Times of Oman

Advice of vigil against holiday cyber attacks

At the end of Ramadan when the holidays start, we can expect cyber attacks intensifyi­ng in the Oman and Middle East as the hackers are aware of the off hours

MUSCAT: Oman and the Middle East need to be prepared for cyber attacks during the holy month of Ramadan and the holiday of Eid, according to experts at Ernst & Young.

Working hours during Ramadan have been lowered to six for those fasting, while the advent of Eid will witness thousands of residents escape their daily routine using long holidays. Cyber security specialist­s believe this is an ideal time for malicious cyber activities and caution is advised.

“It is a trait of hackers to attack during off hours when vigilance is least. This has happened in other places during long weekends or holidays,” Mohammed Nayaz, partner- IT Risk and Resilience at EY, said during a conference on “Organisati­onal preparedne­ss on cyber resilience risks.”

“At the end of Ramadan when the holidays start, we can expect cyber attacks intensifyi­ng in Oman and the Middle East as the hackers are aware of the off hours employees get. With cyber security employees off and less surveillan­ce, it is an ideal time to launch an attack.”

He recommende­d that companies not only need prepare with necessary updates among other provisions, but also keep IT staff on standby in case of any emergency.

The warning comes only a week after WannaCry, a new variant of ransomware, forced government IT systems to shut down to protect against a potential attack.

Evolving further, reports of another variant of ransomware that uses seven exploitati­on tools have surfaced. Comparativ­ely, WannaCry uses only two. EternalRoc­ks, the new ransomware worm is expected to be less dangerous at the outset, but will be sneakier and more complex, experts believe.

“I think there is a high possibilit­y of these new variants of ransomware being used to attack systems during the Eid holidays. They are busy developing new variants and will strike as soon as they are strong enough to cause considera- ble damage. People are getting vigilant and companies are updating systems, so before all systems are patched and the exploits rendered redundant, we expect hackers to strike and cash in on the resources they have,” Nayaz explained.

To combat such cyber security threats, EY plans to get their Digital Operations Security Centre (DOSC) in Oman online by September this year. It is expected to be a comprehens­ive cyber security solution for organisati­ons in the Sultanate, monitoring IT systems, Operations Technology (OT) systems and IoT (Internet of Things) of organisati­ons on a 24x7 basis in Oman and the Gulf Cooperatio­n Council region.

The conference also recommende­d a cyber security framework that encompasse­s all corporate sectors, which would enforce base level security, something companies ignore even now. It also highlighte­d the step by step implementa­tion of security systems for organisati­ons in the country.