Muscat: Ernst & Young (EY) plans to launch a cyber security facility in Oman to protect organisations in the entire Gulf Cooperation Council (GCC) region from cyber threats and malwares.
The cyber security cell is expected to be launched in February 2017 and according to officials, it will be EY’s first regional security centre in the GCC.
Mohammed Nayaz, partner at Ernst & Young, and a speaker at the regional IT security conference in Egypt, citing previous accounts, explained that on multiple occasions organisation systems have been compromised and they can do little about it while during other instances they weren’t even aware of being attacked.
“Due to automated and integrated systems along with the emergence of new technologies, organisations are becoming more vulnerable to cyber threats and to address this, EY is launching its first integrated Digital Security Operations Centre (DSOC). It will comprehensively monitor the security of IT systems, Operations Technology (OT) systems and IoT (Internet of Things) of organisations on a 24x7 basis in Oman and the GCC,” he said.
“We respect the wishes of GCC countries to have their own world leading capability to include coverage of IT, industrial control systems and IoT through the use of advanced Cyber Analytics, and importantly, to have it in the region. Therefore, we are excited to launch this endeavour,” said Clinton Firth, partner and cyber leader at EY MENA (Middle East and North Africa).
The DSOC will be based in Muscat and will be manned largely by Omani information security professionals.
According to Nayaz, this presents itself as a great opportunity to export Omani information security talent to the GCC and develop the ICT sector in the country. He added that they have already signed a contract with one of the leading organisations in Oman and several others are in the pipeline.
Termed as one of the most cyber secured countries in the Middle East, Oman has battled external attacks through its strong external defence layer. However, with weaker internal networks, the country’s IT infrastructure is still vulnerable.
Expressing his concerns for the low level of cyber security education in Oman, which allows a backdoor for malicious content to flow into the otherwise secured IT systems, Nayaz noted that although there is a sophisticated level of cyber security in Oman, the systems still remain easy targets for attackers abroad as most users are completely unaware of a base level computer security and threaten to compromise the security of the whole network, which sometimes happen to be of the largest organisations in the country.
A lot of such systems act as botnets, which hackers remotely control to launch larger attacks on other networks allowing them to cover their tracks.
Most attacks on networks are a result of relentless automated search for a backdoor into the network and statistics show that nearly 80 per cent of these attacks can be thwarted by basic ‘housekeeping,’ which includes changing default network passwords, installing a decent antivirus and identifying scam emails.
Standardised regulations
With reports of nearly half a trillion dollars having been lost in cyber attacks globally and the emergence of IoT, which is to integrate everyday objects with the internet, IT security is a serious matter around the world.
Nayaz said Oman needs standardised regulations for every company to follow, depending on the size and severity of data it holds to address future challenges.
“A standardised law for every company to have a basic level of cyber security is the key to handling future threats. These regulations must include regular maintenance of IT infrastructure and penetration testing,” he said.
Voicing similar concerns, Michael Kang, chief representative of Korea Internet and Security Agency, said Oman has the best IT infrastructure in the Middle East, but it needs to upgrade facilities and spread awareness among individuals.
He emphasised on having a standardised regulation for the country that includes a framework for each organisation to follow.
Atul Saggar, special projects manager at Ingenuity Technologies, said Oman suffers from a lack of base level regulations in IT security infrastructure and such a law needs to be implemented quickly, which would in turn take care of the lack of awareness in cyber security.