Decrypting Cyber Security

MUSCAT, May 2021

The onset of the Fourth Industrial Revolution has posed a host of challenges around cybersecurity globally but can be tackled with diligence in the Sultanate, says Oman Data Park’s CEO, Eng. Maqbool Al Wahaibi.

The onset of the Fourth Industrial Revolution has spawned a world where technology and interconnectivity form a matrix that binds modern society. While this introduces us to a world ever so developed it also poses challenges in privacy and digital security.

But to understand what some of these challenges are we first need to identify what cybersecurity means in today’s world. Cybersecurity is a process that describes all the resources that have been developed to protect your online identity, data, and other assets. This is fronted by the detection, prevention, and understanding of threats that are posed to your business by criminals.

In short, Cybersecurity is how you protect your business from these cybercriminals who are trying to access your company’s data, operations, and infrastructure.

The global cybersecurity market is tremendous. Companies and governments dedicate a great share today on cybersecurity – and this includes Oman. From our independent research, we have learnt that

institutions in the Sultanate face up to 8,000 cyber-attacks on average daily, and as per Trend Micro’s Midyear Security Report, a combined 2,599,031

email, URL, and malware cyberthreats last year.

Worldwide, the cumulative spend on cybersecurity has touched US$1trillion during five years – from 2017 to 2021. And based on our calculations, we estimate that roughly RO40million of that amount comes from the Sultanate.

Today, hackers have adapted and are very smart. These intruders are using the very products of the Fourth Industrial Revolution that we work with, including products such as Artificial Intelligence (AI), to penetrate security systems that have been set in place.

AI can be touted as a product that aids in the transformation of a company. It can help in understanding businesses and their consumers better, by which one can professionally provide more targeted and efficient services to the end recipients. But hackers have reverse-engineered these AI systems to penetrate security protocols – and that makes it difficult for typical cybersecurity companies to respond at the same rate.

Another large-scale threat that occurs regularly is over email systems. Insecure email systems can be exposed – and this has led to a lot of impersonations.

Such emails can get hacked and loss of financial transactions or breach of sensitive data can also occur in the process. An ever-increasing threat in cyberspace, phishing of personal

data was involved in 58 per cent of all breaches and cost a prodigious US$3.86mn (RO1.48mn) in 2020, as per the Verizon Business 2020 Data Breach Investigations Report. One in every 4,200 emails sent are phishing emails and account for more than 80 per cent of all reported security incidents today. The report also reveals that 94 per cent of all ransomware is delivered via email – and such attacks can cost businesses upwards of US$133,000 (RO51,220) to resolve. Despite this, more than 77 per cent of organisations do not have a cybersecurity incident response plan in place. An IBM report reveals that companies take about 197 days to identify and 69 days to contain the breach. This prolonged duration between detection and finding a solution can result in severe financial loss. The IBM report also adds that companies that can contain a breach in less than 30 days save more than US$1mn (RO385,100) when compared with those that take longer.

But, time and again, even the greats fall prey to cybercriminals. For example, a recent disclosure from Facebook acknowledged that criminals had phished the data, including phone numbers, full names, locations, email addresses, and other personal details of over 533mn people from over 106 countries.

It took an unfortunate incident to throw light on an ever-growing concern. In a world where the Fourth Industrial Revolution has led to the digital transformation across various sectors at large, Cybersecurity should take centre stage because it encompasses everything that pertains to protecting sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems.

The number of discovered cyber-attacks and those reviewed and managed amassed a total of 417,021 in the Sultanate in 2020, as per data collected by the Ministry of Transport, Communications, and Information Technology (MTCIT).

Cybersecurity incidents reported by government agencies, critical sector’s institutions, and individuals – and dealt with efficiently – totalled 1,461. The data also revealed that the number of critical security threat notifications touched 107, while the number of digital evidence cases handled in the Digital Evidence Lab reached 128.

When personal data is exposed, employees or customers could be targeted for identity theft or fraud. Fraud and attacks through social media can also damage your reputation and harm confidence in your brand. Moreover, criminals who gain access to your business operations can shut down your network and demand incredibly high ransoms.

Taiwan-based PC maker Acer laid victim to one such ransomware attack by REvil/Sodinokibi cybercrime syndicate early in March 2021. Demanding US$50mn (RO19.25mn) in untraceable Monero – a type of cryptocurrency – from the company, the double-extortion cyberattack exfiltrated key financial data.

The more connected we are today, the more data we can expect to see consumed and shared between users and stored within servers. Ease in transactions and a subsequent enhancement in efficiency have also given rise to a strong shift in digitalisation in the government to customers (G2C) and government to businesses (G2B) sectors in the Sultanate.

Whether you are applying for a visa or are looking to register your business with the Government, today, Oman promotes availing its services online. These digital transactions show that Oman is gearing up towards maximising its efforts in e-services.

This carries with it a risk on the security side because the more you are connected the more you are exposed to the internet and the more vulnerable you will become to cybercrime. So, it is vital to protect yourself or your company from malware, theft, or damage attempted by criminals and adversaries – be it from what can be seemingly safe systems or smartphones that have been configured for work or personal use.

Spend on security solutions is predicted to rise from US$5.6bn in 2018 to US$12.6bn by the year 2023. While this is incremental, there has been a sharp rise in spear-phishing email attacks by as much as 667 per cent since the onset of the COVID-19 pandemic, as per Barracuda Sentinel, a multi-layer AI engine that detects and blocks spear-phishing and socially engineered attacks in real-time.

We have also noted that small businesses are increasingly targeted by hackers. Forty-three per cent of all malicious attacks are directed at SMEs. The result of such an attack can be devastating – and 60 per cent of victims are out of business within six months. Couple that with the fact that 29 per cent of all cyberattacks are launched from internal networks (users within the company), and it is evident that cyber protection is paramount during these times.

Here at Oman Data Park (ODP), cybersecurity is one of our key specialisations and we have taken some serious steps over the last nine years to ensure the safety of our customers. We believe that security forms the framework of our DNA because we are holding so much data with us. And holding this much data without having to manage our risk and securities would not make a lot of sense.

So, what we did from day one of establishing ODP as a brand and a data centre is create a separate security team that manages and secures all the data that sits across our three data centres. This is precisely why we took a stand to create what we now call the ‘Cyber Security Park’.

The Park now has vast expertise in providing a safe digital space for over 300 organisations within the Sultanate. And we don’t only focus our attention on selling security services alone; we focus on selling an extended range of cybersecurity solutions with over 20 services.

These range from email security for organisations who seek help to manage and secure their email systems from hackers and intruders; infrastructure security, which is where we secure a client’s servers and storage devices; and System Security, which secures applications, and social media and website security system to avoid personal data form being hijacked or hacked.

Digital transformation, and the subsequent growth it brings with it, have allowed companies like ODP to row on the securities side and provide services to this nation and excel in the process. Under such circumstances, we can help the sector grow in the country while keeping companies who trust their data with us safe.