United Motors Group, one of the largest automotive dealerships in the Kingdom of Saudi Arabia, representing brands such as Kia and JETOUR, is taking significant steps to bolster its cybersecurity efforts. With a workforce of over 1,000 employees across more than 50 locations, the company’s diverse portfolio includes automotive sales, after-sales services, and nationwide repair services.
Over the past three years, UMG has embarked on a profound internal transformation and made substantial advancements in customer-facing technology, resulting in outstanding customer ratings for the overall experience, whether during vehicle purchases or post-sales services.
Muhammad Junaid, Group Head of IT at UMG, states, “Our organization firmly believes that technology is not just a tool but an integral part of our core strategy, crucial to our business success.”
In 2021, UMG initiated a comprehensive digital transformation programme with a strong emphasis on cybersecurity. As part of this transformation, UMG phased out legacy systems, introduced state-of-the-art mission-critical systems, and established the necessary infrastructure for their effective utilization.
Junaid explains, “For example, when we implemented cloud-based solutions, we realized that a reliable internet connection alone wouldn’t suffice; it required seamless integration with various processes, necessitating substantial technological advancements.”
Another pivotal aspect of UMG’s transformation journey focused on enhancing the customer experience, a paramount concern in the automotive and service industry. Junaid adds, “We concentrated on swift customer engagement, prompt responses to inquiries, and ensuring a seamless journey and experience for our customers throughout the purchase and post-sales service process. These efforts have significantly contributed to the growth of our business.”
Unlike many organizations that neglect cybersecurity during their digital transformation, UMG prioritized cybersecurity from the outset rather than treating it as an afterthought.
Junaid emphasizes that strong cybersecurity measures should underpin digital transformation projects. This underscores the importance of developing a well-thought-out cybersecurity strategy and ensuring a robust overall information security posture.
According to the IT head, UMG’s core objective for its cybersecurity roadmap was to establish a comprehensive ecosystem capable of incorporating cybersecurity vendors alongside the existing technology stack. This journey began several years ago, starting with fundamental steps such as risk assessment, policy and procedure definition, and implementation of security basics, ranging from endpoint security to network security.
Junaid further explains, “Our overarching strategy aimed to achieve continuous monitoring and auditing of the threat landscape while devising strategies to mitigate these threats. Given the need for a specialized team to handle these tasks, we opted to engage a vendor to manage them for us.”
This decision led UMG to select Secureworks. Initially, the Group’s IT department considered implementing a standard SIEM solution. However, as they delved deeper into the process, they realized that the most effective utilization of a SIEM solution required continuous real-time monitoring and analytics, along with a vendor capable of managing the entire threat landscape.
Junaid elaborates, “This is where Secureworks’ MDR solution comes into play. Upon close examination of their offerings, we discovered that they provide comprehensive end-to-end threat monitoring, along with a highly sophisticated managed services portfolio. This aspect particularly appealed to us.”
UMG chose Secureworks as its cybersecurity partner after a rigorous evaluation process that spanned nearly a year. Junaid notes, “We explored all the well-known products in the market. However, when it comes to threat management, including event comprehension, receipt of critical real-time updates, and continuous monitoring, Secureworks stood out for offering something truly unique.”
Secureworks’ offerings align perfectly with UMG’s strategic vision. Without the need for significant expansion of the on-site workforce, UMG effectively meets its security requirements. Junaid adds, “We maintain a small internal team that collaborates with Secureworks, and through their managed services, we can efficiently manage our entire ecosystem.”
He also underscores that Secureworks offers UMG more than just 24/7 monitoring; it includes consultancy on various aspects of cybersecurity. “One of the key features of Secureworks is the analytics they provide. Moreover, their unique 12-month data retention policy is highly valuable, as most vendors do not offer such a service without additional charges. This extended retention period provides us with valuable insights into the various threats we have encountered. With our cybersecurity posture significantly bolstered, we are now planning the next stage, which involves implementing a zero-trust architecture.”
