Oman’s cybersecurity preparedness pays off during the pandemic

Oman’s decades-long cybersecurity preparation has paid off as the global COVID-19 pandemic ushered in a new era of cyberattacks. Despite a wave of attacks in the first half of the year as the pandemic hit, COVID-related scams and malware declined in the sultanate as cyberdefences kicked in, burnishing Oman’s security-savvy image.

During the first half of 2020, Oman experienced more than 2.5 million email, URL, and malware cyberthreats, according to a Trend Micro security report. This is a particularly significant figure for a nation with a population of just under 5 million.

Ransomware and phishing attacks in particular rose globally during the pandemic as cybercriminals took advantage of newly remote workers. The Middle East, a region that until recently has had relatively little experience with remote work and off-premises data storage, has been particularly vulnerable to this growing tide of cybercriminality.

COVID-related attacks in Oman drop after first wave

Despite the increase in attacks early on in the year, Oman saw a notable 30% drop in the number of COVID-related attacks from the second to the third quarter, according to Trend Micro.

“Oman’s 30 per cent decrease in COVID-19 related cyberattacks is an impressive signal that Oman’s IT decision-makers are taking pandemic-related attacks seriously,” said Assad Arabi, managing director, Gulf Cluster, Trend Micro, in a press release. “We are seeing Oman’s organizations deploy the right cybersecurity solutions and processes to enable secure remote work and work from home environments.”

According to IBM’s annual Cost of Data Breach Report 2020, the average cost of a data breach in the Middle East is the second-highest for any region globally at $6.52 million, and the MENA area is also the slowest in the world to identify a data breach, with an average 269 days. As nation-states and enterprises in the Middle East work to bolster their security stances and protect critical national infrastructure, the MENA cybersecurity market is booming.

 IDC’s group vice president and regional managing director, Jyoti Lalchandani, predicted at the firm’s first-ever virtual edition of its Directions Middle East, Turkey & Africa conference held last month, that regional spending on security measures including hardware, software, and services will grow 7.1% in 2021 to reach $3.3 billion.

Oman takes regional security leadership position

The usually quiet nation-state of Oman has crept up as a leader in cybersecurity and defence in the past decade. According to the latest available Global Cybersecurity Index, Oman ranks in the top 20 countries in the world in cyberattack readiness, and sits second in the region, only behind Saudi Arabia. Though trailing KSA in overall rankings, Oman holds the highest score in the region in terms of cybersecurity organization. 

Education has played a significant role in enforcing the overall cybersecurity stance of the nation. To that end, in 2019, Thales, a global security firm that has been working on government and private projects in Oman for some 40 years, launched Oman’s first technical cybersecurity training academy – the Advanced Cybersecurity  Academy (ACA) as a partnership with Oman’s Public Authority for Privatisation and Partnership (PAPP). 

“Cybersecurity can only be addressed effectively by addressing the 3 pillars: technology, governance, and people,” says Dr. Waël Kanoun, head of Cyber Defence Solutions, Thales in the Middle East, Thales. “It is vital that education is delivered through a comprehensive program that adapts to the audience and their professional roles in various organizations.”

The academy aims to provide hands-on training in cybersecurity enabling public and private sectors to defend against cyberattacks. In addition to a training program led by Thales’ cyberexperts, the academy provides sophisticated testing facilities that will allow the country’s decision-makers to have greater insight into their cybersecurity stance.

“The academy aims to train over 150 experts every year, vesting them with high-level skills in accordance with recognized professional standards of global training institutions and cybersecurity organizations,” says Kanoun.

Oman takes multiple approaches to cybersecurity

In addition to working with Thales, Oman has been shoring up its cybersecurity defences in a number of other ways. Founded in 2006, the Sultanate’s Information Technology Authority serves as a competency centre on best practices in e-Governance and in harnessing information and communication technologies and oversees a number of government programs that both leverage IT services and strengthens the overall cybersecurity stance. 

In 2010, the country established the national computer emergency response team (Oman CERT). Oman CERT analyses risks and security threats that may be present in cyberspace, and alerts users to active and potential threats. These alerts are transmitted nationwide, to all users, be they enterprise-scale institutions or individual users. 

By 2011, Oman had issued a comprehensive Cyber Crime Law by royal decree. One of the first in the region, this law defines a variety of Internet-based crimes and backs them with robust penalties that can even result in significant jail time. 

As a regional leader in cybersecurity, Oman has been hosting the Cybersecurity Innovation Centre for the Arab Region since 2013. The aim of this regional knowledge exchange centre is to enhance regional cooperation, coordination and to foster inter-nation cooperation to address increasing cyberthreats as well as sharing information on best practices.

This year, for the third year in a row, Oman was selected as host of the regional virtual cybersecurity drill for the Arab countries and member states of the Organization of Islamic Cooperation (OIC). The drill, under this year’s theme “Managing Cyber Risks of Remote Work”, saw participation from 25 member-states.

This year’s drill simulated international cross-border cooperation to deal with cybersecurity incidents in light of the COVID-19 pandemic, and address ways to mitigate cyberrisks that have emerged because of remote work in institutions and governments.