Technology firm Cisco has called for companies in Qatar to focus on earlier detection of cyber attacks, as the threat from sophisticated hackers continues to cause concern both within the region and further afield.
According to the company’s 2015 Midyear Security Report, which analyzes cyber security trends, private and government organizations need to put adequate measures in place to counter attacks, focusing on early discovery so that affected systems can be restored as soon as possible.
In a statement, Mohammad Hammoudi, Cisco Qatar’s general manager, said:
“The technology industry must up (its) game and provide reliable and resilient products and services, and the security industry must provide vastly improved capabilities for detecting, preventing, and recovering from attacks. Organizations in Qatar cannot just accept that compromise is inevitable, even if it feels like it today.”
Cisco’s report lists current methods used by hackers and writers of malware (software designed to infect computers), highlighting the exploitation of Adobe Flash and a return to the infection of Microsoft Office macros as particular areas of concern.
It also said that while spam is increasing in the US, China and Russia, volumes appear to be relatively stable in the Middle East this year.
Qatar has been the victim of several high profile Domain Name System Services (DNS) attacks in recent years, with attackers managing to reroute website requests for 10 key domains in Qatar, including the Ministry of Interior, Ooredoo Qatar and the Ministry of Foreign Affairs.
Last year, The Emerging Cyber Threats 2014 report published by the Qatar Computing Research Institute (QCRI) – a private, non-profit organization that is part of Qatar Foundation – warned of a number of weak links in the state’s cyber security.
Meanwhile, a Safe Cities index published in January this year put Doha in 31st place out of 50 world cities in terms of its online security, well behind Gulf neighbor Abu Dhabi, which came in 9th position.
New governmental controls
Cisco’s report also argued that many governments aren’t yet ready to deal effectively with constantly evolving threats, and suggested that rules governing how private data is collected and shared continue to remain a key hurdle.
Acting on these concerns, Qatar’s Cabinet announced in March that two new bodies designed to investigate possible online threats would be created.
The National Center for Cyber Security and National Committee for Information Security will monitor and follow up on cyber threats on government entities, and carry out the government’s National Cyber Security Strategy.
The Cabinet also approved a draft decision to improve protection for personal data online, which would prevent companies from using such information for marketing purposes without the users’ permission.
Speaking to Doha News in 2013, Qatar Computing Research Institute (QCRI) chief scientist Richard De Millo said the most significant digital dangers to Qatar involved “advanced persistent threats,” which are large, sustained cyber attacks typically backed by states or sizable organizations.
Along with the Syrian Electronic Army, this includes organized crime groups and activist organizations such as Anonymous.
“The bad guys are well-funded and innovating technologically very fast. Countries that want to respond need to have an innovation engine that builds up their technology and public awareness base to protect its critical infrastructure,” De Millo said.
De Millo added that ongoing public awareness is a critical component of preventing future attacks. For example, simple acts such as not opening email attachments from unknown senders and choosing suitably difficult passwords can make a big difference.
“Use common sense, the same way we teach drivers to use common sense when learning how to operate a car,” he said.