Cybersecurity presents an “old” and renewed challenge, especially with technical leaps and human association with many devices for an easy life, accompanied by increased threats to the security of individuals and government and private institutions.
Cyber penetration is now inevitable for everyone who has smart devices or any devices that are considered the Internet of things (IoT). These devices allow digital specialists to steal personal data, according to the London-based Asharq Al-Awsat newspaper (2020).
It further says that no one can hide the unconscious use of technology for hacking, fraud and extortion that has become part of the daily concerns raised by malware and stolen data. The report points out that the cost of recovery from the penetration of government and business networks has become lacklustre, yet the world is witnessing an increase in the types of platforms that could be used for cyber-aggression and cyber-phishing. Cyber-phishing is based on the principle of deceiving others to do things that make a profit to the aggressor, as this type of attack is becoming common and its victims are growing rapidly. This type of phishing is also developing, to the point that some fraudulent emails are difficult to monitor except in cases of severe scrutiny, which most people do not do.
In addition to general threats, there are often unintended internal threats, often overlooked by many in cyber-attacks, namely, the identity of the employees who are allowed access to the data, and whether these employees have the required reliability. That is why Apple, for example, had to expel a road map dracman that explains the details of the company’s operational programme in 2018.
Internal threats can occur in many ways, including sending a tired employee data or confidential information to the wrong person or application workers may be misplaced from programmatically locking all ports that make it easier to penetrate applications and systems. Employees are also likely to be exposed to direct attacks by hackers using social engineering techniques to penetrate a particular network and collect sensitive data.
Mobile malware is a “big threat” and efforts to protect mobile devices from attacks are still modest. In the case of these devices, hacking can occur as a result of loading an application, even from supposedly trusted platforms. Our mobile phones are a store of our most personal and sensitive information, and people are still railing millions to load free apps without thinking about their security.
All of this led specialists to expect the growth of the cybersecurity market in the Middle East, at an annual rate of 22.5 per cent, between 2018 and 2024, according to news published by the new Gulf newspaper (2020). According to the report, cybercriminals can beat an average of 1,861 victims worldwide in a minute.
Despite intensive and vigorous efforts to sensitize the community to the importance of maintaining the confidentiality of personal data and to check any ways of communicating to ensure the reliability and responsiveness of the other party, statistics still indicate the seriousness of the situation and the poor communication of the message to society at all its various ends. The Economics World journal (2020) reported about “Trend- Micro’’, one of the world’s leading companies in cloud security solutions, in its annual report for the mid-year results (2020) that security technologies banned from “Trend- Micro”, 8.8 million threats associated with the pandemic in just six months, of which 92 per cent were unwanted emails. Cybercriminals have shifted their focus between January and June to tapping the global focus on the pandemic. Corporate risks have been exacerbated by security gaps caused by the movement of employees to work remotely.
During the first half of 2020, the Sultanate witnessed a total of 2,599,031 digital threats discovered by the solutions of “Trend- Micro”. Threats were distributed between 1,764,518 threats via email, 644,303 users who were victims of malicious Internet addresses, and 187,102 malicious software. Statistics show a jump in the total number of cyber-attacks on the Sultanate from 2018 when the number of information security incidents in 2018 reached 2,334. The number of attempts at cyber-attacks in the Omani cyberspace was approximately 432,978, in addition to 71,472 attacks on Omani websites (Ministry of Transport, Communications and Information Technology-2019).
All of these challenges to cybersecurity are manageable, assuming that “everyone on the Internet in this increasingly online world has become a potential target for cyber-attacks, but understanding existing risks can help to mitigate the threat.
This situation, and with the approach of remote work, requires that awareness of the security risks associated with it be intensified.
The Omani Information Technology Society has recently launched an awareness campaign for society in the form of lectures as an additional effort towards educating people. No doubt that all these kinds of efforts are appreciated but concerning the opening session of that campaign, a few days ago, there was a census among participants that although we have executed many conferences, lectures and meetings in TV and radio channels there is a gap in reaching all populations. In addition, there still some people do not care about cybersecurity issues.
Therefore, this requires greater cooperation from the authorities concerned in the Sultanate to contribute to a community awareness initiative in the form of short movies so that all those threats related to the security of information and the importance of maintaining the confidentiality of personal data could be grasped. Messages from movies usually stick into the mind of human beings. The movies should consider children, adolescents, employees and others. The number of reported incidents reported to the authorities should be measured at the same time as the issuance of such work as an effective tool to see how this method works in comparison with other methods previously experienced.
BY Dr Fatma al Balushi