Atrás 
In today’s evolving threats landscape, advanced technology on its own isn’t enough to fully secure an organization. As cyber attacks become increasingly sophisticated, the most crucial line of defense is often the human element. Recently our team in the Kingdom of Saudi Arabia joined forces with Red Sea Global (RSG)–a vertically integrated Saudi real estate developer with a diverse portfolio across tourism, residential, experiences, infrastructure, transport, healthcare, and services–in an effort that demonstrates the power of joined up thinking between technology and humans as a line of cyber defence.
The overlooked vulnerability
Cybercriminals are constantly finding new ways to exploit vulnerabilities, and they increasingly target the people behind the screens. Techniques like phishing emails bolstered by AI-tailored content, cunning offline social engineering tactics, and poor password hygiene remain top vectors for successful breaches. In fact, human error contributed to 95% of data breaches in 2024 according to research by Mimecast.
But this isn’t about assigning blame. Instead, it’s about recognizing a critical opportunity: to transform potential weak links into strong, informed defenders. Netskope champions “powerful simplicity” in cybersecurity, breaking down complex security concepts into streamlined and integrated architecture as well as supporting actionable, easy-to-understand practices that empower users.
The perfect illustration of this combination is Netskope’s real-time user coaching. Powered by AI, this technology enables security teams to guide users through potential risks and policy violations as they happen. This proactive and ongoing approach provides immediate, contextual guidance to users when they are about to perform an action that violates a security policy, such as uploading sensitive data to an unapproved cloud application. It uses AI to understand user behavior and application context, ensuring that coaching messages are relevant and non-disruptive.
These in-the-moment messages are always most effective when implemented alongside strategic training of the workforce in cyber vigilance. And so RSG and Netskope recognised a useful opportunity to help train up the future members of the KSA workforce to ensure they knew how to be cyber safe as they entered the workforce. Our primary goal was to provide KSA students and recent graduates with the practical skills needed to navigate digital risks confidently and contribute actively to an organization’s overall security framework, effectively building a more resilient human firewall from the inside out.
“Empowering our local communities with the knowledge to protect themselves in the digital world is just as critical as any infrastructure we build,” said Sultan Moraished, Group Head of Technology and Corporate Excellence at Red Sea Global. “These training programs are not just about cybersecurity — they’re about inclusion, opportunity, and ensuring that every individual in the Red Sea region can participate safely and confidently in the digital economy.”
Building a culture of vigilance
The comprehensive training program was meticulously designed around practical, real-world scenarios. Informed by the latest threat intelligence, we worked to ensure participants gained a well-rounded understanding of modern threats and were able to walk away ready to adopt best practice behaviours, which include:
- Spotting phishing attempts: Participants learned to identify malicious communications via email, SMS (smishing), or voice calls (vishing). We delved into common lures and provided actionable steps on how to verify authenticity and report suspicious messages.
- Mastering password security: This module emphasized creating strong, unique passwords, using passphrases, and leveraging password management tools. Critically, we highlighted the non-negotiable role of multi-factor authentication (MFA) as a vital layer of protection.
- Practicing safe internet habits: This section focused on secure online behavior, including identifying risky websites, understanding the implications of clicking suspicious links, and safely managing downloads. It also covered the dangers of public Wi-Fi networks.
- Recognizing social engineering: This critical segment unmasked the psychological tactics used by attackers to manipulate individuals, such as pretexting, baiting, and quid pro quo. Understanding these psychological ploys is the essential first step in avoiding being tricked.
- Ensuring physical security: Security extends to the physical world so this module covered best practices for securing company devices, maintaining clean desk policies, locking screens, and appropriate handling of sensitive documents. It also touched upon visitor management and access control protocols.
- Effective incident reporting: Knowing precisely how and when to report suspicious activities is paramount. This section outlined procedures for reporting potential security incidents, emphasizing the critical importance of timely reporting.
By simplifying these concepts and rooting them firmly in relatable, real-world scenarios (all informed and illustrated by Netskope’s comprehensive visibility into the global threat landscape), we helped to ensure that every participant walked away immediately able to apply their new knowledge.
The training program was promoted via the Jewar platform, RSG’s official gateway for engaging with the local community — ensuring broad awareness and encouraging participation among youth and aspiring professionals in the Red Sea area.
A proactive strategy for the modern enterprise
For forward-thinking organizations like RSG, investing in robust, ongoing security awareness training translates directly into a more secure and resilient enterprise. When employees are trained to be vigilant and informed by real-world threat insights, they become the first and often most effective line of defense, significantly reducing the attack surface for cybercriminals.
We are incredibly proud of this collaboration with RSG, to help prepare the individuals who will enter the workforce of KSA over the coming months and years, ensuring the Kingdom’s cyber defence is equipped to make use of both technology and human capabilities.
Lea el blog