Organizations in Qatar cannot afford to ignore cybersecurity vulnerabilities Digital transformation has been of enormous benefit to the modern world, but there is a considerable downside to our growing reliance on technology – the rapid rise of cybercrime, which is expected to cost the global economy more than USD6 trillion by 2021. So severe is the current threat that the World Economic Forum has placed large-scale cyber-attacks 5th in its ranking of global risks. According to IBM, cybercrime is also the second greatest danger to the international economy behind volatile stock markets. The most common cybersecurity vulnerabilities include breaches of computer networks, digital applications and endpoints, such as mobile devices and data storage, particularly in cloud computing. Cyber criminals use techniques such as email phishing, identity theft, denial of service, malware and ransomware among others to access or disrupt critical IT infrastructure. While many attacks can be attributed to technical vulnerabilities, more than half of breaches occur due to human error. These include misconfigurations in cloud computing, email viruses, malicious advertising and identity theft (due to stolen passwords), as well as private mobile devices with inadequate security measures. Whatever the cause, the resultant breaches inevitably result in massive financial costs, the temporary or even permanent crippling of key operating technologies (OT), as well as large-scale losses of sensitive data, including the personal information of users and company trade secrets. Several well-publicized cyber-attacks underscore the severity of the problem, such as 2017’s WannaCry, in which ransomware hackers extorted an estimated USD4 billion globally. Others include high profile targets such as Amazon, Uber and Google, as well as thousands of private companies and government institutions worldwide. While the Middle East has experienced relatively few high profile cyber-attacks to date, private businesses, financial and government institutions and state-owned entities are becoming increasingly vulnerable. In the past year, 18% of Qatari organizations suffered a cybersecurity incident, with 5% of organizations experiencing more than five incidents, costing an estimated average of $4.94 million each. One major vulnerability is the fact that many Qatari organizations run on outdated legacy industrial control systems incompatible with modern digital technologies. Also, many organizations tend to adopt a reactive rather than a proactive approach to cybersecurity and still consider fighting cybercrime a low priority. To combat cybercrime effectively, cybersecurity must be treated as a vital, indispensable, integrated core function, one that is deployed across the organization from the top-down and controlled by a dedicated Security Operations Centre (SOC) that relies on far fewer external security vendors. Crucially, organizations must adopt a cybercrime strategy that shifts the focus from prevention to detection and response. For example, by utilizing artificial intelligence (AI), organizations can identify potential vulnerabilities before criminals are able to exploit them. The bottom line is that organizations in Qatar cannot afford to ignore their cybersecurity needs or underestimate the magnitude of the threat, as is no longer a matter of whether your technology systems will be breached by cyber criminals – but when. GBM Security Services can help your organization detect and understand your potential vulnerabilities and help you design the proper defence against potential threats.