Oman Cyber Experts Urge Awareness


In light of the May 2017 WannaCry cyber attacks on British hospitals — which rapidly spread to other countries — Oman’s Computer Emergency Response Team (CERT) is warning the public to be prepared.

“There is a possibility of more attacks in Oman,” said Badr Al Salehi, director general of Oman’s CERT. “The malware used to infect computers may be updated and used to attack other systems.”

Although Oman’s cyber infrastructure escaped unscathed, government institutions proactively shut down websites and e-services to secure them against possible malware infections.

“The malware is currently searching the internet for vulnerable systems, and the spread of malware is likely to intensify,” said Mohammed Nayaz, a partner at consulting firm Ernst and Young’s IT Risk and Resilience branch.

Oman has been the target of more than 16,000 cyber attacks this year, with critical national infrastructure as the main target.

“The reason cyber attacks will intensify is because attackers tend to underestimate countries in the Middle East,” said Saqib Ali, a professor at the Sultan Qaboos University’s Information Systems department. “They think the countries here are soft targets, but Oman’s prevention mechanisms are pretty good. A lot of people work behind the scenes in government. All the Omanis employed in this sector are experts in their field.”

That said, some analysts expressed concern that the country’s young population uses the internet “indiscriminately,” without awareness of the risks or effects of ransomware.

“People here are not aware of the effects of ransomware, and they tend to panic and comply with the attackers’ demands because they are scared and don’t know the consequences,” said Arnold Santos of the Systems department at the Military Technology College of Oman.

There needs to be a culture of awareness about attacks, said Tim Marjason, managing director if Marjason Consulting and Training, a company that advises business on security measures.

“Right from the top, there have to be resources allocated to security systems,” he said. “When a new employee joins [a company], part of the training by the human resource department must show him how to secure his system from attacks. All it takes is one bad system in an organization to infect the rest.”

Source: Times of Oman