'Train employees to deal with cyber threats'

Muscat: Omani authorities and experts have said training one’s employees to deal with cyber threats is a key factor in protecting businesses.
Haitham Hilal Amur Al Hajri, Cyber Security Specialist for the Oman National Computer Emergencies Readiness Team (ONCERT), disclosed that there were two ways to deal with e-mail-based security threats, among others.
“Every country, including Oman, is subject to such a source of a threat; it's a global issue,” Al Hajri said. “This can be addressed through a combination of processes, which include ensuring that policies, procedures and guidelines are available to mitigate this threat. One can do this by establishing a cyber culture of awareness among employees to mitigate cyber threats.”
“Secondly, there is technology,” he added. “One can install the right hardware and software to protect oneself from such threats.”
Jeff Ogden, General Manager of UAE-based Mimecast Middle East, concurred with ONCERT’s observation.
“Employee awareness and education are important to ensure they are prepared if a targeted attack manages to slip through your security controls,” he said.
Mimecast, which provides cyber security, particularly cloud-based e-mail management, recently appointed Ogden as its Middle East GM.
Small and Medium-Sized Enterprises (SMEs) tend to be more vulnerable as they do not invest much in cyber security. Hajri, however, assured the Information Technology Authority (ITA) would continue to be committed to helping SMEs.
“The ITA offers a wide range of services that can help SMEs enhance their cyber security capabilities, from consultancy services to training and development,” Hajri emphasised. “My advice would be to always seek legitimate vendors and always stay up to date with updates and patches to ensure sensibility of the system and, finally, to always have current back-ups stored in a secondary offline location.”
Healthcare, other critical sectors at risk
Hajri said all unsecure sectors are vulnerable, as such a threat needs only a small vulnerability to access or infect any system. However, some sectors known as critical national infrastructure are more likely to be targeted due to their vital importance to the nation in the fields of healthcare, energy, telecommunications, and transportation, among others.
Ogden also reiterated his concerns over healthcare being one of the most targeted sectors as its systems contain the most highly sought-after data.
“Some sectors are more susceptible because they tend to hold more confidential and valuable data,” said Ogden. “Healthcare, for example, hosts protected health information or PHI, and hackers have their sights set on this data. The value of medical records on the black market is at least 10 times higher than credit card data. That’s because PHI contains more personal data points and cannot just be reissued in the event of a problem.”
“Bank account details and passwords can be changed following a breach, but information about allergies, disabilities, mental health, or hereditary conditions, can’t,” added Ogden. “Oman, like many Middle East countries, has continued to be a target for mail-based attacks. It remains among the top 10 countries in the world in terms of volume of spam and malware per mail.”