Muscat: Just under a quarter of internet users in Oman are affected by online threats, a new study has shown.
A newly released Booz Allen Hamilton report has explored the Internet of Things (IoT) and its emergence as a vulnerability for organisations across the Gulf Cooperation Council (GCC) if networks are not secured.
In their study, they highlighted that traditional IT systems are self-contained and easy to protect, while IoT systems, which connect a multitude of devices and systems, have a higher vulnerability to cyber attack.
“The Internet of Things (IoT) continues to gain a strong footing in the GCC across different sectors ranging from manufacturing and transportation to energy. Industries are moving to IoT at a pace that is far greater than their ability to secure it,” the report said.
“Companies can probably save money by building IoT systems with less-than-secure parts and materials. But if they get hacked, the financial cost of reputational harm, including lawsuits, or regulatory penalties, could make it much worse for them,” the report explained. Despite the high number of attacks, Oman’s National Computer Emergency Readiness Team (CERT) has proven successful at handling the attacks and limiting the damage.
The Global Cyber security Index, which indicates where countries stand in their cyber security engagement at the national level, ranks Oman as the third best prepared country in the world to thwart cyber attacks.
However, Oman has been the target of over 16,000 cyber attacks this year and Kaspersky Labs found that 23 per cent of Internet users in Oman are affected by online threats. The report therefore recommends that security be the primary component of building IoT systems, which involves a careful and systematic examination of all potential weak points.
Booz Allen Hamilton has identified that organisations with the best IoT security are proactive—they use real-time threat-assessment data and the latest advances in analytics to spot hidden IoT attacks. The report also includes a guide, the ‘Resource Prioritisation Model,’ which can further help organisations mitigate and contain any risks. The model contains three elements—technical risk assessment, the potential impact of an attack on business, and mitigation strategies.
“The model is an inclusive process that involves stakeholders from across the organisation, including human resources, security, IT, law and compliance, and vendor sourcing. Once developed, the model becomes a living tool, one that’s regularly evaluated, updated, and discussed as part of the organisation’s broader security processes.”