Like many other nations, Qatar has embraced the Internet revolution and the technology associated with it. In 2013, the government introduced state-of-the-art fibre optics network which has, over the past two years, enabled widespread national access to the World Wide Web, increased competition amongst suppliers and providers, and empowered consumers and businesses alike.
The internet has become a crucial factor in the rapid rise of the nation’s economic growth, nowhere more evident than among small and medium-sized enterprises, where it is producing large gains in productivity and changing local markets into global ones.
However, these technological developments are not without risk. In a wealthy nation like Qatar, with infrastructure that enables the instant transfer of money, goods and service, the risk of cyber-crimes has increased exponentially.
Qataris are replete with the latest technology, with the majority connected to the Internet via gadgets like smart phones, and with more and more personal and financial information being transferred into the digital sphere, cyber-security incidents are, inevitably, on the increase.
The term “cyber-crime” can mean everything from complex attacks on government sites to credit card fraud and identity theft. Recent data shows that these cyber-attacks are on the increase in Qatar.
Network security company, FireEye, claims that Qatar is the third most targeted country in the MENA (Middle East and Africa) region for cyber-attacks, following Saudi Arabia and Turkey respectively.
Their report indicates Qatar as a whole was subjected to around 2,000 cyber-threats in the first half of 2014. Since then, in the space of less than one year, Qatar has become the frontrunner in terms of cyber-threat in the region, a fact that is clearly evident in the Kaspersky Security Network (KSN) cloud service statistics for January-March 2015.
They reveal that the highest numbers of web threat occurrences were noted in Qatar (31 percent of KSN users faced these threats), followed by the UAE (29 percent), Turkey (25 percent) and Saudi Arabia (24 percent).
Dr. Marc Dacier, principal scientist and acting research director in Cyber Security at Qatar Computing Research Institute (QCRI) believes that assessing the true extent and reality of such threats is a complicated matter. “There is no real consensus as to how to measure things in a way that would unambiguously help to understand the real situation.
For instance, should we count the amount of attacks, even the less dangerous ones, or merely the stealthy ones that have never been seen before? For this reason, we cannot categorically say that Qatar is “an increasingly popular target.
“Having said that, the fact that Qatar is a country with a very large number of computerised equipment and whose population and government is very active in the cyber-world makes it a target of choice, just like any other developed country. A lot of attention has therefore to be devoted to the problem of cyber-security.”
Cyber-crime is principally encountered in the realm of information technology. Smart phone platforms such as apps, cloud storage networks and all forms of social media such as Facebook.
Apple Store and Instagram are prime targets for those who would seek to perpetrate crime on a vast audience, many of whom are ill-informed or even completely unaware of the potential for cyber-thieves to steal and utilise their precious information.
Ghareeb Saad, senior security researcher, Global Research & Analysis Team (GREAT) at the Kaspersky Lab, Middle East, identifies several possible causes for the rise in cyber-crime.
He cites the spread of the Internet, a lack of knowledge or irresponsible attitude by users, a lack of budget or spending upon the recruitment of specialists to deal with such nebulous threats, and failures by companies and individuals to develop and implement effective IT security strategies. These, and other factors, play a significant role in eliminating the threat of cyber-crime.
Nicolai Solling, director of Technology Services at Help AG, notes that cyber-crime is a complex area of criminology that is increasing in popularity primarily because computers and IT systems are becoming ever more prevalent in our personal lives.
“Take for example Qatar’s smartphone penetration which according to the country’s Ministry of Information and Communication Technology now exceeds 75 percent. These devices are also being used to store sensitive information and even to conduct financial transactions.
With more sensitive information being stored on devices that are easily compromised by cyber-attacks, the incentive for such crime is clear. And the motivation for it is wide ranging – it could be financial, political, or even blackmail.”
The rise of social media has also presented a ready target for those involved in cyber-crimes. More specifically, cloud computing, with its reliance upon cloud storage solutions for the archiving and common distribution of important information, is a primary target.
Here, the ignorance displayed by users of cloud storage is a common problem, presenting an easy target for criminals. Cloud data services often store huge amounts of data in one location, and by doing so provide a major target for computer hackers.
Dr. Dacier suggests that when working on cyber-security, and especially when trying to analyse attacks which require access to a large amount of data, it is also vitally important to consider the privacy and civil liberties of users.
He further adds that when imposing constraints on users, it is important to make sure the necessity for the measures and the corresponding threat levels are understood. If this is not the case, the users themselves may become the biggest barrier to their own security, by trying to circumvent safety programmes and measures in order to protect their privacy.
The biggest victims
Businesses are commonly accepted to be the number one target for cyber-criminals. Most businesses possess information they want to remain secret. However, just one unlucky click of the mouse or a simple computing error could result in the leak of corporate secrets and confidential items of intellectual property that could lead to any corporation shutting down once and for all.
It is clear that cyber-attacks are becoming ever more organised and subtle, and because of this a worrying number of organisations are often completely unaware that their operations have been subject to security failure or theft of information.
Solling hints at the increasing subtlety of cyber-attacks on contemporary business, remarking on the growth of less direct forms of attack.
For example, negative posts from competitors on corporate blogs or websites, negative comments on review websites by disgruntled customers, or rants on social media channels by customers who would rather leverage a high visibility platform than call customer service to fix the problem are all rife. He claims that the main impact of these indirect forms of cyber-attacks are bad publicity for businesses, loss of credibility and loss of customers.
To counter this, businesses need to fight back by first identifying their most valuable items of information – assets that, if accessed by cyber criminals in an illegal fashion, could be used to cause extensive monetary loss or harm the reputation of a company, especially at a global level.
Additionally, Solling finds it notable that, in the arena of security solutions, organisations must continually change and adapt their technology area to combat cyber-crime. “Personally, I think that the enablement of visibility of what is happening is a key aspect of cyber security in the coming years.”
Meeting threats, taking opportunities
Experts warn Qatar is becoming a hotbed for cyber-crime, evident in the rapid growth of cyber-security businesses that are now offering their services to organisations.
Cyber-attacks do not only present a clear and present danger to companies, they also pose profound problems for social, political and economic institutions and, consequently, the nation as a whole.
Given this, cyber-security is one of the most important issues facing contemporary society, and it is worthy of much further examination by government and industry alike.
Dr. Dacier believes one of the basic principles in cybersecurity, like in the art of war, is to “know your enemy”. He notes that in order to decide how to best invest resources and prioritise actions, it is of prime importance to understand not only where we are most vulnerable, but also what the modus operandi of the attackers are – for example, what are their preferred modes of attack?
He says, for instance, that if the preferred method to access data is to compromise the actual machines used by a company by someone who has been placed on the inside, then spending a lot of energy improving defences on the perimeter of the network may not be the most appropriate approach.
“At QCRI, we do carry out research on threat mitigation and analysis but also on so called ‘cyber intelligence’, which is the understanding of the reality of the threats, figuring out who does what, how and why. The results of that research aim to enable the improvement of online safety practices.”
Saad suggests that governments, law enforcement organisations, security vendors and businesses should approach these issues in a more vigorous fashion. “The complex measures should include raising awareness about the IT security issues – new and emerging threats, setting a security mindset of what we at Kaspersky Lab call ‘thinking before clicking’, and having comprehensive security solutions.”
And Solling believes that increased awareness is key to addressing cyber-crime. He notes that until Internet users are better informed about the potential repercussions of their online behaviour, they will not take the necessary steps to protect themselves.
He further cautions that, even with the latest, most up-to-date security solutions, user behaviour remains one of the key issues that needs to be addressed in the fight to combat cyber-crime.
Therefore, as technological advances continue to engender greater efficiency and productivity in global markets, businesses, government organisations and the individuals who work within them must learn how to make their personal and corporate information more secure from cyber criminals seeking to exploit such valuable knowledge.
And at a more local level, as Doha plans to become one of the world’s leading ‘smart’ cities, the necessity for security is even more vital. Failing to keep pace with the changing face of cyber criminality could have profound consequence for organizations, individuals, and the social and economic future of the nation as a whole.