Firms need to spend more on cyber threats: Experts
February 11, 2019 | 9:23 PM
by Times News Service
The average attack package takes less than 48 hours to take control of a network and will remain there for 146 days before detection.

Muscat: Cybersecurity analysts and economists have said that companies in Oman need to spend money on investing in good online protection because the costs of not doing so are far greater.

A report released by Microsoft has said that more than 25 per cent of computers in Oman were infected by malware in the second half of 2017 alone, and Mohammed Arif, Regional Director, Modern Workplace and Security, Microsoft Gulf, has said that readiness is the key to ensuring companies are safe.

“A Microsoft Security Intelligence report found that 26.8 per cent of computers in Oman encountered malware in the second half of 2017,” he told Times of Oman.

“A recent Microsoft survey discovered that more than 80 per cent of large GCC enterprises still used usernames and passwords as the sole means of network authentication. Only around 11 per cent use SMS notifications to support username-password authentication. About 7 per cent reported using fingerprint scanning and just under one per cent had adopted facial recognition.”

“This is a vital realisation because while the insidiousness of the threat landscape, employee knowledge gaps and frightening costs are all worthy topics for discussion, our solution lies in discussing readiness. If we are ready for whatever the digital bandit throws at us, all other concerns melt away. The average large enterprise combs through 17,000 threat alerts a week, wasting time chasing false positives and prioritising responses. Lack of visibility and in-house expertise weaken defences and response effectiveness. We are not ready.”

So how do we get ready? Technology is only part of the solution. Recent progress in the cybersecurity arena—newfound successes not only in detection, but also in prediction—has come from combining big-data analytics, machine learning, and human expertise. Security analysts sift out the most suspicious alerts and provide feedback that allows software to become smarter. This is what being ready looks like. Our attackers will not relent, so neither should we.

The average attack package takes less than 48 hours to take control of a network and will remain there for 146 days before detection. More than 63 per cent of network intrusions occur through compromised user credentials. Organisations around the world take a combined annual hit of US$500 billion and the average loss from a corporate data breach is $3.8 million.

Pressure to digitise

Ramanuj Venkatesh, a financial analyst with expertise in both Oman and the UAE, said that companies now faced pressure to digitise, which conflicted with their current need to save money, owing to the current economic conditions.

“Given the advances in the economy, more and more companies are going digital,” he said.

“In my experience, there are some organisations that feel that investing in their own company’s cybersecurity is not a worthwhile expense, but I would disagree. These days, many of the companies have all of their details online to make business smoother and easier, but a lot of the data out there is highly sensitive.”

“The bigger the company profile, the more attention you might receive from hackers, who might enter your files and share this sensitive data with others,” Venkatesh added. “No company wants this, I am sure, so I would advise all companies to invest in cybersecurity. Yes, it might be a bit expensive, but if this expense is avoidable, then the consequences are surely unavoidable.”

Dr Saqib Ali, Head of Department of the Information Systems Department at Sultan Qaboos University, added that this was a problem faced in many developing countries.

“In a developing country such as Oman, given the current economic situation, everything is being looked at with a dollar sign attached to it,” he said. “People’s first worry is how much money investing in cybersecurity is going to cost them. But to them I say, what is the alternative? If the company you work for is a bank, an airline or even a postal service, then you have a lot of information that you don’t want cybercriminals to find. When such things happen, you are not just letting down your company, but you are letting down your investors as well, and once that is done, everybody loses money, and the damages are huge.”

Subscribe to our newsletter and be the first to know all the latest news