Muscat: Oman’s stock exchange company has said that the issues over password strengths on one of their routers were resolved almost as quickly as they were pointed out.
A router which provided services to Muscat Securities Market (MSM) had not had its username and password changed from its default settings. However, the router lay outside MSM’s core network and its monitoring was the responsibility of the telecom provider which had installed it.
“This problem was not with MSM, but with our telecommunications provider,” said Fahad Al Moharbi, IT Director, Infrastructure Department at MSM.
“This problem happened four months ago, when we received a warning from Oman CERT, who told us that we had a router that had a vulnerability. This device was using a default username and password. Normally, when professional engineers come to install these devices, they need to change these, but when Oman CERT told us this, we investigated and found out that this device was outside our network.
“That router was providing an internet service for MSM, so we told the telecommunications company to change the username and password, which they did, and they also updated the security patches of that router,” he added.
“We once again informed Oman CERT of this and the issue was resolved. This issue wasn’t found with just MSM, but about 1,770 devices across the Middle East.”
Valued at about US$23 billion (OMR 8.85 billion), MSM has always employed a safety-first protocol to ensure the integrity of its investors.
“The vision of MSM is to follow the standards around the world and those which came from the Information Technology Authority (ITA),” explained Al Moharbi. “We have multi-layers of security starting from the end users and ending with external firewall. Also, MSM data centre has been protected with different security layer.
“These firewalls are part of the new generation of protection which also provides advanced malware protection, web filtering and virus protection systems,” he added. “We don’t allow and flash drives, CDs and memory sticks because these are third party devices that may cause damage to our network.”
The same systems apply to brokers who act as middlemen between investors and the stock market.
“Brokers who want to connect to MSM have an application that is connected to the stock market,” said Al Moharbi. “We only give them permission to access the specific services they want. We also inform all brokerage companies that they need to take care of all the security systems at their end. We also do an audit every six months, where we visit every single broker so that we know they are using the latest security updates. All the external PCs that are connected to MSM have to be on an isolated network and cannot be connected to the rest of the internet.”
Al Moharbi also advised residents and companies in Oman to keep abreast of the latest security trends across the world.
“In the last few months, there were viruses like the WannaCry virus trying to hit the government entities and take their information,” he revealed. “Hacking has now become a business, so it is very important to be secure all the time. We meet all the time with vendors to find the best and latest security companies. We have invested a lot of money in security and will always continue to do so.”
Financial experts in Oman seemed to agree with MSM’s viewpoint.
“MSM is your flagship trading repository where all the records of your investors are stored, and you’ve got all the investors buying, selling and trading stock so MSM in a broader sense represents the investor community to the world outside,” said Alkesh Joshi, Partner for EY.
“In view of the above, secure data will lead to rising investor confidence and more incentive to invest,” he added. “If you get access to crucial data, you could target investors the wrong way or even sell that data to someone else and give them information on who is investing in the stock market.”
Naseer Khan, Managing Director of IT consultancy firm IEON added: “One of the things that hackers do is to intercept traffic before it reaches the share values, and if this data is intercepted, you can use that data to manipulate the market, and the market is then not subject to fair market forces.
“You could actually change and corrupt the data itself, and you could give yourself access to administrative rights to give yourself permission to use the market for your own needs,” he said. “If the stock market is down, it is losing money, and this will affect the economy because public traded companies rely on share values to run their organisations. These organisations employ thousands of people and all of their careers are at stake.”