An online army of web guardians is being trained to repel attacks against Oman, the agency responsible for online security has announced.
Real-time training to repel constant cyber attacks against Oman’s web space is in full flow, according to the Computer Emergency Response Team (CERT). Get your essential daily briefing delivered direct to your email inbox with our e-newsletter
The Sultanate has dealt with 16,000 attacks so far this year, on top of the millions stopped by firewalls, according to the agency responsible for protecting our net.
That’s 2,666 every month, or 95 cyber attacks every single day.
The CERT team is training government staff to deal with the threats and has even staged mock attacks on networks.
Of the 16,000 cyber attacks this year, critical national infrastructure has been the most sought-after target. “There is also an increased attack via ransomware and email blackmailing,” according to Badr Al Salehi, director general of Oman’s CERT.
Ranked fourth in the Global Cybersecurity Index 2017, Oman has continued training and awareness programmes to equip private and government firms to defend against threats.
However, due to rapid digitisation and new threats disrupting systems around the globe, CERT has now stepped up efforts to increase cyber security.
The latest in the series of programmes has trained 17 staff from government institutions as a part of its plan to combat cyber threats and check the strength of IT systems in the country.
“The purpose of this training is to give participants an in-depth knowledge on how to conduct penetration testing in real environments such as government agencies, financial institutions and other key installations,” a CERT spokesman said.
Penetration testing is a proactive measure where ethical hackers attack an organisation’s IT infrastructure in a controlled environment to check if it is equipped with the right security or if there is a lack of awareness among staff members.
The training also allows staff members to counter the threat of attacks on websites and IT servers in the organisation.
“The main goal for providing this kind of training is to enhance the cyber and information security knowledge in addition to improving best practices to mitigate security risks in order to ensure business continuity and to minimise the impact of security risks in the government sector,” the spokesman added.
The project started officially in 2015 by training 40 employees from government bodies.
A recent report by Booz Allen Hamilton showed that online threats affect a quarter of users in the Sultanate due to digitisation.
“Digitisation has certainly created issues with cyber security. People or unsuspecting employees are the weak links and backdoor to IT infrastructure of the country. CERT is doing excellent work to train government employees and institutions to protect critical infrastructure.
“Private companies need to protect their own with staff training or else they may be the backdoor to government IT infrastructure. It is all interconnected and people need to understand how one system compromised in the network can bring down the whole network,” Mohammed Nayaz, partner at EY advisory services said.
“We have seen a wave of cyber attacks recently around the world and there is a need for more training and education in cyber security. I think doing more will always be good. We have seen graduates from SQU reach high positions in IT security while a lot of students have taken up separate courses to do IT security. This signifies how serious people take IT security in Oman,” Ahmed Al Mashry, a professor at the Computer Engineering Department at Sultan Qaboos University said.
Oman’s eGovernance system has been hailed as a leading global framework which ensures that government IT projects and systems are sustainable and comply with Information Technology Authority (ITA) strategies and objectives.
Oman CERT announced last month that the Sultanate has signed a Memorandum of Cooperation with the international organisation, “FIRST,” in order to strengthen international cooperation in cyber security.