part of the plan is to increase the number of engineers and improve the technical support service of its solutions. The company is also focused on cross-geographic expansion inside the country and wants to be present in all major cities. “We do not announce the number of integrations on the grounds of confidentiality but we can say that our clients are more than happy with the functionality of our software and the quality of integration services,” said Zarovsky.

About InfoWatch’s social media monitoring (SMM) solutions, the official said a market research it conducted found out that there is need for a localised version of the InfoWatch SMM software. “In particular, the Saudi government customers requested a special version of InfoWatch Kribrum with an Arabic interface. Now we are busy with the task.” Kribrum is a cloud-based social media monitoring solution to help companies manage their reputation, improve customer experience and leverage customer opinion expressed online for market-winning product development.

InfoWatch has two offices in Saudi Arabia, one in Riyadh and the other in Jeddah. The company is now mostly focused on training the engineering team, raising the level of technical support and long-term planning. The company considers the Gulf market in general and the Saudi one in particular to be very promising and is trying to adapt its solutions to the region’s specific requirements.

Elsewhere in the Gulf, InfoWatch is experiencing rapid growth in Bahrain where it has five customers including the Ministry of Transport, First Energy Bank and Central Bank. “In general,” said Zarovsky, “we planned a three- to four-year entry cycle while we managed to do in only two years.”