sional wikis involve the development o online col-laborative work. Furthermore, military operationsuse the Internet or e-mailing, social networking and,unortunately, visiting dubious websites. All o theseelements will increase the possibilities o inltrationand unintentional inormation leakage.“Experts are no longer reluctant to predict nation-al responsibility in military and industrial espionageor precision attacks that cause physical damage, as inthe case o Stuxnet or Shamoon. State-related threats will increase and make the headlines, and suspicionsabout government-sponsored attacks will grow,” says Ahmed.
How much preparation goes into these attacks anddoes it matter where the perpetrators are based whenthey carry them out? How sophisticated do they haveto be to beat the high-level security systems that gov-ernments and corporates are investing in?“The internet is a vast network with no boundar-ies; attacks can be done rom anywhere in the world,”says Ahmed. “A simple example is the ability to buy botnets (zombies) which can launch a targeted attack on any organisation.“Advanced Persistent Threats (APTs) are sophis-ticated attacks where adversaries break into systemsundetected using long-term access to inltrate dataat will. Although the threats become more advancedonce they gain access into a network, the entry point with many attacks is convincing a user to click on alink. However, once the APT breaks into a system, it is very sophisticated in what it does and how it works,”he explains.This is pretty much how the attackers compro-mised the networks at Al Jazeera and Qatar Founda-tion. They convinced somebody at those organisa-tions to click on an enticing link that was loaded withtools to download critical security inormation. It’s aprocess called “phishing”.“Most attacks are a because o exploiting policy shortcomings, lack o awareness and contemporary training methodologies,” says Khalid Al-Hashmi,Executive Director, Qatar Cyber Emergency Re-sponse Team (Q-CERT) in ictQATAR's Cyber Secu-rity Division. “The reason [attacks] are successul isbecause the operator is not ully aware o how to deal with raudulent messages. I nobody explained the
ependency on ICT systems and networksthat support the nation’s critical sectors suchas energy, utilities and the nancial sector con-tinues to increase; thus, in order to proactively address the cyber risks and threats rapidly acingthose critical systems, ictQATAR has drated theCritical Inrastructure Inormation Protectionlegislation, due to be nalised in 2013, that intro-duces strategies or protecting the most criticalinormation inrastructure systems in the coun-try, including those used or power grids, oil andgas production, nancial transactions, healthcareand government operations.“Aligned with similar legislation being intro-duced around the world, as well as recommen-dations issued by international bodies like theInternational Telecommunication Union (ITU),large and critical entities delivering services thatare crucial to the well-being o the nation will berequired to have an inormation security manage-ment system (ISMS) in place."ictQATAR has also drated Inormation Priva-cy Protection legislation designed to acknowledgeand protect private and personal inormation orthe citizens in this digital and networked age.”
- Khalid Al-Hashmi, ictQATAR Cyber Security
cyber securityfirMs are tooreactiVe.their budgets are:
ExEcutivE DiREctoR, QAtAR cybEREmERgEncy RESponSE tEAm(Q-cERt), ictQAtAR.