Muscat: Cyber security is on top of the ‘to do’ list for the Information Technology Authority (ITA), a top official at ITA said, responding to findings of EY’s 19th Global Information Security Survey.
The survey found that 82 per cent of 36 respondents from Oman agreed to not having the right cyber security function to protect themselves from cyber attacks. According to the report, 85 per cent of organisations in Oman do not have a Security Operations Centre (SOC).
“ITA is working very closely with government entities to ensure that they have resilient cyber security. Different regulations and frameworks have been put in place to enhance cyber security in the government and ensure the maximum possible protection for government critical data,” Dr. Bader Al Manthari, director general of the Information Security Division at ITA said, commenting on the findings.
In response to the latest threats, ITA has published the Network Security Architecture Framework, Application and e-service Application Framework, and General Information Security Policy. These frameworks and policies contain security requirements to be implemented by all entities, including having proper incident response mechanisms.
“Despite Oman’s high level cyber security strategy and being ranked as one of the most prepared countries in the world against cyber threats, the evolving use of technologies and digitalisation is raising cyber security concerns for the country,” Mohammed Nayaz, partner-IT and Business Resilience at EY said during a seminar on the subject, “Organisational Preparedness Towards Cyber Security Risks.”
Nayaz suggested working on a strategy of Sense, Resist and React. “Companies need to sharpen their senses so that they can see a cyber attack approaching their perimeter and understand if someone is planning to launch an attack over the network.
"Second is to upgrade their resistance. Institutions need to know if the defences will hold against new cyber malware that can’t be identified by a regular antivirus.
"Finally, they need to react better if the defences fall. There needs to be a planned strategy to repair or limit any damage especially to critical infrastructure," Nayaz said.
According to the survey, although most companies prioritise security operations, 72 per cent of the companies will not increase spending on cyber security even after experiencing a breach that does not do any harm. The report also highlights that most companies in Oman have cited a lack of budget, outdated technologies and shortage of skills as the major issues when it comes to preparing for cyber attacks.
“There is certainly a problem when it comes to budgets. However, we don’t need high cost systems to combat everyday issues. We need to have a base level security what we call housekeeping in order to stay for most of the time. Strong passwords and employee education are simple inexpensive factors that can hamper most cyber attacks,” Nayaz explained.
Al Manthari further added that ITA is focusing on building cyber security capabilities within the government and private sector by conducting specialised cyber security awareness and trainings and sessions and cyber security drills to evaluate the readiness to respond to incidents.
In addition, ITA has provided support to different academic institutions willing to initiate cyber security academic programmes with guidance and directions in this field.